Читать книгу Liquidity Risk Management - Baird Stephen - Страница 7

Liquidity Risk Management Oversight and Accountability

Strengthen Board Knowledge, Capabilities, and Reporting

The events leading up to and stemming from the financial crisis highlighted the need for improved awareness and reporting of liquidity risk at the board of directors and executive management levels within financial institutions. Strong governance is critical in effectively managing all aspects of an enterprise, and liquidity risk management is no exception.

The board of directors of a financial services institution has the ultimate authority and responsibility for approving, overseeing, and monitoring its overall risk appetite and various individual components of its risk profile including liquidity risk. This overall risk appetite and profile, including the liquidity risk component, should be approved by the board to ensure alignment with the broader business strategy of the enterprise, and supported by relevant policies, procedures, roles, and responsibilities. As a practical matter, the board often delegates its authority for establishing liquidity risk appetite to company management in the form of committees, officers, and departments including the asset-liability committee (ALCO), enterprise risk management committee, corporate treasurer, and Chief Risk Officer (CRO).

Leading institutions are expanding board oversight of liquidity risk management to ensure the board has both a broad understanding of liquidity risk management concepts as well as sufficient knowledge of underlying technical details. Further, board reporting has improved to show greater depth and frequency of liquidity risk information and integration between business performance, financial, and other risk metrics to give boards greater clarity and integrated view into the changing business and risk profiles of their institutions.

Leverage the Three Lines of Defense to Align and Integrate Management of Liquidity Risk

The three lines of defense depict the institution's internal risk management posture. Each line – the business, the independent risk management function, and the internal audit function – has specific responsibilities with respect to the end-to-end liquidity risk management process, from overall governance, strategic planning, risk appetite setting, risk identification, assessment, and management, through reporting, as well as internal controls.

In the context of liquidity risk management, corporate treasury, and/or ALCO typically serve as the first line and establish the firm's liquidity risk appetite with input and approval from the CRO and the independent risk oversight function. The CRO's independent risk oversight team provides the second-line defense, informing the setting of liquidity risk appetite and monitoring the institution's risk profile with a holistic view across different types of risk (e.g., credit, market, operational, liquidity) under changing market conditions. The third-line function, carried out by internal audit, is responsible for providing an independent, periodic assessment of the firm's internal control systems, including risk management, to the board.

While the corporate treasury function and ALCO bring both a business orientation and a risk management mind-set to their respective roles, it is important for an institution that follows an organization model comprising three lines of defense to empower its second-line risk managers to perform their own independent liquidity risk monitoring, review the assumptions and processes for decision making used by the first line, and challenge those views held by the first line that may prove vulnerable under evolving market conditions and thereby subject the firm to unintended risks. It is critical that institutions overcome legacy organizational silos to ensure that each line of defense effectively carries out its respective role with appropriate oversight and also achieves effective coordination and communication across the organization. A key ingredient to ensuring the effectiveness of second-line oversight is investing in the appropriate staff resources and training on new developments on supervisory guidance and industry practices to ensure continuous and well-informed effective challenge rather than periodic “check the box” reviews.

Overall Risk Culture

Lead and Inspire by having the Right Tone at the Top

Effective risk management increasingly depends on the corporate culture to motivate, promote, and support prudent risk taking along with appropriate risk management policies and procedures. While risk policies and procedures might be in place, organizational leaders who do not lead by example jeopardize gaining the buy-in and confidence from their teams.

In setting and reinforcing the institution's risk culture, leaders must instill the risk management mind-set into employees. Leading institutions use rewards and consequences to demonstrate that risk management is everyone's responsibility. These firms maintain a rigorous recruiting process that embeds desired risk culture characteristics into hiring requirements and puts mechanisms in place to encourage escalation, rapid response, investigation, and attention by all employees. In instances where risk management raises concerns and objections to the actions or exposures taken by the business, executive management will need to review the relevant information and make decisions in accordance with the institution's risk strategy and appetite.

See the Independent Risk Function as a True Advisor and Partner to the Business

Risks can be more effectively managed when they are controlled at the point of initiation – typically, by the business unit. Despite an increase in board-level support driven by a heightened regulatory environment, there remain additional opportunities for collaboration between the corporate risk and front office functions. Incentives, objectives, and level of influence are often mismatched, straining the corporate risk and front office relationship and making collaboration and actual risk management more challenging.

At leading institutions, there has been a fundamental shift in the firm's overall risk culture, with independent risk groups moving toward acting as risk advisors and business partners. Such institutions have strong risk cultures and improved collaboration in the organization by ensuring the risk management function has a seat and voice at the table. In this respect, institutions have implemented organizational and communication changes that support stronger partnership and collaboration between the independent risk function and business units by defining how risk groups are involved in key business decisions up front, and assigning key risk-related business decisions to those groups and individuals best equipped for execution.