We face a variety of risks as a result of our business activities, the most significant of which are described below. Credit risk, market risk and operational risk attract regulatory capital. As part of our internal capital adequacy assessment process, we calculate the amount of economic capital that is necessary to cover all material risks generated from our business activities, other than of liquidity risk.
Credit risk arises from all transactions where actual, contingent or potential claims against any counterparty, borrower or obligor (which we refer to collectively as “counterparties”) exist, including those claims that we plan to distribute (see below in the more detailed section ). These transactions are typically part of our traditional nontrading lending activities (such as loans and contingent liabilities), or our direct trading activity with clients (such as OTC derivatives, FX forwards and Forward Rate Agreements). We distinguish between three kinds of credit risk:
- Default risk, the most significant element of credit risk, is the risk that counterparties fail to meet contractual obligations in relation to the claims described above;
- Settlement risk is the risk that the settlement or clearance of a transaction may fail. Settlement risk arises whenever the exchange of cash, securities and/or other assets is not simultaneous leaving us exposed to a potential loss should the counterparty default;
- Country risk is the risk that we may experience unexpected default or settlement risk and subsequent losses, in a given country, due to a range of macro-economic or social events primarily affecting counterparties in that jurisdiction including: a material deterioration of economic conditions, political and social upheaval, nationalisation and expropriation of assets, government repudiation of indebtedness, or disruptive currency depreciation or devaluation. Country risk also includes transfer risk which arises when debtors are unable to meet their obligations owing to an inability to transfer assets to non-residents due to direct sovereign intervention.
Market risk arises from the uncertainty concerning changes in market prices and rates (including interest rates, equity prices, foreign exchange rates and commodity prices), the correlations among them and their levels of volatility. We differentiate between three different types of market risk:
- Trading market risk arises primarily through the market-making activities of the Corporate Banking & Securities division (CB&S). This involves taking positions in debt, equity, foreign exchange, other securities and commodities as well as in equivalent derivatives.
- Trading default risk arises from defaults and rating migrations relating to trading instruments.
- Nontrading market risk arises from market movements, primarily outside the activities of our trading units, in our banking book and from off-balance sheet items. This includes interest rate risk, credit spread risk, investment risk and foreign exchange risk as well as market risk arising from our pension schemes, guaranteed funds and equity compensation. Nontrading market risk also includes risk from the modeling of client deposits as well as savings and loan products.
Operational risk is the potential for failure (including the legal component) in relation to employees, contractual specifications and documentation, technology, infrastructure failure and disasters, external influences and customer relationships. Operational risk excludes business and reputational risk.
Liquidity risk is the risk arising from our potential inability to meet all payment obligations when they come due or only being able to meet these obligations at excessive costs.
Business risk describes the risk we assume due to potential changes in general business conditions, such as our market environment, client behavior and technological progress. This can affect our results if we fail to adjust quickly to these changing conditions. In 2012, we introduced an enhanced economic capital model to improve coverage of strategic risk being a subcategory of business risk.
In addition to the above risks, we face a number of other types of risks, such as reputational risk, insurance-specific risk and concentration risk. They are substantially related to one or more of the above risk types.
Within our risk management processes, we define reputational risk as the risk that publicity concerning a transaction, counterparty or business practice involving a client will negatively impact the public’s trust in our organization.
Our reputational risk is governed by the Reputational Risk Management Program (RRM Program). The RRM Program was established to provide consistent standards for the identification, escalation and resolution of reputational risk issues that arise from transactions with clients or through different business activities. Primary responsibility for the identification, escalation and resolution of reputational risk issues resides with the business divisions. Each employee is under an obligation, within the scope of his/her activities, to analyse and assess any imminent or intended transaction in terms of possible risk factors in order to minimise reputational risks. If a potential reputational risk is identified, it must be referred for further consideration at a sufficiently senior level within that respective business division. If issues remain, they should then be escalated for discussion among appropriate senior members of the relevant Business and Control Groups. Reputational risk issues not addressed to satisfactory conclusion through such informal discussions must then be escalated for further review and final determination via the established reputational risk escalation process.
As a subcommittee of the Risk ExCo, the Group Reputational Risk Committee (“GRRC”) provides review and final determinations on all reputational risk issues and new client adoptions, where escalation of such issues is deemed necessary by senior Business and Regional Management, or required under the Group policies and procedures.
Insurance Specific Risk
Our exposure to insurance risk relates to Abbey Life Assurance Company Limited and our defined benefit pension obligations. There is also some insurance-related risk within the Pensions & Insurance Risk Markets business. In our risk management framework, we consider insurance-related risks primarily as nontrading market risks. We monitor the underlying assumptions in the calculation of these risks regularly and seek risk mitigating measures such as reinsurances, if we deem this appropriate. We are primarily exposed to the following insurance-related risks.
- Longevity risk: the risk of faster or slower than expected improvements in life expectancy on immediate and deferred annuity products.
- Mortality and morbidity risks: the risks of a higher or lower than expected number of death or disability claims on assurance products and of an occurrence of one or more large claims.
- Expenses risk: the risk that policies cost more or less to administer than expected.
- Persistency risk: the risk of a higher or lower than expected percentage of lapsed policies.
To the extent that actual experience is less favorable than the underlying assumptions, or it is necessary to increase provisions due to more onerous assumptions, the amount of capital required in the insurance entities may increase.
Risk concentrations refer to a loss potential resulting from an unbalanced distribution of dependencies on specific risk drivers and can occur within specific risk types (i.e., intra-risk concentrations) as well as across different risk types (inter-risk concentrations). They are encountered within and across counterparties, businesses, regions/countries, legal entities, industries and products, impacting the aforementioned risks. The management of risk concentrations is integrated in the management of the individual risk types and monitored on a regular basis. The key objective of managing risk concentrations is to avoid any undue concentrations in our portfolio, which we seek to achieve through a quantitative and qualitative approach, as follows:
- Intra-risk concentrations are assessed and monitored by the individual risk disciplines (Credit, Market, Operational Risk Management and others). This is supported by limit setting on different levels according to risk type.
- Inter-risk concentrations are managed by quantitative top-down stress-testing and qualitative bottom-up reviews identifying and assessing risk themes independent of any risk type and providing a holistic view across the bank.
The most senior governance body for the oversight of risk concentrations is the Cross Risk Review Committee, which is a subcommittee of the Capital and Risk Committee (CaR) and the Risk Executive Committee (Risk ExCo).