We face a variety of risks as a result of our business activities, the most significant of which are described below. Credit risk, market risk and operational risk attract regulatory capital. As part of our internal capital adequacy assessment process, we calculate the amount of economic capital from credit, market, operational and business risk to cover risks generated from our business activities taking into account diversification effects across those risk types. Furthermore, our economic capital framework implicitly covers additional risks, e.g. reputational risk and refinancing risk, for which no dedicated EC models exist. Liquidity risk is excluded from the economic capital calculation since it is covered separately.
Credit risk arises from all transactions where actual, contingent or potential claims against any counterparty, borrower, obligor or issuer (which we refer to collectively as “counterparties”) exist, including those claims that we plan to distribute (see below in the more detailed section ). These transactions are typically part of our traditional nontrading lending activities (such as loans and contingent liabilities), traded bonds and debt securities available for sale or our direct trading activity with clients (such as OTC derivatives, FX forwards and Forward Rate Agreements). Carrying values of equity investments are also disclosed in our Credit Risk section. We manage the respective positions within our market risk and credit risk frameworks.
We distinguish between three kinds of credit risk:
- Default risk, the most significant element of credit risk, is the risk that counterparties fail to meet contractual obligations in relation to the claims described above;
- Settlement risk is the risk that the settlement or clearance of a transaction may fail. Settlement risk arises whenever the exchange of cash, securities and/or other assets is not simultaneous leaving us exposed to a potential loss should the counterparty default; and
- Country risk is the risk that we may experience unexpected default or settlement risk and subsequent losses, in a given country, due to a range of macro-economic or social events primarily affecting counterparties in that jurisdiction including: a material deterioration of economic conditions, political and social upheaval, nationalization and expropriation of assets, government repudiation of indebtedness, or disruptive currency depreciation or devaluation. Country risk also includes transfer risk which arises when debtors are unable to meet their obligations owing to an inability to transfer assets to non-residents due to direct sovereign intervention.
Market risk arises from the uncertainty concerning changes in market prices and rates (including interest rates, equity prices, foreign exchange rates and commodity prices), the correlations among them and their levels of volatility. We differentiate between three different types of market risk:
- Trading market risk arises primarily through the market-making activities of the Corporate Banking & Securities division (CB&S). This involves taking positions in debt, equity, foreign exchange, other securities and commodities as well as in equivalent derivatives.
- Trading default risk arises from defaults and rating migrations relating to trading instruments.
- Nontrading market risk arises from market movements, primarily outside the activities of our trading units, in our banking book and from off-balance sheet items. This includes interest rate risk, credit spread risk, investment risk and foreign exchange risk as well as market risk arising from our pension schemes, guaranteed funds and equity compensation. Nontrading market risk also includes risk from the modeling of client deposits as well as savings and loan products.
Operational risk means the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events, and includes legal risk. Operational risk excludes business and reputational risk.
Liquidity risk is the risk arising from our potential inability to meet all payment obligations when they come due or only being able to meet these obligations at excessive costs.
Business risk describes the risk we assume due to potential changes in general business conditions, such as our market environment, client behavior and technological progress. This can affect our results if we fail to adjust quickly to these changing conditions. At the end of 2012, we introduced an enhanced economic capital model to improve strategic risk modeling being a subcategory of business risk. This model is now used in the monthly EC calculations providing a better link between economic capital and the capital planning process.
Within our risk management processes, we define reputational risk as the risk that publicity concerning a transaction, counterparty or business practice involving a client will negatively impact the public’s trust in our organization.
Our reputational risk is governed by the Reputational Risk Management Program (RRM Program). The RRM Program was established to provide consistent standards for the identification, escalation and resolution of reputational risk issues that arise from transactions with clients or through different business activities. Primary responsibility for the identification, escalation and resolution of reputational risk issues resides with the business divisions. Each employee is under an obligation, within the scope of his/her activities, to analyze and assess any imminent or intended transaction in terms of possible risk factors in order to minimize reputational risks. If a potential reputational risk is identified, it is required to be referred for further consideration at a sufficiently senior level within that respective business division. If issues remain, they should then be escalated for discussion among appropriate senior members of the relevant Business and Control Groups. Reputational risk issues not addressed to satisfactory conclusion through such informal discussions must then be escalated for further review and final determination via the established reputational risk escalation process.
As a subcommittee of the Risk ExCo, the Group Reputational Risk Committee (“GRRC”) provides review and final determinations on all reputational risk issues and new client adoptions, where escalation of such issues is deemed necessary by senior Business and Regional Management, or required under the Group policies and procedures.
Insurance Specific Risk
Our exposure to insurance risk relates to Abbey Life Assurance Company Limited and our defined benefit pension obligations. There is also some insurance-related risk within the Pensions and Insurance Risk Markets business. In our risk management framework, we consider insurance-related risks primarily as nontrading market risks. We monitor the underlying assumptions in the calculation of these risks regularly and seek risk mitigating measures such as reinsurances, if we deem this appropriate. We are primarily exposed to the following insurance-related risks:
- Longevity risk: the risk of faster or slower than expected improvements in life expectancy on immediate and deferred annuity products;
- Mortality and morbidity risks: the risks of a higher or lower than expected number of death or disability claims on insurance products and of an occurrence of one or more large claims;
- Expenses risk: the risk that policies cost more or less to administer than expected; and
- Persistency risk: the risk of a higher or lower than expected percentage of lapsed policies.
To the extent that actual experience is less favorable than the underlying assumptions, or it is necessary to increase provisions due to more onerous assumptions, the amount of capital required in the insurance entities may increase.
Model Risk is the risk of possible adverse consequences of decisions based on models that are inappropriate, incorrect, or misused. In this context, a model is defined as a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative or qualitative estimates.
Risk concentrations refer to clusters of the same or similar risk drivers within specific risk types (intra-risk concentrations in Credit, Market, Operational risks) as well as across different risk types (inter-risk concentrations). They could occur within and across counterparties, businesses, regions/countries, industries and products. The management of concentrations is integrated as part of the management of individual risk types and monitored on an ongoing basis. The key objective is to avoid any undue concentrations in the portfolio, which is achieved through a quantitative and qualitative approach, as follows:
- Intra-risk concentrations are assessed, monitored and mitigated by the individual risk disciplines (Credit, Market, Operational Risk Management and others). This is supported by limit setting on different levels according to risk type.
- Inter-risk concentrations are managed through quantitative top-down stress-testing and qualitative bottom-up reviews, identifying and assessing risk themes independent of any risk type and providing a holistic view across the bank.
The most senior governance body for the oversight of risk concentrations throughout 2013 was the Cross Risk Review Committee, which is a subcommittee of the Capital and Risk Committee (CaR) and the Risk Executive Committee (Risk ExCo).