Risk Management Framework
The diversity of our business model requires us to identify, measure, aggregate and manage our risks, and to allocate our capital among our businesses. We operate as an integrated group through our divisions, business units and infrastructure functions. Risk and capital are managed via a framework of principles, organizational structures and measurement and monitoring processes that are closely aligned with the activities of the divisions and business units:
- Core risk management responsibilities are embedded in the Management Board and delegated to senior risk management committees responsible for execution and oversight. The Supervisory Board regularly monitors the risk and capital profile.
- We operate a three-line of defense risk management model whereby front office functions, risk management oversight and assurance roles are played by functions independent of one another.
- Risk strategy is approved by the Management Board on an annual basis and is defined based on the Group Strategic and Capital Plan and Risk Appetite in order to align risk, capital and performance targets.
- Cross-risk analysis reviews are conducted across the Group to validate that sound risk management practices and a holistic awareness of risk exist.
- All major risk classes are managed via risk management processes, including: credit risk, market risk, operational risk, liquidity risk, business risk and reputational risk. Modeling and measurement approaches for quantifying risk and capital demand are implemented across the major risk classes.
- Monitoring, stress testing tools and escalation processes are in place for key capital and liquidity thresholds and metrics.
- Systems, processes and policies are critical components of our risk management capability.
- Recovery planning provides for the escalation path for crisis management governance and supplies Senior Management with a list of actions designed to improve the capital and liquidity positions in a stress event.
- Resolution planning is closely supervised by the BaFin. It provides for a strategy to manage Deutsche Bank in case of default. It is designed to prevent the need for tax payer bailout and strengthen financial stability by the continuation of critical services delivered to the wider economy.
From a supervisory perspective, our operations throughout the world are regulated and supervised by relevant authorities in each of the jurisdictions in which we conduct business. Such regulation focuses on licensing, capital adequacy, liquidity, risk concentration, conduct of business as well as organization and reporting requirements. The BaFin and the Deutsche Bundesbank (the German central bank) act in cooperation as our primary supervisors to ensure our compliance with the German Banking Act and other applicable laws and regulations as well as, from January 1, 2014, the CRR/CRD 4 framework, as implemented into German law, as applicable.
From an internal governance perspective, we have several layers of management to provide cohesive risk governance:
- The Supervisory Board is required to be informed regularly and – as necessary – on special developments in our risk situation, risk management and risk controlling, as well as on our reputation and material litigation cases. It has formed various committees to handle specific tasks.
- At the meetings of the Risk Committee, the Management Board reports on credit, market, country, liquidity, refinancing, operational, strategic, regulatory as well as litigation and reputational risks. It also reports on credit portfolios, loans requiring a Supervisory Board resolution pursuant to law or the Articles of Association, questions of capital resources and matters of special importance due to the risks they entail. The Risk Committee deliberates with the Management Board on issues of the aggregate risk disposition and the risk strategy.
- The Integrity Committee monitors the Management Board’s measures to promote the company’s compliance with legal requirements, authorities’ regulations and the company’s own in-house policies. It also reviews the Bank’s Code of Business Conduct and Ethics and provides precautionary monitoring and strategic analysis of the Bank’s legal and reputational risks.
- The Audit Committee monitors, among other matters, the effectiveness of the risk management system, particularly the internal control system and the internal audit system.
- Our Management Board provides overall risk and capital management supervision for the consolidated Group and is exclusively responsible for day-to-day management of the company with the objective of creating sustainable value in the interest of our shareholders, employees and other stakeholders. The Management Board is responsible for defining and implementing business and risk strategies, as well as establishing the alignment of our overall performance with our business and risk strategy. The Management Board has delegated certain functions and responsibilities to relevant senior governance committees to support the fulfillment of these responsibilities, in particular to the Capital and Risk Committee (“CaR”) and Risk Executive Committee (“Risk ExCo”) whose roles are described in more detail below.
For further information on how we attempt to ensure that our overall performance is aligned to our risk strategy, please refer to section below “Risk Appetite and Capacity” and “Strategic and Capital Plan”.
Risk Management Governance Structure of the Deutsche Bank Group
The following functional committees are central to the management of risk in Deutsche Bank:
- The CaR oversees and controls integrated planning and monitoring of our risk profile and capital capacity, providing an alignment of risk appetite, capital requirements and funding/liquidity needs with Group, divisional and sub-divisional business strategies. It provides a platform to discuss and agree strategic issues impacting capital, funding and liquidity among Risk Management, Finance and the business divisions. The CaR initiates actions and/or makes recommendations to the Management Board. It is also responsible for monitoring our risk profile against our risk appetite on a regular basis and ensuring escalation or other actions are taken. The CaR monitors the performance of our risk profile against early warning indicators and recovery triggers, and provides recommendations to the Management Board to invoke defined process and/or actions under the recovery governance framework if required.
- Our Risk ExCo, as the most senior functional committee of our risk management, identifies, controls and manages all risks including risk concentrations at Group level, and is a center of expertise concerning all risk related topics of the business divisions. It is responsible for risk policy, the organization and governance of risk management and oversees the execution of risk and capital management including identification, analysis and risk mitigation, within the scope of the risk and capital strategy (Risk and Capital Demand Plan) approved by the Management Board. The Risk ExCo is supported by sub-committees that are responsible for dedicated areas of risk management, including several policy committees, the Cross Risk Review Committee (“CRRC”) and the Group Reputational Risk Committee (“GRRC”).
- The CRRC supports the Risk ExCo and the CaR with particular emphasis on the management of Group-wide risk patterns. The CRRC, under a delegation of authority from the CaR has responsibility for the day-to-day oversight and control of our Internal Capital Adequacy Assessment Process (“ICAAP”). The CRRC also oversees the inventory of stress tests used for managing our risk appetite, reviews the results and proposes management action, if required. It monitors the effectiveness of the stress test process and drives continuous improvement of our stress testing framework. It is supported by a dedicated Stress Testing Oversight Committee which has the responsibility for the definition of the Group-wide stress test scenarios, maintaining common standards and consistent scenarios across risk types, and reviewing the group-wide stress test results.
The Living Wills Committee (“LWC”) is the dedicated sub-committee of the CaR with focus on recovery and resolution planning. It oversees the implementation of our recovery and resolution plans and enhancements to the Group’s operational readiness to respond to severe stress or the threat of a severe stress.
Multiple members of the CaR are also members of the Risk ExCo which facilitates the information flow between the two committees.
Our Chief Risk Officer (“CRO”), who is a member of the Management Board, is responsible for the identification, assessment and reporting of risks arising within operations across all business and all risk types, and has direct management responsibility for the following risk management functions: Credit Risk Management, Market Risk Management, Operational Risk Management and Liquidity Risk Control.
These are established with the mandate to:
- Support that the business within each division is consistent with the risk appetite that the CaR has set within a framework established by the Management Board;
- Formulate and implement risk and capital management policies, procedures and methodologies that are appropriate to the businesses within each division;
- Approve credit, market and liquidity risk limits;
- Conduct periodic portfolio reviews to keep the portfolio of risks within acceptable parameters; and
- Develop and implement risk and capital management infrastructures and systems that are appropriate for each division.
In addition, dedicated regional Chief Risk Officers for Germany, for the Americas and for Asia-Pacific, and divisional Chief Risk Officers for DeAWM and NCOU have been appointed to establish a holistic risk management coverage.
The heads of the aforementioned risk management functions as well as the regional and divisional Chief Risk Officers have a direct reporting line into the CRO.
Furthermore, several teams within the risk management functions cover overarching aspects of risk management. Their mandate is to provide an increased focus on holistic risk management and cross-risk oversight to further enhance our risk portfolio steering. Key objectives are:
- Drive key strategic cross-risk initiatives and establish greater cohesion between defining portfolio strategy and governing execution, including regulatory adherence;
- Provide a strategic and forward-looking perspective on the key risk issues for discussion at senior levels within the bank (risk appetite, stress testing framework);
- Strengthen risk culture in the bank; and
- Foster the implementation of consistent risk management standards.
Our Finance and Group Audit operate independently of both our business divisions and of our Risk function. The role of the Finance department is to help quantify and verify the risk that we assume and maintain the quality and integrity of our risk-related data. Group Audit examines, evaluates and reports on the adequacy of both the design and effectiveness of the systems of internal control including the risk management systems.
The integration of the risk management of our subsidiary Deutsche Postbank AG is promoted through harmonized processes for identifying, assessing, managing, monitoring, and communicating risk, the strategies and procedures for determining and safe guarding risk-bearing capacity, and corresponding internal control procedures. Key features of the joint governance are:
- Functional reporting lines from the Postbank Risk Management to Deutsche Bank Risk;
- Participation of voting members from Deutsche Bank from the respective risk functions in Postbank’s key risk committees and vice versa; and
- Implementation of key Group risk policies at Postbank.
The key risk management committees of Postbank, in all of which Postbank’s Chief Risk Officer as well as senior risk managers of Deutsche Bank are voting members, are:
- The Bank Risk Committee, which advises Postbank’s Management Board with respect to the determination of overall risk appetite and risk allocation;
- The Credit Risk Committee, which is responsible for limit allocation and the definition of an appropriate limit framework;
- The Market Risk Committee, which decides on limit allocations as well as strategic positioning of Postbank’s banking and trading book and the management of liquidity risk;
- The Operational Risk Management Committee, which defines the appropriate risk framework as well as the capital allocation for the individual business areas; and
- The Model and Validation Risk Committee, which monitor validation of all rating systems and risk management models.
The main focus of this work, taking the legal framework into account, is to comply with the agreed regulatory roadmap and to further develop our joint risk management infrastructure. In 2013, the group-wide AMA model for operational risk was approved by the regulator to be used in Postbank. Moreover, large clients are now centrally managed on our credit platform.
We seek to promote a strong risk culture throughout our organization. A strong risk culture is designed to help reinforce our resilience by encouraging a holistic approach to the management of risk and return throughout our organization as well as the effective management of our risk, capital and reputational profile. We actively take risks in connection with our business and as such the following principles underpin risk culture within our group:
- Risk is taken within a defined risk appetite;
- Every risk taken needs to be approved within the risk management framework;
- Risk taken needs to be adequately compensated; and
- Risk should be continuously monitored and managed.
Employees at all levels are responsible for the management and escalation of risks. We expect employees to exhibit behaviors that support a strong risk culture. To promote this our policies require that behavior assessment is incorporated into our performance assessment and compensation processes. We have communicated the following risk culture behaviors through various communication vehicles:
- Being fully responsible for our risks;
- Being rigorous, forward looking and comprehensive in the assessment of risk;
- Inviting, providing and respecting challenges;
- Trouble shooting collectively; and
- Placing Deutsche Bank and its reputation at the heart of all decisions.
To reinforce these expected behaviors and strengthen our risk culture, we conduct a number of group-wide activities. Our Board members and senior management frequently communicate the importance of a strong risk culture to support a consistent tone from the top. To further strengthen this message, we have reinforced our targeted training. In 2013, our employees attended more than 114,000 mandatory training modules globally including, for example, the Code of Business Conduct & Ethics, Fraud Awareness and An Introduction to MaRisk. As part of our ongoing efforts to strengthen our risk culture, we review our training suite regularly to develop further modules or enhance existing components.
In addition, along with other measures to strengthen our performance management processes, we have designed and implemented a process to tie formal measurement of risk culture behaviors to our employee performance assessment, promotion and compensation processes. This process has been in place in our CB&S and GTB divisions since 2010 and has subsequently been rolled out to our DeAWM, NCOU and Risk divisions. We plan to achieve a full bank wide roll out in 2014. This process is designed to further strengthen employee accountability. Further measures are already being reviewed and will be added to the program in 2014.
Risk Appetite and Capacity
Risk appetite expresses the level of risk that we are willing to assume in order to achieve our business objectives. Risk capacity is defined as the maximum level of risk we can assume in both normal and distressed situations before breaching regulatory constraints and our obligations to stakeholders.
Risk appetite is an integral element in our business planning processes via our Risk and Capital Demand Plan, with the aim to create a more holistic perspective on capital, funding and risk-return considerations. Risk appetite is set within our risk capacity in which we consider our capital, assets and borrowing capacities. We hereby leverage the stress testing process to also consider stressed market conditions. Top-down risk appetite serves as the limit for risk-taking for the bottom-up planning from the business functions.
The Management Board reviews and approves the risk appetite and capacity on an annual basis with the aim of ensuring that it is consistent with our Group strategy, business and regulatory environment and stakeholders’ requirements.
In order to determine our risk appetite and capacity, we set different group level triggers and thresholds on a forward looking basis and define the escalation requirements for further action. We assign risk metrics that are sensitive to the material risks to which we are exposed and which are able to function as key indicators of financial health. In addition to that, we link our risk and recovery management governance framework with the risk appetite framework. In detail, we assess a suite of metrics under stress (Common Equity Tier 1 (“CET 1”) capital ratio, Internal Capital Adequacy (“ICA”) ratio, Stressed Net Liquidity Position (“SNLP”)) within the regularly performed benchmark and more severe group-wide stress tests and compare them to the Red-Amber-Green (“RAG”) levels as defined in the table below.
CET 1 capital ratio
Internal capital adequacy
Net liquidity position
> 8.0 %
> 135 %
> € 5 billion
8.0 % – 5.5 %
135 % – 120 %
€ 5 billion – € 0 billion
< 5.5 %
< 120 %
< € 0 billion
In the event that our desired risk appetite is breached under either normal or stressed scenarios, a predefined escalation governance matrix is applied so these breaches are highlighted to the respective committees, and ultimately to the Chief Risk Officer and the Management Board. Amendments to the risk appetite and capacity must be approved by the Chief Risk Officer or the full Management Board, depending on their significance.
Strategic and Capital Plan
We conduct an annual strategic planning process which lays out the development of our future strategic direction as a group and for our business areas/units. The strategic plan aims to create a holistic perspective on capital, funding and risk under risk-return considerations. This process translates our long term strategic targets into measurable short to medium term financial targets and enables intra-year performance monitoring and management. Thereby we aim to identify optimal growth options by considering the risks involved and the allocation of available capital resources to drive sustainable performance. Risk specific portfolio strategies complement this framework and allow for an in-depth implementation of the risk strategy on portfolio level, addressing risk specifics including risk concentrations.
The strategic planning process consists of two phases: a top-down target setting and a bottom-up substantiation.
In a first phase – the top down target setting – our key targets for profit and loss (including revenues and costs), capital supply, and capital demand as well as leverage and funding and liquidity are discussed for the group and the key business areas by the Group Executive Committee. In this process, the targets for the next three years are based on our global macro-economic outlook and the expected regulatory framework. Subsequently, the targets are approved by the Management Board.
In a second phase, the top-down objectives are substantiated bottom-up by detailed business unit plans, which for the first year consist of a month by month operative plan; years two and three are annual plans. The proposed bottom-up plans are reviewed and challenged by Finance and Risk and are discussed individually with the business heads. Thereby, the specifics of the business are considered and concrete targets decided in line with our strategic direction. Stress tests complement the strategic plan to also consider stressed market conditions.
The resulting Strategic and Capital Plan is presented to the Group Executive Committee and the Management Board for discussion and approval. Following the approval of the Management Board, the final plan is presented to the Supervisory Board.
The Strategic and Capital Plan is designed to support our vision of being a leading client-centric global universal bank and aims to ensure:
- Balanced risk adjusted performance across business areas and units;
- High risk management standards with focus on risk concentrations;
- Compliance with regulatory requirements;
- Strong capital and liquidity position; and
- Stable funding and liquidity strategy allowing for the business planning within the liquidity risk appetite and regulatory requirements.
The Strategic and Capital Planning process allows us to:
- Set earnings and key risk and capital adequacy targets considering the bank’s strategic focus and business plans;
- Assess our risk-bearing capacity with regard to internal and external requirements (i.e., economic capital and regulatory capital); and
- Apply an appropriate stress test to assess the impact on capital demand, capital supply and liquidity.
The specific limits e.g. regulatory capital demand and economic capital are derived from the Strategic and Capital Plan to align risk, capital and performance targets at all relevant levels of the organization.
The targets are monitored on an ongoing basis in appropriate management committees. Any projected shortfall from targets is discussed together with potential mitigating strategies seeking to ensure that we remain on track to achieve our targets. Amendments to the strategic and capital plan must be approved by the Management Board.
In September 2012, we communicated a new strategic direction “Strategy 2015+”. With our business franchise strengthened, we aspire a capital position of above 10 % CET 1 capital ratio by first quarter 2015, under full application of CRR/CRD 4 rules. This goal is based on retained earnings assumptions, reflecting not only strong revenue generation in targeted growth areas but also on the delivery of our announced Operational Excellence (OpEx) Programm to target annual cost savings of € 4.5 billion by 2015, achieving a cost-income ratio of below 65 % for our core businesses. Our capital ratio target is further supported by risk reduction measures, notably in our NCOU.
Recovery and Resolution Planning
The 2007/2008 financial crisis exposed banks and the broader financial market to unprecedented pressures. These pressures led to significant support for certain banks by their governments and to large scale interventions by central banks. The crisis also forced many financial institutions to significantly restructure their businesses and strengthen their capital, liquidity and funding bases. This crisis revealed that many financial institutions were insufficiently prepared for a fast-evolving systemic crisis and thus were unable to act and respond in a way that would avoid potential failure and prevent material adverse impacts on the financial system and ultimately the economy and society.
In response to the crisis, the Financial Stability Board (FSB) has published a list of global systematically important financial banks (G-SIBs) and has advised its member institutions to mandate and support the development of recovery and resolution plans within G-SIBs. Corresponding legislation has been enacted in several jurisdictions, including Germany and the U.S.. As we have been identified as one of the G-SIBs, we have developed the Group’s recovery plan (Recovery Plan) and submitted this to the relevant regulators. The Recovery Plan is updated at least annually and reflects changes in the business and the regulatory requirements.
The Recovery Plan prepares us to restore our financial strength and viability during an extreme stress situation. The Recovery Plan’s more specific purpose is to outline how we can respond to a financial stress situation that would significantly impact our capital or liquidity position. Therefore it lays out a set of defined actions aimed to protect us, our customers and the markets and prevent a potentially more costly resolution event. In line with regulatory guidance, we have identified a wide range of recovery measures that will mitigate multiple stress scenarios which would have severe capital and liquidity impacts on us. These scenarios originate from both idiosyncratic and market-wide events. Our governance structures and defined processes will help to promote our monitoring, escalation, decision-making and implementation of recovery options in the occurrence of a crisis event.
The Recovery Plan’s key objective is to help us to recover from a severe situation by selecting actions that we need to take to stay both sufficiently capitalised and funded. This plan extends our risk management framework and can be executed in extreme scenarios where crises may threaten our survival (i.e., substantial loss of capital or inability to access market liquidity when needed). The Management Board determines when a Recovery Plan has to be invoked and which recovery measures are deemed appropriate.
The Recovery Plan is designed to cover multiple regulations including those of the FSB, EU, Germany and other key jurisdictions. Furthermore, the plan incorporates feedback from extensive discussions with our Crisis Management Group (CMG). This CMG is formed by key home and host authorities and is led by the BaFin and Bundesbank as our home banking authorities. We report to this CMG with the objective of enhancing preparedness for, and facilitating the management and resolution of a cross-border financial crisis affecting us. This CMG is also intended to cooperate closely with authorities in other jurisdictions where firms have a systemic presence.
We are working closely with the BaFin to support it in its mandate to create our Group Resolution Plan as set out in Section 47g of the German Banking Act and also with our US regulator on the detailed plan of the US operations resolution activities, including in particular the potential practicalities that could be encountered.
This US Resolution Plan is designed to prepare for an orderly resolution of our US operations in the event of severe distress or insolvency. The US Resolution Plan complies with the requirements specified in Section 165(d) of the Dodd-Frank rule which requires all Bank Holding Companies, foreign banks with US branches and designated SIFIs, with more than US $ 50 billion of assets to submit annual plans to facilitate a “rapid and orderly resolution” in the event of material financial distress or failure without material governmental support.
At the core of the US Resolution Plan are Critical Operations (“COs”), Core Business Lines (“CBLs”) and Material Legal Entities (“MLEs”). The US Resolution Plan demonstrates how COs, as identified by the Fed and FDIC, can be maintained during distress and resolution, alleviating any potential systemic impact on US financial stability. The US Resolution Plan also projects whether the CBLs, depending on our definition, will be sold or wound down in resolution. Finally, the US Resolution Plan lays out the resolution strategy for each MLE, defined as those entities significant to the activities of a critical operation or core business line. Key factors addressed in the US Resolution Plan include how to ensure:
- continued support for the operations from other US and non-US legal entities as well as from third parties such as payment servicers, exchanges and key vendors;
- availability of funding from both external and internal sources;
- retention of key employees during resolution; and
- efficient and coordinated close-out of cross-border contracts.
The US Resolution Plan is drafted in coordination with the US businesses and infrastructure groups so that it accurately reflects the business, critical infrastructure and key interconnections.