1994-12-19
Added · Updated
The Basel Committee on Banking Supervision issued these guidelines to establish sound risk management practices for banking organizations engaging in derivatives activities. The document mandates robust oversight by boards and senior management, requiring independent risk functions, comprehensive measurement systems, and strict internal controls. It further details specific requirements for managing credit, market, liquidity, operational, and legal risks through integrated limit structures and regular auditing.
RISKS MANAGEMENT GUIDELINES FOR DERIVATIVES Basle Committee on Banking Supervision July 1994
TABLE OF CONTENTS Page I. Introduction and basic principles 1 II Oversight of the risk management process 2 Board of directors 3 Senior management 3 Independent risk management functions 4 III The risk management process 4 Risk measurement 5 Limiting risks 6 Reporting 6 Management evaluation and review 7 IV Internal controls and audits 7 V Sound risk management practices for each type of risk 9 Credit risk 9 Market risk 10 Liquidity risk 11 Operations risk 12 Legal risk 14
Risk management guidelines for derivatives I. Introduction and basis principles
investment partnerships; and corporations, local and state governments , government agencies and international agencies. 5. Intermediaries, which are sometimes referred to as “dealer”, cater to the needs of end-user by “making markets” in OTC derivatives instruments. In doing so, they expect to generate income from transaction fees, bid/offer spreads and their own trading positions. Important intermediaries, or derivatives dealers, include major banks and securities firms around the world. As intermediaries, banks have traditionally offered foreign exchange and interest rate risk management products to their customers and generally view derivatives products as a financial risk management service. 6. The basis risk associated with derivatives transactions are not new to banking organizations. In general, these risks are credit risk, market risk, liquidity risk, operations risk and legal risk. Because they facilities the specific identification and management of these risks, derivatives have the potential to enhance the safety and soundness of financial institutions and to produce a more efficient allocation of financial risks. However, since derivatives also repackage these basis risks in combinations that can be quite complex, they can also threaten the safety and soundness of institutions if they are not clearly understood and properly managed. 7. Recognizing the importance of sound risk management to the effective use of derivatives instruments, the following guidance is intented to highlight the key elements and basic principles of sound management practice for both dealers and endusers of derivatives instruments. These basic principles include:
organization’s broder business strategies, capital strength, management expertise and overall willingness to take risk. Accordingly, the border should be informed regularly of the risk exposure of the institution and should regularly re-evaluate significant risk management policies and procedures with special emphasis placed on those defining the institution’s risk tolerance regarding these activities. The board of directors should also conduct and encourage discussions between its members and senior management, as well as between senior management and others in the institution, regarding the institution’s risk management process and risk exposure. 3. Senior management. Senior management should be responsible for ensuring that there are adequate policies and procedures for conducing derivatives operations on both a long-range and day-to-day basis. This responsibility includes ensuring that there are clear delineation of lines of responsibility for managing risk, adequate systems for measuring risk, appropriately structured limits on risk taking, effective internal controls and a comprehensive risk-reporting process. 4. Before engaging in derivatives activities, management should ensure that all appropriate approvals are obtained and that adequate operational procedures and risk control systems are in place. Proposals to undertake derivatives activities should include, as applicable:
After the institution’s initial entry derivatives has been properly approved, any significant changes in such activities or any new derivatives should be approved by the board of directors or by an appropriate level of senior management, as designated by the board of directors.
Senior management should regularly evaluate the procedures in place to manage risk to ensure that those procedures are appropriate and sound. Senior management should also foster and participate in active discussions with the board, with staff of risk management functions and with traders regarding procedures for measuring and managing risk. Management must also ensure that derivatives activities are allocated sufficient resources and staff to manage and control risks.
As a matter of general policy, compensation policies - especially in the risk management, control and senior management functions - should be strutted in a way that is sufficiently independent for the performance of trading activities, thereby avoiding the potential incentives for expressive risk taking that can occur if, for example, salaries are ties too closely to the profitability of derivatives.
Independent risk management functions. To the extent warranted by the bank’s activities, the process of measuring, monitoring and controlling risk consistent with the established policies and procedures should be managed independently of individuals conducting derivatives activities, up through senior levels of the institution. An independent system for reporting exposure to both senior-level management and the board of directors is an important element of this process.
The personnel staffing independent risk management functions should have a complete understanding of the risks associated with all of the bank’s derivatives activities. Accordingly, compensation policies for these individuals should be adequate to attract and retain personnel qualified to access these risks. III. The risk management process
The primary components of a sound risk management process are the following: a comprehensive risk measurement approach; a detailed structure of limits, guidelines and other parameters used to govern risk taking; and a strong management information system for controlling, monitoring and reporting risks. These components are fundamental to both derivatives and non-derivatives activities alike. Moreover, the underlying risks associated with these activities, such as credit, market, liquidity, operations and legal risks, are not new to banking, although their measurement and management can be more complex. Accordingly, the process of risk management for derivatives activities should be integrated into the institution’s overall risk management system to the fullest extent possible using a conceptual framework common to the institution’s other activities. Such a common framework enables the institution to manage its risk exposure more effectively, especially since the various individual risk involved in derivatives activities can, at times, be interconnected and can often transcend specific markets.
As the case with all risk-bearing activities, the risk exposures an institution assumes in its derivatives activities should be fully supported by an adequate capital position. The institution should ensure that its capital position is sufficiently strong to support all derivatives risks on a fully consolidated basis and that adequate capital is maintained in all group entities engaged in these activities.
Risk measurement. An institution’s system for measuring the various risks of derivatives activities should be both comprehensive and accurate. Risk should be measured and aggregated across trading and non-trading activities on an institution-wide basis to the fullest extent possible.
While the use of single prescribed risk measurement approach for management purposes may not be essential, the institution’s procedures should enable management to assess exposures on a consolidated basis. Risk measures and the risk measurement process should be sufficiently robust to reelect accurately the multiple types of risks facing the institution. Risk measurement standards should be understood by relevant personnel at all levels of the institution - from individual traders to the board of directors - and should provide a common framework for limiting and monitoring risk taking activities.
With regard to dealer operations, the process of making derivatives positions to market is fundamental to measuring and reporting exposures accurately and on a timely basis. An institution active in dealing foreign exchange, derivatives and other traded instruments should have the ability to monitor credit exposures, trading positions and market movements at least daily. Some institutions should also have the capacity, or at least the goal, of monitoring their more actively traded products on a real-time basis.
Analyzing stress situations, including combinations of market events that could affect the banking organization, is also an important aspect of risk measurement. Sound risk measurement practices include identifying possible events or changes in market behavior that could have unfavorable effects on the institution and assessing the ability of the institution to withstand them. These analyses should consider not only the likelihood of adverse events, reflecting their probability, but also “ worst case” scenarios. Ideally, such worst case analysis should be conducted on an institution - wide basis by taking into account the effect of unusual changes in prices or volatilities, market illiquidity or the default of a large counterparty across both the derivatives and cash trading portfolios and the loan and funding portfolios.
Such stress test should not be limited to quantitative that compute potential losses or gains. They should also include more qualitative analyses of the actions management might take under particular scenarios. Contingency plans outlining operating procedures and lines of communication, both format and informal, are important products of such qualitative analyses.
Limiting risks. A sound systems of integrated institution-wide limits and risk taking guideline is an essential component of the risk management process. Such a system should set boundaries for organizational risk-taking and should also ensure that positions that exceed certain predetermined levels receive prompt management attention. The limit system should be consistent with the effectiveness of the organization’s overall risk management process and with the adequacy of its capital position. An appropriate limit system should permit management to control exposures, to initiate discussion about opportunities and risks and to monitor actual risk taking against predetermined tolerances, as determined by the board of directors and senior management.
Global limits should be set for each major type of risk involved in an institution’s derivatives activities. These limits should be consistent with the institution’s overall risk measurement approach and should be integrated to the fullest extent possible
with institution-wide limits on those risks as they arise in all other activities of the institution. Where appropriate, the limit system should provide the capability to allocate limits down to individual business units. 10. If limits are exceeded, such occurrences should be made known to senior management and approved only by authorised personnel. These positions should also prompt discussions about the consolidated risk taking activities of the institution or the unit conducting the derivatives activities. The seriousness of limit exceptions depends in large part upon management ‘s approach toward setting limits and on the actual size of individual and organizational limits relative to the institution’s capacity to take risk. An institution with relatively conservative limits may encounter more exceptions to those limits than an institution with less restrictive limits. 11. Reporting. An accurate, informative and timely management information system is essential to the prudent operation of derivatives activities. Accordingly, the quality of the management process. The risk management function should monitor and report its measures of risks to appropriate levels of senior management an to the board of directors. In dealer operations, exposures and profit and loss statements should be reported at least daily to managers who supervise but so not , themselves, conduct those activities. More frequent reports should be made as market conditions dictate. Reports to other levels of senior management and the board may occur less frequently, but the frequency of reporting should provide these individuals with adequate information to judge the changing nature of the institution’s risk profile. 12. Management information systems should translate the measured risk for derivatives activities from a technical and quantitative format to one that can be easily read and understood by senior managers and directors, who may not have specialized and technical knowledge of derivatives products, Risk exposures arising from various derivatives products should be reported to senior managers and directors using a common conceptual framework for measuring and limiting risks. 13. Management evaluation and review. Management should ensure that the various components of the institution’s management process are regularly reviewed and evaluated. This review should take into account changes in the activities of the institution and in the market environment, since the changes may have created exposures that required additional attention. Any material changes may have created exposures that required addition attention. Any material changes to the risk management system should also be reviewed. 14. The risk management functions should regularly assess the methodologies, models and assumptions used to measure risk and to limit exposures. Proper documentation of these elements of the risk measurement system is essential for conducing meaningful reviews. the review of limit structures should compare limits are appropriate in view of the institution’s past performance and current capital position.
thoroughly evaluate the effectiveness of internal controls relevant to measuring, reporting and limiting risks. Internal auditors should evaluate compliance with risk limits and the reliability and timeliness of information reported to the institution reported to the institution’s senior management and board of directors. 4. The internal auditors’ assessment of the adequacy of internal controls involves a process of understanding, documenting, evaluating and testing an institution’s internal control system. This assessment should include product or business line reviews which, in turn, should start with an assessment of line’s organizational structure. Especially for dealer operations, the auditors should check for adequate separation of duties ( particularly between market personnel and functions of internal control and risk management ), adequate oversight by a knowledgeable manager without day-to-day responsibilities in the dealer operation and the presence of separate reporting lines for risk management and internal control personnel on one side and for market making personnel on the other. Product-by-product reviews of management structured should supplement the overall assessment of the organizational structure of the institution’s derivatives business. 5. The institution should establish internal controls for key activities. For example, for transaction recording and processing, the institution should have written policies and procedures for recording trades, assess the trading area’s adherence to policy and analyze the transaction processing cycle, including settlement, to ensure the integrity and accuracy of its records and management reports. The institution should review the revaluation process in order to assess the adequacy of written policies and procedures for revaluing positions and for creating any associated revaluation reserves. The institution should review compliance with revaluation policies and procedures, the frequency of revaluation and the independence and quality of the sources of revaluation prices, especially of instruments originated and traded in illiquid markets. All significant internal controls associated with the management of market risk, such as position versus limit reports and approval policies and procedures for limit exceptions, should also be reviewed. The institution also should review the credit approval process to ensure that the risks of specific products are adequately captured and that credit approval procedures are followed for all transactions. In this connection, institutions should recognize their combined credit exposure to given counterparty that arise from transactions conducted throughout the bank. V. Sound risk management practices for each type of risk
as the sum of the replacement cost of the position, plus an estimate of the institution’s potential future exposure from the instrument as a result of market changes. Replacement cost should be determined using current market prices or generally accepted approaches for estimating the present value of future payments required under each contract, given current market conditions. 3. Potential credit risk exposure is measured more subjectively than current exposure and is primarily a function of the time remaining to maturity and the expected volatility of the price, rate or index underlying the contract. dealers and large derivatives participants should assess potential exposure through simulation analysis or other sophisticated techniques, which, when properly, designed and implemented can produce estimates of potential exposure that incorporate both portfolio-specific characteristics and current market conditions. Smaller end-user may measure this exposure by using “addons” based on more general characteristics. In either case, the assumptions underlying the institution’s risk measure should be reasonable and if the institution measures exposures using a portfolio approach, it should do so in a prudent manner. 4. An institution can use the master netting agreements and various credit enhancements, such as collateral or third-party guarantees, to reduce its counterparty credit risk. In such cases, an institution’s credit exposures should reflect these riskreducing features only to the extent that the agreements and resource provisions are legally enforceable in all relevant jurisdictions. This legal enforceability should extend to any insolvency proceedings of the counterparty. The institution should be able to demonstrate that it has exercised due diligence in evaluating the enforceability of these contracts and that individual transactions have been executed in a manner that provides adequate protection to the institution. 5. Credit limits that consider both settlement and pre-settlement exposure should be established for all counterparties with whom the institution conducts business, As a matter of general policy, business with a counterparty should not be commerce until a credit line has been approved. The structure of the credit-approval process may differ among institutions, reflecting the organizational and geographic structure of each institution. Nevertheless, in all cases, it is important that credit limits be determined by personnel who are independent of the derivatives function, that these personnel use standards consistent with those used for other activities and that counterparty credit lines are consistent with the organisation’s policies and consolidated exposures. 6. If credit limits are exceeded, exceptions should be resolved according to the institution’s policies and procedures. In addition, the institution’s report should adequately provide traders and credit officers with relevant, accurate and timely information about the credit exposures and approved credit lines. 7. Similar to bank loans, over-the-counter derivatives products can have credit exposures that can exist for an extended period. Given these potentially long-term exposures and the complexity associated with some derivatives instruments, an institution
should consider the overall financial strength of its counterparties and their ability to perform on their obligations. 8. Market risk. Market risk to an institution’s financial condition resulting from adverse movements in the level or volatility of market prices. The market risks created-or hedged- by a future or swap are similar, although not necessarily straightforward to manage. They are exposures to changes in the underlying cash instrument and to changes in interest rates. By contrast, the value of an option is also affected by other factors, including the volatility of the price of the underlying instrument and the passage of time. In addition, all trading activities are affected by market liquidity and by local or world political and economic events. 9. Market risk is increasingly measured by market participants using a valueat-risk approach, which measures the potential gain or loss in a position, portfolio or institution that is associated with a price movement of a given probability over a specified at least daily. Although an institution may use risk measures other than value at risk, the measure used should be sufficiently accurate and rigorous, and the institution should ensures that it is adequately incorporated into its risk management process. 10. An institution should compare its estimated market risk exposures with actual behavior. In particular, the output of any market risk models that require simulations or forecasts of future prices should be compared with actual results. If the projected and actual results differ materially, the assumptions used to derive the projections should be carefully reviewed or the models should be modified, as appropriate. 11. The institution should establish limits for market risk that related to its risk measures and that are consistent with maximum exposure authorised by its senior management and board of directors. These limits should be allocated to business units and individual decision makers and be clearly understood by all relevant parties. Exceptions to limits should be detected and adequately addressed by management. In practice, some limit systems may include additional elements such as stop-loss limits and guidelines that may play an important role in controlling risks. 12. An institution whose derivatives activities are limited in volume and confined to end-user activities may need less sophisticated risk measurement systems than those required by a dealer. Senior management at such an institution should ensure that all significant risks arising from its derivatives transactions can be quantified, monitored and controlled. At a minimum, risk management systems should evaluate the possible impact on the institution’s earnings and capital which may result from adverse changes in interest rates and other markets conditions that are relevant to risk exposure and the effectiveness of derivatives transactions in the institution’s overall risk management. 13. Liquidity risk. An institution faces two types of liquidity risk in its derivatives activities: one related to specific products or markets and the other related to
the general funding of the institution’s derivatives activities. The former is the risk that an institution may not be able to, or cannot easily, unwind or offset a particular position at or near the previous market price because of inadequate market depth or disruptions in the marketplace. Funding liquidity risk is the risk that the institution will be unable to meet its payment obligations on settlement dates or in the event of margin calls. Because neither type of liquidity risk is necessary risk is necessarily unique to derivatives activities, management should evaluate these risks in the broder context of the institution’s overall liquidity. When establishing limits, the institution should be aware of the size, depth and liquidity of the particular market and establish guidelines accordingly. 14. In developing guidelines for controlling liquidity risks, an institution should consider the possibility that it could lose access to one or more markets, either because of concerns about the institution’s own creditworthiness, the creditworthiness of a major counterparty or because of generally stressful market conditions. At such times, the institutionmay have less flexibility in managing its market, credit and liquidity risk exposures. An institution that makes markets in over-the-counter derivatives or that dynamically hedges its positions required constants access to financial markets and that need may increase in times of market stress. The institution’s liquidity plan should reflect the institution’s ability to return to alternative markets, such as future or cash market, or to provide sufficient collateral or other credit enhancernments in order to continue trading under a board range of scenarios. 15. An institution that participates in over-the-counter derivatives markets should assess the potential liquidity risks associated with the early termination of derivatives contracts. Many forms of standardised contracts for derivatives transactions allow counterparties to request collateral or to terminate their early if the institution experiences an adverse credit event or a deterioration in its financial condition. In addition, under conditions of markets stress, customers may ask for the early termination of some contracts within the context of the dealer’s market making activities. In such situations, an institution that owes money on derivatives transactions may be required to deliver collateral or settle a contract early and possibly at a time when the institution may face other funding and liquidity pressures. Early terminations also may open up additional, unintended, market positions. Management and directors should be aware of these potential liquidity risks and should address them in the institution’s liquidity plan and in the broader context of the institution’s liquidity management process. 16. Operations risk. Operations risk is the risk that deficiencies in information systems or internal controls will result in unexpected loss. This risk associated with human error, system failures and inadequate procedures and controls. This risk can be exacerbated in the case of certain derivatives because of the complex nature of their payment structures and calculation of their values. 17. The board of directors and senior management should ensure the proper dedication of resources ( financial and personnel) to support operations and systems development and maintenance. The operations unit for derivatives activities, consistent with other trading and investment activities, should report to an independent unit and
should be managed independently of the business unit. The sophistication of the systems support and operational capacity should be commensurate with the size and complexity of the derivatives business activity. 18. Systems support and operational capacity should be able to adequately accommodate the types of derivatives activities in which the institution engages. This includes the ability to efficiently process and settle the volumes transacted through the business unit, to provide support for the complexity of the transactions booked and to provide accurate and timely input. support systems and the systems developed to interface with the official databases should general accurate information sufficient to allow business unit management and senior management to monitor risk exposures in a timely manner. 19. Systems needs for derivatives activities should be evaluated during the strategic planning process. current and projected volumes should be considered together with the nature if the derivatives activity and the user’s expections. Consistent with other systems plans, a written contingency plan for derivatives products should be in place. 20. with the complexity of derivatives products and the size and rapidity of transactions, it is essential that operational units be able to capture all relevant details of transactions, identify errors and process payments or move assets quickly and accurately. This required a staff of sufficient size, knowledge and experience to support the volume and type of transactions generated by the business unit. Management should develop appropriate hiring practices and compensation plans to recruit and retain high caliber staff. 21. Systems design and needs may vary according to the size and complexity of the derivatives business. However, each system should provide for accurate and timely processing and allow for proper risk exposure monitoring. Operational systems should be tailored to each institution’s needs. Limited end-user of derivatives may not required the same degree of automation needed by more active institutions. All operational systems and units should adequately provide for basis processing, settlement and control of derivatives transactions. 22. The more sophisticated the institution’s activity, the more need there is to establish automated systems to accommodate the complexity of the deals transacted, to accommodate the volume of trades conducts and to reconcile more efficiently and report position information accurately, 23. segregation of operational duties, exposure reporting and risk monitoring from the business unit is critical to proper internal control. Proper internal control should be provided over the entry of transactions into the database, transaction numbering, date and item notation and the confirmation and settlement process. Operational controls also should be in place to resolve disputes over contract specifications. In this regard, an institution should ensure that trades are confirmed as quickly as possible. The institution
should monitor the consistency between the terms of a transaction as they were agreed upon and the terms as they wee subsequently confirmed. 24. The operations department , or other unit or entity independent of the business unit, should be responsible for ensuring proper reconciliation of format and back office databases on a regular basis. This includes the verification of position data, profit and loss figures and transaction-by-transaction details. 25. The institution should ensure that the methods it uses to value its derivatives positions are appropriate and that assumptions underlying those methods are reasonable. The pricing procedures and models the institution chooses should be consistently applied and well-documented. Models and supporting statistical analyses should be validated prior to use and as market conditions warrant. 26. Management of the institution should ensure that a mechanism exists whereby derivatives contract documentation is confirmed, maintained and safeguarded, An institution should establish a process through which documentation exceptions are monitored and resolved and appropriately reviewed by senior management and legal counsel. The institution also should have approved policies that specify documentation requirements for derivatives activities and formal procedures for saving and safeguarding important documents that are consistent with legal requirement and internal policies. 27. Although operations risks are difficult to quantify, they can often be evaluated by examining a series of “worst-case” or “what if” scenarios, such as a power loss, doubling of transaction volume or a mistakes found in the pricing software for collateral management. They also can be assessed through periodic reviews of procedures, documentation requirements, data processing systems, contingency plans and other operational practices. Such reviews may help to reduce the likelihood of errors and breakdowns in controls, improve the control of risk and the effectiveness of the limit system and prevent unsound marketing practices and the premature adoption of new products or lines of business. 28. Legal risk. Legal risk is the risk that contracts are not legally enforceable or documented correctly. Legal risks should be limited and managed through policies developed by the institution’s legal counsel ( typically in consultation with officers in the risk management process) that have been approved by the institution’s senior management and board of directors. At a minimum, there should be guidelines and process in place to ensure the enforceability of counterparty agreements. 29. Prior to engaging in derivatives transactions, an institution should reasonably satisfy itself that its counterparties have the legal and necessary regulatory authority to engage in those transaction, an institution also should reasonably satisfy itself that the terms of any contract governing its derivatives activities with a counterparties are legally sound.