Assessing the Risk Management Process in the Banking Industry
Risk Assessment Report - A case study on HSBC
Term Paper 2010 25 Pages
Table of contents
List of figures
1.1 Nature of Risk Management
1.2 Concepts and Definitions
1.3 Part I - Process of Risk Management
1.3.1 Establishing the Context
1.3.2 First Step - Risk Identification
1.3.3 Second Step - Risk Assessment
1.3.4 Third Step - Address Risk
1.3.5 Reviewing Risks
2. Part II - Generic Types of Risks
2.1 Brand Risks
2.2 Customer Risks
2.3 Reputational Risks
2.4 Research & Development Risk
2.5 P.E.S.T.L.E. Risks
3. Part III - Risk Assessment of HSBC
3.1 Credit Risk
3.2-3.4 Liquidity/Market/Operational Risks
3.5 Reputational Risk
3.6 Further Risk factors for the bank sector
4. Part IV - HSBC's Business Strategy
4.2 Basel II
4.3 Risk Register
4.4/4.5 Strategic Alliances/ Insurance
4.6 Reputational Risk Strategy
List of Figures
1.3 Process Cycle
1.4 Risk Assessment
1.5 Probability Matrix
1.6 Risk Management Process
2.5 PESTLE Framework
3.4 Operational Risks
Abbildung in dieser Leseprobe nicht enthalten
The first part of the risk assessment report at hand aims at introducing the nature of risk management. The consultant outlined major stages within the assessment process. In the second part, major generic risks were described, including brand, customer and R&D risks, which an organisation might face and the consequent impact those risks can have on businesses' operations.
The consultant analysed in the third part of the assessment report risks that HSBC is currently facing by emphasizing that reputational risks are one of the most important risks to take into consideration and which must be minimized in order not to loose customers' loyalty.
HSBC has a number of possibilities to minimize those risks that threaten the organisation the most. A possibility would be to enter into strategic alliances or to draw up a risk register where major risks occurred in the past can be written down and can constantly be monitored.
Risk is inevitable within business environments. It is an inherent part of business and public life. Risk covers all aspects of organizational activities, therefore it is included in all management levels. Nowadays, every business faces risks. As competition increases, banks and insurance companies need a fundamental and clear understanding of all the risks they are taking in order to protect every asset of their organisation, such as financial, intellectual and human assets. In an ever changing environment organisations must be prepared to any changes, whether they like it or not, and more importantly, adapt to all those changes that might threaten their business activities. Organisations must be prepared that the uncertainty and the risk of a potential event cannot be eliminated but must be assessed proactively in order to take advantage of it. “ Nothing ventured, nothing gained ” (Dallas, M.F., 2006, p.37). This quotation shows that it is necessary to take risks in order to gain rewards.
The consultant will be preparing a risk assessment report for HSBC Plc. The report will focus on the different generic types of risks a business faces in general, including concepts and processes of risk management. The second part of this report consists of the identification of different risks HSBC currently faces as well as a business strategy to minimize and manage those risks.
1.1 The Nature of Risk Management
The concepts of risk management have been present for hundreds of years. It all started with mathematical theories, such as the theory of probability (1654) developed by the French Mathematicians Blaise Pascal and Pierre Fermat who put together mathematical formulas in order to analyse games of chance.
However, the adoption of risk management within the business environment has become very popular in recent years. Especially since the mid-nineties when Barings bank collapsed and Shell experienced reputational damage with the disposal of Brent Spar in the North Sea. Since then, new journals have been created and old ones have been revised as well as new textbooks have been created including the issue of risk management. It has been extensively used in organisations that were dependent on accurate risk assessments, such as the financial sector and insurance companies. The public sector in the UK has also undertaken risk management initiatives because organisations discovered the strategic benefits of internal risk control. Furthermore, some regulatory changes for banks, the Basel II (will be described later on) for instance, have stimulated the expansion of the risk management industry and have created senior risk positions such as chief risk officers. Nowadays, it seems as if risk management policies are adopted everywhere. This development is attributed to the increasingly risky and dangerous business environment in which organisations find themselves. Hence, they must defend themselves and be able to respond efficiently to the changes and risks.
Reasons for the rise of internal risk controls
The rise for internal control systems can be explained by a number of factors:
- organisations recognized the self-insurance aspect
- control systems became central for regulatory strategies (Basel II)
- successful approach to crises and failures
1.2 What is Risk Management - Concepts and Definitions
Risk management has many different definitions, mostly in a broad term. For example, the Committee of Sponsoring Organisations of the Tread-way Commission in the USA defines it as follows:
“ Enterprise Risk Management (ERM) is a process, affected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives ” (Committee of Sponsoring Organisations, 2004, p. 6).
The European Foundation for Quality Management (2005) defines it as: “ The systematic use of organisation-wide processes to identify, assess, manage, and monitor risks - such that aggregated information can be used to protect, release, and create value ” (European Foundation for Quality Management (2005).
According to Geiger (1999, p.556) Risk Management is “ an expression of the danger that the effective future outcome will deviate from the expected or planned outcome in a negative way ” .
This definition shows that an organisation should not accept risks simply as fate but deal with them actively.
To simplify, risk management aims to provide decision makers with a systematic approach to coping with risk and uncertainty with the goal of achieving sustained benefit within their activities. However, the overall benefits and opportunities resulting from a successful implemented risk management strategy should not only be viewed in the context of the activity itself but also in relation to the stakeholder groups of the organisation that can be affected through its operations. For instance, an organisation must constantly balance the employees' interests against those of its investors to minimize potential risks such as reputational risks.
Risk can also have a positive connotation. If it is regarded as an uncertainty of outcome, then the results could turn out better than expected before. Hence, risk is linked directly to value because it is associated with opportunities. “ Risk is the flip-side of value ” (Dallas, M.F., 2006, p.140). Value will be lost if the outcome is worse than expected. If, however, the outcome is better than expected then the opportunities resulting from taking risks provide an increase in value.
An important aspect within the risk assessment process, which organisations must consider, is to formulate a clear and precise business strategy with objectives in order to address successfully occurring risks and not to miss any opportunity due to a failure of knowledge about the own business, as the sage of Omaha, Warren Buffet, probably the world's successful investor, quoted: “ Risk is not knowing what you are doing ” (Warren Buffet, in Dallas, F.M., Value and Risk Management, 2006, p. 37). If organisations are not prepared to failure they should not engage in high risky business operations. Consequently, however, they will miss opportunities: “ Avoiding a risk may mean avoiding a potentially huge opportunity ” (Frame, J., Managing risk in Organisations, 2003).
1.3 Process of Risk Management
Risk management should be regarded as a continuous business activity throughout a specific project, which aims at reducing the level of occurring risks across the project. The following risk management process cycle outlines the key activities within a process.
Abbildung in dieser Leseprobe nicht enthalten
Fig.1.3 Process Cycle
(source: Dallas, F.M., 2006, p.41)