Clicky

 

 
International Association of Risk and Compliance Professionals (IARCP)
Member Benefits                                                                   
How to Become a Member                                                  
Certified Risk and Compliance Training                   
Reading Room
Certified Risk and Compliance Management Professional
Certified Information Systems Risk and Compliance Professional
About Risk                                                                                 ► The Role of the Risk Officer                                               
   ► Credit Risk                                                                                 Risk Officers and Jobs                                               
Market Risk                                                                                Risk Books  
   ► Reputational Risk                                                                       ► Risk Management Websites          
Operational Risk                                                                        Contact Us 
 
 
 
Reputational Risk
 
Reputational risk is any risk to an organization's reputation that is likely to destroy shareholder value.
 
Reputational risk leads to negative publicity, loss of revenue, litigation, loss of clients and partners, exit of key employees, share price decline, difficulty in recruiting talent.
 
A comprehensive reputational risk assessment is necessary as an important part of a risk assessment.
 
The Basel II definition of operational risk excludes
1. Strategic risk
2. Reputational risk
3. Systemic risk
 
We have several stress tests that stress exactly that: Reputational Risk.

From the Basel ii framework
Basel Committee on Banking Supervision
 
Reputational risk and implicit support
Reputational risk can be defined as the risk arising from negative perception on the part of customers, counterparties, shareholders, investors or regulators that can adversely affect a bank’s ability to maintain existing, or establish new, business relationships and continued access to sources of funding (eg through the interbank or securitisation markets).

Reputational risk is multidimensional and reflects the perception of other market participants.

Furthermore, it exists throughout the organisation and exposure to reputational risk is essentially a function of the adequacy of the bank’s internal risk management processes, as well as the manner and efficiency with which management responds to external influences on bank-related transactions.

Reputational risk, typically through the provision of implicit support, may give rise to credit, liquidity, market and legal risk – all of which can have a negative impact on a bank’s earnings, liquidity and capital position.
 
A bank should identify potential sources of reputational risk to which it is exposed.
 
These include the bank’s business lines, liabilities, affiliated operations, off-balance sheet vehicles and the markets in which it operates. The risks that arise should be incorporated into the bank’s risk management processes and appropriately addressed in its ICAAP and liquidity contingency plans.

Prior to the 2007 upheaval, many banks failed to recognise the reputational risk associated with their off-balance sheet vehicles. In stressed conditions some firms went beyond their contractual obligations to support their sponsored securitisations and offbalance sheet vehicles.
 
A bank should incorporate the exposures that could give rise to reputational risk into its assessments of whether the requirements under the securitisation framework have been met and the potential adverse impact of providing implicit support.
Reputational risk may arise, for example, from a bank’s sponsorship of securitisation structures such as ABCP conduits and SIVs, as well as from the sale of credit exposures to securitisation trusts.
 
It may also arise from a bank’s involvement in asset or funds management, particularly when financial instruments are issued by owned or sponsored entities and are distributed to the customers of the sponsoring bank.
 
In the event that the instruments were not correctly priced or the main risk drivers not adequately disclosed, a sponsor may feel some responsibility to its customers, or be economically compelled, to cover any losses.
 
Reputational risk also arises when a bank sponsors activities such as money market mutual funds, in-house hedge funds and real estate investment trusts (REITs). In these cases, a bank may decide to support the value of shares/units held by
investors even though is not contractually required to provide the support.

The financial market crisis has provided several examples of banks providing financial support that exceeded their contractual obligations. In order to preserve their reputation, some banks felt compelled to provide liquidity support to their SIVs, which was beyond their contractual obligations.
 
In other cases, banks purchased ABCP issued by vehicles they sponsored in order to maintain market liquidity. As a result, these banks assumed additional liquidity and credit risks, and also put pressure on capital ratios.

Reputational risk also may affect a bank’s liabilities, since market confidence and a bank’s ability to fund its business are closely related to its reputation.
 
For instance, to avoid damaging its reputation, a bank may call its liabilities even though this might negatively affect its liquidity profile.
 
This is particularly true for liabilities that are components of regulatory capital, such as hybrid/subordinated debt. In such cases, a bank’s capital position is likely to suffer.

Bank management should have appropriate policies in place to identify sources of reputational risk when entering new markets, products or lines of activities.
 
In addition, a bank’s stress testing procedures should take account of reputational risk so management has a firm understanding of the consequences and second round effects of reputational risk.

Once a bank identifies potential exposures arising from reputational concerns, it should measure the amount of support it might have to provide (including implicit support of securitisations) or losses it might experience under adverse market conditions.
 
In particular, in order to avoid reputational damages and to maintain market confidence, a bank should develop methodologies to measure as precisely as possible the effect of reputational risk in terms of other risk types (eg credit, liquidity, market or operational risk) to which it may be exposed.
 
This could be accomplished by including reputational risk scenarios in regular stress tests. For instance, non-contractual off-balance sheet exposures could be included in the stress tests to determine the effect on a bank’s credit, market and liquidity risk profiles.

Methodologies also could include comparing the actual amount of exposure carried on the balance sheet versus the maximum exposure amount held off-balance sheet, that is, the potential amount to which the bank could be exposed.

A bank should pay particular attention to the effects of reputational risk on its overall liquidity position, taking into account both possible increases in the asset side of the balance sheet and possible restrictions on funding, should the loss of reputation result in various counterparties’ loss of confidence. (See section III(E) on the management of liquidity risk.)
 
In contrast to contractual credit exposures, such as guarantees, implicit support is a more subtle form of exposure. Implicit support arises when a bank provides post-sale support to a securitisation transaction in excess of any contractual obligation.
 
Such non-contractual support exposes a bank to the risk of loss, such as loss arising from deterioration in the
credit quality of the securitisation’s underlying assets.

By providing implicit support, a bank signals to the market that all of the risks inherent in the securitised assets are still held by the organisation and, in effect, had not been transferred. Since the risk arising from the potential provision of implicit support is not Proposed enhancements to the Basel II framework captured ex ante under Pillar 1, it must be considered as part of the Pillar 2 process.
 
In addition, the processes for approving new products or strategic initiatives should consider the potential provision of implicit support and should be incorporated in a bank’s ICAAP.

 
Sound risk management processes are necessary to support supervisory and market participants’ confidence in banks’ assessments of their risk profiles and internal capital adequacy assessments.
 
These processes take on particular importance in light of the identification, measurement and aggregation challenges arising from increasingly complex on- and off-balance sheet exposures.

The areas addressed include:

• Firm-wide risk oversight;

• Specific risk management topics:
− Risk concentrations;
− Off-balance sheet exposures with a focus on securitisation;
Reputational risk and implicit support;
− Valuation and liquidity risks; and
− Sound stress testing practices.

The financial market crisis has underscored the critical importance of effective credit risk management to the long-term success of any banking organisation and as a key component to financial stability. It has provided a stark reminder of the need for banks to effectively identify, measure, monitor and control credit risk, as well as to understand how credit risk interacts with other types of risk (including market, liquidity and reputational risk).

The essential elements of a comprehensive credit risk management programme include
 
(i)establishing an appropriate credit risk environment;
 
(ii) operating under a sound credit granting process;
 
(iii) maintaining an appropriate credit administration, measurement and monitoring process; and
 
(iv) ensuring adequate controls over credit risk.

The crisis has also emphasised the importance of effective capital planning and longer-term capital maintenance. A bank’s ability to withstand uncertain market conditions is bolstered by maintaining a strong capital position that accounts for potential changes in the bank’s strategy and volatility in market conditions over time.
 
Banks should focus on effective and efficient capital planning, as well as long-term capital maintenance.
 
An effective capital planning process requires a bank to assess both the risks to which it is exposed and the risk management processes in place to manage and mitigate those risks; evaluate its capital adequacy relative to its risks; and consider the potential impact on earnings and capital from economic downturns.


Board and senior management oversight

It is the responsibility of the board of directors and senior management to define the institution’s risk appetite and to ensure that the bank’s risk management framework includes detailed policies that set specific firm-wide prudential limits on the bank’s activities, which are consistent with its risk taking appetite and capacity.
 
In order to determine the overall risk appetite, the board and senior management must first have an understanding of risk
exposures on a firm-wide basis.
 
To achieve this understanding, the appropriate members of senior management must bring together the perspectives of the key business and control functions.
 
In order to develop an integrated firm-wide perspective on risk, senior management must overcome organisational silos between business lines and share information on market developments, risks and risk mitigation techniques.
 
As the banking industry has moved increasingly towards market-based intermediation, there is a greater probability that many areas of a bank may be exposed to a common set of products, risk factors or counterparties. Senior management should establish a risk management process that is not limited to credit, market, liquidity and operational risks, but incorporates all material risks.
 
This includes reputational, legal and strategic risks, as well as risks that do not appear to be significant in isolation, but when combined with other risks could lead to material losses.


A bank’s policies, procedures and limits should:

• Provide for adequate and timely identification, measurement, monitoring, control and mitigation of the risks posed by its lending, investing, trading, securitisation, offbalance sheet, fiduciary and other significant activities at the business line and firmwide levels;

• Ensure that the economic substance of a bank’s risk exposures, including reputational risk and valuation uncertainty, are fully recognised and incorporated into the bank’s risk management systems;

• Be consistent with the bank’s stated goals and objectives, as well as its overall financial strength;

• Clearly delineate accountability and lines of authority across the bank’s various business activities, and ensure there is a clear separation between business lines and the risk function;

• Escalate and address breaches of internal position limits;

• Provide for the review of new businesses and products by bringing together all relevant risk management, control and business lines to ensure that the bank is able to manage and control the activity prior to it being initiated; and

• Include a schedule and process for reviewing the policies, procedures and limits and for updating them as appropriate.


Off-balance sheet exposures and securitisation risk

Banks’ use of securitisation has grown dramatically over the last several years.
 
It has been used as an alternative source of funding and as a mechanism to transfer risk to investors.
 
While the risks associated with securitisation are not new to banks, the recent financial turmoil highlighted unexpected aspects of credit risk, concentration risk, market risk, liquidity risk, legal risk and reputational risk, which banks failed to adequately address.
 
For instance, a number of banks that were not contractually obligated to support sponsored securitisation structures were unwilling to allow those structures to fail due to concerns about reputational risk and future access to capital markets.
 
The support of these structures exposed the banks to additional and unexpected credit, market and liquidity risk as they
brought assets onto their balance sheets, which put significant pressure on their financial profile and capital ratios.

Weaknesses in banks’ risk management of securitisation and off-balance sheet exposures resulted in large unexpected losses during the financial crisis.
 
To help mitigate these risks, a bank’s on- and off-balance sheet securitisation activities should be included in its risk management disciplines, such as product approval, risk concentration limits, and estimates of market, credit and operational risk.

In light of the wide range of risks arising from securitisation activities, which can be compounded by rapid innovation in securitisation techniques and instruments, minimum capital requirements calculated under Pillar 1 are often insufficient. All risks arising from securitisation, particularly those that are not fully captured under Pillar 1, should be addressed in a bank’s ICAAP. These risks include:

• Credit, market, liquidity and reputational risk of each exposure;

• Potential delinquencies and losses on the underlying securitised exposures;

• Exposures from credit lines or liquidity facilities to special purpose entities; and

• Exposures from guarantees provided by monolines and other third parties.

Securitisation exposures should be included in the bank’s MIS to help ensure that senior management understands the implications of such exposures for liquidity, earnings, risk concentration and capital.
 
More specifically, a bank should have the necessary processes in place to capture in a timely manner updated information on securitisation transactions including market data, if available, and updated performance data from the
securitisation trustee or servicer.

 
Managing reputational risk

The most important principles are:
 
1. Educate shareholders, employees, customers and suppliers. We must explain the importance of reputational risk, and what they have to do (and to avoid).

2. Tone at the top. Board and senior management oversight. Policies and Procedures. Strong and consistent enforcement of controls.

3. Continuous monitoring of threats to reputation.

4. Establishment of a crisis management plan and team.
 
5. Reporting
 
6. Stress testing. Communication of the results.

 
From the Bank of International Settlements:
Basel Committee on Banking Supervision, Risk Management Principles for Electronic Banking, July 2003
 
C. Legal and Reputational Risk Management (Principles 11 to 14):
11. Appropriate disclosures for e-banking services.
12. Privacy of customer information.
13. Capacity, business continuity and contingency planning to ensure availability of ebanking systems and services.
14. Incident response planning.

Legal and Reputational Risk Management
To protect banks against business, legal and reputation risk, e-banking services must be delivered on a consistent and timely basis in accordance with high customer expectations for constant and rapid availability and potentially high transaction demand.
 
The bank must have the ability to deliver e-banking services to all end-users and be able to maintain such availability in all circumstances.
 
Effective incident response mechanisms are also critical to minimise operational, legal and reputational risks arising from unexpected events, including internal and external attacks, that may affect the provision of e-banking systems and services.
 
To meet customers expectations, banks should therefore have effective capacity, business continuity and contingency planning.
 
Banks should also develop appropriate incident response plans, including communication strategies, that ensure business continuity, control reputation risk and limit liability associated with disruptions in their e-banking services.
 

Free E-book: 100 Job Descriptions in Risk and Compliance Management

  Bookmark and Share

| More

Join the International Association of Risk and Compliance Professionals (IARCP). Membership is Free
www.risk-compliance-association.com/How_to_become_member.htm

Benefits for Members:
www.risk-compliance-association.com/Member_Benefits.htm

Reading Room
www.risk-compliance-association.com/Reading_Room.htm

Certified Risk and Compliance Management Professional (CRCMP)
www.risk-compliance-association.com/Distance_Learning_and_Certification.htm

Certified Information Systems Risk and Compliance Professional (CISRCP)
www.risk-compliance-association.com/CISRCP_Distance_Learning_and_Certification.htm

Privacy and Compliance with the Federal Trade Commission Fair, the California Online Privacy Protection Act, the Children Online Privacy Protection Act, the Privacy Alliance, the Controlling the Assault of Non-Solicited Pornography and Marketing Act
www.risk-compliance-association.com/Privacy.htm

Become a member of the International Association of Risk and Compliance Professionals (IARCP). Membership is Free. You will receive a monthly newsletter with risk and compliance management news, alerts and opportunities. You can register below:
Become a member and receive monthly updates, news, alerts and opportunities
For Email Marketing you can trust
 
Distance Learning and Online Certification programs from the International Association of Risk and Compliance Professionals (IARCP)
www.risk-compliance-association.com/Distance_Learning_and_Certification.htm
 
The Cost: US$ 297

What is included in this price:

A. The official presentations we use in our instructor-led classes
 
B. Up to 3 Online Exams
 
C. Personalized Membership Certificate printed in full colour.
Processing, printing, packing and posting to your office or home

 
Certified Risk and Compliance Management Professional (CRCMP) -
Distance Learning and Online Certification Program
 
Certified Information Systems Risk and Compliance Professional (CISRCP) -
Distance Learning and Online Certification Program
 
To learn more:
www.risk-compliance-association.com/Distance_Learning_and_Certification.htm