Reputational Risk
Reputational risk is any risk to an
organization's reputation that is likely to destroy shareholder
value.
Reputational risk
leads to negative publicity, loss of revenue, litigation, loss
of clients and partners, exit of key employees, share price
decline, difficulty in recruiting talent.
A
comprehensive reputational risk assessment is necessary as an
important part of a risk assessment.
The Basel II
definition of operational risk excludes
1. Strategic risk
2. Reputational risk
3. Systemic
Risk
We have several stress tests that stress exactly
that: Reputational Risk
Every Monday
Top 10 risk and compliance management related
news stories and world events
Do you want to receive
every Monday the Top 10 risk and compliance management related
news stories and world events that (for better or for worse)
shaped the week's agenda, and what is next?
You may
submit the form that follows. We meet strict national and
international privacy standards. You can unsubscribe at any
time.
From the Basel ii framework: Basel Committee on Banking
Supervision
Reputational risk and implicit support
Reputational risk can be defined as the risk arising from
negative perception on the part of customers, counterparties,
shareholders, investors or regulators that can adversely affect
a bank’s ability to maintain existing, or establish new,
business relationships and continued access to sources of
funding (eg through the interbank or securitisation markets).
Reputational risk is multidimensional and reflects the
perception of other market participants.
Furthermore, it
exists throughout the organisation and exposure to reputational
risk is essentially a function of the adequacy of the bank’s
internal risk management processes, as well as the manner and
efficiency with which management responds to external influences
on bank-related transactions.
Reputational risk,
typically through the provision of implicit support,
may give
rise to credit, liquidity, market and legal risk – all of which
can have a negative impact on a bank’s earnings, liquidity and
capital position.
A bank should identify potential
sources of reputational risk to which it is exposed.
These include the bank’s business lines, liabilities, affiliated
operations, off-balance sheet vehicles and the markets in which
it operates. The risks that arise should be incorporated into
the bank’s risk management processes and appropriately addressed
in its ICAAP and liquidity contingency plans.
Prior to
the 2007 upheaval, many banks failed to recognise the
reputational risk associated with their off-balance sheet
vehicles. In stressed conditions some firms went beyond their
contractual obligations to support their sponsored
securitisations and offbalance sheet vehicles.
A bank
should incorporate the exposures that could give rise to
reputational risk into its assessments of whether the
requirements under the securitisation framework have been met
and the potential adverse impact of providing implicit support.
Reputational risk may arise, for example, from a bank’s
sponsorship of securitisation structures such as ABCP conduits
and SIVs, as well as from the sale of credit exposures to
securitisation trusts.
It may also
arise from a bank’s
involvement in asset or funds management, particularly when
financial instruments are issued by owned or sponsored entities
and are distributed to the customers of the sponsoring bank.
In the event that the instruments were not correctly priced
or the main risk drivers not adequately disclosed, a sponsor may
feel some responsibility to its customers, or be economically
compelled, to cover any losses.
Reputational risk also
arises when a bank sponsors activities such as money market
mutual funds, in-house hedge funds and real estate investment
trusts (REITs). In these cases, a bank may decide to support the
value of shares/units held by investors even though is not
contractually required to provide the support.
The
financial market crisis has provided several examples of banks
providing financial support that exceeded their contractual
obligations. In order to preserve their reputation, some banks
felt compelled to provide liquidity support to their SIVs, which
was beyond their contractual obligations.
In other
cases, banks purchased ABCP issued by vehicles they sponsored in
order to maintain market liquidity. As a result, these banks
assumed additional liquidity and credit risks, and also put
pressure on capital ratios.
Reputational risk also may
affect a bank’s liabilities, since market confidence and a
bank’s ability to fund its business are closely related to its
reputation.
For instance, to avoid damaging its
reputation, a bank may call its liabilities even though this
might negatively affect its liquidity profile.
This is
particularly true for liabilities that are components of
regulatory capital, such as hybrid/subordinated debt. In such
cases, a bank’s capital position is likely to suffer.
Bank management should have appropriate policies in place to
identify sources of reputational risk when entering new markets,
products or lines of activities.
In addition, a bank’s
stress testing procedures should take account of reputational
risk so management has a firm understanding of the consequences
and second round effects of reputational risk.
Once a
bank identifies potential exposures arising from reputational
concerns, it should measure the amount of support it might have
to provide (including implicit support of securitisations) or
losses it might experience under adverse market conditions.
In particular, in order to avoid reputational damages and
to maintain market confidence, a bank should develop
methodologies to measure as precisely as possible the effect of
reputational risk in terms of other risk types (eg credit,
liquidity, market or operational risk) to which it may be
exposed.
This could be accomplished by including
reputational risk scenarios in regular stress tests. For
instance, non-contractual off-balance sheet exposures could be
included in the stress tests to determine the effect on a bank’s
credit, market and liquidity risk profiles.
Methodologies also could include comparing the actual amount of
exposure carried on the balance sheet versus the maximum
exposure amount held off-balance sheet, that is, the potential
amount to which the bank could be exposed.
A bank should
pay particular attention to the effects of reputational risk on
its overall liquidity position, taking into account both
possible increases in the asset side of the balance sheet and
possible restrictions on funding, should the loss of reputation
result in various counterparties’ loss of confidence. (See
section III(E) on the management of liquidity risk.)
In
contrast to contractual credit exposures, such as guarantees,
implicit support is a more subtle form of exposure. Implicit
support arises when a bank provides post-sale support to a
securitisation transaction in excess of any contractual
obligation.
Such non-contractual support exposes a bank
to the risk of loss, such as loss arising from deterioration in
the credit quality of the securitisation’s underlying assets.
By providing implicit support, a bank signals to the market
that all of the risks inherent in the securitised assets are
still held by the organisation and, in effect, had not been
transferred. Since the risk arising from the potential provision
of implicit support is not Proposed enhancements to the Basel II
framework captured ex ante under Pillar 1, it must be considered
as part of the Pillar 2 process.
In addition, the
processes for approving new products or strategic initiatives
should consider the potential provision of implicit support and
should be incorporated in a bank’s ICAAP.
Sound risk
management processes are necessary to support supervisory and
market participants’ confidence in banks’ assessments of their
risk profiles and internal capital adequacy assessments.
These processes take on particular importance in light of the
identification, measurement and aggregation challenges arising
from increasingly complex on- and off-balance sheet exposures.
The areas addressed include:
• Firm-wide risk
oversight;
• Specific risk management topics:
−
Risk concentrations;
− Off-balance sheet exposures with a
focus on securitisation;
− Reputational risk and implicit
support;
− Valuation and liquidity risks; and
−
Sound stress testing practices.
The financial market
crisis has underscored the critical importance of effective
credit risk management to the long-term success of any banking
organisation and as a key component to financial stability. It
has provided a stark reminder of the need for banks to
effectively identify, measure, monitor and control credit risk,
as well as to understand how credit risk interacts with other
types of risk (including market, liquidity and reputational
risk).
The essential elements of a comprehensive credit
risk management programme include
(i)establishing an
appropriate credit risk environment;
(ii) operating
under a sound credit granting process;
(iii)
maintaining an appropriate credit administration, measurement
and monitoring process; and
(iv) ensuring adequate
controls over credit risk.
The crisis has also emphasised
the importance of effective capital planning and longer-term
capital maintenance. A bank’s ability to withstand uncertain
market conditions is bolstered by maintaining a strong capital
position that accounts for potential changes in the bank’s
strategy and volatility in market conditions over time.
Banks should focus on effective and efficient capital planning,
as well as long-term capital maintenance.
An effective
capital planning process requires a bank to assess both the
risks to which it is exposed and the risk management processes
in place to manage and mitigate those risks; evaluate its
capital adequacy relative to its risks; and consider the
potential impact on earnings and capital from economic
downturns.
Board and senior management oversight
It is the responsibility of the board of directors and
senior management to define the institution’s risk appetite and
to ensure that the bank’s risk management framework includes
detailed policies that set specific firm-wide prudential limits
on the bank’s activities, which are consistent with its risk
taking appetite and capacity.
In order to determine the
overall risk appetite, the board and senior management must
first have an understanding of risk exposures on a firm-wide
basis.
To achieve this understanding, the appropriate
members of senior management must bring together the
perspectives of the key business and control functions.
In order to develop an integrated firm-wide perspective on risk,
senior management must overcome organisational silos between
business lines and share information on market developments,
risks and risk mitigation techniques.
As the banking
industry has moved increasingly towards market-based
intermediation, there is a greater probability that many areas
of a bank may be exposed to a common set of products, risk
factors or counterparties. Senior management should establish a
risk management process that is not limited to credit, market,
liquidity and operational risks, but incorporates all material
risks.
This includes reputational, legal and strategic
risks, as well as risks that do not appear to be significant in
isolation, but when combined with other risks could lead to
material losses.
A bank’s policies, procedures and
limits should:
• Provide for adequate and timely
identification, measurement, monitoring, control and mitigation
of the risks posed by its lending, investing, trading,
securitisation, offbalance sheet, fiduciary and other
significant activities at the business line and firmwide levels;
• Ensure that the economic substance of a bank’s risk
exposures, including reputational risk and valuation
uncertainty, are fully recognised and incorporated into the
bank’s risk management systems;
• Be consistent with the
bank’s stated goals and objectives, as well as its overall
financial strength;
• Clearly delineate accountability
and lines of authority across the bank’s various business
activities, and ensure there is a clear separation between
business lines and the risk function;
• Escalate and
address breaches of internal position limits;
• Provide
for the review of new businesses and products by bringing
together all relevant risk management, control and business
lines to ensure that the bank is able to manage and control the
activity prior to it being initiated; and
• Include a
schedule and process for reviewing the policies, procedures and
limits and for updating them as appropriate.
Off-balance sheet exposures and securitisation risk
Banks’ use of securitisation has grown dramatically over the
last several years.
It has been used as an alternative
source of funding and as a mechanism to transfer risk to
investors.
While the risks associated with
securitisation are not new to banks, the recent financial
turmoil highlighted unexpected aspects of credit risk,
concentration risk, market risk, liquidity risk, legal risk and
reputational risk, which banks failed to adequately address.
For instance, a number of banks that were not contractually
obligated to support sponsored securitisation structures were
unwilling to allow those structures to fail due to concerns
about reputational risk and future access to capital markets.
The support of these structures exposed the banks to
additional and unexpected credit, market and liquidity risk as
they brought assets onto their balance sheets, which put
significant pressure on their financial profile and capital
ratios.
Weaknesses in banks’ risk management of
securitisation and off-balance sheet exposures resulted in large
unexpected losses during the financial crisis.
To help
mitigate these risks, a bank’s on- and off-balance sheet
securitisation activities should be included in its risk
management disciplines, such as product approval, risk
concentration limits, and estimates of market, credit and
operational risk.
In light of the wide range of risks
arising from securitisation activities, which can be compounded
by rapid innovation in securitisation techniques and
instruments, minimum capital requirements calculated under
Pillar 1 are often insufficient. All risks arising from
securitisation, particularly those that are not fully captured
under Pillar 1, should be addressed in a bank’s ICAAP. These
risks include:
• Credit, market, liquidity and
reputational risk of each exposure;
• Potential
delinquencies and losses on the underlying securitised
exposures;
• Exposures from credit lines or liquidity
facilities to special purpose entities; and
• Exposures
from guarantees provided by monolines and other third parties.
Securitisation exposures should be included in the bank’s
MIS to help ensure that senior management understands the
implications of such exposures for liquidity, earnings, risk
concentration and capital.
More specifically, a bank
should have the necessary processes in place to capture in a
timely manner updated information on securitisation transactions
including market data, if available, and updated performance
data from the securitisation trustee or servicer.
Managing reputational risk
The most important principles
are:
1. Educate shareholders, employees, customers and
suppliers. We must explain the importance of reputational risk,
and what they have to do (and to avoid).
2. Tone at the
top. Board and senior management oversight. Policies and
Procedures. Strong and consistent enforcement of controls.
3. Continuous monitoring of threats to reputation.
4.
Establishment of a crisis management plan and team.
5.
Reporting
6. Stress testing. Communication of the
results.
From the Bank of International
Settlements:
Basel Committee on Banking Supervision, Risk
Management Principles for Electronic Banking, July 2003
Legal and Reputational Risk Management (Principles 11 to 14):
11. Appropriate disclosures for e-banking services.
12.
Privacy of customer information.
13. Capacity, business
continuity and contingency planning to ensure availability of
ebanking systems and services.
14. Incident response
planning.
Legal and Reputational Risk Management
To protect banks against business, legal and reputation risk,
e-banking services must be delivered on a consistent and timely
basis in accordance with high customer expectations for constant
and rapid availability and potentially high transaction demand.
The bank must have the ability to deliver e-banking
services to all end-users and be able to maintain such
availability in all circumstances.
Effective incident
response mechanisms are also critical to minimise operational,
legal and reputational risks arising from unexpected events,
including internal and external attacks, that may affect the
provision of e-banking systems and services.
To meet
customers expectations, banks should therefore have effective
capacity, business continuity and contingency planning.
Banks should also develop appropriate incident response plans,
including communication strategies, that ensure business
continuity, control reputation risk and limit liability
associated with disruptions in their e-banking services.
Free
E-book: 100 Job Descriptions in Risk and Compliance Management
|
