Risk Accounting is a standardised and integrated nonfinancial risk management and accounting framework that identifies, quantifies, aggregates, values and reports all forms of nonfinancial risk and accounts for the expected losses associated with accepted nonfinancial risks including the positive offsetting impacts of environmental, social and governance (ESG) attributes.
An overview of the risk accounting method
Introducing the ‘Risk Unit’ or ‘RU’
The ‘Risk Unit’ or ‘RU’ is the new additive metric, unique to the Risk Accounting method, that is used to quantify and report exposure to operational risk using three core metrics:
- Inherent Risk: The amount of operational risk in RUs before considering the effects of internal risk mitigation activities and processes (represents maximum exposure to operational risk)
- Risk Mitigation Index (RMI): A measure of the effectiveness of internal operational risk mitigating activities and processes on a scale of zero to 100
- Residual Risk: The amount of operational risk in RUs that remains after reducing Inherent Risk by the RMI (represents actual exposure to operational risk)
Calculation of Inherent RUs
Risk Accounting calculates Inherent RUs based on two factors: (1) Exposure Uncertainty Factor (EUF), and (2) Value Band Weighting (VBW):
Portfolio View of Operational Risks
Risk Accounting generates algorithms that convert EUF, VBW and RCSA (Enhanced) inputs into a portfolio view of operational risk exposures in RUs encompassing:
- The reporting and analysis of granular and aggregated exposures by multiple categories including group-wide, business line, business organisational component, product, and customer.
- Direct comparisons of exposure to operational risk through benchmarking and ranking within and between enterprises (assuming the above tables and associated risk factors are uniformly applied).
- Identification and prioritization of risk mitigation action plans with a calculation of the projected risk reduction impact of each plan in RUs.
- The setting of operational risk budgets and risk operating limits in RUs across all vertical and horizontal dimensions of the enterprise with the potential for real- or near real-time monitoring of accumulating exposures to risk vs. risk budgets and limits.
1. Exposure Uncertainty Factor (EUF) Table
EUFs are scaled to a value between zero and 20 reflecting each product’s operational complexity and the consequent process burden it imposes on the enterprise. EUFs relative to the activities below, where applicable, are assigned according to the risk criteria and associated risk factors set out in the EUF tables and summed for each product:
- Processing: number of operational touchpoints along the product’s end-to-end processing cycle.
- Lending: the relative time and effort required to liquidate collateral in the event of a credit default with reference to the value retention properties and price stability of underlying collateral.
- Trading: the relative time and effort required to unwind a trading position with reference to the availability and reliability of market prices and rates, and the manner in which the product is traded, e.g., electronic, floor, OTC etc.
- Treasury: the relative time and effort required to fund a product and manage associated liquidity and interest rate risk with reference to:
- Banking book: interest rate type (fixed or floating) and maturity.
- Derivatives: relative degree of complexity.
- Transactional and trading book: assume marginal Treasury involvement.
- Selling: whether the product is…
- an investment product involving the holding of customer monies;
- directly linked to a sales incentive scheme; and
- bundled with other products (e.g., a loan with an interest rate swap);
- …and the product’s relative degree of complexity from a customer perspective.
- Environment: the product’s relative toxicity, combustibility, and biodiversity.
2. The Value Table
Ascending $ amounts of daily operational throughput, for each product, are assigned a Value Band Weighting (VBW).
The value bands plotted against the VBWs produce a logarithmic curve that depicts how the rate of change in risk decelerates as operational throughput accelerates, primarily due to enhanced automation that naturally occurs as production volumes and values increase.
3. Calculation of Risk Mitigation Indexes (RMIs) and Residual RUs
Two variable inputs are periodically input into Risk Accounting to produce RMIs and Residual RUs by multiple reporting categories including group-wide, business line, business component (cost center), customer, product, legal entity, and location.
- The amount of operational throughput, being daily new business transacted relative to each product, which can be captured either manually or via automated interfaces with accounting systems.
- The status of risk mitigation gathered from across the enterprise via risk & control self-assessments (see below) captured at pre-selected organizational levels, e.g., process, production team, department, division etc.
Risk & Control Self-Assessment - RCSA (Enhanced)
The traffic light ‘RAG’ assessments typically used in RCSAs to report the status of risk mitigation activities and processes are replaced either by a binary ‘yes/no’ input indicating the presence or absence of compliance with an industry consensus best practice or through gauging the degree of compliance by reference to a set of predetermined benchmarks. RCSA enhanced inputs are used by Risk Accounting’s algorithms to calculate risk mitigation indexes (RMIs) and residual RUs.
An important feature of Risk Accounting is that Risk Accounting inputs via EUF and VBW tables and enhanced RCSAs are auditable:
- EUFs are set and approved during the product approval and review process. Auditors can independently verify that EUFs have been appropriately documented, approved, and consistently applied.
- Operational throughput and mapping to the Value Table can be independently verified by auditors against accounting records.
- Given that enhanced RCSAs require either a ‘yes/no’ response or the selection of a benchmark from a multiple-choice dropdown box, an auditor can independently verify whether responses are appropriate as there is only one acceptable response.
Risk Accounting: Definitions
Exposure to nonfinancial risks exists where a financial institution fails to adequately plan, organise, manage and control its internal risk-mitigating activities and processes. In contrast, exposure to financial risks exists where a financial institution intentionally creates external financial exposures with customers, intermediaries and counterparties for a projected return.
Unexpected losses are financial outcomes associated with a financial institution’s failure to accurately identify, quantify, aggregate and report its accumulating exposures to financial and nonfinancial risks and, consequently, cannot know whether such exposures are within risk appetite limits approved at the Board level. In contrast, expected losses are stochastically determined accounting estimates of projected financial outcomes associated with accepted financial and nonfinancial risks where the amount of accepted risk has been accurately quantified and is within risk appetite limits approved at the Board level.
In the recent past, most notably during the financial crisis of 2007/8, financial institutions of all sizes around the globe suffered material, sometimes catastrophic unexpected losses. These were invariably due to their inability to effectively identify, quantify, aggregate and report their internal exposures to nonfinancial risks. In many instances, the result was extreme accumulations of unidentified and unreported exposures to nonfinancial risks that eventually turned into losses. In contrast, external exposures to financial risks have intrinsic monetary value that can be readily identified and quantified in natural currency, aggregated and reported. In short, a financial institution’s amount of exposure to external financial risks is typically known whereas its amount of exposure to internal nonfinancial risks is typically unknown.