Introduction to Risk Management in Banking
Risk management is an essential element of management from the enterprise level down to the individual project. It encompasses all the actions taken to reduce complexity, increase objectivity, and identify important decision factors. There has been, and will continue to be, discussion about the complexity of risk management and whether or not it is worth the effort.
Businesses must take risks to retain their competitive edge, however, and as a result, risk management must occur as part of managing any business, program, or project. Risk management is both a skill and a task that is performed by all managers, either deliberately or intuitively.
It can be simple or complex, depending on the size of the project or business and the amount of risk inherent in an activity. Every manager, at all levels, must learn to manage risk. Like most skills, risk management can be learned.
Example of Risk Management at the International Banking Level
The Basel Committee on Banking Supervision comprises government central bank governors from around the world. This body created a basic, global risk management framework for market and credit risk. It implemented internationally a flat 8 percent capital charge to banks to manage bank risks.
This means that for every 100 dollars a bank makes in loans, it must possess 8 dollars in reserve to be used in the event of financial difficulties. However, if banks can show they have very strong risk mitigation procedures and controls in place, that capital charge can be reduced to as low as 0.37 percent (or 37 cents of reserves per 100 dollars of loans).
If a bank has poor procedures and controls, that capital charge can be as high as 45 percent, or 45 dollars for every 100 dollars the bank loans out. This example shows how risk management can be used at a very high level. The remainder of this module focuses on smaller implementations and demonstrates how risk management is used in many aspects of business conduct.
Risk Management Vocabulary
You need to understand a number of key terms to manage risk successfully. This vocabulary functions as an overview of risk management topics. Risk is a product of probability and impact (e.g. loss, harm, damage, etc.) Risk is like the expected loss or harm due to a threat..
Risk management is the overall decision-making process of Identifying threats and vulnerabilities and their potential impacts, Determining the costs to mitigate such events, and Deciding what actions are cost-effective for controlling these risks.
- Risk assessment (or risk analysis) is the process of analyzing an environment to identify the threats and mitigating actions to determine the impact of an event that would affect a project, program, or business.
- An asset is any resource or information that an organization needs in order to conduct its business.
- An attack is an event that causes harm to an asset.
- A threat is any circumstance or event with the potential to cause harm to an asset.
- A threat actor/agent is the entity behind a threat.
- A threat vector is a method used to effect a threat.
- A vulnerability is any characteristic or component of an asset that can be exploited by a threat to cause harm. An exploit takes advantage of a vulnerability.
- Impact is the loss or harm incurred when a threat exploits a vulnerability.
- A control is a measure taken to detect, prevent, or mitigate the risk associated with a threat.