Risk management in capital markets

Risks involve market manipulation, money laundering and fraudulent reporting

In the Indian financial services landscape, risk management has always been seen as a focus area for banking and capital markets players. Our regulators have set appropriate guidelines and policies that achieve the dual objectives of market development together with prudent risk management and consumer protection. While risk management and its importance in lending is well understood and discussed in public circles (this may be attributed to the current high levels of NPAs), risk management in capital markets is a less discussed topic.

 

Capital markets, globally and in India, are at risk of many violations including market manipulation, money laundering and fraudulent reporting among others. Recent changes in global capital markets have forced participants across the ecosystem — buy-side and sell-side participants, custodians, market infrastructure and financial technology providers — to reassess their strategies, business models and risk frameworks. This results in movement in revenue pools where risk resides and players are best positioned to succeed. All participants are being forced to adapt their business models as a result.

 

The changes in the capital markets ecosystem also affect the risk across the value chain for market participants and consequently the development of appropriate processes to mitigate these new risks will become critical. As a result, increased scrutiny will be placed on risk management frameworks as well as recovery and resolution plans.

 

Best practice elements of a capital markets risk management architecture can be broken broadly into two buckets: a) risk governance, policies and procedures; and b) risk modelling, measurement, and reporting.

 

Risk governance refers to mechanisms that firms use to assess and implement decisions related to market, liquidity, credit and operational risks inherent in capital markets. Capital market firms typically organise and govern their risk management practices using a three-lines-of-defence model. This usually includes risk taking, risk oversight and risk assurance activities.

 

Broadly, the first line is composed of risk takers — business line heads who must own and track the risks they generate. The second line is typically an independent body, usually the capital markets risk function, that sets limits for taking risks and ensures that all risks are being appropriately managed across the organisation. The third line, usually the internal audit function, verifies the efforts of the first two to ensure that nothing is out of line from the defined policies, controls and processes.

 

The effectiveness of the three-lines-of-defence model depends on the clarity of roles, responsibilities and accountability of all stakeholders, a clear segregation of duties to ensure independence in risk management, and review and challenge built into the governance framework across all levels.

 

The capital markets risk function must outline its approach to risk management and set limits to quantify the amount of risk the firm is willing to take, through a risk appetite statement. Capital markets risk management procedures and processes translate policies into specific and tangible steps, according to which day to day activities can be performed. The procedures also need to ensure that the firm has an effective system of controls, reasonably designed to identify and mitigate risks.

 

Translating risk policies and procedures into action requires capital market firms to effectively model all risk types (credit, market, liquidity, operational etc.), regular monitoring of risks and reporting to ensure efficient decision making across the organisation.

 

The foundational elements of risk modelling comprise key elements including decomposing risk into discrete parts, balancing effectiveness and efficiency of the risk models and aligning methodology with regulatory requirements and firm strategy. A robust market risk modelling function would typically entail execution of the following processes:

 

• Development of modelling methodology for calculating the Value-at-Risk (VaR) and Stressed Value-at-Risk (SVaR)
• Development of pricing models and sensitivities for all asset classes within the capital markets risk function’s purview
• Development of scenarios for stress testing
• Model calibration and measurement of model performance
• Periodic validation of the model in alignment with firm’s model validation policies

 

The aggregation of risk metrics into reports and KRIs is vital for management’s ability to effectively monitor and mitigate all material risk types. The frequency of risk management report generation and distribution is set to enable periodic measurement and to keep pace with the speed at which risks can change. The risk measurement reports play a crucial role in contributing to sound risk management and effective management decision making.

 

Risk reporting is a key capability within organisations that comprises processes including signing off on results (such as daily VaR results) to maintain accuracy of risk management and confirm that results are accurate for reporting and disclosure purposes; producing results that accurately convey all risk data at an aggregate level (the reports should ideally include a fine balance between risk data, analysis of risk, and qualitative explanations); producing reports for regulatory purposes — usually entails multiple checks and reviews by senior risk managers to ensure that all data is accurate and exhaustive to meet regulatory requirements.

The next generation of risk management will include near real-time calculations, aggregation and reporting of risks across the entire capital markets value chain, and more granular categorisations of risks. For future capital markets risk functions to be successful, they would require sophisticated tools to synthesise complex information and generate insightful alerts and reports in real-time situations.

The author is MD & CEO,NSE