Financial Risk Management: Regulatory Frameworks & Key Risks

Posted on Aug 27, 2025 in Finance, Banking, and Insurance

Financial Regulatory Framework & Capital

Legal Power Structure

  • Legislative Branch: Passes laws in parliament.
  • Executive Branch: Administers and enforces laws.
  • Judiciary: Interprets laws.

Regulatory Instruments

  • Acts: Statutory laws passed by parliament.
  • Subsidiary Legislation: Specifies in greater detail the requirements that Financial Institutions (FIs) adhere to.
  • Notice: Legally binding requirements.
  • Codes: Non-statutory, no force of law, but a system of governing rules with non-statutory sanctions.

Specific Notices

  • Notice 626: Prevention of money laundering and countering the financing of terrorism.
  • Notice 637: Lists risk-based capital adequacy requirements for banks locally incorporated in Singapore.

Objectives & Principles

Mission

  • Promote a sound and progressive financial sector.

Objectives

  1. Stable financial system.
  2. Safe & sound intermediaries.
  3. Safe & fair infrastructure.
  4. Fair, efficient & transparent markets.
  5. Transparent & fair-dealing intermediaries and offerers.
  6. Well-informed and empowered consumers.

Functions

  • Regulation, authorization, supervision, surveillance, enforcement, resolution.

Guiding Principles

  • Risk-focused, disclosure-based, stakeholder-reliant, supportive of enterprise.

Board & Senior Management Responsibilities

  • Sound Risk Management: Covers credit, market, operational, liquidity, and internal control risks.
  • Board Oversight: Oversees policy & implementation.
  • Senior Management’s Role: Ensures sound policies, effective procedures, and robust systems.
  • Key Activities: Risk measurement, management, and reporting.
  • Staffing: Competent staff for management, control, and audit functions.

Basel III Framework

  • Pillar 1: Enhanced Minimum Capital & Liquidity Requirements.
  • Pillar 2: Enhanced Supervisory Review Process for firm-wide risk management & planning.
  • Pillar 3: Enhanced Risk Disclosure & Market Discipline.

Three Lines of Defense

  • Business Support Unit: Owns & manages risk in respective areas of responsibility.
  • Risk Management, Legal & Compliance: Provides independent risk oversight, monitoring, & reporting.
  • Internal Audit: Provides independent assurance.

Bank Capital Structure

  • Tier 1 Capital: Shareholder Equity & Retained Earnings.
  • Tier 2 Capital: Hybrid capital instruments, loan-loss reserves, revaluation reserves, undisclosed reserves.

Regulatory vs. Economic Capital

  • Regulatory Capital: Regulators’ requirement (no economic activities).
  • Economic Capital: Capital held for economic activities.

Risk Appetite Definition

The aggregate level & type of risk an FI is willing to assume within its risk capacity to achieve its strategic objectives.

Capital Adequacy Ratios

  • CET1 (Common Equity Tier 1): 6.5%
  • Tier 1: 8%
  • Total Capital (Tier 1 + Tier 2): 10%

Market & Liquidity Risk Management

Market Risk Definition

The risk of loss or profit as a result of changes in the market price of the positions held, or the risk of losses in on- or off-balance sheet positions due to market movements.

Market Risk Strategy

  1. Consider economic, liquidity, and market conditions and their impact on risk.
  2. Leverage expertise in specific markets to identify, measure, evaluate, monitor, report, and control/mitigate risk.
  3. Optimize portfolio mix for appropriate risk levels.

Market Risk Framework

  1. Market risk limits aligned with FI appetite, profile, and capital strength.
  2. Exception tracking for Board of Directors (BOD) / Senior Management (SM) for prompt action on reporting processes.
  3. Effective models and controls to measure risk.
  4. Valuation policies for appropriate valuation adjustments to determine fair value of assets & liabilities.

Key Responsibilities

  • Monitoring, Reporting, Investigation & Resolution.

Measuring Market Risk

  1. Standard Deviation (SD): Find the average return, then for each day, subtract the average return and square it. Add all squared differences, divide by the number of days (variance), then take the square root to get SD.
  2. Exponentially Weighted Moving Average (EWMA).
  3. Generalized Autoregressive Conditional Heteroskedasticity (GARCH) model.

Value-at-Risk (VaR) Approaches

  1. Historical Simulation.
  2. Variance-Covariance: Daily % = Annual % / sqrt(252) -> Total amount x Daily % x Z-score.
  3. Monte Carlo Simulation.

Note: 252 trading days often used for annualization.

Liquidity Risk Definition

The risk of an institution being unable to meet its financial obligations as they fall due without incurring unacceptable costs or losses through fundraising or liquidation of assets.

Types of Liquidity Risk

  1. Funding Risk: Inability to raise cash without incurring unacceptable rates.
  2. Asset Liquidity Risk: Inability to exit a position without incurring massive loss due to wide bid-ask spreads.

LCR & NSFR Ratios

  • LCR (Liquidity Coverage Ratio): Monitors and controls liquidity risk, ensuring banks hold sufficient High-Quality Liquid Assets (HQLA) for survival during high liquidity stress periods (30 days). Target: ≥ 100%.
  • NSFR (Net Stable Funding Ratio): Promotes resilience over a long-term horizon by creating incentives for banks to fund activities with more stable funding sources, limiting reliance on cheap and abundant short-term wholesale funds to maintain a stable funding structure. Formula: Available Stable Funding / Required Stable Funding ≥ 100%.

Case Study: Silicon Valley Bank (SVB)

  1. Grew with tech startups, taking huge deposits during a low-interest period, but invested in long-term US bonds (low risk, interest rate sensitivity).
  2. Interest rates increased, bond prices fell, portfolio worth less. Startups withdrew money, leading to a tighter funding environment and more money needed for operations.
  3. Liquidity Crisis: Sold bonds at $1.8B loss to pay withdrawals. Announced loss caused panic and a bank run.
  4. FDIC took control and paid depositors.

Case Study: Long-Term Capital Management (LTCM)

  1. High-leverage arbitrage bond trading with same underlying characteristics.
  2. Russia defaulted on ruble-denominated debt, global markets panicked, moved to liquid assets.
  3. Prices moved in opposite directions, couldn’t sell in time (illiquid), market froze. High leverage led to massive losses.
  4. $3.6B rescue package for 90% equity, followed by shutdown.

Credit Risk Management & Financial Crises

Credit Risk Definition

The potential that a borrower or counterparty will fail to meet its obligations in accordance with the agreed terms. Generally associated with traditional lending activities (loans not being repaid in full) but can also mean holding securities where credit risk arises from a decline in credit standing. Does not necessarily mean default, but an increased probability of it.

Credit Risk Management Goal

Maximize a bank’s risk-adjusted rate of return by maintaining credit exposure within acceptable parameters.

Credit Risk Classifications

  1. Counterparty Credit Risk: Risk that a counterparty fails to meet an obligation.
  2. Product-Specific Risk: Product-specific credit risk of transactions that could arise with respect to a specific group of borrowers.
  3. Concentration Risk: Risk of adverse developments in the operating environment or industry leading to deterioration in counterparties.
  4. Country Risk: Default or settlement risk in a given country due to a range of macroeconomic or social events primarily affecting counterparties in those jurisdictions.

Key Credit Criteria

Sufficient information, payment source, credit purpose. Compare track record with industry peers, equity, profitability, turnover, leverage, debt servicing, credit risk rating, terms & conditions, duration of loan, amount, collateral.

Counterparty Risk

Risk that a counterparty may default on its obligations in a financial contract.

Wrong-Way Risk

Exposure to a counterparty is adversely correlated with the credit quality of that counterparty.

Novation of Trades

Substitute a contract with a replacement contract where both parties have agreements with a Central Counterparty (CCP) as a middleman to facilitate deals and reduce risk exposure.

Credit Default Swaps (CDS)

Essentially an insurance contract: sell risk, buy risk, pay premium. Triggers: bankruptcy, failure to pay, debt restructuring, obligation default, repudiation.

Basel III Advanced Approach

  1. Measuring & reporting minimum regulatory capital requirements by calculating capital for credit, market, and operational risk.
  2. Undertake ICAAP (Internal Capital Adequacy Assessment Process) following internal assessment, assessing risk profile & activities, determining if capital should exceed regulatory capital.
  3. Disclose information regarding capital structure, capital adequacy, and risk management strategies.

Credit Risk Management Metrics

  • Exposure at Default (EAD)
  • Loss Given Default (LGD)
  • Probability of Default (PD)

ICAAP Components

  • Senior management oversight, sound capital assessment & plan, comprehensive risk assessment, stress testing, monitoring & reporting, internal review.

Case Study: Eurozone Crisis

Single Euro currency introduced; many weaker countries joined. Overall market risk for the Euro was mispriced (due to weaker countries joining). Bad credit ratings but borrowing at low rates led to over-borrowing. Unable to finance/pay back. IMF provided a €163B bailout loan for stricter spending cuts and interest rate hikes. Bought up affected government-issued loans to calm and inject liquidity into the market.

Case Study: Global Financial Crisis (GFC)

Low interest rates after dot-com bubble / 9/11 to ease economy, encouraged cheap borrowing and corporate debt. Easy credit & low interest led to a massive rise in mortgages, with the assumption that house prices would always go up. Repackaging subprime mortgages into Mortgage-Backed Securities (MBS) and then Collateralized Debt Obligations (CDOs) made it harder to evaluate true risk through the layers. Credit rating agencies gave false ratings, underplaying risk. Not enough precautions taken against the true risk. Housing prices fell, defaults increased, AAA-rated instruments failed. Financial Institutions (FIs) faced liquidity and solvency issues. Global financial exposure through interconnected financial derivatives led to massive losses. FIs didn’t trust each other, market activity froze, markets crashed, funding was halted. Bailouts from US governments, interest rate cuts & quantitative easing, stricter regulations followed.

Operational Risk & Business Continuity

Operational Risk Definition

Risk of loss resulting from inadequate or failed processes, people, systems, or external events. This includes legal risk but excludes strategic and reputational risk.

Operational Risk Management

Operational risk should be actively managed because failure to do so can result in a misstatement of an FI’s risk profile and expose it to significant losses. Unlike other risks, it is not directly taken in return for an expected reward and exists in the natural course of activity.

Risk Hierarchy

Risk Capacity → Risk Appetite → Risk Tolerance → Risk Limits

Challenges in Operational Risk

  • Uniqueness
  • Consistency
  • Clarifying roles & responsibilities
  • Sufficient talent

Operational Risk Classification

  • Internal fraud
  • External fraud
  • Employment & workplace safety
  • Client/product/business practices
  • Damage to physical assets
  • Business disruption/system failures
  • Execution/delivery/process disruption

Case Study: Société Générale

A trader was executing low-risk arbitrage strategies but started making big bets on stock index futures. To hide losses, he faked offsetting transactions to balance the sheet, exploited time gaps between audits, and used colleagues’ logins to approve his trades. In 2008, he bet big on Euro markets to rise, but they didn’t (due to GFC). He lost big, the mistake was uncovered, an investigation launched, resulting in a €4.9B loss, reputation damage, and leadership change.

Operational Risk Tools

  • Key Risk Indicators (KRI): Dashboard-type reporting (e.g., red/green/yellow status).
  • Scenario Analysis (SA): Giving experts a scenario and assessing potential outcomes.
  • Risk & Control Self-Assessment (RCSA): Questionnaire/workshop-based assessment.

CRAFT Framework

Uses business activities to measure risk assessments, providing a better internal/external understanding of risk factors. Gives an overall risk rating for safety & soundness, transparency, and market fair dealings.

Case Study: LIBOR Scandal

LIBOR (London Interbank Offered Rate) is a standard benchmark for daily interest rates on lending. Manipulation of rates occurred through understatement, trader collusion, and weak internal controls, boosting profits and bank benefits. This led to an erosion of trust and global financial reforms.

Case Study: Barings Bank

A Singapore derivatives trader made unauthorized speculative trades and hid losses. He was in charge of both front and back office (conflict of interest). He opened a ‘88888’ account to hide losses. The account was found due to a discrepancy, he couldn’t explain the loss, and a lack of funds to continue trading meant the bank needed to be bailed out.

Business Continuity Management (BCM)

Overarching framework that includes policies, standards, and procedures to provide for the continuous functioning of an FI during operational disruption. Depends on the nature, scale, and complexity of FI business activities. Key components: critical business services and functions, service recovery time objectives, dependency mapping, concentration risk, continuous review and improvement, testing, audit, incident & crisis management, responsibility of BOD & SM.

Business Continuity Plan (BCP)

A plan/action that sets out the procedures, framework, and establishes the processes & systems necessary to restore operations in the event of disruption.

Technology Risk Management

Technology Risk Governance & Oversight

  1. Board of Directors (BOD) / Senior Management (SM) hire staff well-versed in knowledge to understand and manage technology risk.
  2. Appoint Chief Information Officer (CIO), Chief Technology Officer (CTO), or Head of IT to align IT decisions with the bank’s risk appetite.
  3. Clear policies and standards in IT practiced for information safeguards and oversight. Review processes regularly for evolving risks, approved by SM, and monitor residual risk for acceptable levels.
  4. Identify and classify ownership of information assets according to policies, procedures & standards.
  5. Work with third-party services/outsourcers, ensure information is safeguarded, and assess & manage technology risk exposure on confidentiality, integrity, and availability of systems/data of third parties before entering agreements.
  6. Ensure a high standard of care and diligence in protecting data confidentiality, integrity, and system resilience.

Technology Risk Management Framework

  1. Risk Identification: Identify threats and vulnerabilities to the FI and information assets.
  2. Assessment: Assess the potential impact and likelihood of threats and vulnerabilities to the FI and information assets.
  3. Treatment: Implement processes and controls to manage technology risk posed to the FI and protect the confidentiality, integrity, and availability of information assets.
  4. Monitor, Review, Report: Monitor, review, and report technology risks, changes in business strategy, IT systems, environment, or operating conditions to BOD/SM.

Security Assessment Approaches

Obtain in-depth evaluation of security defenses, yearly test:

  1. Black-box Testing: Simulates real-world external attacks.
  2. Grey-box Testing: Simulates internal attacks.