How does it work?
Risk Accounting is a new and revolutionary method and system that identifies, quantifies, aggregates and reports exposures to non-financial risks.
SERRAQ has defined a new, additive, standard unit of measurement for non-financial risks, unique to the Risk Accounting method, called a Risk Unit or RU.
The Risk Accounting method generates three core risk metrics applied to the reporting categories typically used in management accounting including by organization, legal entity, product, customer, location and risk type. The three core risk metrics are:
- Inherent Risk… the amount of non-financial risk in RUs accepted by a financial institution before considering the effects of internal risk mitigation activities and processes (represents maximum possible loss)
- Risk Mitigation Index (RMI)… a measure of the effectiveness of a financial institution’s internal risk mitigating activities and processes on a scale of zero to 100
- Residual Risk… the amount of non-financial risk in RUs that remains after reducing a financial institution’s Inherent Risk by its RMI (represents probable loss)
For a more detailed description of the risk accounting method, visit www.risk-accounting.com.
The Portfolio View
Non-financial risks cannot be effectively managed without first constituting the complete portfolio of controlled and audited non-financial risks. A ‘Portfolio View’ is the essential foundation for effective risk control, public disclosure, the application of tried and tested portfolio risk management methods (trending, ranking, limit-setting, limit-monitoring and benchmarking) and the introduction of advanced analytical techniques… AI, FinTech, RegTech etc.
The portfolio view is enabled through Risk Accounting allowing non-financial risks to be analyzed in RUs at both the granular and aggregate levels.
Exposure to non-financial risks exists where a financial institution fails to adequately plan, organise, manage and control its internal risk-mitigating activities and processes. In contrast, exposure to financial risks exists where a financial institution intentionally creates external financial exposures with customers, intermediaries and counterparties for a projected return.
Unexpected losses are financial outcomes associated with a financial institution’s failure to accurately identify, quantify, aggregate and report its accumulating exposures to financial and non-financial risks and, consequently, cannot know whether such exposures are within risk appetite limits approved at the Board level. In contrast, expected losses are stochastically determined accounting estimates of projected financial outcomes associated with accepted financial and non-financial risks where the amount of accepted risk has been accurately quantified and is within risk appetite limits approved at the Board level.
Note: In the recent past, most notably during the financial crisis of 2007/8, financial institutions of all sizes around the globe suffered material, sometimes catastrophic unexpected losses. These were invariably due to their inability to effectively identify, quantify, aggregate and report their internal exposures to non-financial risks. In many instances, the result was extreme accumulations of unidentified and unreported exposures to non-financial risks that eventually turned into losses.
In contrast, external exposures to financial risks have intrinsic monetary value that can be readily identified and quantified in natural currency, aggregated and reported. In short, the global financial crisis of 2007/8 happened because a financial institution’s amount of exposure to external financial risks was typically known and accounted for whereas its amount of exposure to internal non-financial risks was typically unknown. Risk Accounting resolves this conundrum.
Key Attributes of Risk Accounting
The Risk Mitigation Index (RMI) is a measure of risk culture as it blends qualitative and quantitative risk attributes from across the enterprise into a single metric. Accordingly, risk governance is focused on planning and implementing strategies aimed at continually improving the RMI.
The risk appetite statement is a schedule of approved risk limits in RUs by business component, product and risk type that are set at the granular operating level and aggregated at the Board level for approval. Risk Accounting supports the budgeting and forecasting of accepted non-financial risks in RUs and monitors and reports accumulating excesses over approved RU limits in near real-time.
The amount of exposure to non-financial risks expressed in RUs is auditable. Risk Accounting requires business component and process owners to report their risk status by completing Best Practice Scoring Templates (BPSTs) which involves either picking an applicable risk benchmark or confirming compliance with industry-consensus best practices. Consequently, BPSTs are objective, measurement-based inputs that can be subject to audit which is not the case with risk & control self-assessments that use a subjective assessment metric, e.g. red/amber/green, that is not auditable.
Monetary Value of an RU
One of SERRAQ’s longer term aims is to calculate the monetary value of an RU (RUm) by modelling non-financial risk loss data correlated with related context information in the form of Residual Risk RUs. Once determined, the RUm can be used to estimate non-financial risk related expected losses (Residual Risk RUs x RUm).
Expected losses calculated in this way can be used to risk-adjust audited financial statements, similar to CECL accounting provisions for credit risk. This creates the possibility to lobby regulators to adopt the RUm in the determination of regulatory capital requirements for non-financial risks providing a high degree of risk sensitivity, simplicity and comparability in capital adequacy calculations.
“…represents a sizeable step forward in the search for a practical global solution to enterprise risk management (ERM)”
“…the London Whale trading loss… Here, the (method) would bloom”
“…a very useful conceptual framework that could serve as a baseline for fulfilling the needs of BCBS 239, with a relatively simple to implement approach”
“…the first mechanism proposed to integrate the major components of risk in a large institution”
“The integration of accounting and risk measures (both economic and regulatory) makes an important contribution to making risk-adjusted returns transparent”
“The framework… harmonizes all quantifiable risks and valuation uncertainties into one consistent framework without getting bogged down with specific risk models, methodologies and calibrations”
“…(the) approach could be a meaningful way of establishing a common metric for operational risk, an area in risk management which, after many years, is still lacking analytical rigour”
“…(the) proposed framework is both novel in addressing the limitations of existing ERM risk measurement frameworks and practical in adapting the control and reporting frameworks that already exist in accounting and general ledger systems”
“…I think it is a good way of thinking about the operational risk associated with different underlying risk classes but, as the authors point out in the paper, it is not intended to be a substitute for capital at risk.”