Saturday, November 17, 2007

Process Risk Management Merrill Lynch

Download a presentation from

Merrill Lynch & Co. Process Risk Management Merrill Lynch is focused upon ... linkages and risk of process failure. and evaluate the effectiveness of ...

download more presentations from Goldman Sachs etc. from

From Annual Report of 2000 of Merrill Lynch
At the SIA’s 2nd Annual Risk Management Conference for financial services firms held on June 27th in New York City, overall, the maturity of enterprise risk management in the past year has definitely moved up one notch. Uncertainty about how to define enterprise risk management and the debate about the value of risk management have been replaced with more practical concerns on how to best implement a risk management program and how to measure the performance.

According to Julian Fry, Global Head of Operational Risk at Merrill Lynch & Co., Inc., who was a panelist at the conference, the top 10 risk management business issues within Financial Services and Investment Management companies are:
1) Proper business practices, 2) Internal fraud, 3) Knowing your client, 4) Transaction execution, 5) Client selection exposure, 6) Business disruption, 7) Product complexity/pricing, 8) Employment practices, 9) Accounting evaluation (sox), and 10) Back office operations.

You can download report on the conference from
after registering on the site.

Risk Management

Risk Management Philosophy

Risk-taking is an integral part of Merrill Lynch's core business activities. In the course of conducting its business operations, Merrill Lynch is exposed to a variety of risks. These risks include market, credit, liquidity, process, and other risks that are material and require comprehensive controls and management. The responsibility and accountability for these risks remain primarily with the businesses.

The Corporate Risk Management ("CRM") group ensures that these risks are properly identified, monitored, and managed throughout the firm. To accomplish this, CRM has established a risk management process, which includes:

A formal risk governance organization that defines the oversight process and its components.

A regular review of the entire risk management process by the Audit Committee of the Board of Directors.

Clearly defined risk management policies and procedures supported by the most appropriate and advanced analytic tools available.

Communication and coordination between the business, executive, and risk functions while maintaining strict segregation of responsibilities, controls, and oversight.

Clearly articulated risk tolerance levels as defined by the Executive Management Committee ("EMC") that are regularly reviewed to ensure that Merrill Lynch's risk-taking is consistent with its business strategy, capital structure, and current and anticipated market conditions.

The risk management process, combined with CRM's personnel and analytic infrastructure, works to ensure that Merrill Lynch's risk tolerance is well-defined and understood by the firm's risk-takers as well as by its executive management. Other groups, including Audit, Finance, and Treasury, work with CRM to establish this overall risk management control process. While no risk management system can ever be absolutely complete, the goal of CRM is to make certain that risk-related losses occur within acceptable, predefined levels.

Risk Governance Structure
Merrill Lynch's risk governance structure is comprised of the Audit Committee, the EMC, the Risk Oversight Committee ("ROC"), the Risk Policy Group ("RPG"), the business units, CRM, and various corporate governance committees. The roles of these respective groups are as follows:

The Audit Committee is comprised entirely of external directors and has authorized the ROC to establish Merrill Lynch's risk management policies.

The EMC establishes risk tolerance levels for the firm and authorizes material changes in Merrill Lynch's risk profile. It also ensures that the risks assumed by Merrill Lynch are managed within these tolerance levels and verifies that Merrill Lynch has implemented appropriate policies for the effective management of risks. The EMC must approve all substantive changes to risk policies, including those proposed by the ROC. The EMC pays particular attention to risk concentrations and liquidity concerns.

The ROC, comprised of senior business and control managers and chaired by the Head of CRM, oversees Merrill Lynch's risks and ensures that the business units create and implement processes to identify, measure, and monitor their risks. The ROC also assists the EMC in determining risk tolerance levels for the firm's business units and monitors the activities of Merrill Lynch's corporate governance committees, reporting significant issues and transactions to the EMC and the Audit Committee.

The RPG is a working group of the ROC comprised of control managers and is chaired by the Head of CRM. The RPG reviews various risk-related issues and reports to the ROC.

Various other governance committees exist to create policy, review activity, and ensure that new and existing business initiatives remain within established risk tolerance levels. These committees include the New Product Review Committee, Debt and Equity Capital Commitment Committees, Real Estate Capital Commitment Committee, Credit Policy Committee, Reserve Committee, Special Transactions Review Committee, and the Structured Products Committee. Representatives of the principal independent control functions participate as voting members of these committees.

Risk Framework
CRM's chief monitoring and risk measurement tool is Merrill Lynch's Risk Framework ("Framework"). The Framework defines and communicates Merrill Lynch's risk tolerance and raises exceptions for certain areas of risk concentration. Exceptions and violations are reported and investigated at predefined and appropriate levels of management. The Framework and its limits have been approved by the EMC and the risk parameters that define the Framework have been reviewed by the Audit Committee. The EMC reviews the Framework annually and approves any material changes. The ROC reports all substantive Framework changes to the Audit Committee.

The Framework establishes aggregate and broad risk limits for Merrill Lynch. Market risk limits are intended to constrain exposure to specific classes and factors of market risk and Value-at-Risk ("VaR"). VaR is a statistical measure of the potential loss in the fair value of a portfolio due to adverse movements in underlying risk factors. Credit risk limits are intended to constrain the magnitude and tenor of exposure to individual counterparties, types of counterparties, countries, and financing collateral. The Framework has been established for CICG, PCG, MLIM, and Treasury. Each business is responsible for ensuring that its risk activities adhere to the limits established under the Framework. Individual Frameworks are continually refined to increase the granularity and scope of risk coverage.

Corporate Risk Management
CRM is an independent control function responsible for Merrill Lynch's risk management process. The head of CRM reports directly to the Chief Financial Officer, chairs the ROC and RPG, and is a member of the EMC. CRM manages Merrill Lynch's market and credit risks. Market risk is defined to be the potential change in value of trading instruments caused by fluctuations in interest rates, exchange rates, equity and commodity prices, credit spreads, and/or other risks. Credit risks are defined to be the potential for loss that can occur as a result of impairment in the creditworthiness of an issuer or counterparty or a default by an issuer or counterparty on its contractual obligations. CRM also provides Merrill Lynch with an overview of its risk for various aggregate portfolios and develops the systems and analytics to conduct all risk management functions. CRM is organized into the following four groups:

The CICG Market Risk Group is responsible for defining the products and markets in which CICG will transact and take risk. Moreover, it is responsible for identifying the risks to which CICG businesses will be exposed in these approved products and markets. The CICG Market Risk group also establishes the Framework market risk limits against which risk concentrations are monitored and controlled. Within the Group is a dedicated, separate quantitative unit that evaluates the efficacy of trading and risk models through stressing and testing the mathematical models used by various control and business units.

The Credit Risk Group assesses the creditworthiness of existing and potential individual clients, institutional counterparties and issuers, and determines firmwide credit risk appetite within Framework limits. The Group reviews and monitors specific transactions as well as portfolio and other credit risk concentrations. It is also responsible for ongoing credit quality and limit compliance, and the Group works with the business units of Merrill Lynch to manage and mitigate credit risk. A specialist unit that focuses on early problem asset identification and management is also part of the Credit Risk Group.

The Portfolio Risk Group has a variety of firmwide responsibilities including integrating market, credit and business risks through firmwide stress and event analysis, enhancing the internal attribution of economic capital to business units, and conducting country risk and rating assessments. The Group also has a Process Risk team that specifically focuses on the implementation of the firmwide process risk management program. In addition, the Portfolio Risk Group oversees the proprietary market risk taken within the Merrill Lynch Treasury function, PCG and MLIM.

The Risk Infrastructure Group provides CRM with the analytic, technological, and policy support necessary to quantify and monitor firmwide market, credit and portfolio risk.

CRM continuously reviews and refines its risk processes and methodologies. The overall effectiveness and responsiveness of CRM can be seen on a broader level when analyzing weekly net trading revenues over time. CRM policies and procedures for monitoring and controlling risk combined with the businesses' focus on customer order-flow driven revenues have helped Merrill Lynch to reduce earnings volatility within its portfolios. While no guarantee can be given regarding future earnings volatility, CRM continues to work on policies and procedures that assist the firm in measuring and monitoring its risks.

Market Risk
Merrill Lynch uses a variety of quantitative metrics to assess the risk of its positions and portfolios. In particular, CRM quantifies the sensitivities of Merrill Lynch's present portfolios to changes in market variables. These sensitivities are then utilized in the context of historical data to estimate earnings and loss distributions that Merrill Lynch's present portfolios would have incurred throughout the historical period. From these distributions, CRM derives a number of useful risk statistics including VaR. VaR is an estimate of the amount that Merrill Lynch's present portfolios could lose with a specified degree of confidence, over a given time interval. The VaR statistic for a particular risk category represents the amount that Merrill Lynch's present portfolios could lose due to past market movements in that specific risk category.

The VaR for Merrill Lynch's overall portfolios is less than the sum of the VaRs for individual risk categories because movements in different risk categories occur at different times and, historically, extreme movements have not occurred in all risk categories simultaneously. The difference between the sum of the VaRs for individual risk categories and the VaR calculated for all risk categories is shown in the following tables and may be viewed as a measure of the diversification within Merrill Lynch's portfolios. CRM believes that the tabulated risk measures provide some guidance as to the amount Merrill Lynch could lose in future periods and it works continuously to improve its measurement and the methodology of its VaR. However, like all statistical measures, especially those that rely heavily on historical data, VaR needs to be interpreted with a clear understanding of its assumptions and limitations.

In the Merrill Lynch VaR system, CRM uses a historical simulation approach to estimate value-at-risk using a 99% confidence level and a two-week holding period for trading and non-trading instruments. Sensitivities to market risk factors are aggregated and combined with a database of historical biweekly changes in market factors to simulate a series of profits and losses. The level of loss that is exceeded in that series 1% of the time is used as the estimate for the 99% confidence level VaR. The overall total VaR amounts are presented across major risk categories, including exposure to volatility risk found in certain products, e.g., options.
Credit Risk
Merrill Lynch's Credit Risk Group uses a variety of methodologies to set limits on exposure resulting from a counterparty or issuer failing to perform on its contractual obligations. The Group performs analysis in the context of industrial, regional and global economic trends and incorporates portfolio and concentration effects when determining risk appetite. Credit risk limits take into account measures of both current and potential exposure and are set and monitored by broad risk type, sub-product type and tenor to maturity. Credit risk mitigation techniques include, where appropriate, the right to require initial collateral or margin, the right to terminate transactions or obtain collateral should unfavorable events occur, the right to call for collateral when certain exposure thresholds are exceeded, and the purchase of credit default insurance. With senior management involvement, Merrill Lynch conducts regular portfolio reviews, monitors counterparty creditworthiness, and evaluates transaction risk with a view toward early problem identification and protection against unacceptable credit-related losses.

In 2000, the Credit Risk Group introduced enhanced methods to assist in the management of Merrill Lynch's credit risk. The Credit Framework now includes increased product and tenor granularity, and the Group has made enhancements to Merrill Lynch's internal credit rating and counterparty review process.

Credit risk and exposure that originates from Merrill Lynch's retail customer business is monitored constantly by CRM. Exposures include credit risks for mortgages, home equity lines of credit, margin accounts and working capital lines that Merrill Lynch maintains with certain small business clients. These exposures are collateralized in accordance with regulatory requirements governing such activities.

Merrill Lynch enters into International Swaps and Derivatives Association, Inc. master agreements or their equivalent ("master netting agreements") with each of its derivative counterparties as soon as possible. Master netting agreements provide protection in bankruptcy in certain circumstances and, in some cases, enable receivables and payables with the same counterparty to be offset on the Consolidated Balance Sheets, providing for a more meaningful balance sheet presentation of credit exposure.

In addition, to reduce default risk, Merrill Lynch requires collateral, principally U.S. Government and agencies securities, on certain derivative transactions. From an economic standpoint, Merrill Lynch evaluates default risk exposures net of related collateral.
In addition to obtaining collateral, Merrill Lynch attempts to mitigate its default risk on derivatives whenever possible by entering into transactions with provisions that enable Merrill Lynch to terminate or reset the terms of its derivative contracts.

Process Risk
Process Risk Management is an evolving risk management discipline. Merrill Lynch defines process risk as the risk of loss resulting from inadequate controls or business disruption relating to people, internal processes, systems, or external events. Examples of process risks faced by the firm include systems failure, human error, fraud, major fire, or other disasters.

Merrill Lynch manages process risks in many ways including maintaining strong corporate principles of value, appropriately training employees, maintaining a comprehensive system of internal controls, using technology to automate processes and reduce manual errors, monitoring risk events, employing experienced personnel, maintaining certain backup facilities, conducting internal audits, and emphasizing the importance of management oversight. In addition, Merrill Lynch has established a process risk management group within CRM to focus on further enhancing the management of these risks.

This Group manages a firmwide process risk management framework and has developed policies and procedures aimed at establishing a consistent approach to identify, monitor, and manage process risks across all business lines. Within this framework, the Group has created business line steering committees to coordinate process risk management efforts. The Group uses a variety of risk management tools and techniques to reinforce the firm's strong risk management culture. These include summarizing and monitoring process-risk-related losses on a regular basis, developing risk indicators to facilitate proactive risk management capabilities, and self-assessments to identify risks, corresponding controls, and measure improvement.

Other Risks
Liquidity risks arise in the course of Merrill Lynch's general funding activities and in the management of its balance sheet. This risk includes both being unable to raise funding with appropriate maturity and interest rate characteristics and the risk of being unable to liquidate an asset in a timely manner at a reasonable price. For further information on how Merrill Lynch manages liquidity risk, see the Capital Adequacy and Liquidity section.

Merrill Lynch encounters a variety of other risks, which have the ability to impact the viability, profitability, and cost effectiveness of present or future transactions. Such risks include political, tax, and regulatory risks that may arise due to changes in local laws, tax statutes, or regulations. To assist in the mitigation of such risks, Merrill Lynch rigorously reviews new and pending legislation and regulations. Additionally, Merrill Lynch employs professionals in jurisdictions in which the company operates to actively follow issues of potential concern or impact to the firm and to participate in related interest groups.

No comments: