Risk Management in Banks

Intermediate Diploma Thesis, 2010

17 Pages, Grade: 1,3


Table of Contents

II List of abbreviations

III List of figures

1 Introduction

2 Risk Management
2.1 The new risk environment
2.2 The concept of risk management and its importance
2.2.1 Risk management processes and its key principles
2.2.2 Different kinds of risks

3. Risk Management in the Banking Sector
3.1 The rise of finance
3.2 HSBC Bank
3.2.1 Types of risks HSBC has to face
3.2.2 Risk Management Strategies for HSBC

4 Conclusion

5 Bibliography

II List of abbreviations

illustration not visible in this excerpt

III List of figures

Figure 1: The Risk Management Process

Figure 2: Probability of occurrence matrix

Figure 3: Probability of occurrence matrix for HSBC

1 Introduction

It is debatable if the of world is today more “risky” or more “dangerous” than in the past. Today there is a new mood of risk management and the current financial crisis represents the latest case study of a “financial tsunami” on what can happen if risks are not orderly managed. Scandals, disasters and failures challenge organizations; hence risks must be made auditable and manageable. Risk management organizes things that cannot be organized, because individuals, organizations and governments have no choice, but to accept this.

Some of the risks can be pooled and redistributed via health and welfare systems. It is a matter of fact that the world is an unpredictable place and that uncertainty about the future, which could result in an adverse outcome, will always exist. Therefore risks require management.

2 Risk Management

2.1 The new risk environment

“Can we know the risk we face now or in the future? No, we cannot: but yes, we must act as we do (Power, 2005, p.9.).”

Risk management and risks are all around us and not only private firms, but hospitals, schools, universities and many other public organizations including the central government have implemented risk management programs. Managing risks is nothing new as risks have been managed by institution and experience in the past. Especially in the mid 1990s risk management and corporate governance agendas have grown closer together and became more or less identical (Power, 2004, pp. 9-11).

The author emphasizes that the nature of risk management has changed throughout the years, especially since 9/11. There has been much talk in the media about the world is being a different place and companies automatically had to adjust to this new risk environment. Nowadays, the researcher points out, risk management is considered and treated as a systematic approach, which sits at the board table and is addressed by many departments, such as legal, risk, security, finance and significantly by the chief executive (Jolly, 2005, p.20). The majority of the organizations have realized that they gain major strategic and commercial benefits by implementing risk management programs, especially because they intend to gain accreditation to bodies like the Dow Jones Sustainability Index (DJSI). When the DJSI was introduced in 1999, more than 300 organizations managed to achieve admittance to its listings in order to benefit from the investment. Certainly, this is increasingly drawn towards listed organizations. Targeting admittance to the index is a major corporate objective by the world‟s leading, most diverse and best-known organizations. Jolly (2005, p.34) states that their intention basically is to convince investors that they not only offer value for money, but are among the safest bets in this “risky” commercial world. Those strategic moves are today, especially when considering the current financial crisis, the rising demand of the environmental lobby and the increase of legislation and regulation around the globe, both inevitable and invaluable.

2.2 The concept of risk management and its importance

Within business environments risks are inevitable and thus enterprises are responsible to manage risks in order to make profits and shareholder value.

Nowadays more things and events are considered as a risk. Different kinds of definitions, which reflect the specific institutional interests of an organization, exist in order to describe risks. In health and safety traditions risks are mostly equated with hazards and dangers. In the finance sector, risks are concerned with volatility in expected outcomes, which can be both negative and positive (Power, 2004, p. 14). Generally speaking “Risks can be defined as any source of randomness that may have an adverse impact on a person or corporation” (Culp, 2001, p.14).

Accordingly, risk management is a central part of any organization‟s strategic management, whereby the enterprise addresses the potential risks that are attached to their activities in order to maintain a constant benefit within each activity with the goal of across the portfolio of all activities. The main focus of risk management is to identify and treat these risks. In the safety sector the outcomes of risks are only negative and therefore the management of safety risk is focused on prevention and mitigation of harm (IRM, 2002, p.2).

Risk management provides a structured framework for more effective strategic planning, which takes place in a controlled and consistent manner. The researcher emphasizes that risk management adds value to the organization and its stakeholders to ensure future activity. The major risks that affect the organization are summarized and appropriate resources can be directed towards areas of high risk and unavoidable risks can be insured. It is a huge contribution to improve the efficiency and effectiveness of the organization by optimizing the use of resources and capital. Due to the comprehensive and structured understanding of the business activity, volatility, opportunities and threats, decision making, planning and prioritization can be enhanced. The company image can be improved because of the higher accountability (Monash Universaty, 2004 [Online]). It supports and develops people and contributes to the organization‟s knowledge base. Thus the management perspective widens and initiative and pro-active behavior can be achieved. Accordingly communication can be improved. This systematic approach allows the management to focus on the areas of risks (IRM, 2002, p.4).

2.2.1 Risk management processes and its key principles

Risk management should be a continuous process running through the company‟s strategy. Not only future and current risks should be addressed, but also risks that occurred in the past have to be taken into account. It is significant that it is implemented in the culture of the organization together with an appropriate strategy and effective policy program.

The main elements of the Risk management process as shown in figure 1. consist of the following components:

Figure 1: The Risk Management Process

illustration not visible in this excerpt

(Source: The Royal Children‟s Hospital Melbourne (2010) [Online])

Communication and consulting with internal, as well as external stakeholders is necessary at each stage of the risk management process in order to ensure communication. The second step is to establish the context (internal or external) in which the process will take place. Criteria have to be developed in order to determine against which risks will be evaluated. The next overall step is now the risk assessment, in which potential impacts of risks or hazards are estimated. This classical risk assessment is based upon 3 stages, starting with the risk identification, analyze and evaluation of risks. Risk identification forms the basis for the next steps and is from great significance as it ensures the effectiveness of the whole process when identifying risks correctly. If risk managers are not successful in indentifying all possible losses or gains that the organization faces than these non-identified risks cannot be managed. Tschankova, as quoted by Dickson and Hastings (2002, p.290) state “the inability to identify possible gaining risks is as inappropriate as non-identified risks related to the loss”.

According to the author it is more or less the same missing a good positive possibility that an organization could seek from a risk or bearing losses. A frame approach should be implemented in order to identify risks. Sources of risk-hazard factor, peril resources exposed to risks are ways of risk identification. A classification of risk sources, which will be explained by the author later in the assignment, is needed to cover all types of risks that threaten the organization (Tschankova, 2002, p.297). The risks are being described in order to display them in a structured format, such as a table. Therefore a clear risk identification, description and assessment process can be achieved. A simple matrix, as illustrated in figure 2 is commonly used in order to categorize risks and then prioritize the actions.

Figure 2: Probability of occurrence matrix

illustration not visible in this excerpt

(Source: Elliot et al., 2002, p.97)

The risks need to be estimated, whereby they can be quantitative, semi-quantitative or qualitative in terms of the probability of occurrence and the possible consequence. Risks, which have been categorized as priority A for instance, require immediate action.

Now the risks need to be analyzed. There are many techniques to analyze upside risks, downside risks or both. A market survey or business impact analyses are examples to analyze upside risks. Upside risks refer to the degree to which a value of a security for instance might rise beyond forecasted levels, so it represents opportunity for benefit. Downside risks can be analyzed by a threat analysis for instance and can be regarded as threats to success, as it refers to the degree of a possible decline (IRM, 2003, p.2). In order to analyze both risk managers utilize for example a SWOT analysis or a PESTLE analysis (IRM, 2003, p.14). With a result of the risk analysis a profile can be produced, which rates each risk in order to distinguish between the treatments efforts and determine the likelihood and severity. Existing controls are being identified and evaluated as well. Now the risks are being compared against criteria, formulated by the organization. Within this step, the strategic decision is made whether each specific risk will be treated or accepted. Afterwards, appropriate risk treatment strategies, which address the risks, have to be developed and implemented in the stage of risk treatment. The main element here is risk control/mitigation, however risk avoidance, risk transfer, risk finance, etc. are as well typical strategies to manage risks.

In order to ensure a constant improvement, the effectiveness of all steps of the risk management process have to be monitored (Monash Universaty, 2004 [Online]).

2.2.2 Different kinds of risks

The different risks an organization faces can be either external or internal. Some risks are more important to investors, depending on their interests. Some of the key risk types a company may be confronted include:


Excerpt out of 17 pages


Risk Management in Banks
New College Durham
Risk Management
Catalog Number
ISBN (eBook)
File size
710 KB
Risk Management, banks, HSBC, banking sector, risk management process, risks, finance, financial market, Risk Management strategies, credit crunch
Quote paper
Sarah Bertram (Author), 2010, Risk Management in Banks, Munich, GRIN Verlag, https://www.grin.com/document/179100


  • No comments yet.
Read the ebook
Title: Risk Management in Banks

Upload papers

Your term paper / thesis:

- Publication as eBook and book
- High royalties for the sales
- Completely free - with ISBN
- It only takes five minutes
- Every paper finds readers

Publish now - it's free