It is old news, especially in the financial sector, that the term risk can encompass not just threats but also opportunities. It is part of the treasurer's daily work to realize that exchange rate fluctuations are in a way a gamble and can certainly add value. The same applies to the experience that in interest rate risk management, for instance, no such thing as a complete hedge exists, but only a positioning in different dimensions such as value change risk and cash flow risk. There is no doubt that a reasonable relationship should exist between the potential return and the risk taken.

Prepared to take risks? Yes, but just how much?

Applying the above insights in practice means that companies – or even subdivisions such as Treasury – are faced with challenging questions: How much exposure to changes in value am I willing and able to bear when it comes to interest rates? To what extent do I benefit from bearing counterparty default risk? Or how best to allocate different types of risk, such as credit, exchange rate and interest rate risk?

The conventional strategy of separating risks by type and then limiting them individually, such as by setting investment limits per counterparty or hedging ratios per currency, helps minimize these risks, but does not address any of the above-mentioned questions.

Risk Appetite Framework

A potential solution to this problem is to establish a holistic approach to quantifying and managing risks in the form of a Risk Appetite Framework (RAF), which can either be used on its own, for example to deal with financial risks in isolation, or already embedded in a Group-wide Enterprise Risk Management (ERM) concept.

A sound RAF will allow companies to formulate their risk appetite both at the group level and for individual companies or business units, and put this risk appetite in relation to the overall risk-bearing capacity available.

An RAF should generally be composed of three main parts:

  • Governance system: a governance system assigns clear responsibilities for adjusting risk appetite and limits, as well as for monitoring, reporting and escalation. As a result, the company is able to respond proactively to potential changes and adjust its own risk appetite accordingly.
  • Risk Appetite Statement: the Risk Appetite Statement describes the company's risk appetite for each risk type separately. Ultimately, in addition to this qualitative articulation, the risk appetite must be translated into quantitative values. This is possible, for example, by means of allocated risk budgets that are in line with the group strategy and corporate guidelines and that clearly define and/or transparently communicate the company's risk appetite.
  • System for risk quantification and limits: The risk quantification & limit system is the methodical core of risk management that defines the way in which all risk types can be assessed in a consistent and aggregated manner, which perspectives (in which dimensions) must be considered, and which KPIs are used to translate risk appetite into operational limits and/or triggers. By way of natural inference, limits of a known type can then be derived from this, making the impact on operational processes manageable.

These three RAF components form a conceptual framework that can establish a suitable risk culture in the company by combining governance, methodology and operationalization.

Pitfalls to overcome when implementing a risk appetite framework

There are several obvious challenges to developing a Risk Appetite Framework (RAF) for an organization, such as getting the cooperation and commitment of many relevant stakeholders to ensure effective risk management across the entire company. However, there is the option of developing an RAF for a sub-segment first, as opposed to tackling an overall group-wide ERM solution all at once. This allows valuable experience to be gained and, on the other hand, ensures that specifics such as financial market risks are well taken into account.

When preparing an RAF, it is particularly important to derive the various risk perspectives required for a suitable overall assessment, such as the P&L view or the market value view. Another question that arises is the relationship between the different perspectives. Is it reasonable to set the change in market value from exchange rate changes against the equity bearing capacity (thereby taking the position of a debt capital provider)? Or does the risk appetite for non-core activities already end when dividend payments are in jeopardy? Not only does the right methodology matter here, it also pertains to strategic considerations to ensure that the company will be able to meet its financial obligations while generating an appropriate return for its shareholders.

The approaches to allocating risk appetite are another aspect. The RAF offers both a "top-down" and a "bottom-up" approach to risk. With the "top-down" approach, management determines the company's overall risk appetite at a superordinate level. This can, for example, be achieved by means of appropriate benchmarking and positioning in relation to competitors.

With a bottom-up approach, risk budgets are calculated based on actual risks or risk limits implicit in existing policies within each business unit and then aggregated to generate an overall picture of the company's risk appetite. This initial snapshot is then iteratively refined until it matches the actual risk appetite.

For a successful implementation of a RAF, certain prerequisites are necessary. Companies are well advised to assemble their experts with in-depth knowledge of the various types of risk so they can model and quantify them in a consistent manner. This technical expertise needs to be accompanied by appropriate systems that allow for a flexible analysis of risk metrics for a wide range of risk types and exposures during modeling and also later monitoring. Additionally, it is of vital importance to have good communication and collaboration between the different departments and stakeholders involved, especially when it comes to answering the strategic questions associated with an RAF.

Well worth the effort

Developing a Risk Appetite Framework (RAF) is no small feat. This is mainly to do with the fact that the RAF bridges the gap between the qualitative "we take risks consciously" and the quantitative "we take exactly this much risk", resulting in the compilation of important building blocks.

But the resulting framework is a powerful instrument: itcan bring about conscious, controlled risk-taking in a consistent, operationalized way and can be seamlessly integrated into existing risk management processes. As such, it supports entrepreneurial action and accurate risk/reward trade-offs across the organization, while providing an all-encompassing view of risk management.

Source: KPMG Corporate Treasury News, Edition 133, June 2023
Börries Többens, Partner, Finance and Treasury Management, Corporate Treasury Advisory, KPMG AG
Dirk Bondzio, Senior Manager, Finance and Treasury Management, Corporate Treasury Advisory, KPMG AG
Daniel Lichtenberg, Manager, Finance and Treasury Management, Corporate Treasury Advisory, KPMG AG