Risk-bearing capacity

from Wikipedia, the free encyclopedia

For risk-bearing capacity (including net risk-bearing capacity called; English risk tolerance, risk bearing capacity ) has a company as risk takers , especially in banking and insurance , have as much equity that from business risks resulting potential losses collected and the operations maintained are can.

General

Outside of banking and insurance, too, risk-bearing capacity in business administration and auditing is the ability to bear losses from risks without being directly exposed to the risk of bankruptcy . In quantitative terms, this means the maximum possible loss that can just about be covered by the available liquidity reserves of a company . In addition, at least a “B” rating must be guaranteed for the company, so that the financing by credit institutions can continue. In general, good risk-bearing capacity concepts not only indicate which loss can be borne, but also the probability that such a loss will result from the combined effects of individual risks ( systemic risk ). This understanding of the risk-bearing capacity corresponds directly to the requirements of Section 91 (2 ) AktG ( KonTraG ). As a result, market developments threatening the existence of the company and other environmental conditions are to be recognized early, which is precisely what the risk aggregation requires.

Risk coverage potential, risk-bearing capacity and overall risk scope

The main objective of risk management is to ensure the risk-bearing capacity. The assessment of the overall operational risk through risk aggregation enables a statement to be made as to whether a company's risk-bearing capacity is sufficient to be able to cover all future risks. The overall risk level is defined as the level of risk that results from the risk aggregation of the individual risks using a Monte Carlo simulation . The risk coverage potential is therefore to be seen as the risk that can be borne by the company as a whole and is therefore also called the gross risk-bearing capacity .

Risk-bearing capacity concepts as part of IDW PS 340 and IDW PS 981

In its auditing standard (PS) 340 ( IDW PS 340 ; "Examination of the risk early warning system according to Section 317 (4) HGB "), the Institute of Auditors (IDW) designates the risk management and monitoring system to be set up in accordance with Section 91 (2) AktG as a risk early warning system. It demands that the risk early warning system must be able to record and promptly communicate all risks that have a significant impact on the asset, financial and earnings position in all corporate areas and at all corporate levels. Early risk identification consists of risk identification , risk analysis , risk assessment and their communication.

The IDW PS 981 sees risks possible future developments or events that may lead to negative or positive deviations from targets. In addition, the IDW PS 981 extends the definition of risk. In its definition, the Information Systems Audit and Control Association (ISACA) particularly emphasizes the necessary separation between risk , threat and weak point .

Banking

The bank-internal procedures for ensuring the risk-bearing capacity are of considerable importance for the bank management by the bank supervision . How these must be structured is regulated in the German Banking Act (KWG) and the minimum requirements for risk management by credit institutions (MaRisk). The criteria and benchmarks of the banking supervisory authority for assessing these concepts are set out in the guidelines for the supervisory assessment of bank-internal risk-bearing capacity concepts. According to section 25a (1) sentence 3 no.2 KWG, the credit institutions must set up procedures to determine and ensure their risk-bearing capacity, based on a careful determination of the risks and the risk coverage potential (RDP) available to cover them. This is specified in particular in AT 4.1 MaRisk. The bank-internal process required there to ensure risk-bearing capacity (risk-bearing capacity concept; AT 4.1 Item 2 MaRisk) must be linked to the business and risk strategy on the one hand, and appropriate risk management and controlling processes for implementing the strategies and ensuring risk-bearing capacity on the other to set up the essential risks. MaRisk names counterparty default risk , market price risk , liquidity risk and operational risk as the main types of risk (AT 2.2 marginal number 1 sentence 4 MaRisk). The bank operating risks are offset by the available own funds as RDP.

The concept of risk-bearing capacity is based on the theory of maximum workloads in banking . Risk-bearing capacity exists when the internal capital is sufficient to cover the potential risk. The own resources provide in its guarantee function for risk reduction and risk-bearing capacity of credit institutions. Moderate risk value carriers are the risk positions resulting from accounting (about lending business as consumer credit or securities transactions in the own operations such as bond ), and off-balance (about pending transactions , such as derivatives or contingent composed). The risk potential of a bank from these risk positions can be measured using the value at risk as a risk measure.

The risk management of financial risks is done by credit risk management , derivatives and insurance . Credit risk management uses the data processing of legal, business and economic information through specific databases for risk monitoring of the overall business, derivatives and insurance protect individual banking transactions . Insurance such as credit default swaps are nothing more than credit derivatives that hedge a certain credit risk of a bank and therefore belong to the risk transfer category .

The solvency of credit institutions can be strengthened through sufficient granularity while avoiding cluster risks in the loan portfolio . In order to achieve this, banks in the loan trade can try to sell particularly high-risk non-performing loans or transferable loan facilities with normal risk in order to improve the core capital ratio . This is the central economic indicator of regulatory standards. The Capital Requirements Directive by December 2013 is the increased capital requirements for banks by Basel III to and triggers the Directives 2006/48 / EC (Banking Directive) and 2006/49 / EC (Capital) from. The new rules for determining the appropriate capitalization with a core capital ratio of 7% (hard core capital; including 2.5% capital conservation buffer) and a total capital ratio of 10.5% have been applicable since January 1, 2014. Further provisions of the Capital Adequacy Ordinance and the Capital Adequacy Directive relate to large exposure rules , the maximum leverage ratio and also requirements for the remuneration policy of the institutions ( bonus payments ).

On the one hand, the results of the stress tests can be used in quantitative terms in order to be able to calculate the risk buffer and the risk-bearing capacity of the bank. On the other hand, stress tests also enable qualitative statements such as the identification of potential risks and the localization of weak points in the portfolio .

Insurance

According to Section 26 (1) VAG, insurance companies must have an effective risk management system that is well integrated into the organizational structure and decision-making processes of the company and that fulfills the information needs of the people who actually run the company ( board of directors ) or other key functions ( executives ) , duly taken into account through appropriate internal reporting. The risk management system also includes a company's own risk and solvency assessment, which insurance companies must carry out regularly and immediately in the event of significant changes in their risk profile ( Section 27 VAG).

Risk-bearing capacity can be understood in the narrower sense as the ability to bear losses from risks without directly exposing oneself to the risk of bankruptcy. The risk management system for insurance companies is specified in paragraph 10 Minimum requirements for the business organization of insurance companies (MaGo), paragraph 11 contains requirements for own funds .

Risk-bearing capacity is given if the company has at least enough equity capital to offset possible losses from risks taken and to continue business operations. If the overall risk of an insurer - measured in terms of its risk-bearing capacity - is too high, additional risk management measures (such as reinsurance or catastrophe bonds ) are required.

economic aspects

The risk policy of a company is based on its "risk appetite", according to which it can behave risk-averse , risk-averse or risk-neutral in transactions and the market potential . The risk-bearing capacity is more likely to be challenged by a company's willingness to take risks , whereas risk-averse or risk-neutral market behavior relieves the risk-bearing capacity.

In order to ensure the risk-bearing capacity, all instruments of risk management can be used. In addition to risk avoidance (typical of a risk-averse risk policy), risk reduction , risk diversification , risk transfer or risk prevention can also be considered. Risk provisioning consists of accounting measures that affect the risk-bearing company. The principle of prudence requires that all risks and losses are adequately taken into account in accounting . Therefore, provisions , value adjustments and depreciation are to be made in accordance with commercial law . The value at risk is used as a measure of risk, i.e. the negative change in a balance sheet item specified in monetary units that will not be exceeded with a certain probability (confidence level) within a certain period of time.

The auditor has to § 322 , para. 2 sentences 3 and 4 HGB also risks that the existence of the company or a substantial subsidiary jeopardize to point ( continuation principle ). The attestation thus not only includes past judgments by an auditor, but also deals with existential issues in the near future. However, this does not give the attestation any guarantee of quality with regard to the viability of the audited company. In addition, the audit of the annual needs by auditors to § 317 4 HGB. Not extend to whether the continued existence of the audited entity ( English going concern ) or the effectiveness and efficiency can be assured of the management.

literature

Individual evidence

  1. Jörg Baetge / Andreas Jerschensky, Risk Management , 1999, p. 171
  2. Werner Gleißner, Fundamentals of Risk Management: With sound information for better decisions , 3rd edition, 2017, pp. 273-274
  3. Werner Gleißner, Risk Management, KonTraG and IDW PS 340 , in: WPg 03, 2017, pp. 158–164
  4. Dominik Leichinger, Risk- Bearing Capacity in Credit Institutions , 2012, p. 79
  5. IDW PS 340 (1)
  6. IDW PS 340 (7)
  7. IDW, Principles of Proper Audit of Risk Management Systems , 2017
  8. BDO Germany of July 15, 2016, IDW EPS 981 - Principles of proper auditing of risk management systems , accessed on August 1, 2017
  9. BaFin of May 24, 2018, Risk-bearing capacity: Revised guidelines published
  10. Christian Annetzberger / Philipp Gann, Stress Testing in the Context of the Internal Capital Adequacy Assessment Process , 2009, pp. 477–479
  11. Michael Strauss, Value-Oriented Risk Management in Banks , 2008, p. 1
  12. Henner Schierenbeck , Earnings-Oriented Bank Management , Volume 2, 2003, p. 9 ff.
  13. ^ Anton Sebastian Schmölz, Strategisches Bankcontrolling , 2001, p. 175 f.
  14. Walter Hatak, Risk Management of Banks , 2011, p. 36
  15. Volker Matthias Gundlach, Chapter 16 Development of Stress Tests for Credit Portfolios , in: Bernd Engelmann / Robert Rauhmeier (Eds.), The Basel II Risk Parameters, 2011, p. 351
  16. Jörg Baetge / Andreas Jerschensky, Early Warning Systems as Instruments of Efficient Risk Management and Controlling , in: Controlling, Heft 4/5, 1999, p. 171
  17. BaFin, circular 2/2017 (VA) of March 2, 2018, minimum requirements for the business organization of insurance companies
  18. German Institute for Internal Auditing e. V. (Ed.), Risk-Bearing Capacity and Limitation in Insurance , 2011, p. 21
  19. Volker Altenähr / Tristan Nguyen / Frank Romeike, Risk Management Compact , 2009, p. 26