# Risk Management and Continuity in Banking Industry

Topic: Management
Words: 2552 Pages: 9

## Risk Models

Finance is a vast field that involves several models and theories used to calculate risks. Some of the most relevant risk models include Value at Risk (VaR) and Expected Shortfall (ES) models. The VaR model is used to quantify the degree of the probability of a financial loss in an organization (Chen, 2018). This model measures the financial losses a particular investment is likely to experience in normal market conditions within a given period. VaR is essential in guiding risk managers to determine the value of assets necessary to protect investments from losses. To effectively determine the number of risks a firm is exposed to, the organization uses VaR assessment to calculate the cumulative risks by assessing the risks of different financial departments in the institution. The cumulative risk data obtained by the model enables the firm to determine whether there are enough capital reserves to cater to the possible losses (Chen, 2018). When the risks are higher than acceptable, the financial institution can reduce the number of concentrated holdings to minimize the losses likely to be incurred.

The VaR model uses three main computation methods to determine the extent of risks. These techniques include historical methods, variance-covariance, and Monte Carlo Simulation (Amin et al., 2018). Firstly, the historical simulation method involves revisiting the prices of the previous five years and applying the current market prices to develop a hypothetical data set. The method involves an analysis of the previous records ranging from the greatest gains to the worst losses that a financial institution experienced. The main assumption, in this case, is that the records tend to influence the outcome of future investments.

Secondly, the variance-covariance technique assumes that a normal distribution influences the price returns and their fluctuations, including the gains and losses, can be determined by the standard deviation. For this method to be effective, the analyst must establish the positions on the risk factors and the forecast of volatility (Amin et al., 2018). Thirdly, the Monte Carlo simulation is closely related to the historical method. This method involves two major steps: specifying the financial variables and the process parameters and simulating fictitious price paths for the variables involved (Amin et al., 2018). Specifying the financial variables is essential in determining the distribution of the historical data and its parameters, including correlations and risks. The simulated price paths are essential in calculating the daily return series from the first day to several months afterward.

The second model, Expected Shortfall (ES), is a model used to measure the tail risk that is beyond the VaR level. The mechanism of this method is to measure the risks of investment by analyzing the less profitable outcomes and worst scenarios beyond the VaR levels (Wang & Zitikis, 2021). ES uses portfolio optimization to determine the effectiveness of risk management. When an investment shows a high level of stability within a given period, firms tend to employ the VaR method to determine and manage the risks associated with such an investment. However, when the investment is unstable for a greater period, the VaR model is ineffective in identifying the risks that are likely to be incurred. Therefore, in such a case, the Expected Shortfall model is employed to describe the potential risks fully. The effectiveness of the VaR method is limited to the probability and time horizons, while the ES model is essential in describing the worst-case scenarios when the risks extend beyond the horizons of time and probability (Wang & Zitikis, 2021). The formula for ES is derived from the calculations of the VaR model.

P(x) dx is the probability density for the “x” value return

c = cut-off points for the VaR breakpoint

VaR = the set VaR level

## The Rule of Tort in Risk Management

Risk management involves practices and mechanisms that aim to eliminate and minimize the occurrence of unacceptable risks. The process of risk management involves identifying the degree of risk exposure and determining the precise mechanisms to reduce the risk (Willumsen et al., 2019). Risk management is essential in protecting employees and clients from harm or injuries. Additionally, risk management is necessary for cushioning the business from financial and property damage. Besides, managing risks enables the organization to plan a cost-effective and comprehensive insurance cover that shields it from unplanned events. Ethically, organizations’ responsibility is to safeguard their employees and property from risk to sustain their operations (Willumsen et al., 2019). When risks are not effectively managed, the litigations resulting from the occurrence of the risks can easily cause financial and reputational damage to an organization. Risk management can be exercised at different scales, from individual to government levels.

The rule of tort is a law that governs most civil suits except contractual disputes. This law aims to rectify the wrong done to the complainant by compensating them for the damages they have experienced due to the wrongful act. The most common form of compensation in tort law is usually money (Burrows, 2020). Three main categories describe this law: strict liability torts, intentional torts and negligent torts. According to strict liability torts, the person causing harm must compensate the victim for the damage caused even if they exercised every caution to avoid committing the wrongful act. Intentional torts are damages caused by willing acts such as fraud, robbery, and aggression (Burrows, 2020). Negligent torts involve the harm caused by failure to observe a particular level of care and caution. Most of the damages that are a result of negligence result from accidents.

The law of tort is an essential mechanism that enables the concerned parties to effectively manage their risks to avoid the litigations associated with the occurrence of risks. Risk managers tend to identify and initiate ways of addressing risks to reduce the damage they are likely to experience when the risk occurs. The rule of tort acts as a deterrence to bar operators from intentional and unintentional harm. An instance of negligence torts is demonstrated in the case of Crocker v. Sundance Resorts in 1988. In this lawsuit, the resort allowed a drunken customer to participate in a tubing competition held at the resort. During the competition, the customer was involved in an accident that paralyzed him. As a result, the resort was found guilty of negligence for failing to exercise appropriate caution and care to protect its customers from unlikely events. The resort was ordered to compensate the complainant, although the plaintiff was held partly responsible for the damages caused. The resort did not employ adequate risk management mechanisms, which resulted in financial damage.

In an instance of intentional tort, the security and exchange commission (SEC) charged Kirbyjon Caldwell and Greg Smith with fraud that involved luring unsuspecting people to invest in worthless Old Chinese bonds, promising them huge returns. The scheme defrauded at least twenty-nine investors more than \$3.4 million (Homer and Carter, 2021). The defendants were found guilty of intentional tort and charged with a 6-year jail term, including paying the \$3.4 million in restitution and an additional fine of \$125000 (Homer and Carter, 2021). Therefore, the lack of risk management resulted in financial losses for the defendants.

A strict liability tort tends to involve lawsuits regarding defective products, including defective designs, defective manufacturing, and failure to warn the consumers of possible health and other damages that the product can cause. In a product liability case, a woman who developed lung cancer from smoking cigarettes sued Altria Group Inc. for failing to warn her of the addiction and the risks associated with smoking (Investopedia, 2021). As a result, the company was found guilty of product liability and ordered to pay a compensation of \$28 billion. Upon appealing the case, the fine was reduced to \$28 million (Investopedia, 2021). These cases indicate the significance of risk management and the role of tort rules in deterring operators from engaging in intentional and unintentional harm.

Business continuity is the ability of a firm to maintain its vital operations during emergency events. There are a lot of risks that businesses face, which can easily disrupt their operations when these risks occur. Poorly managed businesses tend to lack business continuity and are likely to collapse when they experience unwanted events (Niemimaa et al., 2019). Organizations must prepare for unlikely events to ensure that crises do not disrupt their operations. Various factors should be included in business continuity. The business continuity plan should include methods of communication with the business stakeholders, including customers and other third parties. Additionally, the plan should include guidelines that outline how vital operations will be conducted during a crisis. These guidelines include mechanisms for supporting the employees during the unfortunate event and maintaining contact with the customers reassuring them of the continuity of vital operations (Niemimaa et al., 2019). When an organization loses contact with its customers during a crisis, the customers may migrate to rival companies.

The business continuity plan must include the levels of response and how they should be coordinated when restring business operations. Response levels involve the urgent actions that should be taken immediately after the risk has occurred and the long-term mechanisms that should be employed to ensure that the business does not suffer huge losses due to the emergency event (Niemimaa et al., 2019). Additionally, it is essential to include the methods and frequency of meetings that will be held to monitor the situation and determine the progress of the business. Lastly, a business continuity plan must be documented and filed before the crisis to prevent confusion that tends to arise during emergencies. Moreover, documenting the plan is essential in ensuring that the management responds immediately to the crisis before the damage spreads into most operations.

The business continuity plan contains three major components: resilience, recovery, and contingency. The resilience plan involves designing mechanisms for countering the damage caused by a disaster (Niemimaa et al., 2019). Some of the vital resilience functions involved in the business continuity plan include changing shifts for the staff, employing effective data management mechanisms such as storing data in multiple locations and maintaining operation capacity. The business continuity recovery plan involves rapidly restoring vital operations during a disaster. It involves setting a commission of specialists to assess and manage the damages the business has incurred. Additionally, the recovery plan involves activating backup plans and constantly updating the recovery strategy based on how the business is fairing. Lastly, the contingency plan involves incorporating external factors to minimize the impact of the crisis. This involves contracting third-party operators for assistance.

A business continuity plan ensures that the business does not collapse due to a crisis. For instance, during a cyberattack, the business risks losing all its vital data and exposing its sensitive information to unauthorized third parties. However, when the business has a continuity plan, it can activate security procedures to destroy sensitive data before reaching unauthorized parties (Niemimaa et al., 2019). The continuity business plan enables an organization to respond to a crisis with the urgency required to minimize disaster damage. For instance, during an emergency, the organization can react by stimulating its savings to cater for the damages incurred. In another instance, a business can seek insurance compensation when the risk insured against, such as theft, occurs. This form of compensation allows the business to recover from the loss and continue its operations quickly.

## Major Risks in Banking Industry

The banking and financial industry is associated with several risks that threaten most financial institutions’ survival. The major risks in business include security and fraud risks, compliance risks, operational risks, financial risks and reputational risks (Chapelle, 2019). Firstly, the security risks in businesses include data breaches, cyberattacks and property theft. The advancement of the internet has increased the security threats that businesses are exposed to. The software has been developed to bypass security passwords, allowing unauthorized sources to access many companies’ financial records and private data. Secondly, compliance risks involve the constant legal changes that businesses experience (Chapelle, 2019). Many businesses find it hard to update their policies to ever-changing policies, thus risking negligence lawsuits. Some legal changes involve health and occupation safety standards, taxes, government regulations and ethical standards. Thirdly, organizations are likely to experience operational risk accidents during their basic operations, such as inaccurate records (Chapelle, 2019). Additionally, businesses are likely to experience operative risks from natural disasters. Most internal operation risks occur due to human error that can cause businesses huge losses.

Fourthly, businesses experience various factors that expose them to the risk of undergoing losses. Some factors include market conduction, price fluctuations, foreign exchange rates and government policies (Chapelle, 2019). Unfavorable economic conditions, such as inflation, tend to hurt the business by increasing the rate of loan defaults. Furthermore, when the conditions are unfavorable, the banking and financial institutions are forced to increase the interest rates they charge their customers, thus reducing the number of borrowers. Lastly, reputation risks affect the relationship between the organization and its customers. The organization’s reputation is determined by the quality services that the organization offers its customers (Chapelle, 2019). Additionally, the organization’s culture and leadership play a significant role in determining the image that the organization presents to society. A bad reputation characterized by unsatisfactory customer support is likely to affect the business by reducing its customers and resulting in a high employee turnover rate.

## Innovative Ways to Address the Major Risks in the Banking Industry

Addressing the security risks that financial institutions are exposed to requires constant updates of security features using technology that matches the current threats. Blockchain technology is one of the most secure systems that can match the security threats that safeguards the data from being breached (Shah & Jani, 2018). Secondly, financial institutions need to address compliance risks by contracting third-party legal institutions that will keep them updated on all the policies and requirements associated with the banking system. Additionally, the banks need to ensure transparency in their operations and effectively determine their level of exposure to risks. Transparency ensures that all the audits and regulations are easily monitored due to the easier availability of the necessary information (Greuning et al., 2022). Besides, financial institutions can increase their compliance with the regulations in the banking industry by training and adequately educating their employees to observe a code of conduct that conforms to the set legal standards.

Thirdly, financial organizations need to develop business continuity plans to ensure that they are adequately prepared to maintain vital operations during crises. Additionally, banks can avoid losses from operative risks by insuring their operations against common accidents (Greuning & Brajovic-Bratanovic, 2022). Moreover, banks should closely supervise the employees to minimize mistakes that tend to arise from the freedom employees are exposed to. Besides, there is a need to increase the use of technology to automate most banking operations, such as record keeping and tracking transactions, to reduce the human errors that employees tend to commit. Fourthly, addressing financial risks requires banks to diversify their finances by investing in other projects. Additionally, banks need effective market analysis tools to anticipate risks and accurately make the right financial decisions. Lastly, the financial entities can address the reputation risks by maintaining friendly relations with clients and developing a caring support system that addresses customers’ concerns. Besides, banks can promote a positive reputation by complying with all the regulations.

## Reference List

Amin, F. A. M., et al., (2018) Portfolio risk measurement based on the value at risk (VaR). In AIP Conference Proceedings (Vol. 1974, No. 1, p. 020012). AIP Publishing LLC.

Burrows, A. S. (2020) Contract, Tort and Restitution—A Satisfactory Division or Not?. In restitution (pp. 3-53). Routledge.

Chapelle, A. (2019) Operational risk management: best practices in the financial services industry. John Wiley & Sons.

Chen, J.M., (2018) On exactitude in financial regulation: Value-at-risk, expected shortfall, and expectiles. Risks, 6(2), p.61.

Greuning, H. V., & Brajovic-Bratanovic, S. (2022) Analyzing banking risk: a framework for assessing corporate governance and risk management.

Homer, M. and Carter, L., (2021) Kirbyjon Caldwell sentenced to prison for role in multimillion-dollar fraud scheme. [online] Bizjournals.com.

Investopedia, (2021) The 5 Largest U.S. Product Liability Cases. [online] Investopedia.

Investopedia, (2022) Value-at-Risk.

Niemimaa, M., et al., (2019) Business continuity of business models: Evaluating the resilience of business models for contingencies. International Journal of Information Management, 49, 208-216.

Shah, T., & Jani, S. (2018) Applications of blockchain technology in banking & finance. Parul CUniversity, Vadodara, India.

Wang, R., & Zitikis, R. (2021) An axiomatic foundation for the Expected Shortfall. Management Science, 67(3), 1413-1429.

Willumsen, P., et al., (2019) Value creation through project risk management. International Journal of Project Management, 37(5), 731-749.