What is your Risk Appetite? Rethinking the Drivers of Financial Risk Management

Most corporate treasury departments are not set up as profit centres but rather as cost centres or service centres, which focus on supporting the overall strategy of the company. The term ‘risk appetite’ is confusing in the sense these corporate treasury departments are not ‘hungry’ for risks.

In practice, however, all companies accept a certain amount of risk, for instance because they: 

  •  Fund themselves with interest bearing debt, causing refinancing-and interest rate risk.
  •  Optimise cash balances and debt positions, thereby leading to risk such as liquidity risk.
  •  Have assets or cash flows in foreign currencies (FX risks).
  •  May invest cash or transact deals with external counterparties (market risk and counterparty credit risk).
  •  Execute high value transactions (with corresponding operational risk).

In most cases it will not practically be possible to mitigate or hedge all these risks completely, considering the costs of hedging and uncertainties such as those, for example, in the cash flow forecasts. The decision regarding the risks the company is willing to accept involves a trade-off between optimising costs and minimising risks (risk/return trade off).

So how does a Risk Appetite Statement add Value?

The risk appetite is the ‘extent to which an organisation is prepared to accept risks in pursuing its goals within the boundaries of its risk capacity’. As such, it:

  • Ensures management board commitment and approval for the treasury risk management activities.
  • Provides a clear objective for defining and executing the risk management strategy and methodologies.
  • Allows the management board and the supervisory board to assess treasury’s objectives in the context of the company wide risk appetite.
  • Provides a reference point for evaluating the added value and effectiveness of the treasury risk management activities.

These examples make clear that the risk appetite statement should be at the core of the corporate treasury policy, as it provides the basic principles underlying treasury’s risk management approach.

The Definition of Risk Appetite

The terms risk appetite, risk tolerance and risk capacity are closely related. The relationship between these elements is illustrated in the graph below:
EY risk appetite fig 1
Within the universe of potential risks the company faces, the risk capacity provides the level of risk the company is able to accept without endangering its future. The risk tolerance then further limits the maximum level of risk the company is willing to assume. The risk appetite ultimately defines this range, taking into account the preferred policy in terms of risk versus reward.

The first step in defining the risk appetite – and the risk management strategy in general – is analysing the potential risks the company faces, this being the ‘risk universe’. These risks can be analysed in different scenarios, providing insight into the potential consequences to the profit and loss (P&L) and balance sheet of the company.

Example: risk appetite and risk tolerance limiting the range of possible scenario outcomes
EY risk appetite fig 2
The different risk scenarios should be analysed in the context of the company’s overall financial position and the related risk capacity. The ‘risk capacity’ should take into account the capital and liquidity position (buffer sizes) and also consider external requirements, which would include financing covenants, requirements from credit rating agencies and regulatory requirements.

However, risk tolerance and risk appetite are not only influenced by financial aspects but also by other more intangible factors. Certain risks may be acceptable from a financial perspective, but could have unacceptable reputational consequences. A loss due to operational mistakes might, for example, create an impression that management is not in control.

Naturally, risk appetite needs to be defined in the context of the company’s overall risk management culture and strategy. When a company has very low tolerance for risks in its core business activities, this prudency should normally also be reflected in the risk appetite for treasury risks – unless treasury is set up as a profit centre.

Examples of Risk Appetite Statements:
EY risk appetite fig 3
The financial risk management performed by treasury is normally aimed at mitigating surprises to the company’s earnings and/or cash flows caused by external factors, such as currency or interest rate movements. Reduced volatility of the cash flows supports the creation of shareholder value and indicates that the company’s management is in control.

Therefore, risk appetite statements are often expressed in relation to the cash flows, earnings before interest, tax, depreciation and amortization (EBITDA) or equity position of the company:

Naturally, these high level risk appetite statements should be made more specific in the policy; for example by clearly defining what the company defines as ‘stress scenarios’ for different types of risk. These might be based on historic ‘worst case scenarios’ or can also be based on expert judgment.

A challenge lies in maintaining a certain amount of consistency between the appetite for different types of risk; for instance the appetite for FX risks should be set with the same level of prudence as compared to the appetite for interest rate risk. However, the risk appetite for liquidity risk or funding risk is not fully comparable in this sense, as it is fundamental to the survival of the company.

Embedding the Risk Appetite

When the risk appetite has been (re-)defined, the company should evaluate whether the existing risk management framework is still adequate. The risk management methods, strategies and limits may need to be adjusted to ensure that actual risks remain within the risk appetite. This is often the greatest challenge as it requires a solid understanding of the risks and the effectiveness of the risk measures, but also has the biggest added value for the company.

For monitoring the effectiveness of the risk management activities, a set of key performance indicators (KPIs) should be included in treasury reporting, with a clear link to the defined risk appetite. Based on this, management should gain a thorough insight into the effectiveness of the activities and treasury management’s overall added value.

Client Case Study: Risk Appetite for Counterparty Credit Risk:

A corporate client has a significant amount of cash, to be invested during a year. The client is conscious of the counterparty credit risk. At the request of the supervisory board, EY is engaged to perform a review of the adequacy of the current limit structure for counterparties. The current framework provides limits per credit rating category (minimum single-A) and types of counterparties.

The adequacy of the limit structure depends on how much risk the company is willing to accept. However the company initially had not defined a specific risk appetite for this risk. The absolute levels of the limits provide a reference point; however these do not taken into account scenarios such as the probability that more than one counterparty will default at some future date. How can this risk be quantified, as a basis for formulating the risk appetite?

Based on existing (banking-type) credit risk models, we defined relevant factors determining the credit risk: the probability of default (per type of counterparty, taking into account correlations between sectors), the expected exposure at default and the loss given default. Subsequently, Monte Carlo type simulations (ten million scenarios) provided insights into the potential value at risk (VaR) in stress scenarios.

This allowed the client to evaluate if the calculated VaR is acceptable and provided a reference point for defining the risk appetite. Based on several considerations the client’s management board defined a risk appetite that was actually lower than the calculated VaR.

The counterparty limits were subsequently reduced for counterparties with lower credit ratings. In addition, for some groups of counterparties the limits were reduced because of the potential reputational risk should one of these counterparties default. After these measures, the (recalculated) VaR fell within the risk appetite as approved by the management board.


Related reading