Reserve Bank of Australia Annual Report – 2018 Risk Management
In meeting its objectives, the Reserve Bank takes on a variety of risks. The framework through which these risks are managed is overseen by the Risk Management Committee. The Bank seeks to promote a strong risk management culture and deploys a framework designed to ensure the consistent management of strategic, operational and financial risks.
Objectives and Governance Structure
The Reserve Bank encounters a broad range of risks in fulfilling its responsibilities. Management of these risks is the responsibility of all staff. In particular, managers have a responsibility to evaluate their risk environment, put in place appropriate controls and ensure that these controls are well developed and implemented effectively. The Bank identifies, assesses and manages risk at both an enterprise (‘top-down’) and business (‘bottom-up’) level, a process that is subject to ongoing review. These risks are managed to a level that is consistent with the Bank's risk appetite through processes that emphasise the importance of integrity, intelligent inquiry, maintaining high-quality staff and public accountability. The development and maintenance of an active risk management culture that acknowledges the need for careful analysis and management of risk in all business processes is an important objective of this framework.
Oversight of the Reserve Bank's arrangements for risk management is undertaken by the Risk Management Committee. The committee is chaired by the Deputy Governor and comprises: the Assistant Governors for the Business Services, Corporate Services and Financial Markets groups; the Chief Financial Officer; the Chief Information Officer; the Heads of the Audit, Human Resources, Information, and Risk and Compliance departments; and the General Counsel. The Risk Management Committee meets at least six times each year and keeps the Executive Committee and the Reserve Bank Board Audit Committee informed about its activities.
The Risk Management Committee is responsible for ensuring the proper assessment and effective management of all the risks the Reserve Bank faces, with the exception of those arising directly from its monetary and financial stability policies and payments policy functions. These risks remain the responsibility of the Governor, the Reserve Bank Board and the Payments System Board. The risks associated with the Bank's ownership of Note Printing Australia Limited (NPA) are overseen by the Reserve Bank Board. The NPA Charter, which is reviewed annually by the Reserve Bank Board, defines the scope of NPA's activities and sets out the approach to risk management to be taken by the NPA Board. However, responsibility for the day-to-day activities of NPA rests with the NPA Board and management. The Bank's risk management framework covers the relationships that it has with NPA other than its ownership – for example, the relationships of customer and supplier, and landlord and tenant.
The Risk Management Committee is assisted in its responsibilities by the Risk and Compliance Department. The department's main role is to assist individual business areas to manage their risk and compliance environment effectively within a framework that is broadly consistent across areas. It also monitors risk and performance associated with the Reserve Bank's activities in financial markets and supports the business areas by implementing Bank-wide control frameworks covering fraud, bribery and corruption, business continuity and compliance-related risks. The Head of Risk and Compliance Department reports directly to the Deputy Governor.
The Audit Department undertakes a risk-based audit program to provide assurance that risks are identified and key controls to mitigate these risks are well designed and working effectively. This includes periodic reviews of the Reserve Bank's risk management framework and testing key controls in business areas on a sample basis. The Head of Audit Department reports directly to the Deputy Governor and the Chair of the Reserve Bank Board Audit Committee.
Portfolio Risks
The Reserve Bank holds domestic and foreign currency-denominated financial instruments to support its operations in financial markets in pursuit of its policy objectives. These instruments account for the majority of the Bank's assets and expose its balance sheet to a number of financial risks. The primary responsibility for managing these risks rests with the Financial Markets Group. Risk and Compliance Department monitors these risks and assesses compliance with approved authorities and limits. Compliance with financial management guidelines and developments in portfolio risks are reported to the Risk Management Committee.
Exchange rate risk
The Reserve Bank is exposed to exchange rate risk as a large share of the Bank's assets are denominated in foreign currency, while most of the Bank's liabilities are denominated in Australian dollars. As foreign currency assets are held for policy purposes, the Bank does not seek to eliminate or hedge this exposure. However, the Bank mitigates some of this risk by diversifying these assets across various currencies. The foreign benchmark portfolio has target shares of 55 per cent in US dollars, 20 per cent in euros and 5 per cent each in Japanese yen, Canadian dollars, UK pound sterling, Chinese renminbi and Korean won. This benchmark portfolio composition reflects the Bank's risk appetite and desired liquidity to meet policy objectives. Some limited variation in actual portfolio shares from the target shares is permitted to limit the cost of replicating the benchmark portfolio. The Bank's holdings of gold and Special Drawing Rights (an international reserve asset created by the International Monetary Fund) are not managed relative to an internal benchmark. The Bank's Asian Bond fund investment is managed externally by the Bank for International Settlements.
The Australian dollar value of the Reserve Bank's foreign portfolio increased slightly over 2017/18.
Based on the level of reserves as at 30 June 2018, a 10 per cent appreciation of the Australian dollar would result in a mark-to-market loss of $5.3 billion. The increase in exchange rate risk over the previous decade and a half mainly reflects the increase in the size of net foreign exchange reserves over that period.
Interest rate risk
The value of the Reserve Bank's financial assets is also exposed to movements in market interest rates, as the bulk of the domestic and foreign portfolios comprises fixed-income securities.
Total holdings of domestic securities decreased by $2.2 billion over 2017/18 to $114.3 billion. At 30 June 2018, domestic securities held on a temporary basis under repurchase agreements (repos) accounted for $103.7 billion and securities held outright accounted for $10.6 billion. Interest rate risk faced by the Reserve Bank on its outright holdings of domestic securities fell slightly over 2017/18 owing to reduced holdings of Australian Government Securities (AGS). These securities are typically purchased to manage the liquidity impact of maturing AGS, and have a very short term-to-maturity.
The Reserve Bank's foreign currency assets are managed relative to benchmark portfolios in each currency with duration targets that reflect the Bank's long-term appetite for risk and return. These duration targets are reviewed periodically. During 2017/18, the duration target of the Japanese benchmark portfolio was reduced from six months to less than three months. Duration targets were unchanged in the other benchmark portfolios – the duration target for the US, European, and Canadian portfolios is six months, for the UK portfolio it is three months and for the Chinese and Korean portfolios it is 18 months. The weighted-average benchmark duration target for the Bank's total foreign portfolio was little changed over 2017/18 at around 6¾ months. This is low by historical standards, reflecting the generally low level of interest rates, which offer little compensation for the risk of capital losses should longer-term bond yields return to more normal levels.
The overall level of interest rate risk on the Reserve Bank's domestic and foreign financial assets fell over 2017/18. The Bank would incur a valuation loss of around $426 million if interest rates in Australia and overseas rose uniformly by 1 percentage point across the yield curve.
The Reserve Bank is exposed to very little interest rate risk on its balance sheet liabilities. Banknotes on issue account for about 41 per cent of total liabilities and carry no interest cost to the Bank. Other sizeable obligations include deposits held by the Australian Government and its agencies, and Exchange Settlement Account balances held by authorised deposit-taking institutions. These deposits have short maturities that broadly match the Bank's domestic assets held under repo. Interest paid on these deposits reflects domestic short-term interest rates, effectively hedging part of the interest rate exposure of the domestic asset portfolio.
Credit risk
Credit risk is the potential for financial loss arising from the default of a debtor or issuer, or from a decline in asset values following a deterioration in credit quality. The Reserve Bank manages its credit exposure by applying a strict set of eligibility criteria to its holdings of financial assets and to counterparties with which it is willing to transact.
The Reserve Bank is exposed to very little issuer credit risk on its outright holdings in the domestic portfolio as it invests only in securities issued by the Australian Government or by state and territory government borrowing authorities. The Bank is exposed to a small amount of counterparty credit risk on domestic assets that are held under repo. The Bank would face a loss only if a counterparty failed to repurchase securities sold to the Bank under repo and the market value of the securities fell below the agreed repurchase amount. The Bank manages this exposure by requiring that these securities meet eligibility criteria, and applying an appropriate margin to the securities, which is maintained throughout the term of the repo through two-way margining. The required amount of over-collateralisation increases with the risk profile of the security.
Counterparties with which the Reserve Bank is willing to deal in carrying out policy operations in the domestic market must be subject to an appropriate level of regulation and be able to settle transactions within the Austraclear system.
Repo transactions with the Bank are also governed by a Global Master Repurchase Agreement as part of the Reserve Bank Information and Transfer System (RITS) Regulations.
Investments in the Reserve Bank's foreign currency portfolio are typically confined to highly rated and liquid securities, as well as deposits with foreign central banks. The majority of the Bank's outright holdings are securities issued by the national governments of the United States, Germany, France, the Netherlands, Japan, Canada, the United Kingdom, China and South Korea, with modest holdings of securities issued by highly rated supranational institutions and government agencies. At 30 June 2018, gross holdings of Japanese yen-denominated assets accounted for the largest share of the Bank's foreign currency issuer exposures, with the majority of these assets funded under short-term foreign exchange swaps (see the chapter on ‘Operations in Financial Markets’ for more detail). A limit on the size of exposures to individual currencies based on the Bank's capital was introduced during 2017/18 to mitigate concentration risk.
The Reserve Bank holds a portion of its foreign currency portfolio in short-term repos. This exposes the Bank to the small amount of residual credit risk that is inherent in repos, as noted above. The Bank manages this risk by requiring 2 per cent over-collateralisation, which is maintained through two-way margining in the local currency, and accepting only high-quality and liquid securities as collateral. Credit exposure on foreign repos is further managed by imposing limits on individual counterparty exposures and requiring execution of a Global Master Repurchase Agreement (or Master Repurchase Agreement where appropriate) with each counterparty.
The Reserve Bank undertakes foreign exchange swaps as part of its policy operations and as a means of enhancing returns on the foreign currency portfolio. Credit risk on these instruments is managed by transacting only with counterparties that meet strict eligibility criteria, including the requirement to have executed with the Bank an International Swaps and Derivatives Association (ISDA) agreement with a credit support annex. Exposures generated by movements in market exchange and interest rates are managed through two-way margining in Australian dollars.
The Reserve Bank undertakes some limited lending of its gold holdings. The lending is either fully collateralised or the borrower has government support. As at 30 June 2018, 11.1 tonnes of gold valued at $604 million was on loan.
Operational Risks
The Reserve Bank faces a diverse range of operational risk in its day-to-day activities. These risks relate to a range of areas from availability of technology and facilities services to retaining high-quality staff to perform the Bank's functions, as well as the unintentional disclosure of confidential and sensitive information. Generally, the Bank has a low appetite for these types of risk but recognises that it is neither possible nor necessarily desirable to eliminate some risks inherent in its activities. The acceptance of some risk is often necessary to foster innovation and efficiencies in business practices.
While all parts of the Reserve Bank are exposed to operational risk of varying degrees, the most significant risks are those associated with financial transactions undertaken by the Bank for its own activities and that of its clients. During 2017/18, Financial Markets Group executed around 52,700 transactions, generating an average daily settlement value of around $35 billion. The risks associated with such a large volume of transactions are managed by ensuring that systems and processes are efficient and robust, including through ongoing work to improve systems. The Bank is also the primary banker for a number of government entities, including the Australian Taxation Office, Medicare and Centrelink, and it maintains the infrastructure to facilitate real-time interbank payment and settlement services through RITS. Any operational failure in these critical activities could have widespread consequences, so the Bank has in place a range of processes to facilitate ongoing and effective management of its operational risks to maintain a suitably robust control environment.
The continuity of critical business functions during and after a disruptive event, such as a natural disaster, power outage or terrorist attack, is a key area of focus for the Reserve Bank. Extensive back-up plans have been established, which include the use of a dedicated Business Resumption Site (BRS) in north-west Sydney, where permanent staff from some of the Bank's most critical operational areas are located. Departments regularly test their back-up plans at the site, including combined exercises involving multiple areas testing the capacity of the facilities and also testing plans in a ‘work-from-home’ environment. Regular workshops are scheduled with critical business areas to discuss response strategies to situations such as technology service disruptions and the unavailability of staff. The Bank also participates in contingency exercises with external organisations to ensure that staff are well briefed in their roles during disruptions and that effective internal and external communication arrangements are in place. The results of such exercises are monitored by the Risk Management Committee.
The Reserve Bank's policy and business operations are highly dependent on information technology (IT) systems. The Bank's risk management framework supports an ongoing focus on managing the risks associated with complex IT systems. The Bank's IT Department collaborates with relevant business areas to facilitate the monitoring, assessment and management of IT-related risks and ensure IT-related initiatives are consistent with the Bank's IT strategy. This work is supported by the continuous evaluation of industry developments in order to ensure that the Bank's systems and procedures conform to current IT standards and remain robust. Assessment of appropriate staff resourcing, the adequacy of controls over IT processes and the level of security over information management are all incorporated in the Bank's risk management framework.
As part of the Reserve Bank's management of the risks associated with technology and operational systems, a significant focus is placed on the ongoing security of these systems. The Bank invests in significant security controls and risk assurance functions, which are supported by a regular controls testing regime. These activities are informed by liaison with the security services, other central banks, the Australian Government and industry participants. The Bank receives regular independent assurance of its compliance with security strategies endorsed by the Australian Signals Directorate, and maintains independent certification for the International ISO Standard for Information Security Management ISO27001.
During 2017/18, the Reserve Bank continued to direct significant resources towards the delivery of a number of large and complex multi-year projects. These include the renovation of banking applications and systems, the upgrade of Australia's banknotes and the development of infrastructure to facilitate real-time retail payments, which was publicly launched in February 2018. Successful completion of these projects will ensure high-quality services are maintained for the Bank's clients and the Australian public. The risks associated with project work are carefully managed so that adequate resources are available, nominated project deadlines are met and change management is effective. Project steering committees play an important role in overseeing the management of these risks.
The Reserve Bank does not tolerate dishonest or fraudulent behaviour and is committed to deterring and preventing such behaviour. It takes a very serious approach to cases, or suspected cases, of fraud. All staff involved in financial dealing have well-defined limits to their authority to take risks or otherwise commit the Bank. These arrangements are further enhanced by separate front-, back- and middle-office functions, where staff involved in trading, settlement and reconciliation activity remain physically separate and have separate reporting lines. For non-trading activities, several layers of fraud control are in place, including preventative, detective and corrective controls. A clear decision-making hierarchy, separation of duties and physical controls over systems and information are all in place and are subject to regular review. Ongoing training and awareness programs are also conducted. The Bank requires all staff to undertake fraud awareness training. The Bank has arrangements in place for staff and members of the public to report concerns anonymously. All concerns are fully investigated. During 2017/18, there were no reported instances of fraud by employees.
The Reserve Bank remains strongly committed to maintaining and strengthening a workplace culture in which employees uphold the highest standards of behaviour. The Code of Conduct sets out requirements of the Bank's employees and others who are involved in its activities. The code articulates the values that staff are expected to demonstrate when pursuing the Bank's objectives. These values require employees to conduct themselves with a high degree of integrity, strive for excellence in the work they perform, treat others with respect and courtesy, exercise intelligent inquiry and promote the public interest. All staff attest that they have read and understood the code. The Bank has arrangements in place for staff to report concerns about breaches of the Code of Conduct, including channels by which concerns can be reported anonymously. Initiatives are under way to enhance arrangements and ensure greater comfort for staff reporting concerns across a range of issues.
The effective management of compliance risk is central to the Reserve Bank's activities. Risk and Compliance Department collaborates with all business areas to ensure this risk is being managed effectively and keeps the Risk Management Committee informed regarding the level of compliance in key areas. In 2017/18, a key area of focus was preparation for the introduction of the Notifiable Data Breach Scheme, which came into force in February 2017 and the Privacy (Australian Government Agencies – Governance) APP Code 2017, which came into force on 1 July 2018. Staff also complete a number of compliance-based electronic training modules each year, focusing on areas such as privacy and workplace health and safety.
Notwithstanding these measures, events can occur from time to time that may adversely affect the Reserve Bank's reputation or lead to financial or other costs. Timely reports on any such incidents and near misses are provided to the Risk Management Committee. These reports outline the circumstances, including impact and cause, as well as identify areas where new controls may be needed or where existing controls should be strengthened.
The Reserve Bank continues to act as the administrator of the Guarantee of State and Territory Borrowing. Applications for new guaranteed liabilities under this scheme closed in 2010, although existing liabilities will continue to be guaranteed until maturity, at the latest in 2023. To date, a total of $417 million in fees has been collected for state and territory borrowing since the scheme commenced in 2009, with $7 million collected in 2017/18.