Reserve Bank of Australia Annual Report – 2020 Risk Management
Effective risk management is an integral element in the Reserve Bank achieving its strategic objectives and meeting its policy responsibilities. Accordingly, a risk management and control framework is embedded in the culture of the Bank. This framework supports effective decision-making, while allowing enterprise-wide and emerging risks to be identified and managed in a way that is consistent with the Bank's risk appetite. This framework is overseen by the Risk Management Committee.
Objectives and Governance Structure
The Reserve Bank, like any organisation, cannot achieve its objectives without taking on risk. Management of these risks is the responsibility of all staff. In particular, managers have a responsibility to evaluate their risk environment, put in place appropriate controls and ensure that these controls are implemented effectively. The Bank identifies, assesses and manages risk at both an enterprise (‘top-down’) and business (‘bottom-up’) level, a process that is subject to ongoing review. These risks are managed to a level that is consistent with the Bank's risk appetite that is articulated by the Bank's management. The Bank supports and promotes the development and maintenance of an active risk management culture that acknowledges the need for careful analysis and management of risk in all business processes.
Oversight of the Reserve Bank's arrangements for risk management is undertaken by the Risk Management Committee. The committee is chaired by the Deputy Governor and comprises: the Assistant Governors for Business Services, Corporate Services and Financial Markets groups; the Chief Financial Officer; the Chief Information Officer; the Heads of the Audit, Human Resources, Information, and Risk and Compliance departments; and the General Counsel. The Risk Management Committee meets at least six times each year and informs the Executive Committee and the Reserve Bank Board Audit Committee of its activities.
The Risk Management Committee is responsible for ensuring the proper assessment and effective management of all the risks the Reserve Bank faces, with the exception of those arising directly from its monetary and financial stability policies and payments policy functions. These risks remain the responsibility of the Governor, the Reserve Bank Board and the Payments System Board. The risks associated with the Bank's ownership of Note Printing Australia Limited (NPA) are overseen by the Reserve Bank Board, while the risks of operating NPA are overseen by the NPA Board and management.
The Risk Management Committee is assisted in its responsibilities by Risk and Compliance Department. The department assists individual business areas manage their risk and compliance environment effectively within a framework that is consistent across the Bank. It monitors risk and performance associated with the Reserve Bank's activities in financial markets. It also supports the business areas by implementing Bank-wide control frameworks covering fraud, bribery and corruption, business continuity, and compliance-related risks. The Head of Risk and Compliance Department reports directly to the Deputy Governor and the Chair of the Reserve Bank Board's Audit Committee.
Audit Department undertakes a risk-based audit program to provide independent assurance that risks are identified and key controls to mitigate these risks are well designed, implemented, and working effectively. The Head of Audit Department reports to the Deputy Governor and the Chair of the Audit Committee. Audit Department's work is governed by the Audit Department Charter, which is approved by the Audit Committee.
Portfolio Risks
The Reserve Bank holds domestic and foreign currency-denominated financial instruments to support its operations in financial markets in pursuit of its policy objectives. These instruments account for the majority of the Bank's assets and expose its balance sheet to a number of financial risks. The primary responsibility for managing these risks rests with the Financial Markets Group. Risk and Compliance Department monitors these risks and assesses compliance with approved authorities and limits. Compliance with financial management guidelines and developments in portfolio risks are reported to the Risk Management Committee.
Exchange rate risk
The Reserve Bank is exposed to exchange rate risk as a large share of the Bank's assets are denominated in foreign currency, while most of the Bank's liabilities are denominated in Australian dollars. As foreign currency reserve assets are held for policy purposes, the Bank does not seek to eliminate or hedge this exposure. However, the Bank mitigates some of this risk by diversifying these assets across various currencies. The foreign portfolio has target shares of 55 per cent in US dollars, 20 per cent in euros and 5 per cent each in Japanese yen, Canadian dollars, UK pound sterling, Chinese renminbi and South Korean won; these percentages have been stable since 2016. The portfolio composition reflects the Bank's risk appetite and desired liquidity to meet policy objectives. Some limited deviation in actual portfolio shares from the target shares is permitted to minimise transaction costs. The Bank also has holdings of gold, Special Drawing Rights (an international reserve asset created by the International Monetary Fund) and units in the Asian Bond Fund, an investment that is managed externally by the Bank for International Settlements.
The Australian dollar value of the Reserve Bank's foreign portfolio increased slightly over 2019/20 owing to a broadly based depreciation of the Australian dollar, but reserves were little changed in foreign currency terms. Based on the level of reserves as at 30 June 2020, a 10 per cent appreciation of the Australian dollar would result in a mark-to-market loss of $5.7 billion. The increase in exchange rate risk over the past two decades mainly reflects the increase in the size of net foreign exchange reserves over that period.
Interest rate risk
The value of the Reserve Bank's financial assets is also exposed to movements in market interest rates.
Total holdings of domestic securities increased by $120.3 billion over 2019/20 to $228.5 billion. Domestic securities held outright increased by $63.9 billion to $73.3 billion, while those held on a temporary basis under repurchase agreements (repos) increased by $56.4 billion to $155.2 billion. The expansion in securities held outright reflected purchases of Australian Government Securities (AGS) and semi-government securities (semis) across the yield curve in the secondary market as part of the Bank's policy to target a 3-year Australian Government bond yield of 0.25 per cent and to address dislocation in the government bond market. Securities are also purchased to manage the liquidity impact of maturing AGS but these typically have a very short term to maturity. The average duration of total outright holdings in the domestic portfolio increased over the year from 15 months to 4¼ years.
The increase in repos was due to the Bank providing additional liquidity to the financial system through its daily market operations and under the Term Funding Facility (TFF) announced in March 2020. Under the TFF, the Bank offers three-year funding to authorised deposit-taking institutions (ADIs) under repurchase transactions (see the Chapter on ‘Operations in Financial Markets’). The average term of repos also increased over the year from 3 weeks to 4.9 months.
The Reserve Bank's foreign currency portfolio is comprised of foreign currency assets, which are managed relative to benchmark portfolios in each currency, with duration targets that reflect the Bank's long-term appetite for risk and return. These targets are reviewed periodically. During 2019/20, duration targets were unchanged in all seven asset benchmark portfolios – the duration target for the Chinese and South Korean portfolios is 18 months, for the US, European, and Canadian portfolios it is 6 months, for the UK portfolio it is 3 months and for the Japanese portfolio it is less than 3 months. Some limited variation in actual portfolio duration from the duration targets is permitted to reduce transaction costs and to provide scope to staff to enhance portfolio returns. The weighted-average benchmark duration target for the Bank's total foreign portfolio remained little changed over 2019/20 at around 6¾ months. This is low by historical standards, reflecting the generally low level of interest rates, which offer little compensation for the risk of capital losses should longer-term bond yields increase significantly.
Total interest rate risk on the Reserve Bank's domestic and foreign currency portfolios rose significantly over 2019/20 to a historically high level, reflecting increased interest rate risk in the Bank's domestic portfolio. The Bank would incur a valuation loss of around $3.4 billion if interest rates in Australia and overseas rose uniformly by 1 percentage point across the yield curve.
The Reserve Bank is exposed to little interest rate risk on its balance sheet liabilities. Banknotes on issue account for around 32 per cent of total liabilities and carry no interest cost to the Bank.
Other sizeable obligations include deposits held by the Australian Government and its agencies, and Exchange Settlement Account balances mainly held by ADIs. Interest paid on these deposits reflects domestic short-term interest rates, effectively hedging part of the interest rate exposure of the domestic asset portfolio.
Credit risk
Credit risk is the potential for financial loss arising from the default of a debtor or issuer, or from a decline in asset values following a deterioration in credit quality. The Reserve Bank manages its credit exposure by applying a strict set of eligibility criteria to its holdings of financial assets and to counterparties with which it is willing to transact.
The Bank is exposed to very little issuer credit risk on its outright holdings in the domestic portfolio as it invests only in securities issued by the Australian Government or by state and territory government borrowing authorities. The Bank is exposed to a small amount of counterparty credit risk on domestic assets that are held under repo. The Bank would face a loss only if a counterparty failed to repurchase securities sold to the Bank under repo and the market value of the securities fell below the agreed repurchase amount. The Bank manages this exposure by requiring that these securities meet certain eligibility criteria and by applying an appropriate margin to the securities, which increases with the risk profile of the security. The required margin is maintained throughout the term of the repo through daily two-way margining.
Alongside the establishment of the TFF in March 2020, the Reserve Bank relaxed constraints on certain ADIs posting eligible internal residential mortgage-backed securities (RMBS) as collateral.[1] Previously, only ADIs with access to the Committed Liquidity Facility (CLF) were allowed to post internal RMBS as collateral under the Bank's standing facilities. Any eligible internal RMBS can be presented for the TFF. These securities pose risks because they are related to the counterparty presenting them as collateral in a repo, implying that a default by the counterparty may be associated with a decline in the value of the securities held as collateral. However, this risk is mitigated because the issuing trust is bankruptcy remote, the securities must be rated AAA and they attract a relatively high margin. Unlike other types of securities accepted as collateral in the Bank's operations, these securities are not typically traded in the market as they are held solely for the purpose of accessing central bank liquidity. Hence, Risk and Compliance Department values these securities based on a pricing model that references prices in the public RMBS market. When the TFF was established, the Reserve Bank froze prices of eligible self-securitisations for three years for the purpose of valuing collateral accepted under repo. This is to ensure that the modelled prices are not unduly affected by potential volatility in public RMBS arising from the COVID-19 pandemic.
In May 2020, the Reserve Bank also broadened the range of securities that are eligible to be accepted under repo in the Bank's open market operations and standing facilities to include investment-grade corporate debt securities issued by non-ADIs.[2] Investment-grade securities issued by entities established under an Australian Government, state or territory law without an explicit Australian Government guarantee are also now eligible. Previously, these types of securities could be accepted as collateral under repo only if they were rated AAA. Margin ratios applicable to these securities are the same as those applied to eligible investment-grade securities issued by ADIs.
The counterparties with which the Reserve Bank deals in carrying out policy operations in the domestic market must be members of the Reserve Bank Information and Transfer System (RITS), subject to an appropriate level of regulation and be able to settle transactions within the Austraclear system. Repo transactions with the Bank are also governed by a Global Master Repurchase Agreement as part of the RITS Regulations. In June 2020, the Bank clarified its eligibility criteria to exclude Authorised Superannuation Funds and holders of an Australian Financial Services Licence (AFSL) which operate managed investment schemes; Authorised Superannuation Funds that were counterparties prior to 23 September 2019 were grandfathered. In addition, APRA-regulated Non-operating Holding Companies (NOHCs) will be eligible only in exceptional circumstances, and AFSL holders (that do not operate managed investment schemes) must demonstrate a material connection to the bond and/or repo markets to be eligible.
Investments in the Reserve Bank's foreign currency portfolio are typically confined to highly rated and liquid securities, as well as deposits with foreign central banks. The majority of the Bank's outright holdings are securities issued by the national governments of the United States, Germany, France, the Netherlands, Japan, Canada, the United Kingdom, China and South Korea, with modest holdings of securities issued by highly rated supranational institutions and government agencies. Gross holdings of Japanese yen-denominated assets fell by around 50 per cent over the year, but remained the largest share of the Bank's foreign currency issuer exposures; the majority of these assets are funded under short-term foreign exchange swaps. The decline over the year reflected a reduction in outstanding foreign exchange swaps into Japanese yen to manage domestic liquidity (see the chapter on ‘Operations in Financial Markets’ for more detail). A limit on the size of exposures to individual currencies based on the Bank's capital operates to mitigate concentration risk.
The Reserve Bank holds a portion of its foreign currency portfolio in short-term repos. This exposes the Bank to the small amount of residual credit risk that is inherent in repos, as noted above. The Bank manages this risk by requiring 2 per cent over-collateralisation, which is maintained through two-way margining in the local currency, and accepting only high-quality and liquid securities as collateral. Credit exposure on foreign repos is further managed by imposing limits on individual counterparty exposures and requiring execution of a Global Master Repurchase Agreement (or Master Repurchase Agreement where appropriate) with each counterparty.
The Reserve Bank undertakes foreign exchange swaps as part of its policy operations and as a means of enhancing returns on the foreign currency portfolio. The Bank also commenced transacting in gold swaps during the year, whereby gold is lent or borrowed in exchange for Australian dollars or a limited range of foreign currencies held in the Bank's foreign exchange reserves. Credit risk on FX and gold swaps is managed by transacting only with counterparties that meet strict eligibility criteria, including the requirement to have executed with the Bank an International Swaps and Derivatives Association (ISDA) agreement with a credit support annex. Exposures generated by movements in market exchange and interest rates and gold prices are managed through daily two-way margining in Australian dollars. After accounting for margin calls, the Bank's maximum daily exposure to an individual counterparty is generally limited to no more than $5 million.
In addition to undertaking gold swaps, the Bank undertakes some limited lending of its gold holdings. The lending is either fully collateralised or the borrower has government support. As at 30 June 2020, 13.2 tonnes of gold valued at $1.1 billion was on loan.
Operational Risks
The Reserve Bank faces a diverse range of operational risks in its day-to-day activities. They include risks relating to the availability of technology and facilities services, retention of high-quality staff and the unintentional disclosure of confidential and sensitive information.
Generally, the Bank has a low appetite for these types of risk, but recognises that it is neither possible nor necessarily desirable to eliminate some risks inherent in its activities. The acceptance of some risk is often necessary to foster innovation and efficiencies in business practices.
While all parts of the Bank are exposed to operational risks to varying degrees, the most significant risks are those related to:
- transacting in financial markets to implement monetary policy
- maintaining the infrastructure to facilitate real-time interbank payment and settlement services through RITS
- providing banking facilities for a number of government entities, including the Australian Taxation Office, Medicare and Centrelink
- the provision of safe, secure and reliable Australian banknotes.
Any operational failure in these critical activities could have widespread consequences. Financial Markets Group, for example, executed around 51,000 transactions in 2019/20 generating an average daily settlement value of around $47.7 billion, while RITS settles just under $233 billion every day on average. The Bank's risk management framework supports the identification, analysis and management of risks that could adversely affect these operations. These include mechanisms by which emerging risks are identified; processes and systems by which subject matter experts consider these risks; and channels which facilitate these risks being raised with executives. Various metrics are used to highlight to executives how risks are being managed and whether risks are consistent with the Bank's risk appetite. These metrics range, for example, from ensuring that all staff have completed the Bank's Code of Conduct training to all system changes being appropriately authorised before implementation.
Considering these risks in more detail, the Reserve Bank's activities are highly dependent on information technology (IT) systems. The risk management and control framework supports an ongoing focus on managing the risks associated with complex IT systems. The Bank's IT Department collaborates with relevant business areas to facilitate the monitoring, assessment and management of IT-related risks and ensures IT-related initiatives are consistent with the Bank's technology strategy. This work is supported by the continuous evaluation of industry developments in order to ensure that the Bank's systems and procedures remain robust and conform to current IT standards. Assessment of appropriate resourcing, the adequacy of IT process controls and the level of security over information management are all incorporated in the Bank's risk management and control framework.
As part of the Bank's management of the risks associated with technology and operational systems, a significant focus is placed on the security of these systems. The Bank includes cyber resilience as a key operational risk and managing this risk is supported by staff at all levels of the Bank. The Bank is intent on protecting digital assets from cyber security threats while providing a high-quality service to all Australians. The Bank remains committed to alignment with the Australian Signals Directorate Information Security Manual and relevant security standards, introducing innovative security technologies, and hunting for emerging threats in order to continually meet the Bank's strategic cyber resilience objectives. The Bank continues to work with peer central banks, the Australian Government, and industry participants to increase the cyber resilience of both national and international financial systems.
The Reserve Bank invests in significant security controls and risk assurance functions, which are supported by a regular assessment regime. The Bank receives regular independent assurance of its compliance with security strategies endorsed by the Australian Signals Directorate, and maintains independent certification for the ISO 27001 global standard for Information Security Management. The Auditor-General issued a performance audit report on the Cyber Resilience of Government Business Enterprises and Corporate Commonwealth Entities on 4 July 2019, which concluded that the Reserve Bank had effectively managed cyber security risks.
During the past year, the Reserve Bank continued to direct significant resources towards the delivery or completion of a number of large and complex multi-year projects. These include the renovation of banking applications and systems, the upgrade of Australia's banknotes and the development of infrastructure to facilitate real-time retail payments. Successfully completing and embedding these projects will ensure high-quality services are maintained for the Bank's clients and the Australian public. The risks associated with project work are carefully managed so that adequate resources are available, nominated project deadlines are met and change management is effective. Project steering committees play an important role in overseeing the management of these risks. For more information on the banknote upgrade and the banking and payments systems projects, see the chapters on ‘Banknotes’ and ‘Banking and Payment Services’.
The Reserve Bank has responsibilities in terms of managing the risks related to the handling of confidential and sensitive information and, in particular, ensuring that there are no unintended disclosures. While the primary focus is on ensuring that sufficient controls exist to prevent a data breach occurring, the risk and control framework also seeks to ensure that the Bank would respond appropriately if one was to occur. The Bank is in the final stage in implementing the government's ‘Digital Continuity 2020 Policy’, issued by the National Archives of Australia, which seeks to ensure that agencies manage their information as an asset, that they transition to digital work processes and that agencies have interoperable information systems and processes. The National Archives of Australia has advised that a new policy will be released to take effect from January 2021.
The Bank does not tolerate dishonest or fraudulent behaviour and is committed to deterring and preventing such behaviour. It takes a very serious approach to cases, or suspected cases, of fraud. All staff involved in financial dealing have well-defined limits to their authority to take risks or otherwise commit the Bank. These arrangements are further enhanced by the separation of front-, back- and middle-office functions, where staff involved in trading, settlement and reconciliation activity remain physically separate and have separate reporting lines. For non-trading activities, several layers of fraud control are in place, including preventative, detective and corrective controls. A clear decision-making hierarchy, separation of duties and physical controls over systems and information have been established and are subject to regular review. Ongoing training and awareness programs are also conducted. The Bank requires all staff to undertake fraud awareness training. The Bank has arrangements in place for staff and members of the public to report concerns anonymously. All concerns are fully investigated. During 2019/20, there were no reported instances of fraud by employees.
The Reserve Bank remains strongly committed to maintaining and strengthening a workplace culture in which employees uphold the highest standards of behaviour. The Code of Conduct sets out requirements of the Bank's employees and others who are involved in its activities. The Bank has arrangements in place for staff to report concerns about breaches of the Code of Conduct, including channels by which concerns can be reported anonymously. Arrangements are in place to ensure staff are comfortable reporting concerns across a range of issues.
The effective management of compliance risk is central to the Bank's activities. Risk and Compliance Department collaborates with all business areas to ensure this risk is being managed effectively and keeps the Risk Management Committee informed regarding the level of compliance in key areas. Staff complete a number of training modules each year, focusing on areas such as privacy and workplace health and safety.
Notwithstanding these measures, events can occur from time to time that may adversely affect the Reserve Bank's reputation or lead to financial or other costs. Timely reports on any such incidents and ‘near misses’ are provided to the Risk Management Committee. These reports outline the circumstances, including impact and cause, as well as identify areas where new controls may be needed or where existing controls should be strengthened.
The Reserve Bank continues to act as the administrator of the Guarantee of State and Territory Borrowing. Applications for new guaranteed liabilities under this scheme closed in 2010, although existing liabilities will continue to be guaranteed until maturity, at the latest in 2023. To date, a total of $426 million in fees has been collected for state and territory borrowing since the scheme commenced in 2009, with $2 million collected in 2019/20.
Business continuity
The continuity of critical business functions is a key area of focus for the Reserve Bank. The Bank's policy is to maintain resilient arrangements when responding to incidents that have the potential to adversely affect its people, operations, assets or reputation, or compromise its physical security.
The novel coronavirus was first confirmed in Australia in late January 2020. The Reserve Bank's Pandemic Response Plan and Incident Management Framework enabled the Bank to quickly respond to operational risks and issues arising from the pandemic. The COVID-19 Incident Assessment Team (IAT), a coordinating body comprised of senior executives from different areas of the Bank met regularly to identify and implement short-term responses to support internal operations as well as to develop plans to address longer-term risks and issues. For more information on the changes that the Bank implemented to ensure its ongoing resilience in response to the COVID-19 pandemic, see the chapter on ‘Management of the Reserve Bank’.
The Reserve Bank continues to participate in contingency exercises to ensure that staff are well briefed on their roles during the pandemic and that effective internal and external communication arrangements are in place. The Risk Management Committee continuously monitors the effectiveness of each department's business continuity plans and alternative working arrangements.
Footnotes
An internal RMBS is a bankruptcy-remote trust set up by an ADI which contains mortgages they have written. The Bank accepts the securities issued out of the RMBS (and secured by the mortgages) as collateral. [1]
Investment grade refers to an average long-term rating of BBB- or above (for securities with a term to maturity at issuance of more than 12 months) or A3 (for securities with a term to maturity at issuance of less than 12 months). [2]