[工程科技]风险管理流程.doc

10/20/2010 Caesar Jia Nan WangDeloitte Touche Tohmatsu Services, Inc.Risk Management Processes 风险管理流程ContentsOverview总览2This section sets out recommended tasks and responsibilities relating to the key risk management processes required to meet short term priority of achieving control of losses: 本部分阐述为了实现短期内优先控制损失的目标尔提出的和任务、责任有关的主要风险管理流程：2The key risk management processes described in this section can be broken down by three generic headings: 这部分中描述的关键的风险管理过程可以大致分为三个部分：2The key principles underpinning the risk management processes are as follows: 风险管理流程的关键基础原则如下：3This document should be read in conjunction with the following other documents related to the Risk Management Framework: 本文件应与其他风险管理框架文件一并使用：4Market Risk Control Process 市场风险控制流程4Development of Market Risk framework 发展市场风险的框架5Development of risk measurement methodologies and models 发展风险测量方法和模型5Limit setting 限制设置6Risk monitoring 风险监控6Credit Risk Control Process 信用风险控制过程11Customer ownership 客户所有权12Limit Setting 限制设置13Evaluation of new credit applications 评价新的信贷申请14Credit risk monitoring 信贷风险监测14Portfolio Management 组合管理15Operational risk control 操作风险控制19Language and Definition 语言和定义21Risk Profiling 风险评估21Self-appraisal 自我评价22Monitoring and Escalation 监测与升级24Management Information 管理信息25Quality assurance 质量保证27New Product Process 新产品流程32Business Case Proposal 商业案例的建议32Risk Profiling 风险评估33Business Case approval 批准商业案例35Implementation of measures to mitigate risks 措施的执行，以减轻风险36Minimum Control Standards 最低控制标准38Introduction 简介39Dealing Room - Controls & Procedures 交易室-控制及程序40Strategy & Scope of Operations 策略及营运范围40Organisational Structure 组织架构41Processes 过程43Methodologies & Limits 方法及限额46Systems 系统47Reporting 报告48Security/ Disaster recovery/ Update of manual 安全/灾难恢复/更新手册49Back Office - Controls & Procedures 后台-控制及程序50Strategy & Scope of Operations 策略及营运范围50Organisational Structure 组织架构51Processes 过程52Systems 系统56Reports 报告57Security/ Disaster Recovery/ Update of Manuals 安全/灾难恢复/手册新58Accounting - Control & Procedures 会计-控制及程序60Strategy & Scope of Operations 策略及营运范围60Organisational Structure 组织架构61Methodologies and Processes 方法和程序62Systems 系统65Reports 报告67Disaster Recovery/ Update of Manuals 灾难恢复/手册更新68Internal Audit - Control & Procedures 内部审计-控制及程序68Strategy & Scope of Operations 策略及营运范围69Organisational Structure 组织架构70Methodologies and Processes 方法和程序72Reports 报告76Update of manuals 更新手册77Electronic Data Processing - Control & Procedures 电子数据处理-控制及程序77Strategy 战略77Organisational Structure 组织架构78Methodologies and Processes 方法和程序80Systems 系统83Disaster Recovery/ Update of Manual 灾难恢复/更新手册85Glossary 词汇86Overview总览 This section sets out recommended tasks and responsibilities relating to the key risk management processes required to meet short term priority of achieving control of losses: 本部分阐述为了实现短期内优先控制损失的目标尔提出的和任务、责任有关的主要风险管理流程： Market risk control; 市场风险控制; Credit risk control; 信贷风险控制; Operational risk control; and操作风险控制;及 New Product Approval. 新产品审批。 The key risk management processes described in this section can be broken down by three generic headings: 这部分中描述的关键的风险管理过程可以大致分为三个部分： (i) Set framework - relating to the definition, implementation and maintenance of strategy, organisation structures, processes, methodologies, management information and systems; （一） 建立框架 -有关的定义，实施和维护战略，组织结构，程序，方法，管理信息和系统; (ii) Set limits and controls - relating to the setting and approval of limits and operational controls that represent firms appetite for risk; and （二） 设置限额和控制 为了符合公司的风险偏好尔进行的有关设置和批准风险限额及营运监控;(iii) Monitor risks and escalate issues - relating to the monitoring of exposures against limits and the escalation of limit violations and operational breakdowns to management. （三） 监测风险和上报的问题 -有关监测风险及额度，以及关于超出极限和业务链崩溃对管理层的上报工作。 The diagram on the facing page provides an overview of the generic process across risks. 该页图表提供了一个运营过程和风险的全面概述。 It has been defined based on the following definitions: 它已被定义基于以下定义： (i)The Group Risk Management Organization represents the infrastructure put in place on the Group-wide basis to undertake risk management activities. （i）本集团风险管理部代表集团进行风险管理工作。 It comprises: 它包括： The Risk Management Council (representing the Executive Committee of FIRM seating on a risk agenda) 风险管理委员会（占公司风险议程执行委员会一员） The Group Risk Committee 集团风险管理委员会 The Risk Executive (Deputy Governor in charge of risk management) 风险长官（副行长负责风险管理） The Head of Risk 风险总监 The Risk Management Division 风险管理部 (ii)Business Units are defined as departments / divisions / subsidiaries in charge of undertaking risk taking activities. （二）业务单位是指部门/司/活动附属公司接管承担的风险。 In particular key Business Units include: 关键的业务部门包括： Treasury财政部 Credit divisions信贷部门 Local and foreign branches and subsidiaries本地和海外分行及附属公司 (iii)Functions are defined as departments / divisions in charge of providing the support to risk taking activities. （三）部门/分支机构将提供风险监管部门支持。 In particular these encompass这些包括： EDP 电子数据处理 Accounting 会计 Internal Audit 内部审计 Risk Management Organization 风险管理组织 Human Resources 人力资源 Tax & Legal 税务及法律 The key principles underpinning the risk management processes are as follows: 风险管理流程的关键基础原则如下： (i)Business Units will be directly accountable for the risks they are taking. （i）业务单位负责他们直接参的风险。 Group Risk Management Organization will be responsible for developing the framework, defining risk measurement methodologies, setting risk limits, allocating limits to Business Units, monitoring, escalating issues and providing analysis which enables Business Units to make appropriate decisions; 集团风险管理组织将负责制定决策的框架，确定风险计量方法，设定风险限额，为业务部门分配限额，监测，上报问题，并提供分析，让业务单位作出适当的决定; (ii)A consistent approach to risk management across firm will be driven by the Group Risk Management Organization, either through the development of processes and methodologies, or through the approval of specialised solutions developed in the Business Units; （二）集团的风险管理组织将推行一个一致的方法来管理整个公司的风险管理，或通过单位批准为专门业务开发专门的解决方案; (iii)Business Unit risk levels, materialised by limits , will be set by the Group Risk Management Organisation, based on Group-wide strategic objectives, and operational plan provided by the Business Units. （三）业务单位的风险水平， 将被量化被风险限额限制，集团风险管理组织在战略目标的基础上结合集团战略和单位和业务计划所提供的业务和目标制定风险限额。 Business Units will determine sub-business unit limits; 业务部门将确定支业务单位的限额; (iv)Overall leadership and control of the Risk Management Framework will come from the Group Risk Management Organisation, while Business Units will be empowered to set strategy for taking risks and manage their own risks; and （四）整体风险管理框架的领导和控制，将来自集团风险管理组织，而各部门将有权采取设立风险战略和管理自己的风险; (v)All issues or limit violations of a pre-determined severity (materiality, frequency, nature) will be escalated to the Group Risk Management Organisation where actions to address them will be determined in consultation with the appropriate Business Unit. （五）所有严重问题或超出限额违反预先确定值的（数值上，频率，性质）将上报到集团风险管理组织并在和相对应部门的协商后是实行动以解决这些问题。 The Business Unit will be responsible for implementing the agreed actions. 业务部将负责执行。 This document should be read in conjunction with the following other documents related to the Risk Management Framework: 本文件应与其他风险管理框架文件一并使用： Risk Map - setting out a definition for all risk and high level controls; 风险地图-把所有风险和控制水平定义; Committee Structure - setting out the roles and responsibilities for each individual committee involved in the risk management process; 委员会的结构-在风险管理过程中为每个委员认定角色和责任工作; Terms of Reference for the Risk Management Division (RMD) - setting out the organisation structure and roles and responsibilities of the RMD; 风险管理部的职权范围-给风险管理部制订结构角色和义务; Risk Appetite and Capital Allocation - setting out 1 st cut parameters for defining the appetite for risk 风险偏好和资本配置-设置了风险偏好所对应的资本配置 VaR Specification 风险规范 Limit Structure 限额结构 Market Risk Control Process 市场风险控制流程 In this section , the terminology Business Unitswill predominantly refer to Treasury departments of firm and its subsidiaries. 在本节中，术语商业单位，将主要是指财政部部门、公司及其附属公司。 As set out during the Diagnostic and Benchmarking Phase, market risk control at is currently undertaken by the Treasury department. This is inadequate to meet the objectives of an independent risk management function responsible for identifying, measuring and controlling risks. The diagram on the facing page illustrates the market risk control process that firm will need to implement. 在识别记录的过程中，市场风险目前由财政部控制。这是不能满足控制风险的目标和一个独立的风险管理职能，负责识别，计量和控制。页面图说明了公司将需要所面临的市场风险控制的过流程。 The process is primarily driven by the Group Risk Management Organisation but also specifies key responsibilities for Business Units and requires strong interactions with the Business Units to achieve successful implementation. 这个过程主要由集团风险管理部组织管理，但同时也指定主要职责给经营单位，并要求经营单位间相互壶协作实现成功实施。 Development of Market Risk framework 开发市场风险框架 The market risk framework to be developed throughout the Group includes the market risk organisation structure, risk controlling, monitoring and analysis processes and the market risk infra-structure (including risk measurement, limit structures, management information and systems). 整个集团内的市场风险架构制定整个集团的市场风险，包括制定组织结构，风险控制，监测和分析的过程，以及市场风险的基础设施结构（包括风险计量，限额结构，管理信息与系统）。 This will be developed by the Group Risk Management Organisation and approved by the Risk Management Council. 这将是开发的集团风险管理组织并由和理事会批准的风险管理委员会批准。 Development of risk measurement methodologies and models 发展风险测量方法和模型 (i)Pricing Models （一）定价模型 Models used to provide mark to market for treasury products (Pricing Models) will be specified by the Group Risk Management Organisation. 模型中使用提供风险管理组织标志将被指定由本集团按市值计算）库务产品（定价模型。 This will consist in determining the appropriate revaluation formula for each product. 这将包括在确定每个产品的相应重估公式。 Pricing Models will be developed by the Business Units, where the detailed knowledge of products and market parameters lies. 定价模型将开发经营单位，那里的市场参数详细了解产品和谎言。 Business Units may require the assistance of the Group Risk Management Organisation when developing the models. 经营单位可以要求该组织援助的集团风险管理在开发模式。 Pricing Models will be signed off by the Group Risk Management Organisation. 定价模式将签署过的集团风险管理组织。 This will consist in reviewing the model documentation and the user acceptance test results. 这将包括在审查模型文档和用户验收测试结果。 (ii)Risk Measurement Models （二）风险度量模型 Risk measurement methodologies applicable to Market risk will be designed and developed by the Group Risk Management Organisation. This will consist in specifying the type of risk methodologies (eg duration, sensitivity, Value at Risk) that will be applied to each class of product. 风险计量方法，适用于市场风险的设计和开发的集团风险管理组织。这将包括在指定的产品类型风险的方法（如时间，灵敏度，风险值），将被应用到每个类。 Models used for the actual calculation of market risk measures will be either developed by the Group Risk Management Organisation, or acquired in the market (risk management softwares). 衡量风险模型所使用的市场实际计算将开发或由本集团风险管理组织，或）在市场上收购（风险管理软件。 The implementation of risk measurement models will be the responsibility of the Group Risk Management Organisation. 该模型的实施风险计量组织的责任将是本集团的风险管理。 Limit setting 限制设置 The purpose of the limit setting process is to ensure that Business Units remain empowered to take market risk in line with their strategic objectives, while providing the Group Risk Management Organisation with a means to ensure risk levels remain compatible with the NBG Groups appetite for risk. It is therefore recommended that the following process is established: 该过程的目的设置的限制是为了确保业务单位仍有权采取市场的目标风险的战略，符合自己的，同时提供手段，确保风险水平的集团风险管理组织与留risk兼容与NBG集团的胃口。因此，建议建立以下程序： i. The Group Risk Management Organisation will determine Group-wide market risk limits reflecting the Groups appetite for risk, as set out by the NBGs Board 集团的风险管理组织将决定整个集团的市场风险限额，反映本集团的风险胃口，一如理事会提出的NBG的 ii. Business Unit will make proposal to the Group Risk Management Organisation on the level of market risk limits that should be allocated to them; 业务部将建议，集团风险管理组织对他们水平的市场风险限额的应分配; iii. Following detailed analysis of the proposals of all Business Units by the Group Risk Management Organisation will make a recommendation to the Group Risk Committee on the level of market risk limit that should be allocated to each individual Business Unit. 以下详细的业务风险管理组织单位通过分析本集团的提案都将被分配到每个业务部门的建议应该向集团风险委员会一级市场风险限额。 The Group Risk Committee will be responsible for reviewing, challenging and approving this recommendation; and 集团风险委员会将负责审查的建议，挑战和批准本;及 iv. Business Units will sub-allocate business units limits to a lower level of detail (eg department, desk, trader). 业务部门将分分配业务单位限制交易者）的详细程度较低（如部门，书桌。 This sub-allocation process should be done in consultation with the Group Risk Management Organisation. In the event that Group Risk Management Organisation disagrees with departmental limits being set by the Business Units, the issue will be escalated to the Head of Group Risk. 本次分配的过程应在协商组织与本集团的风险管理。倘集团风险管理组织单位不同意由商业部门的限制被设置，这个问题将上升到集团风险部的主管。 Risk monitoring 风险监控 The risk monitoring process is a two level process whereby: 风险监控的过程是一个进程，使两个级别： (i)Business units will monitor their exposures against limits at a departmental and Business Units level and identify limit violations. Departmental limit violations are analysed and addressed by the Business Units themselves, Business Unitss limit violations are analysed by the Business Units and reported to the Group Risk Management Organisation; （一）经营单位将监测单位一级的业务风险及额度在一个部门，并确定限制的行为。部门限制侵犯进行了分析和自己处理了业务部门，业务部门的限制行为，是按经营单位并上报集团风险管理组织; (ii)Business Units limits violations are analysed and reviewed by the Group Risk Management Organisation and addressed jointly with the Business Units. （二）业务单位的限制违反了分析和组织审查了集团风险管理和处理单位共同的业务。 Group-wide limit violations are analysed and addressed by the Risk Management Organisation. 集团范围内限制违规行为进行了分析和组织处理了风险管理。 A detailed breakdown of the tasks and responsibilities included in the market risk control process is set out on the following pages. A和责任的详细的分项任务包括：在市场风险控制进程设置页以下。 Process: Market risk control 过程：市场风险控制 Task 任务 Responsibility 责任 1 一 Define overall market risk framework 确定总体市场风险的框架 1.1 Define reporting lines, organisation structure, processes and responsibilities for market risk control 1.1定义的汇报，组织结构，过程和控制市场风险的责任 1.2 Define overall market risk measurement methodologies, overall limit structure, generic risk management systems requirements, overall risk management information 1.2确定总体的市场风险计量方法，整体结构的限制，一般的风险管理体系的要求，全面风险管理信息 1.4 Approve framework 1.4批准框架 Head of Risk 主管风险 Head of Risk 主管风险 Group Risk Committee (market risk agenda) 集团风险委员会（市场风险议程） 2 2 Develop measurement methodologies 开发测量方法 2.1 Define market risk measurement methodologies by class of products / instruments / products 2.1定义/工具/产品的市场风险计量方法，按产品类 2.2 Approve market risk measurement methodologies 2.2审批市场风险测量方法 2.3Design functional specifications for pricing and risk measurement models 2.3设计功能规范，计量模型定价和风险 2.4Communicate functional specifications of pricing models to Business Units 2.4沟通功能规格的定价模式，以业务部门 Head of Risk 主管风险 Group Risk Committee (market risk agenda) 集团风险委员会（市场风险议程） Head of Risk 主管风险 Head of Risk 主管风险 3 三 Develop and approve pricing models 制定并批准的定价模式 3.1 Develop pricing models consistent with functional specifications provided by Group Risk Management Organisation 3.1制定定价模型组织一致的风险管理小组提供的功能规格 2. Document models 文档模型 3. Perform user acceptance and technical tests 执行用户的认可和技术试验 4. Review model documentation and user acceptance test results 审查模式的文档和用户验收测试结果 5. Sign-off pricing models 签收定价模式 6. Implement models 实施模式 Business Units 业务单位 Business Units 业务单位 Business Units 业务单位 Head of Risk 主管风险 Head of Risk 主管风险 Business Units 业务单位 4 4 Develop and implement risk measurement models 制定和实施风险计量模型 4.1 Develop / acquire risk measurement models compliant with functional specifications 4.1开发/收购风险计量模型符合功能规格 2. Install 安装 3. Test 测试 Head of Risk 主管风险 Head of Risk 主管风险 Head of Risk 主管风险 5 5 Determine total market risk limit 确定总的市场风险限额 1. Work with Business Units to analyse historical and forecasted business performance and formulate recommendation of market risk appetite 单位与业务工作的历史和预测分析，制定业务表现食欲市场风险的建议 2. Review market risk appetite assumptions and limit, formulate recommendation to Risk Management Council 回顾市场风险偏好的假设和限制，制定风险管理委员会的建议， 5.3 Set overall market risk appetite for NBG 5.3设置整体市场风险偏好NBG 4. Determine Group-wide market risk limits derived from the risk appetite 确定整个集团的市场风险限额来源于风险偏好 5. Review Group-wide market risk limits 回顾整个集团的市场风险限额 6. Approve Group-wide market risk limits 批准集团广阔的市场风险限额 Head of Risk 主管风险 Group Risk Committee (market risk agenda) 集团风险委员会（市场风险议程） Risk Management Council 风险管理委员会 Head of Risk 主管风险 Group Risk Committee (market risk agenda) 集团风险委员会（市场风险议程） Risk Management Council 风险管理委员会 6 6 Bid for Business Units Limits 申办业务部门界限 6.1 Analyse historical and forecasted performance 6.1性能分析和预测历史 6.2 Apply for Business Unit market risk limits 6.2风险的市场业务部申请限制 Business Unit 业务部 Business Unit Head 业务部门负责人 Task 任务 Responsibility 责任 7 7 Allocate BU limits 限制分配卜 7.1 Review Business Units market risk limits applications 7.1检查经营单位的市场风险限额的申请 2. Formulate recommendation for allocating market risk limits to Business Units 建议制定市场风险限额分配至各业务部 3. Review recommendation for limit allocation to Business Units 审查的建议极限分配至各业务部 7.3 Approve Business Units limit allocation 7.3审批业务部门分配限额 Head of Risk 主管风险 Head of Risk 主管风险 Group Risk Committee (market risk agenda) 集团风险委员会（市场风险议程） Risk Management Council 风险管理委员会 8 8 Determine and allocate department limits 确定和分配部门的限制 8.1 Sub-allocate Business Unitslimits to departments (eg desk, trader) 8.1分分配业务单位，部门的限制（如台，商人） Business Unit Head 业务部门负责人 9 9 Monitor Business U