Risk management is at the heart of most treasury operations, and it is helpful to situate the risks managed by treasury within the overall risk map of the company.
ISO31000 defines risk as the effect of uncertainty on business objectives, including both positive events as well as negative ones. On the same note, risks can create opportunities as well as result in cost implications for the company.
Further to this, we can view risks to be insurable or more generally transferable and non-transferrable. For example, businesses can buy insurance for the risk of fire or transfer Foreign Exchange (FX) risks to the markets through forward contracts, while they cannot transfer the risk that a new product does not satisfy customers.
From a treasury perspective, risks can generally be confined to financial risks of various kinds. While treasury is not usually responsible for general business risks, some treasurers are accountable for insurance and / or enterprise risk management for their organisation.
Business risks that are generally out of treasury’s scope include non-transferable risks such as strategic risk, product risk, market risk, and reputational risk. Transferable business risks typically include insured risks related to property, freight, liability, cyber, etc.
The primary financial risks for which treasury is responsible for can be categorised into:
- Liquidity risk (i.e. availability of funds)
- Price risk (i.e. commodity price risk)
- Credit risk (i.e. financial loss)
- Operational risk (i.e. treasury processes, payments, etc.)
The eventual scope of a treasurer’s responsibility may vary in different organisations. Some areas that typically vary include:
- ERM (Enterprise Risk Management): ERM is often a function that reports directly to the board or CFO and is sometimes managed by a Chief Risk Officer. In some companies, this is a treasurer’s responsibility.
- Insurance: insurance is also a function that reports to the CFO, and is sometimes a treasurer’s responsibility
- Commercial credit risk.: The credit risk of commercial counterparties (customers and vendors) is often managed by sales and procurement or the controller function, but is sometimes managed by treasury. Financial counterparty credit risk is normally handled by treasury, but in businesses with substantial sales to financial institutions, this can be a controller’s responsibility
- Operational risk for commercial payments etc.: operational risk for commercial flows is typically a treasurer’s responsibility in organisations with In-House Bank or Payment Factory operating models. However, it falls under the controller’s responsibility in organisations without a centralised treasury function
- Operational risk for treasury processes: while operational risk for treasury processes may naturally fall under the treasurer’s responsibility, but in many instances, treasuries are too small to effect a full segregation of duties and so the treasury process operational risk is delegated to other finance colleagues
As the treasury function evolves to play a more strategic advisory role in business decisions, they naturally get more involved in risk management decisions too. Treasury must be flexible in adding value either as the primary responsible team or in an advisory capacity to balance the business’ overall risks in the most cost-effective manner.
Risk management process
Generally, risk management comprises of the classic risk cycle – Identify, Analyse, Treat, and Monitor, which is similar to the way treasurers will approach and manage risks, for example price risk such as FX or interest rate risk.
The risk cycle is commonly collapsed into four steps: Identify - Analyse - Treat - Monitor.
Treasurers practice this risk management process almost every day. For example, when managing FX risk, treasurers typically:
|Identify ||Gather underlying exposures from cash flow forecasts|
|Analyse||Determine value at risk or other metrics of FX exposures |
|Treat||Hedge with forwards (or options and combined strategies) |
|Monitor||Daily mark to market to ensure that hedging works as intended and risk limits are not exceeded |
Treating risk refers to an action or conscious inaction after identifying and analysing the risk. Although there exists varying risk management frameworks, but the basics of treating risk are constant. In the US Department of Defence's (DOD)1 methodology, the four risk treatments are covered by the acronym ACAT – Avoid, Control, Accept, Transfer.
Avoid means not taking the risk. Commercially, this might mean cancelling a new product or market entry, refusing a customer because of their credit risk, demanding cash in advance, refusing to sell in a currency that cannot be hedged, refusing a L/C from a bank, etc.
Control refers to managing the risk. Commercially, this might mean putting limits on investment into a new product or market entry, accepting a new customer with tight credit limits, allowing limited exposure to a new sales currency, etc.
Accept means taking the risk. At times, the potential rewards justify taking risk, so businesses take a conscious decision to accept risk. Commercially, this might mean going ahead with a risky but essential new product or market, accepting a risky customer because of very high margins, selling in a risky currency because profits vastly exceed expected loss, accepting a L/C from a risky bank because the sale is critical to important strategic objectives, etc.
Transfer refers to passing on the risk to another party. Commercially, this might mean developing a new product or entering a new market in a risk-sharing arrangement with another party, using a trusted agent to manage customer risk, selling FX risk through forwards or options, paying a trusted bank to confirm a risky bank L/C, etc.
In practice, risks are often handled with mixed treatments. This applies especially to the last three treatments – control, accept, transfer. For example, there may be extra internal controls around risky currencies, partial risk acceptance within strict policy and delegation limit; and partial hedging (hedging for difficult currencies tends to be expensive).
It is important to analyse risk holistically. The apparent risk may not be the biggest challenge. For example, a small financial risk may hide a larger strategic risk. A local currency invoice may include a currency clause or automatic repricing of a commodity globally priced in USD – this is called indirect FX risk. Whereas in events where the invoice currency is the same as the risk currency, it is considered a direct FX risk.
Risk can also mutate as economic conditions change. For example, a USD sale to a developing market may seem risk free; then the developing currency devalues, and the customer becomes a credit risk; when things get really bad the customer may have means to pay but the central bank runs out of USD so it becomes a sovereign risk; when the sale is through, a local subsidiary’s failure to remit may create a tax risk; and so on.
Liquidity risk is treasury’s main responsibility – to ensure that the business has sufficient funds to continue its operations through the economic cycle, as well as sufficient funds for strategic opportunities (if required by the board). The main processes for dealing with liquidity risk are capital structure and cash management.
Capital structure addresses the long-term liquidity risk with appropriate leverage (debt to equity ratio), debt maturity gapping (avoiding lumpy debt maturities), and adequate cash reserves (but not excessive since cash is expensive).
Cash management addresses the short-term liquidity risk by ensuring that the business has necessary but not excessive cash available in the right location, right currency, right time and amount.
As with all risk, treasury must find an appropriate balance between risk and the cost of managing risk. Since capital structure defines the risk capacity of the business, it must be carefully defined by the board.
Financial market price risk – the risk posed to the busiess from changes in market prices for FX and interest rates– is another core treasury responsibility. In many cases, where relevant, commodity risk is also managed by treasury.
FX is the main price risk for most treasuries, because any business with international sales or procurement will generate FX exposures.
Businesses with large amounts of long term debt will be concerned with interest rate price changes. Interest rate risk can be hedged in a manner analogous to FX hedging, but the tenors are longer, and the markets are less liquid, so the risks involved in the hedging process itself are greater than with FX hedging.
As stated above, treasury must analyse risk holistically. Hedging creates its own risks – primarily operational and counterparty credit risk.
Credit risk is a major focus for most treasuries. Usually, treasuries are responsible for managing the credit risk of their financial counterparties such as banks. Some treasuries also manage the credit risk of commercial counterparties such as customers and vendors.
Multinational counterparty credit risk management is complicated by political geography. Depending on the legal form of counterparties’ in country presence, sovereign risk may limit their credit worthiness.
Credit risk can be mitigated (or treated) with credit insurance and credit default swaps and managed with strong credit policies and processes.
As mentioned above, treasury’s responsibility for operational risk normally focuses on treasury related processes, and in organisations with a centralised treasury function, treasury’s responsibility often includes business wide banking and settlement processes. Treasury will not typically be responsible for operational risk in business processes like sales, manufacturing, and procurement.
Operational risk covers all processes, so managing it requires solid and holistic expertise, people, policies and processes. Again, treasury needs to balance risk and cost to find the most effective solutions for the business. It often seems treasuries are under resourced, which may indicate that such businesses underestimate the risks around treasury and therefore potentially focus myopically on costs.
1 The US Department of Defense Risk, Issue, and Opportunity Management Guide for. Defense Acquisition Programs, Jan 2017
The information herein is published by DBS Bank Ltd. (“DBS Bank”) and is for information only.
All case studies provided, and figures and amounts stated, are for illustration purposes only and shall not bind DBS Group. DBS Group does not act as an adviser and assumes no fiduciary responsibility or liability for any consequences, financial or otherwise, arising from any reliance on the information contained herein. In order to build your own independent analysis of any transaction and its consequences, you should consult your own independent financial, accounting, tax, legal or other competent professional advisors as you deem appropriate to ensure that any assessment you make is suitable for you in light of your own financial, accounting, tax, and legal constraints and objectives without relying in any way on DBS Group or any position which DBS Group might have expressed herein.
The information is not directed to, or intended for distribution to or use by, any person or entity who is a citizen or resident of or located in any locality, state, country or other jurisdiction where such distribution, publication, availability or use would be contrary to law or regulation.
DBS Bank Ltd. All rights reserved. All services are subject to applicable laws and regulations and service terms. Not all products and services are available in all geographic areas. Eligibility for particular products and services is subject to final determination by DBS Bank Ltd and/or its affiliates/subsidiaries.