Treasury and Risk Management
At Credit Suisse, we conservatively manage our liquidity and funding position, and we strive for a strong capital position. One of our financial targets is a Basle III look-through CET 1 ratio of 11%. In our annual and quarterly reports we provide detailed information related to our treasury, capital and risk management activities, including detailed quantitative information on relevant capital and risk trends.Our client focused business portfolio generally mitigates risks and provides a certain amount of natural risk diversification. As explained in our compensation report, risk and control considerations are also an integral part of our compensation process to discourage excessive risk taking.
Funding, liquidity, capital and foreign exchange exposures are managed on a centralized basis through Global Treasury. Oversight of these activities is provided by the Capital Allocation and Risk Management Committee (CARMC), a committee that includes the CEO ’s of the Group and the divisions, the CFO, the CRO ’s of the Group an the Bank, the COO and the Global Treasurer. It is CARMC's responsibility to review the capital situation, balance sheet development, current and prospective funding and foreign exchange exposures and to define and monitor adherence to internal Treasury risk limits.
Our liquidity and funding policy is designed to ensure that funding is available to meet all obligations in times of stress. We have access to multiple markets worldwide and we use a wide range of products and currencies to ensure that our funding is efficient and well diversified across markets and investor types. Unsecured funding sources include private and corporate and retail banking client deposits, long-term debt, certificates of deposit, bank deposits, fiduciary deposits, central bank deposits and other non-bank deposits. Under Information for bondholders we provide further information on our issuance activities, including credit ratings and reports.
We base our business operations on conscious, disciplined and intelligent risk taking. We believe in independent risk management, compliance and audit processes with proper management accountability for the interests and concerns of our stakeholders.
Fundamental to our business is the prudent taking of risk in line with our strategic priorities. The primary objectives of risk management are to protect our financial strength and reputation, while ensuring that capital is well deployed to support business activities and grow shareholder value. Our risk management framework is based on transparency, management accountability and independent oversight. Risk management is an integral part of our business planning process with strong involvement of senior management and the Board of Directors (Board).
To meet the challenges of a volatile market environment and changing regulatory frameworks, we are working to continuously strengthen our risk function, which is independent of, but closely interacts with, the front office functions to ensure the appropriate flow of information and strong controls. We have comprehensive risk management processes and sophisticated control systems, and we are working to limit the impact of negative developments by carefully managing concentrations of risks.
We manage risk in our internal control environment; however, risks arise in all of our business activities and cannot be eliminated completely. Our risk management organization reflects the specific nature of the various risks to ensure that risks are managed within limits set in a transparent and timely manner. At the level of the Board, including through its committees, this includes the following responsibilities:
- Board: responsible to shareholders for the strategic direction, supervision and control of the Group, and for defining our overall tolerance for risk in the form of a risk appetite statement and overall risk limits;
- Risk Committee: responsible for assisting the Board in fulfilling its oversight responsibilities by providing guidance regarding risk governance and the development of the risk profile and capital adequacy, including the regular review of major risk exposures and overall risk limits; and
- Audit Committee: responsible for assisting the Board in fulfilling its oversight responsibilities by monitoring management’s approach with respect to financial reporting, internal controls, accounting and legal and regulatory compliance. Additionally, the Audit Committee is responsible for monitoring the independence and the performance of the internal and external auditors.
Overall risk limits are set by the Board in consultation with its Risk Committee. Committees have been established at senior management level to further support the risk management function.
- Capital Allocation & Risk Management Committee (CARMC): Reviews risk exposures, concentration risks and risk related activities on a monthly basis. CARMC is responsible for supervising and directing our risk profile on a consolidated basis, recommending risk limits to the Risk Committee and the Board, and for establishing and allocating risk limits among the various businesses. CARMC monthly meetings rotate through the following three cycles: (i) Asset & Liability Management including capital, funding and liquidity; (ii) Market & Credit Risks; and (iii) Internal Control Systems including operational risks, legal and compliance issues and internal control matters. In the Market & Credit Risks cycle, the Credit Portfolio & Provisions Review Committee, a subcommittee of CARMC, reviews the quality of the credit portfolio with a focus on the development of impaired assets and the assessment of related provisions and valuation allowances.
- Risk Processes & Standards Committee: Responsible for establishing and approving standards regarding risk management and risk measurement, including methodology and parameters.
- Reputational Risk & Sustainability Committee: Sets policies, and reviews processes and significant cases relating to reputational risks and sustainability issues.
There are also divisional risk management committees. The risk committees are further supported by Treasury, which is responsible for the management of our balance sheet, capital management, liquidity and related hedging policies. Given the increasingly complex regional regulatory requirements, a dedicated UK CRO function has been developed to ensure risk management is fully integrated at all levels of the organization. As an important contact with UK regulators, the UK CRO is key in ensuring risk management issues are properly escalated and addressed, strong risk controls are established and capital usage is optimized. In addition, a more robust governance framework is being implemented for US operations which includes the appointment of a dedicated US CRO. The development of these functions is key to ensuring the increasingly complex regulatory requirements are fully met in each region.
The risk management function reports to the CRO, who is independent of the business and is a member of the Executive Board. In 2013, the function covered:
- Strategic Risk Management;
- Risk Analytics and Reporting;
- Credit Risk Management;
- Operational Risk Management, including:
- Business Continuity Management;
- Technology Risk Management; and
- Reputational Risk Management.
The risk management function is responsible for providing risk management oversight and establishing an organizational basis to manage all risk management matters through four primary risk functions:
- Strategic Risk Management: Assesses the Group’s overall risk profile on a strategic basis, recommending corrective action where necessary, and is also responsible for market risk management including measurement and limits
- Risk Analytics and Reporting: Responsible for risk analytics, reporting, systems implementation and policies
- Credit Risk Management: Responsible for approving credit limits, monitoring and managing individual exposures, and assessing and managing the quality of credit portfolios and allowances
- Operational Risk Management: Establishes and maintains Group-wide standards, processes and tools for the identification, assessment, management and monitoring of operational risks. Through Business Continuity Management, Operational Risk Management assesses and manages potential impacts that threaten the organization in case of operational disruption, crisis or disaster; and through Technology Risk Management, Operational Risk Management oversees IT-related risk aspects.
Within our risk framework, we have defined the following types of risk:
- Strategy risk: outcome of strategic decisions or developments; and
- Reputational risk: damage to our standing in the market.
- Market risk: changes in market factors such as prices, volatilities and correlations;
- Credit risk: changes in the creditworthiness of other entities; and
- Expense risk: difference between expenses and revenues in a severe market event.
- Operational risk: inadequate or failed internal processes, people and systems (including cyber risk), or external events; and
- Liquidity risk: inability to fund assets or meet obligations at a reasonable price.
Management risks are difficult to quantify. Management of strategy risk is addressed at the Board and Executive Board level, and a process has been implemented to globally capture and manage reputational risk. Chosen risks are, in general, highly quantifiable, but are challenging in complexity and scale, especially when aggregated across all positions and types of financial instruments. For operational risk management, we have primarily set up processes at Group, divisional and regional levels. Liquidity management is centralized with Treasury. Information required under Pillar 3 of the Basel framework related to risk is available on our website at credit-suisse.com/pillar3.