FRM学习复习3（持续更新中..）

（此文仅记录学习进程，加油！）

（持续更新中…）)

Framework框架

Overview of Risk Management
Modern Portfolio Theory and Return Generating Models
Financial Disasters
GARP Code of Conduct

overview of risk management风险管理概述

framework

1. Risk Management: A Helicopter View
   直升机视图
2. Corporate Risk Management: A Primer
   企业风险管理入门
3. Corporate Governance and Risk Management
   公司治理与风险管理
4. What is ERM?
   什么是ERM（Enterprise Risk Management）
5. Governance, Risk Management and Risk-Taking in Banks
   银行的治理，风险管理和风险承担
6. Principles for Effective Data Aggregation and Risk Reporting
   有效数据汇总和风险报告的原则

overview

Risk management

How firms select the type and level of risk that it is appropriate for them to assume.
企业如何选择适合他们承担的风险类型和风险级别。

Risk management’s blame

Unable to prevent market disruptions or business accounting scandals.
无法防止金融危机或商业财务丑闻。
Derivative markets make it easier to take on large amount of risk.
衍生市场可以更容易地承担大量风险。
Sophisticated financial engineering played a role in obscuring the true economic condition of financial companies, and lead to the violent implosion of firm.
复杂的金融工程在掩盖金融公司的真实经济状况发挥了作用，并（累计风险）导致了公司的暴力内爆。
Allow a firm to transfer risk to other counterparty in the same market.
允许公司将风险转移到同一市场的其他交易对手。

What is Risk?

Expected loss

预期损失
Accounts for all losses that are incurred in normal times; predictable;priced into the products or by charging a certain commission or a spread.
计算正常时间内发生的、可预测的所有损失，定价到产品上或者是收取一定的佣金或点差
银行一般用使用准备金（reserve）去覆盖预期损失
EL（预期损失） = PD（违约概率） * LGD（违约时损失） *EA（风险敞口）

Unexpected loss

非预期损失
Risks are lumpy; driven by risk factors that under certain circumstances can become linked together.
风险是不稳定的。由风险因素驱动，在某些情况下这些风险因素可以相互关联。
σ（标准差）= VX

Risk management

Don’t control and reduce EL, but manage UL;
不能控制和减少非预期损失，但可以管理预期损失
Sufficient capital to protect against UL;
充足的资本以防止意外损失
Set appropriate return from the risky activities;
从有风险的活动中获得适当的回报
Communicate with stakeholders about the firm’s target risk profile.
与利益相关者沟通公司的目标风险概况。

The Risk Manager’s Job

风险经理的工作
Role: uncover the sources of risk and make them visible to key decision makers and stakeholders.
角色:发现风险的来源，并暴露给关键决策者和利益相关者。
Produce a distribution estimate.
生成一个分布估计。
Balance risk and reward for the firm.
平衡公司的风险和回报。
Identify and measure a risk, and make it transparent to stakeholders.
识别和度量风险，并公开给利益相关者。
Balance the relationship between business leaders and the specialist risk management.
平衡业务大佬和专业风险管理之间的关系。

Type of Risk Exposures

1. Market Risk
   市场风险
2. Credit Risk
   信用风险
3. Liquidity Risk
   流动风险
4. Operational Risk
   操作风险
5. Legal and Regulatory Risk
   法律及规管风险
6. Business Risk
   商业风险
7. Strategic Risk
   战略风险
8. Reputation Risk
   声誉风险
9. Systemic Risk
   系统性风险

Why Not to Manage Risk in Theory?

坏处
MM: the value of a firm cannot be changed by means of financial transactions.
MM:一个公司的价值不能改变通过金融交易。
Assumptions: the capital markets are perfect, competitive, no transaction costs or taxes.
假设:资本市场是完美的,有竞争力的,没有交易成本或税收。
Self-insurance is more efficient than derivatives.
自保比衍生品更有效。
Active hedging may distract management from its core business.
活跃的对冲可能从分散其核心业务的管理。
Risk management has compliance costs.
风险管理会增加成本
Risk management that is not carefully structured can drag a firm down.
不谨慎的结构化风险管理可以拖垮一家公司。
Risk management may release information.
风险管理可能会散布一些信息。
Due to the gap between accounting earnings and cash flows, hedging may increase the firm’s earning variability.
由于会计利润和现金流之间的差距,对冲可能会增加公司的收入可变性。

Some Reasons for Managing Risk in Practice

好处
The MM assumptions are not real.
MM只是假设，不是真实情况
The high fixed costs associated with financial distress and bankruptcy.
高的固定成本与财务困境和破产有关
Manager has an interest in reducing risks to achieve the board’s objectives.
管理者对减少风险已达到董事会的目标感兴趣
Volatile earnings induce higher taxation than stable earnings.
爆发收入比稳定收入需教更多的税
Hedging reduce the cost of capital and enhance the ability to finance growth.
对冲可以减少资本成本和提高财政增长的能力

Hedging Operations vs Hedging Financial Positions

对冲操作和金融
Firms should risk-manage their operations.
公司应该控制操作风险
Firms should concentrate on business areas they have comparative edge and avoid areas where they have not.
公司应该集中在业务领域在优势的领域，避免在劣势的领域
Firms should hedge their assets and liabilities.
公司应该对冲他们的资产和负债。
Hedging its B/S can gain tax advantage.
对冲其B/S可以获得税收优势。

Putting Risk Management into Practice

落实

1. Determining the objective

确定目标
Determine the risk appetite.
确定风险偏向
Types of risk to take;
风险种类
Which risk to be hedged and to be assumed;
假定会遇到哪些风险
Max losses to tolerate.
损失承受极限值
Conflict between debtholders and shareholders.
股东和债权人的冲突
Board should make clear the time horizon for risk management objectives.
董事会需明确时间范围和风控目标
Risk limits: allow management to operate within a given zone.
风险限制：一个允许风险管理干预的范围

2. Mapping the risks

映射风险
Make a record of all A and L sensitive to a certain risk factor.
记录所有A和L的风险因素
All cash flows for that risk factor can be matched.
所有现金流都能匹配上所有的风险点
Each risk on the list should be named its potential damage and the probability of its occurrence.
清单上的每一项风险都应标明其潜在损害及其发生的可能性。
Differentiate between risks that can be insured against, can be hedged, noninsurable and non hedgeable.
区分不同的风险，分为可投保、可对冲、不可保和不可对冲。

3. Instruments for risk management

风险管理工具
Natural hedge.
自然对冲。
Cost and benefit: Transferable? Insurable? Self-insure?
成本与收益:可转让?可保?自保?

4. Constructing and implementing a strategy

制定和实施战略
Static or dynamic hedging: high costs, reliable models.
静态或动态对冲:成本高，稳定模型。
Investment horizons should be consistent with performance evaluations.
投资期限应与业绩评价一致。
Consider accounting issues and tax effects.
考虑会计问题和税收影响。

5. Performance evaluation

绩效评估
Eliminate the risk.
消除风险。
Reduce earnings volatility.
降低收益波动。
Lower the transaction costs of hedging.
降低对冲的交易成本。

Corporate Governance

企业管理

The board of directors should be

董事会应该做的
comprised of a minority of independent members in order to maintain a sufficient level of objectivity with regard to making decisions and approving management’s decision.
由少数独立成员组成，以便在作出决定和批准管理层的决定时保持足够的客观性。
watching out for the interests of the shareholders, and the interests of other stakeholders, such as debt holders.
留意股东的利益，以及其他利益相关者的利益，例如债权人的利益。

Management

管理
Management may have the incentive to take on greater risks in order to maximize personal remuneration that are not consistent with the objectives of the stakeholders in terms of long-term risk levels.
管理层可能有动机去选择更大的风险以最大化个人利益，这可能不符合利益相关者的长期投资风险等级的目标。

The C-suits

The chief executive officer (CEO) would not also be the chairman of the board because there is already an inherent conflict with the CEO being on both the management team and the board of directors.
首席执行官(CEO)也不会是董事会的主席，因为CEO同时在管理团队和董事会中存在内部的冲突。
The board should consider the introduction of a chief risk officer (CRO). The CRO would technically be a member of management but would attend board meetings.
董事会应考虑设立一名首席风控官。从技术上讲，首席风控官将是管理层的一员，但将出席董事会会议。
The CRO could report to the board and/or the management team.
CRO可以向董事会和/或管理团队报告。

Risk Management

Business and risk management strategies should strive for economic performance, not accounting performance.
业务和风险管理策略应该追求经济绩效，而不是会计绩效。
The board should set up several committees to fulfill risk governance:
董事会应成立多个委员会，以落实风险管理:
Risk Management Committee
风险管理委员会
Compensation committee
赔偿委员会
Stock-based compensation is not necessarily
基于股票的补偿不是必须的
Audit Committee
审计委员会
Audit committee members are now required to be financially literate so that they can carry out their duties.
审计委员会成员现在必须具备财务知识，以便能够履行其职责。
Ethical Committee
伦理委员会

Risk Governance

风险治理

Risk Advisory Director

风控咨询总监
A risk advisory director would be a member of the board (not necessarily a voting member) who specializes in risk matters.
风险咨询总监将是专门从事风险事务的董事会成员(不一定是有投票权的成员)。
Participate in audit committee meetings to support members.
参与审计委员会会议以支持成员。
An advisory director works to improve the overall efficiency and effectiveness of the senior risk committees and the audit committee.
谘询主任负责改善高级风险委员会和审计委员会的整体效率和成效。
Participate periodically in key risk committee meetings to provide independent commentary on executive risk reporting.
定期参加重要的风险委员会会议，对执行风险报告提供独立的评论。
Risk Appetite
风险偏好
The risk appetite might set out the types of risk that the firm is willing to tolerate.
风险偏好可能会列出公司愿意容忍的风险类型。

Describe Enterprise Risk Management

概述企业风险管理
 Traditionally, companies managed risk in organizational silos.
传统上,企业风险管理组织具有孤立性。（解释Silo mentality is an attitude that is found in some organizations; it occurs when several departments or groups within an organization do not want to share information or knowledge with other individuals in the same organization.）
 Risks were treated separately and often dealt with by different individuals or functions within an institution.
风险通常被区分为在一个机构的不同的个人或职能。
 A fragmented approach simply doesn’t work, because risks are highly interdependent.
简单的碎片化处理的方式不可行，因为风险是具有高度相互共存的
 Risk monitoring is not more efficient under the silo approach.
风险监控不是更有效的单一的方案
The problem is that individual risk functions measure and report their specific risks using different methodologies and formats.
问题是，单个风险职能评估和报告特殊的风险时需要用不同的方式和格式。
 In many companies, the risk functions produce literally hundreds of pages of risk reports, month after month.
在许多公司中，风险职能每月都能生成数百页的风险报告。

The Benefits of ERM（Enterprise Risk Management）

 ERM is all about integration, in three ways:
ERM综合来说，有三种方式:
 Enterprise risk management requires an integrated risk organization.
企业风险管理需要一个完整的风险组织。
 Enterprise risk management requires the integration of risk transfer strategies.
企业风险管理需要整合风险转移策略。
 Enterprise risk management requires the integration of risk management into the business processes of a company.
企业风险管理需要将风险管理集成到企业的业务流程中。

Organizational Effectiveness

组织有效性
 Risk Reporting
风险报告
 Business Performance
业绩

The Role and Responsibilities of a Chief Risk Officer (CRO)

首席风险官的角色及职责
Providing the overall leadership, vision, and direction for enterprise risk management;
为企业风险管理提供全面的领导、愿景和方向;
Establishing an integrated risk management framework for all aspects of risks across the organization;
为整个组织的风险的所有方面建立一个综合的风险管理框架;
Developing risk management policies, including the quantification of the firm’s risk appetite through specific risk limits;
制定风险管理政策，包括通过具体的风险限额量化公司的风险偏好;
Implementing a set of risk indicators and reports, including losses and incidents, key risk exposures, and early warning indicators;
执行一套风险指标和报告，包括损失和事故、关键的风险敞口和预警指标;
Allocating economic capital to business activities based on risk, and optimizing the company’s risk portfolio through business activities and risk transfer strategies;
基于风险将经济资本配置到业务活动中，通过业务活动和风险转移策略优化公司的风险组合;
Communicating the company’s risk profile to key stakeholders such as the board of directors, regulators, stock analysts, rating agencies, and business partners;
向董事会、监管机构、股票分析师、评级机构和业务伙伴等关键利益相关者传达公司的风险概况;
Developing the analytical, systems, and data management capabilities to support the risk management program.
开发分析、系统和数据管理能力，以支持风险管理计划。

Problems with ERM

企业风险管理的问题
In many instances, the CRO reports to the CFO or CEO—but this can make firms vulnerable to internal friction when serious clashes of interest occur between corporate leaders.
在许多情况下，CRO向CFO或ceo报告——但是当公司领导人之间发生严重的利益冲突时，这会使公司容易受到内部摩擦的影响。
One organizational solution is to establish a dotted-line reporting relationship between the chief risk officer and the board or board risk committee.
一个组织解决方案是建立虚线向CRO和董事会或风控委员会报告
Another board risk oversight option is to alter existing audit committees to incorporate risk management.
其他董事会监管选择是改变现有的审计委员会，将风险管理纳入其中。
The lack of an ERM standard is also a significant barrier to the positive development of the CRO role.
缺乏ERM标准也是CRO角色积极发展的一个重要障碍。

An Ideal CRO would have Superb Skills in Five Areas

一个理想的CRO应该具备5个方面的高超技能

1. Leadership skills to hire and retain talented risk professionals and establish the overall vision for ERM.
   领导技能，雇佣和保留有才华的风险专业人员，建立ERM的整体前瞻性。
2. Evangelical skills to convert skeptics into believers, particularly when it comes to overcoming natural resistance from the business units.
   福音式的技巧，将怀疑论者转变成信徒，尤其是在克服来自商业单位的天然阻力时。
3. Stewardship to safeguard the company’s financial and reputational assets.
   维护公司的财务和声誉资产。
4. Technical skills in strategic, business, credit, market, and operational risks.
   具有战略、商业、信用、市场和运营风险方面的技术技能。
5. Consulting skills in educating the board and senior management, as well as helping business units implement risk management at the enterprise level.
   为董事会和高级管理人员提供咨询技能培训，以及帮助业务部门在企业层面实施风险管理。

Distinguish between Components of an ERM Program

区分ERM程序的部件
Corporate governance ensures that the board of directors and management have established the appropriate organizational processes and corporate controls to measure and manage risk across the company.
公司治理确保董事会和管理层建立了适当的组织流程和公司控制，以衡量和管理整个公司的风险。
Line management must align business strategy with corporate risk policy when pursuing new business and growth opportunities.
在寻求新的业务和增长机会时，直线管理必须使业务策略与公司风险政策相一致。
Portfolio Management: Management should act like a fund manager and set portfolio targets and risk limits to ensure appropriate diversification and optimal portfolio returns.
投资组合管理:管理人员应该像基金经理一样，设定投资组合目标和风险限制，以确保适当的多样化和最佳的投资组合回报。
Risk Transfer
风险转移
Portfolio management objectives are supported by risk transfer strategies that lower the cost of transferring out undesirable risks, and also increase the organization’s capacity to originate desirable but concentrated risks.
项目组合管理目标受到风险转移策略的支撑，这些策略降低了转移不良的风险的成本，也增加了组织良好发展的能力，但集中了风险。
Risk Analytics
风险分析
The development of advanced risk analytics has supported efforts to quantify and manage credit, market, and operational risks on a more consistent basis.
高级风险分析的发展在更一致的基础上支持了量化和管理信贷、市场和运营风险。
Data and Technology Resources
数据和技术资源
One of the greatest challenges for enterprise risk management is the aggregation of underlying business and market data.
企业风险管理面临的最大挑战之一是集合潜在的业务和市场数据。
Stakeholder Management
利益相关者的管理
Risk management is not just an internal management process. It should also be used to improve risk transparency in a firm‘s relationship with key stakeholders.
风险管理不仅仅是一个内部管理过程。它还应该用于促进风险暴露给企业的关键利益相关者。
An important objective for management in communicating and reporting to these key stakeholders is an assurance that appropriate risk management strategies are in effect.
一个重要目标是，在向这些管理层的关键利益相关者进行沟通和报告时，确保适当的风险管理策略的有效性。

Should Banks Take No Risks?

银行应该不承担风险吗?
Banks cannot succeed without taking risks that are expected to have a profitable outcome.
不承担风险的话银行就不可能成功赚到钱
The goal of risk management for banks is not to eliminate or minimize risk, but rather to determine the optimal level of risk - the level that maximizes bank value subject to the constraints imposed by
regulators, laws, and regulations.
银行风险管理的目标不是消除或最小化风险，而是确定风险的最优水平，即在受到管理者、法律和法规。
A bank should take any project that is expected to earn more than its cost of capital, while taking into account the costs associated with the impact of the project on the bank’s total risk.
银行应考虑到与项目对银行总风险的影响相关的成本，同时接受任何预期收益超过其资本成本的项目。
Decisions to take on new projects and associated risks cannot be evaluated in isolation; they must be assessed in terms of their impact on the overall risk of the bank.
不能孤立的决定是否承担一个新项目和有关风险;必须根据对银行整体风险的影响来评估它们。

Should Banks Take More Risks?

银行应该承担更多风险吗?
Banks that operate with too much risk cannot conduct their business even if regulators allow them to do so because they find it hard to fund themselves.
即使监管机构允许风险过高的银行开展业务，它们也无法开展业务，因为它们发现很难为自己融资。
The market’s perception that a bank has too much risk can reduce its value by limiting its ability to attract such deposits.
市场认为银行风险太大，这可能会限制其吸引此类存款的能力，从而降低其价值。
The possibility that an unexpected downturn in a bank’s cash flow could lead to its financial distress sometime in the future should reduce the value of the bank today.
一家银行的现金流意外下滑可能在未来某个时候导致其财务困境，这种可能性应该会降低这家银行目前的价值。
Banks with very different strategies, or liability and asset structures, could well end up having very different credit ratings, and different attitudes toward risk.
拥有不同策略，或负债和资产结构的银行，很可能最终拥有不同的信用评级，以及对风险的不同态度。

Determining A Bank’s Risk Appetite

决定银行的风险偏好
The size and importance of financial distress costs-and hence a bank‘s optimal credit rating will depend on a bank’s business model and investment opportunities.
财务困境成本的大小和重要性——因此银行的最佳信用评级将取决于银行的商业模式和投资机会。
Most banks that expect to add value mainly through “traditional” activities such as deposit will choose to maintain a low-risk profile.
大多数银行希望主要通过存款等“传统”活动实现增值，选择保持低风险的方式。
By contrast, banks and other financial institutions with less reliance on deposit-gathering activities are likely to see more value in targeting a less restrictive.
相比之下，银行和其他金融机构对存款收集活动依赖程度较低的，可能更愿意将目标锁定在限制程度较低的价值更高的活动中。

Taking Social Costs into Account

考虑到社会成本
The critical difference between banks and less regulated industrial companies is the potential for bank failures to have system-wide effects.
银行与监管较少的工业企业之间的关键区别在于，银行倒闭可能会对整个系统产生影响。
Because of the role of banks in the economy and the consequences of bank failures, regulators impose restrictions on banks’ ability to take risks on the asset side and require banks to satisfy minimal capital requirements.
由于银行在经济中的作用以及银行倒闭的后果，监管机构对银行在资产方面承担风险的能力施加了限制，并要求银行满足最低资本金要求。
This of course means that banks choose their level of risk subject to external constraints. But the critical point is that such constraints do not change our earlier conclusions: namely, that there is an optimal level of risk for a bank.
当然，这意味着银行要根据外部约束来选择自己的风险水平。但关键是，这些限制不会改变我们早先的结论:即银行存在一个最佳风险水平。

How Does Risk Management Destroy Value?

风险管理如何破坏价值?
There are two fundamentally different ways that risk management can destroy value for a bank.
风险管理可以通过两种根本不同的方式破坏银行的价值。
First, it can fail to ensure that the bank has the right amount of risk.
首先，它可能无法确保银行拥有适当的风险。
Second, is by failing to exercise the right amount of flexibility when the circumstances call for it.
第二，当情况需要时，未能行使适当的灵活性。
When risk management becomes too inflexible, risk managers come to be viewed within the institution as “policemen”, obstacles to be circumvented rather than partners in creating value. Striking the right balance between helping the firm take risks efficiently and ensuring that employees don‘t take risks that destroy value is a critical challenge.
当风险管理变得过于僵化时，在机构内部，风险经理就会被视为“警察”，在创造价值方面需要规避的障碍，而不是合作伙伴。在帮助企业有效地承担风险和确保员工不承担损害价值的风险之间取得恰当的平衡，是一个关键的挑战。

Using VaR to Target Risk

【解释】：VaR(Value at Risk) 一般被称为“风险价值”或“在险价值”，指在一定的置信水平下，某一金融资产（或证券组合）在未来特定的一段时间内的最大可能损失。与传统风险度量手段不同，VaR完全是基于统计分析基础上的风险度量技术，它的产生是JP摩根公司用来计算市场风险的产物。但是，VaR的分析方法正在逐步被引入信用风险管理领域。
利用VaR来锁定风险
To make use of VaR within this risk framework, a bank’s management would begin by translating its risk appetite into a targeted probability of experiencing losses that are expected to result in financial distress or in default.
要在这种风险框架下使用VaR，银行管理层首先要将其风险偏好转化为预期将导致财务困境或违约的损失的目标概率。
Risk management can target the bank’s VaR by setting limits on the VaRs of all the units.
风险管理可以通过对所有部门的可变价值设定限制来锁定银行的可变价值。

The Limits of Risk Measurement

风险度量的极限
Three reasons for the drawbacks of VaRs
VaRs的缺点有三个原因
First, aggregating VaR measures to obtain a firm-wide risk VaR measure is fraught with problems.
首先，汇总VaR度量以获得全公司的风险VaR度量充满了问题。
Second, VaR does not capture all risks.
其次，VaR并不能涵盖所有风险。
Third, VaR has substantial model risk.
第三，VaR具有很大的模型风险。
For most banks, however, a firm-wide VaR that is obtained by aggregating market, credit, and operational risks will not reflect all risks. Such an approach often fails to capture some core business risks that are not modeled as part of operational risk.
然而，对于大多数银行来说，通过汇总市场、信贷和运营风险而获得的全公司VaR并不能反映所有风险。这种方法经常不能捕获一些没有建模为操作风险一部分的核心业务风险。
Mistakes in correlation estimates.
估计中相关的错误。

Incentives, Culture, and Risk Governance

激励、文化和风险治理
Risk managers face potential conflicts with managers whose main concern is the profitability of their own units. Hence, for risk management to work well, executives with in the firm must have reasons to care about the firm as a whole.
风险经理面临着与主要关注自身部门盈利能力的经理之间的潜在冲突。因此，为了让风险管理发挥良好的作用，公司内的高管必须有理由关心整个公司。
It is impossible to set up an incentive plan that is so precisely calibrated that it leads executives to take the right act ions in every situation.
建立一个经过如此精确校准的激励计划是不可能的，它会导致高管在任何情况下都采取正确的行动。
Because of the limits of risk management and incentives, the ability of a firm to manage risk properly depends on its corporate culture as well.
由于风险管理和激励机制的局限性，企业对风险的正确管理能力也取决于企业文化。
Shareholders gain initially from the better governance, but these gains are partly offset over time because of the change in the culture of the firm.
股东最初从更好的治理中获益，但随着时间的推移，由于公司文化的变化，这些收益在一定程度上被抵消了。

Effective Risk Data Aggregation

有效风险数据汇总
Effective risk data aggregation enables smoother bank resolution by relevant authorities, thereby reducing the potential recourse to tax payers.
有效的风险数据汇总使相关部门能够更顺畅地解决银行问题，从而减少了纳税人的潜在追索权。
A robust data framework helps banks / supervisors anticipate problems ahead. At the same time, it improves the prospects of finding alternative options to restore financial strength and viability under stressful situations.
稳健的数据框架有助于银行/监管机构提前预见问题。与此同时，它改善了在紧张情况下寻找其他选择以恢复财政实力和生存能力的前景。
Improvement in risk data aggregation capabilities leads to increased profitability as a result of increases in efficiency, reduction in probability of losses and enhanced strategic decision-making.
风险数据汇总能力的改进导致了效率的提高、损失概率的降低和战略决策的增强，从而提高了盈利能力。

Key Governance Principles

关键的治理原则
1.A bank’s board / senior management should
银行的董事会/高级管理层应该这样做
promote the identification, assessment and management of data quality risks as part of its overall risk management framework.
促进数据质量风险的识别、评估和管理，作为其整体风险管理框架的一部分。
review and approve the bank’s group risk data aggregation and risk reporting framework to ensure that adequate resources are deployed.
审查和批准银行集团风险数据汇总和风险报告框架，以确保部署足够的资源。
2.A bank’s risk data aggregation capabilities and risk reporting practices should be
银行的风险数汇总合能力和风险报告实践应该是
Fully documented and subject to high standards of validation. Moreover, these should be unaffected by the bank’s group structure, including its legal organization and geographical presence.
完全文档化，并符合高标准的验证。此外，这些应该不受银行集团结构的影响，包括其法律组织和地域存在。
Considered while evaluating new initiatives, such as: acquisitions / divestitures, new product development, and IT changes.
在评估新计划时考虑，例如:收购/剥离、新产品开发和IT变更。
Senior management should be fully aware of the limitations that prevent full risk data aggregation in terms of coverage, technicality and legality.
高级管理人员应该充分认识到，在覆盖范围、技术和合法性方面，阻止全面风险数据聚合的局限性。
A bank’s board is responsible for determining its own risk reporting requirements and should be aware of limitations that prevent full risk data aggregation in the reports it receives. The board should also be aware of the bank’s implementation of, and ongoing compliance with the Principles set out in the Basel Committee’s paper on “Principles for effective risk data aggregation and risk reporting”.
银行董事会负责确定其自身的风险报告要求，并应意识到妨碍在其收到的报告中全面汇总风险数据的局限性。董事会还应了解银行对巴塞尔委员会关于“有效风险数据汇总和风险报告原则”的文件中规定的原则的执行情况和持续遵守情况。

Data Architecture and IT Infrastructure

数据架构和IT基础设施
Risk data aggregation capabilities and risk reporting practices should be given direct consideration as part of a bank’s business
continuity planning processes and be subject to a business impact analysis.
作为银行业务连续性规划过程的一部分，应直接考虑风险数汇总能力和风险报告实践，并进行业务影响分析。
A bank should establish integrated data classifications and architecture across the banking group. Architecture should include
information on the characteristics of the data as well as unified naming conventions for data pertaining to legal entities, counterparties, customers and accounts.
银行应该跨银行组建立集成的数据分类和体系结构。体系结构应该包括关于数据特征的信息，以及与法律实体、对手方、客户和帐户相关的数据的统一命名约定。

Data Architecture and IT Infrastructure

数据架构和IT基础设施
Roles and responsibilities should be established as they relate to the ownership and quality of risk data. Business and IT functions, in partnership with risk managers, should ensure existence of adequate controls throughout the lifecycle of the data and for all aspects of the technology infrastructure.
应该建立角色和职责，因为它们与风险数据的所有权和质量有关。业务和IT功能与风险管理人员合作，应该确保在数据的整个生命周期和技术基础设施的所有方面都有适当的控制。
Business owners should ensure that data is correctly entered, kept current and aligned with the data definitions.
业务所有者应确保正确输入、保持最新并与数据定义保持一致。

Characteristics of a Strong Risk Data Aggregation Capability

具有较强的风险数据汇总能力的特点
Accuracy and Integrity
准确性和真实性
Risk data should be aggregated in a way that is accurate and reliable. That is, controls for risk data should be robust, the data
should be reconciled with other sources such as accounting data, each type of risk should come in the purview of a single
authority, and bank’s risk personnel should have sufficient access to risk data to ensure aggregation, validation and reconciliation of data to risk reports.
风险数据应以准确可靠的方式进行汇总。即风险控制数据应该是真实可靠的,应该与其他来源的数据如会计数据,每种类型的风险应该有一个权威的管辖范围,和银行的风险人员应该有足够的风险数据的访问,以确保收集、验证和解释的数据风险报告。

Completeness
完整性
Risk data aggregation capabilities should cover all material risks, including off-balance sheet exposures, and any exceptions
should be properly explained. Data should be available by business line, legal entity, asset type, industry, region, etc. to
allow for identification and reporting of risk exposures, concentrations and emerging risks.
风险数据汇总能力应涵盖所有重大风险，包括表外风险敞口，任何例外情况都应得到适当解释。数据应按业务类别、法律实体、资产类型、行业、地区等提供，以便识别和报告风险敞口、集中度和新出现的风险。

Timeliness
时效性
A bank should be able to produce aggregate risk information in a timely fashion to meet reporting requirements. It should also
be equipped to rapidly produce information on critical risks (counterparty credit exposures, aggregate exposure to a large
corporate borrower, trading exposure, market concentrations, etc.) to aid the board and senior management in decision making during times of crisis / stress.
银行应能及时提供汇总的风险信息，以满足报告要求。它还应该具备快速生成关键风险信息(对手方信贷敞口、对大型企业借款人的总体敞口、交易敞口、市场集中度等)的能力，以帮助董事会和高级管理层在危机/压力时期做出决策。

Adaptability
适配性
Data aggregation capabilities should allow for on-demand / ad hoc requests. Customization options (summary reports, key
takeaways, anomalies) should be available to address varying user needs. Additionally, the system should be capable enough
to allow for incorporation of changes resulting from new developments, changes in external factors, and changes in the
applicable regulatory framework.
数据汇总功能应该支持按需/临时请求。应该提供定制选项(摘要报告、关键结论、异常情况)来满足不同的用户需求。此外，该制度应具有足够的能力，以便纳入新的发展、外部因素的变化和适用的管制框架的变化所造成的变化。

Accuracy
精确度
Risk management reports should be accurate and precise. To ensure accuracy a bank should maintain: defined requirements and processes to reconcile reports to risk data, automated and manual edit and reasonableness checks, and integrated procedures for identifying, reporting and explaining data errors.
风险管理报告应准确无误。为确保准确性，银行应保持:定义的要求和流程以使报告与风险数据相一致，自动化和手动编辑和合理性检查，以及识别、报告和解释数据错误的综合程序。

Comprehensiveness
全面性
The reports should include exposure and position information for all significant risk areas (credit, market, operational risks) and all significant components of those risk areas as well as risk-related measures, which include regulatory and economic capital.
Additionally, risk management reports should identify emerging risk concentrations, provide information in the context of limits and risk appetite/tolerance and propose recommendations for action where appropriate. Furthermore, the reports should provide a forward-looking estimate of risk by way of forecast or scenarios for key market variables and their effect on the bank.
报告应包括所有重大风险领域(信贷、市场、经营风险)和这些风险领域的所有重要组成部分的敞口和头寸信息，以及与风险相关的措施，包括监管和经济资本。此外，风险管理报告应确定新出现的风险集中，在限制和风险偏好/容忍的范围内提供资料，并在适当时提出行动建议。此外，报告应通过对关键市场变量及其对银行的影响的预测或设想，提供对风险的前瞻性估计。

Clarity and Usefulness
清晰性和实用性
Risk reports should ensure that information is meaningful and tailored to the needs of the recipients while, at the same time,
reflecting an appropriate balance among detailed data, qualitative discussion, explanation and recommended conclusions. Moreover, a bank should develop an inventory and classification of risk data items which includes a reference to the concepts used to elaborate the reports.
风险报告应确保资料有意义，适合接受人的需要，同时反映详细数据、定性讨论、解释和建议结论之间的适当平衡。此外，银行应编制一份风险数据项目的清单和分类，其中包括参考用于详细编制报告的概念。

Frequency
频率/周期
A bank should assess periodically the purpose of each report and set requirements for how quickly the reports need to be produced in both normal and stress/crisis situations. A bank should routinely test its ability to produce accurate reports within established timeframes, particularly in stress/crisis situations.
银行应定期评估每一份报告的目的，并规定在正常情况和压力/危机情况下需要多快编制报告。银行应定期测试其在既定时间框架内，特别是在压力/危机情况下，提供准确报告的能力。

Distribution and Confidentiality
分布和机密性
Procedures should be in place to allow for rapid collection and analysis of risk data and timely dissemination of reports to all
appropriate recipients while, at the same time, ensuring confidentiality.
应制定程序，以便迅速收集和分析风险数据，并及时向所有适当的接受者分发报告，同时确保保密。