Summary of the 20 Risk Standards
|
I. Management
Risk Standard 1: Acknowledgment of fiduciary responsibility
Fiduciary responsibilities should be defined in writing and acknowledged in writing by the parties
responsible.
Risk Standard 2: Approved written policies, definitions, guidelines and investment documentation
The Primary and Manager Fiduciaries should approve formal written policies which reflect their overall
risk management objectives. The Primary and Manager Fiduciaries also should approve investment guidelines, management agreements and all other contracts that govern investments. Technical terms
should be defined. All policies, definitions, guidelines and investment documentation should be reviewed and updated as appropriate and more often if significant market events or changes in strategy occur.
Risk Standard 3: Independent risk oversight, checks and balances, written procedures and controls
Oversight of compliance with risk policies should be independent of line investment activity and
conducted according to up-to-date, written policies and procedures. Front, middle, and back office activities should be separate wherever possible and sufficient checks and balances and appropriate
controls should exist. When separation is not possible due to limited staff, alternative checks, balances and controls should be established.
Risk Standard 4: Clearly defined organizational structure and key roles
Organizational structure and reporting lines should be defined clearly and distributed to all parties. Key
personnel and their roles in all front, middle and back office areas should be identified. Changes in key personnel should be communicated immediately to all relevant parties.
Risk Standard 5: Consistent application of risk policies
The Primary Fiduciary's risk policies should apply both to internal and external managers and should be
consistent across similar asset classes and strategies.
Risk Standard 6: Adequate education, systems and resources, back-up and disaster recovery plans
The Primary and Manager Fiduciaries should ensure that adequate education, systems and resources
are available to implement and administer their risk policies. They should also establish and test back-up procedures and disaster recovery plans.
Risk Standard 7: Identification and understanding of key risks
Risks should be analyzed to determine relevancy. This entails understanding strategies and their
vulnerabilities, as well as assumptions built into an instrument, system, process, model or strategy. Key risks should be reviewed periodically as well as when significant events occur.
Risk Standard 8: Setting risk limits
Risk limits should be set for the aggregate portfolio and all individual portfolios. These may include limits
on asset classes, individual instruments and specific types of risk.
Risk Standard 9: Routine reporting, exception reporting and escalation procedures
The Primary and Manager Fiduciaries should specify what positions, risks and other information must be
reported and to whom. This policy also should define what constitutes required reporting or an exception to guidelines, to whom the exception should be reported, what action must be taken for
different levels of violation and what procedures must be followed for ongoing or increased violations.
II. Measurement
Risk Standard 10: Valuation procedures
All readily priced instruments should be valued daily, less-readily priced instruments at least weekly and
non-readily priced instruments as often as feasible and whenever a material event occurs. The pricing mechanism and methodologies must be known, understood, follow written policies and be applied
consistently by the Primary and Manager Fiduciaries, Managers, custodian and other subcontractors.
Risk Standard 11: Valuation reconciliation, bid/offer adjustments and overrides
Material discrepancies in valuations from different sources should be reconciled following
established procedures. A procedure for bid/offer adjustments and overrides to valuations should be established in writing and monitored independently.
Risk Standard 12: Risk measurement and risk/return attribution analysis
The Primary and Manager Fiduciaries should regularly measure relevant risks and quantify the key
drivers of risk and return.
Risk Standard 13: Risk-adjusted return measures
Risk-adjusted returns should be measured at the aggregate and individual portfolio level to gain a true
measure of relative performance.
Risk Standard 14: Stress testing
Simulation or other stress tests should be performed to ascertain how the aggregate portfolio and
individual portfolios would behave under various conditions. These include changes in key risk factors, correlation’s or other key assumptions and unusual events such as large market moves.
Risk Standard 15: Back testing
Risk and return forecasts and models should be back tested at least quarterly and whenever material
events occur to assess their reliability.
Risk Standard 16: Assessing model risk
Dependence on models and assumptions for valuation, risk measurement and risk management should be evaluated and monitored.
III. Oversight
Risk Standard 17: Due diligence, policy compliance and guideline monitoring
The Primary and Manager Fiduciaries should perform frequent, independent reviews of all Managers'
risk policies and controls. Where policies and controls fall short of the requirements set forth by the Primary or Manager Fiduciaries, plans for future compliance or corrective action should be documented
and communicated. Managers should ensure continuing compliance with their clients' risk policies and guidelines.
Risk Standard 18: Comparison of Manager strategies to compensation and investment activity
The Primary Fiduciary should require each Manager to submit a statement of strategy and ensure that
the Manager's activities and compensation are consistent with that strategy. Key risk and return factors should be documented and reviewed at least annually and updated whenever the strategy changes.
Risk Standard 19: Independent review of methodologies, models and systems
All methodologies, models and related systems should be independently reviewed or audited prior to
use as well as annually. Significant market moves or changes in market practice should trigger interim reviews.
Risk Standard 20: Review process for new activities
The Primary and Manager Fiduciaries should document the review process for permitting the use of new
instruments, strategies or asset classes. Policies for initiating new activities should be consistent with the Primary and Manager Fiduciaries' risk and return goals as well as the Manager's strategy and expertise.