Skip to content

RESERVE BANK OF AUSTRALIA

Risk Management Policy

Go To

Overview

The aim of the Reserve Bank's risk management policy is to ensure a co-ordinated approach to managing non-policy risks within the Reserve Bank of Australia that is consistent with the Bank achieving its policy and operating objectives in an effective way. In doing so, it follows accepted standards and guidelines for managing risk, particularly those used by public and financial institutions.

back to top

Definitions

Risk management is about understanding and managing the Bank's risk environment – i.e. the risks to which the Bank is exposed – and taking measures, where necessary, to ensure those risks are contained to acceptable levels.

back to top

Philosophy

The general philosophy underpinning the Bank's approach is that risk management is an integral part of the management function in the organisation and, as such, is the clear responsibility of management.

The Bank is committed to ensuring that effective risk management remains central to all Reserve Bank activities, and a core management competency. The aim is to ensure that risk management is embedded in the Bank's processes and culture, and that this activity makes an effective contribution to achieving the Bank's core objectives.

back to top

Attitude to Risk

In common with most central banks, the Reserve Bank of Australia is an institution that seeks to manage risk carefully. This reflects the view that satisfactory fulfilment of its important public-policy responsibilities would be seriously jeopardised if poorly managed risks were to result in significant financial losses and/or damage to the Bank's reputation. The Bank's management is aware of the high standards that the community expects of its central bank.

The Reserve Bank recognises that it cannot eliminate the risks involved in all its activities completely. Rather, the Bank manages those risks against the backdrop of its risk appetite.

back to top

Coverage

This policy covers the full spectrum of financial, market, credit, operational, reputational and other risks, but not the risks inherent to the Bank's core monetary, financial stability and payments policy functions, which remain the responsibility of the Governor and the Reserve Bank and Payments System Boards.

The risks associated with the ownership of Note Printing Australia and Securency are also covered by this policy, though the day-to-day activities of these entities are the responsibility of their respective management and boards.

back to top

Governance Structure

The Governor, as the chief executive of the Reserve Bank, has overall responsibility for management of the organisation, but day-to-day management of the various groups and departments in the Bank – including risk management – is delegated to the respective Assistant Governors or department heads in charge of those groups or departments.

The Risk Management Committee (RMC) oversees the Bank's overall risk management practices via a formal delegation from the Governor. The Committee comprises several senior officers and is chaired by the Deputy Governor. Its role is to ensure that the Bank's risks are identified, assessed and managed in accordance with this Policy. The Risk Management Committee provides minutes of its meetings to the Board's Audit Committee.

The Risk Management Unit (RMU) facilitates, co-ordinates and advises on the risk management process – to help groups and departments manage their risk environment in a manner that is broadly consistent across the Bank. The Unit does not, however, conduct risk management on behalf of groups and departments or assume ownership of, and responsibility for, those risks. From a governance perspective, the RMU reports to the RMC, and the Head of Risk Management, or an alternate, attends all meetings of the RMC.

Bank management in each group and department remains responsible for the management of risks, including associated controls and ongoing monitoring processes. Risks noted as part of this framework, which may have implications for other areas of the Bank, should be reported immediately to the RMU and the relevant departments. Additionally, reports on experiences that might assist the Bank in compiling and maintaining its risk profile (Incident Reports) should be promptly communicated to the RMU.

The RMC may establish working groups to develop strategies for the management of some Bank-wide risks, such as business continuity. The Committee retains oversight of these areas, from a risk management perspective, and the RMU ensures appropriate co ordination across the Bank.

The Risk Management Committee may request the RMU to conduct ‘one-off’ risk reviews of either a process or across functional lines if that is judged appropriate (e.g. Bank-wide handling of sensitive information/data).

Audit Department co-ordinates closely with – but remains separate from – the RMU. Audit provides independent assurance that the Bank's risk management policy is adhered to. In addition, Audit independently reviews departmental procedures to assess if they provide effective control. This work draws on risk documentation and reports of core business areas to help ensure that the approach reflected in these documents is both risk focused and consistent with the views of management in the areas being audited. Audit reports independently to the Board's Audit Committee on both the risk profiles of groups and departments as well as the effectiveness of relevant controls. Copies of these reports are made available to the RMU.

The RMU falls within the scope of internal audit reviews. An external independent review of its function may also be commissioned by the RMC.

back to top

Framework for Managing Risk

The Bank's framework for managing risks is consistent with the accepted Australian standard, and comprises several basic steps:

  • Identifying and analysing the main risks facing the Bank.
  • Evaluating those risks – making judgements about whether they are acceptable or not, and prioritising unacceptable risks for action.
  • Treating unacceptable risks – taking action to reduce the probability or consequences of an event and/or transferring the risk to another party.
  • Acknowledging residual risk and, where appropriate, forming contingency plans.
  • Documenting these processes, with summary tables (risk registers) the main forms of documentation, supplemented by risk manuals or related documents as appropriate.
  • Ongoing monitoring, communication and review.

While the framework is applied consistently across the Bank, individual groups and departments must continue to identify and analyse the risks in their own areas, assess the controls in place to deal with those risks, and make decisions about whether to mitigate a particular risk – fully or partially – given its effects and the costs of mitigation. If a residual risk is judged unacceptable, the ‘owner’ group or department is responsible for developing and overseeing a remedial plan.

Where risks are considered ‘cross-sectional’, i.e. owned by one area and managed by another (e.g. IT-related risks), a process is established for ensuring the risks are both communicated, and action agreed, between the areas concerned.

back to top