Financial risks and operational risks that the OeNB incurs as a result of its central banking activities have a crucial impact on its financial result and on its ability to continue as a going concern. The OeNB’s risk management framework is based on binding rules; risk is determined by means of recognized procedures, and risk control is guaranteed through continuous monitoring. Moreover, regular reporting procedures have been put in place.
Financial Risk
Financial risk covers a range of collateral-related risks, basically market, credit and liquidity risk. Reserve asset and risk management principles are laid down in a rule book adopted by the OeNB’s Governing Board. Reserve assets are invested by the OeNB’s Treasury Department on the basis of a risk budget that reflects the risk limits designated by Governing Board, as adopted by the latter on proposal of the Risk Committee. The Risk Committee monitors compliance with the risk budget based on a recognized risk measurement system, and it reports regularly to the Governing Board. Strategies for broadening diversification to include new currencies and instruments must be authorized by the Governing Board. In line with international trends, the OeNB has implemented an integral risk management framework to monitor financial risk.
Market Risk
Market risk is the risk of exposure arising from movements in markets, in particular exchange rate and interest rate changes. The Investment Committee generates a suitable investment allocation framework subject to risk budget constraints. The Governing Board sets concentration limits for each currency and defines a standard allocation. Currency risk and interest rate risk are managed in line with the limits imposed by the risk budget. Compliance with the risk budget is monitored with VaR calculations based on one-year horizons and confidence intervals of 99%.
The actual risk exposure depends on the amount of assets invested, including gold and Special Drawing Rights, as well as on the amount of own funds and earmarked funds invested.
In addition, the OeNB makes provision for ECB and Eurosystem risks commensurate to its relative capital share in the ECB’s paid-up capital. The OeNB employs generally recognized calculation models to determine pro-rata Eurosystem risks and other market risks not covered by the risk budget.
The risk involved in real estate holdings is calculated using an index for real estate stocks.
Credit Risk
Credit risk is the risk that a counterparty will fail to meet some or all of its obligations. Risk management relies on a credit risk limit system which provides real-time information on all risk limits and risk exposures. The ECB monitors credit risk arising from securities used for monetary policy purposes; OeNB risk reporting accounts for this risk on a pro rata basis. Because of discrepancies between the calculation methods, in particular compared to the methods to calculate pro-rata ECB and Eurosystem credit risk, provision for credit risk is made under other risks specific to central banks.
Liquidity Risk
Liquidity risk is the risk arising from a counterparty’s inability to meet its financial obligations in a timely manner or in full, because it may not have sufficient liquid funds to meet its obligations. To avoid this risk, the OeNB deals only with creditworthy counterparties, with security and liquidity considerations taking precedence over yield.
Other Risks Specific to Central Banks
Apart from the risks described above, NCBs are also subject to other specific risks arising from fulfillment of their mandate. The OeNB is aware of these risks, takes measures to reduce them and makes appropriate provisions.
Operational Risk
Operational risk is the risk of incurring losses due to defects, inadequate procedures or systems, human error or unforeseen events affecting operations. Management of operational risk is provided for by the rules laid down in the OeNB’s Risk and Crisis Management Handbook. Risk valuation takes into account the impact of various risk scenarios on the OeNB’s reputation, on costs, and any resulting losses, and is an ongoing process. Reports are submitted to management at half-year intervals.
The table below shows financial risk and related financial provisions at year-end 2009 and 2010.
| Financial Risk and Financial Provisions on December 31 | |||||
| Financial risk | Financial provisions | ||||
| 2010 | 2009 | 2010 | 2009 | ||
| EUR million | |||||
| Treasury Department risk budget | 5,455 | 4,282 | 2,851 | 1,768 | Revaluation accounts1 |
| 1,080 | 1,290 | Reserve for nondomestic and price risks | |||
| 1,524 | 1,224 | Risk provisions | |||
| Other financial risks and risks specific to central banks2 | 957 | 799 | 893 | 683 | Reserve for nondomestic and price risks |
| 64 | 116 | Provisions in respect of monetary policy operations of the Eurosystem | |||
| Total | 6,412 | 5,081 | 6,412 | 5,081 | |
| Risk arising from real estate holdings | 25 | 25 | Covered by related hidden reserves | ||
|
1 Revaluation accounts are included in financial provisions subject to the prohibition of netting.
2 Includes credit risk, pro-rata Eurosystem risk and other risk. |
|||||
Funds earmarked for appropriation by the Anniversary Fund for the Promotion of Scientific Research and Teaching may be used to cover any loss for the year.
IT Security Policy
IT security policy defines guidelines and provisions to guarantee a high level of security for the development, operation and use of IT systems at the OeNB. The following bodies and persons have key responsibilities in the IT security process:
- The IT Security Forum, which provides advice on IT security and coordinates and controls related activities;
- The IT security manager, who is responsible for the technical accuracy of the measures submitted for approval as well as for initiating and implementing IT security processes;
- The IT security experts, who are responsible for drafting and implementing IT security guidelines and IT specifications; and
- The technical experts in charge of the respective products.
Regular tests and reports are part of the framework of the IT security processes.