The Company has adopted the risk appetite framework, which organically aligns the Company’s business strategies and profits plans with the various risk management policies for centralized management.
Risk Governance
The Risk Management Committee reviews and determines the risk related significant matters to the extent delegated from the Board. It is responsible for the establishment and implementation of the risk-related policies such as “Rules for Market Risk Management,” “Rules for Credit Risk Management,” “Rules for Liquidity Risk Management,” and “Rules for Operational Risk Management”
- ・The risk management divisions that are independent from the operating divisions monitor the status of various risks and report the results of such monitoring on a regular basis to management, the Risk Management Committee and the Board of Directors.
- ・The product control division, which is part of the financial division, monitors the market values of financial instruments on a daily basis, as well as conducts independent verification, and reports the results to the Management Committee on a regular basis.
Risk Appetite Framework
The Company introduced Risk appetite framework (RAF) in 2013, which is a framework for organically aligning the Company’s business strategies and revenue plans with the various risk management policies for centralized management. In an effort to ensure an appropriate balance between profits and risks, as well as tighten risk governance and optimize capital management, the Company has articulated its basic policy on RAF in the Risk Appetite Statement (RAS), which comprises the Company’s Corporation Vision and the basic strategies, principles and policies on the Company’s permissible risks.
The Company formulates its business plans on the basis of RAS, and conducts monitoring on whether operations are being executed according to RAS, the results of which are reported on a regular basis to the Board of Directors and the Risk Management Committee.
- Risk Appetite Framework
- The risk appetite framework is a framework for formulating and implementing financial plans and business strategies based on our corporate vision through organic alignment with the risk appetite.
Market Risk
Market risk is managed using various methods including (a) the method based on the market risk amount, (b) the method based on stress testing, and (c) the method based on sensitivity analysis and other factors. The risk management divisions set the risk limit for each method and conduct monitoring on the status of compliance with such limits. The risk management division summarizes and reports the status of market risk management on a regular basis to the Market Risk Management Committee, Risk Management Committee and the Board of Directors.
(a) Management method based on the market risk amount
Market risk amount is defined as the amount of loss that may incur due to changes in the market under a given set of assumptions such as holding period and confidence interval, and the Company calculates the market risk amount using a measurement model based on historical simulation.
Market risk limits are allocated on an organizational level, i.e., to the units, divisions and departments of each business line, and the extent to which the limit consumed is monitored on a daily basis. These limits, as a general rule, are reviewed semi-annually.
Back-testing of the market risk amount is conducted on a monthly basis to verify the adequacy of the measurement model. Additionally, the internal audit division conducts periodic audits on the calculation process of market risk and ensures the appropriateness of the risk evaluation models adopted.
(b) Management method based on stress testing
The Company conducts weekly stress testing in order to constrain within a certain level the estimated loss that might incur if a stress event occurred due to major market changes, which cannot be monitored through the market risk amount alone. Additionally, the Company manages such losses by setting certain limits to the amount of loss calculated under such stress scenarios.
The method of stress testing, as a general rule, is reviewed semi-annually, upon taking into account factors including the Company’s risk position and market changes.
(c) Management method based on sensitivity
analysis and other factors
As means to complement the methods based on the market risk amount and stress testing described above, the Company fine-tunes its market risk management by setting various limits (“various parameter limits”) on the sensitivity of various market risk factors and on the transaction balances, according to the characteristics of each product and operation, and monitors the various parameter limits on a daily basis.
These various parameter limits, as a general rule, are confirmed for consistency with the market risk ceilings and reviewed semi-annually.
Credit Risk
The management methods of credit risk are different for “Counterpart credit risk,” “issuer risk” and “country risk.”
- ・Counterparty credit risk is managed by customer or customer group, and the decision to extend credit to a counterparty is made by the Risk Management Committee or parties that have been delegated such authority by the Risk Management Committee. Additionally, in order to avoid loss from bankruptcy of the counterparty, monthly stress testing is conducted on the credit portfolios and managed in a way to constrain the counterparty credit risk. In the stress testing, the Company calculates the increases in the amount of claims that might incur in a stress event including major changes in the market, as well as the amount of stress loss estimated in the scenario of bankruptcy of the customer (among 200,000 scenarios).
- ・Issuer risk is managed, as a general rule, through portfolio management that avoids concentration risk and other risks, by setting credit limits stipulated by each rating to the issuers of marketable securities held by the Company for trading purposes and to the reference entities of credit derivative transactions. Additionally, in order to avoid the credit concentration risk on any specific issuer, the Company sets credit limits by issuer group and industry sector.
- ・Country risk is managed by setting credit limits on the amount of country risk for each country.
The status of compliance with the above credit limits is monitored on a daily basis by the risk management division and reported on a regular basis to the Market Risk sub-Committee, the Risk Management Committee and the Board of Directors.
Liquidity Risk
The Company categorizes liquidity risk into stages (liquidity stages) according to the creditworthiness of the Company and the MUFG Group and the status of the funding market, and determines action plans and contingency plans on liquidity according to the respective stages. Additionally, the Company limits its inventory to within its ability to meet funding requirements, and in order to avoid concentration of funding sources, has set limits on the total assets held excluding Japanese government bonds (non-JGB aggregate limits) and the required funding amounts for a given period (required funding limits), and controls the extent to which these limits may be consumed. The Company also maintains liquidity buffers over a given period to ensure liquidity during a defined period (“survival period”) that will withstand liquidity stress, such as the suspension of the funding market. These non-JGB aggregate limits, required funding limits and survival period are monitored on a daily basis, and as a general rule, reviewed semi-annually, upon taking into account the Company’s creditworthiness and the market funding environment. Furthermore, the Company conducts daily liquidity stress testing to measure the funding status in funding stress events such as the suspension of the funding market, the results of which are reported by the risk management division to the Risk Management Committee and the Board of Directors on a regular basis.
Operational Risk
The Company defines operational risk as the loss incurred as a result of inadequate or failed internal processes, people or systems, or from external events. In specific terms, the Company categorizes operational risk into “operations risk,” “information asset risk,” “legal and compliance risk,” “human resource risk,” “tangible asset risk” and “reputation risk,” and conducts management of each type of risk commensurate with its scale and attributes. As operational risks are inherent in every aspect of operations, control self-assessment (CSA), etc. is conducted to recognize and evaluate the operational risk in the material internal control processes.
The management status of operational risk is summarized and reported to the Risk Management Committee and the Board of Directors by the risk management divisions on a regular basis.
Control Self-Assessment (CSA)
CSA refers to self-sustained activities to control risk, strengthen risk management and enhance internal controls through the identification and recognition of risks inherent in operations, the evaluation of risk levels and control activities, and the formulation and implementation of necessary measures.
Crisis Management Framework
Mitsubishi UFJ Morgan Stanley Securities (“the Company”) has established a framework where important matters related to crisis management are deliberated at and reported to the Management Committee or the Risk Management Committee.
Specifically, in order to minimize the impact on customers and the market in the event of disaster or other crisis, the Company, after clarifying the basic concept and criteria for crisis management, has established a basic policy for business continuity and has maintained a framework for the recovery plan for the infrastructures as well as business continuity plan.
Basic Policies for Business Continuity
- ・The Company gives top priority to ensuring the safety of its customers, officers, and employees.
- ・The Company takes quick recovery measures while protecting customers’ data and assets.
- ・In the event that an emergency disrupts our business and makes it difficult for the Company to continue all of its business operations, the Company shall strive to resume and continue prioritized operations in order to maintain customer livelihood, economic activities, and the functioning of the securities market. The company will also strive to minimize the impact on customers.
Outline of the Business Continuity Plan
The Company’s systems and networks are designed to support the continuation of critical operations.
The operations division and the systems division work together to implement measures to recover and continue operations.
In the event that a certain branch receives customer call but unable to process an order, the call will be forwarded to the Telephone & Online Trade Division, where the customer can place an order.
Infrastructure Improvements
- ・The Company has established a back-up site in the event it is unable to use its head office so that it can continue and resume critical operations.
- ・Emergency power generators are installed at the headquarters and at the back-up site in case of power outages.
- ・Important IT systems are installed at both the data center (main center, where data are processed at normal time) and the backup data center (sub-center). The sub-center, which follows the predetermined procedures, stores data necessary to resume operations.
The Company maintains a business continuity framework that covers not only disasters but also a wide range of other crisis events. The Company also regularly conducts drills to improve the effectiveness of this framework.
In particular, since natural disasters such as large-scale earthquakes and consequent large-scale power outages are expected to have a significant impact on its operations, the Company is reviewing its business continuity plans to improve its effectiveness and strengthening our business continuity framework, including the maintenance of backup systems.