Before deciding whether these risks should be managed separately or together, they should first be defined. Market risk, or systematic risk, is risk that results from the characteristic behaviour of an entire market or asset class. It is the risk inherent in dealing in a market where prices may change. The business definition of market risk is “the risk that, because general market pressures will cause the value of an investment to fluctuate, it may be necessary to liquidate a position during a down period in the cycle.” It is often associated with losses due to unfavourable market conditions, such as price movements or sudden devaluation of currency. It may also stem from the movement in stock prices, interest rates, exchange rates and commodity prices. Basically, market risk is the risk arising from changes in the markets where the organisation operates, that affect the entire market and are usually unavoidable.
Credit risk is the possibility of loss due to the inability of a company to recover what is owed to it or the non-fulfilment of contractual obligations. When financial institutions offer credit cards or any other type of loan, there is a risk that the borrower may not have the ability to repay the loan. If a company extends credit to a customer, there could be a risk of the customer not paying when the invoice is due. Credit risks are identified based on the borrower’s overall likelihood to repay the loan. The five Cs – credit history, capacity to repay, conditions of the loan, capital, and associated collateral – are applied when assessing a borrower’s credit worthiness. If a borrower defaults, the lender’s cash flow may be adversely impacted.
The Basel Committee defines Operational risk as “The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.” This definition includes legal risks but excludes strategic and reputational risk. It can be triggered by physical events, employee error or criminal activity, among other factors. It can originate from people inside or outside the organisation or be the result of natural disasters such as earthquakes, hurricanes or tsunamis. Embezzlement or employee fraud, insider trading, cybercrime, discrimination, regulatory compliance violations, negligence, unsafe practices or inconsistent work policies are also examples of operational risk. Human error tends to cause most of it.
Beyond these definitions of risks – which are not exhaustive and vary according to businesses, industry and environment – it is evident that any business concern today has to deal with one or more of them; very often simultaneously and at varying levels of intensity. Market, credit and operational risks are related to each other, and should be managed holistically, not as separate elements. Consider, for instance commodity price risks, which are usually regarded as part of market risk. A commodity like crude oil can fluctuate in price, depending on output from various countries.
Political conditions like Brexit or the war in Ukraine may impact negatively on output and logistics, driving up its price. When the price of oil rises, it affects traders, investors, consumers and producers. The price of petrol may increase, causing a rise in transport costs that will have to be borne by distributors. This eats into their revenue, making it difficult to meet their financial obligations like servicing loans or paying their suppliers. Not only that, price changes inevitably put a strain on the supply chain, which always has a knock-on effect on the economic performance of other industries.
Most organisations recognise and accept that neither their people nor their processes are perfect. Errors will occur, and operations will be affected. Unaddressed operational risk issues can cause financial losses, competitive disadvantage and business failure. But there are many areas where market, credit and operational risks intersect, and the situation becomes complicated. For example, ignoring credit risk was one of the major contributing factors of the 2008 Financial Crisis. High-risk borrowers were given loans for mortgages, which they failed to service. This led to major banks suffering extensive losses.
With hindsight, it can be seen that there was systemic failure to properly account for credit risk but there was also incorrect assessment of the likelihood of default on loans. These were the result of human error; they are examples of how each of the risks is related to the other, and the cause and effect they have on each other. Not only did the borrowers get into debt, the lenders also experienced disruption to their business, some to extreme degrees. Many lending institutions were so badly affected that they shuttered permanently.
Unpaid loans resulted in the loss of interest on the debt and the unpaid principal amount, seriously eroding the cash flows of the party which provided the credit. With the sub-prime mortgage issue in the US, there was overall failure to adhere to company policy and procedures, as well as lax enforcement that contributed to systemic failure. However, analysts do acknowledge that it can be difficult to pinpoint where market and credit risk end, and operational risk begins.
A simultaneous manifestation of market, credit and operational risk can result in extensive economic damage. Risk managers therefore cannot afford to consider them separately; they need to be considered in tandem with each other, monitored and assessed in real time, to minimise untoward impact. What needs to be tracked will depend on the kind of business or industry the organisation is in. Continuous monitoring of the business environment is a prerequisite; the data collected can be used to track trends and trace weaknesses or red-flag potential threats. Training is imperative. Staff needs to be aware of these risks and be able to raise the alarm at the first sign of a potential problem.