0%
 

Welcome

Welcome to Strategic Risk

Strategic risks are risks that can have a sustained impact to the firm’s core strategic objectives as measured by impacts on anticipated earnings, market capitalization, or capital, arising from either external factors affecting the firm’s operating environment; as well as risks associated with defining and executing the strategy, which are identified, measured and managed as part of the Strategic Risk Program at the Enterprise Level.

The objective of our Strategic Risk Policy is to manage these risks.

In this intermediate course, you’ll discover why strategic risk is important, the risk routines used to identify, measure, monitor, control and report strategic risks, and the links between strategic risk and other firm-wide processes.

If you are accessing the course from a personal device directly over the Internet (outside of the Citi network), some links may not work if they point to content within Citi’s network. This will not impact your ability to complete the course.

Scroll down to continue.

Course Navigation Tips

The Home button at the end of each topic takes you to the Home page.

The Menu button provides access to the individual topics.

The Resources button provides a list of useful links.

The Switch Language button lets you switch to a different language.

The Close button ends your training session and closes the course window.

Citi’s Enterprise Risk Management Training Program

Why This?

Citi’s culture and values are at the heart of how business is conducted. A strong risk and control environment is a key enabler of Citi’s culture of excellence.

This intermediate course is part of Citi’s Enterprise Risk Management Training Program (ERMTP). ERMTP is a series of courses which will build your understanding of your risk and control responsibilities.

Why Now?

Citi has a standard framework for managing risk. As part of Citi's Enterprise Risk Management Framework (ERMF) supporting capabilities, we are committed to equipping employees with knowledge to carry out day-to-day risk and control responsibilities. 

Why Us?

Managing risk is everyone’s job at Citi. We are all risk managers. Risk is inherent to Citi’s business and cannot be avoided. Everyone must be vigilant and manage risk with consistency, and accountability including compliance with applicable laws and regulations. 

The Enterprise Risk Management Framework (ERMF) is Citi’s standard for managing risk.

Everyone is responsible for escalating risks and concerns, and Citi provides an environment where this can be done without fear of retribution.

It is your responsibility to understand your role as it relates to managing risk, taking complete ownership of your actions, and supporting Citi in identifying and managing risk every day.

Introduction

This course will provide you with an understanding of Strategic Risk.

After completing this course, you will be able to:

  • Describe what Strategic Risk is and why it differs from other types of risk
  • Explain why it is important for Citi to actively manage strategic risk
  • Articulate how Citi manages Strategic Risk within the context of the Risk Management Lifecycle
  • Describe linkages between Strategic Risk and other firm-wide processes
  • Describe how Strategic Risk is integrated with other risk management routines, such as Risk Identification, Risk Appetite & Limits, and where activities are unique, such as the SWOT analyses

Welcome

Are you already familiar with Strategic Risk?

If so, this training includes an opportunity for you to demonstrate your knowledge by completing a Test Out. Successful completion of the Test Out will allow you to take an accelerated path through the training by skipping the training content to receive credit for the course.

To continue to the Test Out, select the Take the Test Out button.

If you prefer to skip the Test Out and go straight to the content, select the Start the Course button.

NOTE: If you are a new employee with Citi, it is recommended that you skip the Test Out and continue with the course content when presented with the option.

Why Is Strategic Risk Important?

Why Is Strategic Risk Important?

Hi there, I'm Margo, here to guide you through Strategic Risk today and to check on how you’re doing along the way.

First a quick word about why we’re here. We’re here because Strategic Risk matters.

Strategic risks pose a real threat to Citi and can drastically impact our expected earnings, market capitalization and/or capital. They come from external factors, like the economy, what’s happening politically around the world, and the competitive landscape in which we operate. Society's changing too, customers, investors and shareholders are acting in different ways. And let’s not forget changes to rules and regulations in the financial sector. Strategic risks can also arise from internal factors, when defining and executing on the strategy.

Understanding Strategic Risk is like having a map in a minefield. It shows us where the trouble might come from, so we can be ready for it.

So, let's get started on our journey by first looking at what Strategic Risk looks like with a real-world example.

Scroll down to continue.

Strategic Risk Management Gone Wrong

In the US, Silicon Valley Bank (SVB) provided banking services to nearly half of the country’s venture capital-backed technology and life-science companies and to more than 2,500 venture capital firms.

To proceed, select the arrow on the right to discover what went wrong at SVB.

 

SVB’s Strategy

SVB’s board of directors and management failed to manage their risks, which included a highly concentrated client base (in the technology sector) and a reliance on uninsured deposits. This left the bank exposed to the combination of rising interest rates and slowing activity in the tech sector. Although it did what most banks typically do – keeping small amounts of its deposits in cash and using the rest to buy long-term debt like Treasury bonds. As the post-pandemic economy began heating up and the Federal Reserve began raising rates, SVB did not adjust its strategy. And as interest rates began to rise, the value of those assets started to decline.
 

Warning Signs

SVB started to see trouble when start-up funding began to dwindle, leading its heavily concentrated client base to tap their accounts more. The bank also had a significant number of big, uninsured depositors – the kind of investors who tend to withdraw their money during signs of turbulence.
 

Bank Failure

To fulfill its customers’ requests, the bank had to sell some of its investments at a steep discount. Once SVB’s large losses on the sale of these investments became apparent, its depositors panicked and pulled their money, resulting in a run on the bank.

Ultimately, SVB failed due to a combination of an overconcentration in the tech sector, a reliance on uninsured deposits, and a liquidity crisis – i.e., a lack of sufficient cash inflows to sustain it during a period of significant cash outflows. The outcome was rooted in the bank’s lack of risk controls, including Strategic Risk, and in not implementing adjustments to the strategy in a timely manner.
 
 

Why Did SVB Fail?

SVB had several Strategic Risk management failures, including over-concentration in a volatile sector, a poor investment strategy and overall inadequate risk management practices and board risk oversight.

To proceed, select each reason to reveal why SBV failed.

 

Overconcentration in tech sector and reliance on uninsured deposits

SVB did not have appropriate concentration risk limits in place, nor did it effectively manage risks related to its reliance on uninsured depositors – the types of depositors that would demand their deposits at the first sign of trouble to minimize potential losses. The failure to manage these strategic risks is why SVB experienced a bank run – a phenomenon that has been largely unseen in the US since the establishment of the FDIC in the aftermath of the Great Depression.

Failure to manage market and liquidity risks

SVB placed large bets on Treasury bonds, which are safe investments but also pose substantial interest rate risk if the duration of the Treasury bond holdings is not appropriately managed in an environment of rapidly rising interest rates. As interest rates rose quickly and aggressively in 2022, the market value of those assets declined. SVB’s total common equity (TCE) ratio was severely dented by the steady unrealized losses it was sustaining. When rumors started spreading about the bank, its depositors (which consisted of wealthy individuals and companies) began pulling their deposits – SVB was essentially forced to sell its assets at a loss to meet the withdrawal demands, which propelled further panic among its depositors.

Failure to hedge investments appropriately

At the end of 2022, SVB reported USD 120 billion in investment securities, representing 55% of its assets (more than double the average of all US banks). While SVB claimed in its regulatory filings that it conducted regular and sophisticated market risk analysis and interest rate risk hedging activity, the amount of interest rate hedging was quite small in comparison with its available-for-sale (AFS) investments. SVB had reported only USD 550 million in notional value of interest rate derivatives as interest rate hedges at the end of 2022.

Lack of risk management oversight

Compounding SVB’s problems was an apparent lack of risk management oversight by the board and the risk team. SVB was without a Chief Risk Officer from April 2022 through January 2023.

Lack of risk expertise represented on the bank’s board

Only one of the seven board members assigned to SVB’s risk committee had any background remotely related to risk management. Moreover, none of the committee members ever held a senior risk management role, such as Chief Risk Officer.

What Makes Strategic Risk Different?

As you worked through our real-world strategic risk example, one thing you may have noticed is it’s not quite like many of the other types of risks we’re used to in our industry.

For example, Strategic Risk is a newer category in our risk world and hasn’t quite made its mark like other categories such as Credit or Market Risks.

Setting limits for risks like Credit and Market? Pretty straightforward. But when it comes to Strategic Risk, it’s not so cut and dry. Even if we can measure it, limits aren’t really the answer. Instead, it’s more useful to set thresholds.

How Strategic Risk is Different

So, what else makes Strategic Risk different? Let’s take a closer look.

To proceed, select the arrow on the right to discover what makes Strategic Risk different.

 

Applicability of Strategic Risk

Strategic Risk is an enterprise-wide Risk Category; however, it inherently applies to the “top of the house” as it links with the Strategic and Financial Planning process. As such, Strategic Risk is applicable at the enterprise level (Citigroup and CBNA), across all five businesses (services, markets, banking & international, wealth, US personal banking).

There is no expectation of this program cascading down to the local level (country or other legal entities); however, it may be adopted if it is tailored to reflect the business, clients and local strategic considerations. Please note that local regulatory and governance requirements must be taken into consideration.
 

Relates to Earnings not Losses

Strategic risk relates to the earnings streams of the firm, while other risks (such as Credit Risk) relate to possible specific losses (e.g., net credit losses). While all losses eventually impact the balance sheet, the impacts of Strategic Risk run through earnings first, before affecting the balance sheet.
 

Requires both Qualitative and Quantitative Inputs

In understanding and evaluating Strategic Risks, it is important to note there are cases in which quantification on a stress loss/impact basis may be neither feasible nor useful. This is another way in which Strategic Risk is different from more quantitative risk types (such as Credit and Market Risk).
 
 

Strategic Risk and Strategic Planning

Strategic Risk Management is closely tied to the Strategic Planning Process.

To proceed, select each area to learn more.

Strategic Plan
Risk Assessment of the Plan (RAOP)
Strategic Risk Management

Strategic Plan
  • The Strategic and Operating Plan (“the Plan”) defines Citi’s long-term goals and its strategy for achieving those goals, which must be consistent with Citi’s risk appetite, capital and liquidity requirements.
  • The Strategic Planning process includes a Strengths-Weaknesses-Opportunities-Threats (SWOT) analysis, which requires involvement from Independent Risk Management (IRM). This training has further details on the SWOT analysis in an upcoming module.
  • Citi’s Executive Management Team is responsible for the development and execution of Citi’s strategy.
  • Please refer to the Strategic and Financial Planning Policy.
  • See the Linkages to Other Firm-wide Processes topic for further details.

go to next button

Risk Assessment of the Plan (RAOP)
  • The RAOP process identifies and assesses risks inherent in the Plan, risks to execution of the Plan, risks that may arise from executing the Plan, and mitigating factors for these risks.
  • Businesses and functions, together with IRM, are responsible for performing the RAOP process every quarter. Regions have a risk discussion instead of the RAOP process, which also takes place every quarter.
  • The Enterprise Risk Management (ERM) Strategic Risk team is responsible for coordinating the process and aggregating results for senior management and the Board.
  • Please refer to the RAOP Standard.
  • See the Linkages to Other Firm-wide Processes topic for further details.

go to next button

Strategic Risk Management
  • Strategic Risk Management involves identifying, measuring, monitoring, controlling, reporting and governance of Strategic Risk as an L0 risk stripe.
  • There are designated Strategic Risk resources across first and second lines of defense (1LOD and 2LOD) with roles and responsibilities defined in the Strategic Risk Policy and Strategic Risk Procedure.

go to next button

Examples of Strategic Risk

Now that you’ve seen what Strategic Risk looks like, how it’s different from other risks, and the close ties between Strategic Risk Management and the Planning Process, let’s look at some examples.

We have a whole map of Strategic Risks laid out in our Strategic Risk taxonomy. To keep an eye on how these risks play out for Citi, we identify some key indicators. These indicators help us track where we stand and which way we’re headed with these risks.

Examples of Strategic Risk

To proceed, select each type of strategic risk for a definition and examples.

Economic Environment Risk
 

Economic Environment Risk: The risk that inflation, rate hikes, and potential recession result in a reduction in revenue-generating activities.

Key Indicator Examples: GDP growth, unemployment rate, CPI inflation, etc.
Industry & Competition Risk
 

Industry & Competition Risk: The risk that market trends or new entrants result in a reduction in revenue-generating activities or wallet share.

Key Indicator Examples: Banking sector performance (indices), Banking CDS spreads, Citi vs Peer valuation comparisons, etc.
Environmental Risk
 

Environmental Risk: The risks related to climate transition, be it in the form of financing, a failure to meet our net-zero climate commitments, or losing out on green financing opportunities. Failure to meet our net-zero commitments could also result in customer attrition or a reduction of wallet share.

Key Indicator Examples: ESG scores, Citi’s exposure to climate-vulnerable industries, etc.

What Strategic Risk Is NOT

By this point, you should have a solid understanding of what Strategic Risk is, but it’s also important to be clear about what it isn’t.

Firstly, Strategic Risk isn’t a fallback category for risks that don’t neatly align with Level 0 Risk Categories like Operational Risk, Compliance Risk, or Liquidity Risk, and so on.

Secondly, the significance of an issue or risk alone isn’t enough. We need to be able to define its impact in terms of revenues, market capitalization, and capital before we can categorize it as Strategic Risk.

If you’re unsure, don’t hesitate to engage the ERM Strategic Risk team.

Now, see if you can put into practice what you’ve learned so far by answering a question.

Check Your Understanding

Which of the following is an example of Strategic Risk?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Coming Next

So, as we’ve seen, Strategic Risks are a real concern for us, with the potential to substantially affect our anticipated earnings, market capitalization, and capital reserves. That’s why it’s crucial to keep them on our radar.

We’ve already touched on how they’re mapped out in our Strategic Risk taxonomy. Next, you’ll see how we put this taxonomy to work, along with other sources of insight, to pinpoint and measure Strategic Risks.

Strategic Risk Identification Process

Strategic Risk Identification Process

In this topic, you’ll explore the Strategic Risk taxonomy we mentioned earlier, and the various insights that inform us about Strategic Risks. You’ll also learn about the methodologies we utilize for identifying Strategic Risks.

It’s key information that helps us stay ahead in our risk management strategies, so let’s dive in.

Scroll down to continue.

Strategic Risk Taxonomy


We have constructed a taxonomy to organize the terms we use to describe Strategic Risk consistently and transparently across the firm. This Strategic Risk Taxonomy provides tangible and robust guidance for identifying and challenging Strategic Risk statements.

L0 and L1 represents the thematic, highest-level risk. L2 risks are the granular Strategic Risk sub-categories. The accompanying descriptions provide a non-comprehensive list of indicators and potential factors that influence Strategic Risk.

Select here to view the Strategic Risk Taxonomy.

Sources of Insight

Strategic risk exposure may be identified through a variety of sources. In addition to sources of insight outlined in the Enterprise Risk Identification Policy, insight may come from:

  • Strategic and Financial Planning
  • SWOT analysis
  • RAOP
  • New activity
  • Ventures and innovation (Innovation Activities Program)
  • Mergers and Acquisitions (M&A) and divestitures
  • Legal entity changes
  • Recovery and resolution planning
  • Internal and external risk events

Risk Identification Methodologies

As part of the risk identification process, Strategic Risk statements must be assessed and quantified, where feasible and appropriate at the enterprise and business levels.

To proceed, select each button to learn more.

Quantitative Methodologies
 

Quantitative methodologies for Strategic Risk include:
  • Comprehensive Capital Analysis and Review (CCAR)
  • Quarterly Multi-Year, Multi-Scenario Forecasting (QMMF)

These review stress scenarios to assess risks, in line with the Enterprise Risk Identification Policy.
Qualitative Methodologies
 

Not all Strategic Risks are quantifiable and will rely on subject matter expertise to assess the exposure. Qualitative methodologies used in Strategic Risk identification include SWOT analysis, which is reviewed in more detail in the next topic.

Additional sources of information that must be considered in order to estimate qualitative risk severity include:

  • Historical events
  • Business and transaction volume
  • Portfolio size
  • Exposure analysis
  • Industry benchmarks

(Note that this is driven by the nature of business activities and will require subject-matter inputs, i.e., the list will look different for different business units.)
Materiality and Top Risk Thresholds
 

Our Materiality Threshold is USD 600MM and Top Risk Threshold is USD 1.2BN. In this context, a risk may still be considered material even if it does not exceed the threshold on a quantitative assessment. Qualitative factors may make the risk significant enough to be considered a Material/Top Risk.

If you are in doubt, contact your risk partner to help you with the assessment.

Check Your Understanding

In the Strategic Risk Taxonomy, “appropriate governance” is a factor in which category of sources of Strategic Risk?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Coming Next

The taxonomy we’ve just covered makes sure we’re all speaking the same language when it comes to Strategic Risk. It’s like a map that gives us clear and solid pointers on how to spot and challenge Strategic Risk statements.

You’ve seen how we take these Strategic Risk statements and really put them under the microscope – measuring and weighing them whenever we can, both at the enterprise-wide and individual business levels.

But how do we get further insights into the Strategic Risks we spot? Well, in addition to the guidance outlined in the Enterprise Risk Identification Policy, insights can come in a variety ways, including SWOT analyses. And that’s what we’ll look at next.

SWOT Analysis

SWOT Analysis

Strengths-Weaknesses-Opportunities-Threats (SWOT) analysis is a process unique to Strategic Risk. It’s not just a part of our risk-spotting toolkit; it’s a key source of insights. Plus, our Group Strategy team uses it too, to help sketch out and define the Strategic Plan.

Want to know more about how the SWOT analysis works and its role?

Then, let’s get to it.

Scroll down to continue.

Why We Use SWOT Analysis

On an annual basis, the 1LOD must conduct a SWOT analysis to develop a full understanding of the internal and external factors that inform the strategy and generate risks.

To proceed, select the arrow on the right to learn more.

 

Objective of SWOT

The objective is to leverage the organization’s strengths and seek out identified opportunities as part of the strategy, while risk-managing the downside, i.e., its weaknesses and threats.
 

Scope of the SWOT analysis

Group Strategy kicks off the annual process. SWOT analyses are developed by in-scope business segments (e.g., Markets and US Personal Banking) and major business lines. EO&T and Finance review the SWOT analyses conducted by businesses and provide risk insights from their perspectives for consideration. 2LOD is involved in the process and provide critical review and challenge.
 

Material Risk Inventory

SWOT analyses are a source of insight that informs the capture of risk statements in the Material Risk Inventory (MRI) by the respective 1LOD, following review and challenge by 2LOD. If something is material, it’s a risk that must be identified in the MRI. Note that there is no expectation of a one-to-one mapping between the SWOT and MRI.
 

Strategic and Financial Planning

SWOT analysis is also part of the annual strategic and financial planning process. 1LOD must conduct annual business-level SWOT analyses for applicable businesses.
 
 

SWOT Analysis in Action

SWOT analysis helps to really get to grips with all the factors, both inside and outside Citi, that shape our strategy and create risks.

But remember, each SWOT analysis is tailored to its own business line. For instance, take a look at what this Citigroup level SWOT analysis highlighted.

SWOT Analysis in Action

To proceed, select each area to learn more.

 

Strengths

  • Strong brand reputation and established industry leader with a variety of products and services
  • Unrivalled proprietary network with local clearing systems in over 95 countries
  • Unique cross-border banking capabilities
  • Global leader in issuers of credit cards

Weaknesses

  • Employee turnover, which leads to larger investment into the training and development of new employees
  • Breadth of product offering leads to fluctuating market shares across products, which makes the company vulnerable to threats from competitors and new entrants

Opportunities

  • Increase revenues and market share by leveraging synergies and efficiencies enabled by integration programs
  • Investment in large under-penetrated wallets (US and China) and in high-growth sectors (technology and fintech)
  • Transformation, improving infrastructure, and scaling end-to-end ownership of all facets of product execution to improve efficiency, speed, and accuracy in client decisions/capital deployment

Threats

  • New entrants into established markets that can lead to loss of market share, particularly from fintech disruptors
  • Global political instability that can lead to changes in trade regulations and additional compliance requirements
  • Volatility and uncertainty in global financial markets due to inflation, rising interest rates, recession fears, and geopolitical risks

Check Your Understanding

What type of methodology is SWOT analysis?

Select the best response from the three options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Coming Next

So, now you know that every year, the 1LOD gets to work on a SWOT analysis – it’s about getting a crystal-clear picture of what drives our strategy and the risks that come with it.

The aim? To play to our strengths and grab the opportunities we’ve spotted, while risk-managing any potential downsides – our weaknesses and threats.

Think of SWOT analysis as our strategic compass; it guides us through the complexities that shape our strategy and the risks involved.

Next up, Strategic Risk Appetite Statements.

Strategic Risk Appetite Statements

Strategic Risk Appetite Statements

Strategic Risk Appetite is unique in that it’s only managed at the enterprise level.

But how do we define and quantify this appetite?

In our Enterprise Risk Appetite Statement (RAS) there's a whole chapter on this. It describes the firm's Strategic Risk Appetite, risk appetite principles, strategy considerations, and risk pillars.

The ERM Strategic Risk team has the task of pulling together annual reviews of the Strategic Risk Chapter, ensuring it’s included in the Enterprise RAS approved by the Board. It’s a key part of keeping our strategy focused and our risks in check.

Want to know more? Let’s start by first exploring the questions coming up.

Scroll down to continue.

Strategic Risk Appetite Statements

To proceed, select each question to reveal the answer.

 

What is the RAS?

The RAS is an overarching statement with a Low/Moderate/High indicator for how much risk the firm is willing to assume.

Citi’s current appetite for Strategic Risk is Moderate.

What are the requirements for the Strategic Risk Chapter?

The Strategic Risk Chapter must:
  • Be defined in line with the Risk Appetite Standard, including a description of the application of the risk appetite principles, strategy consideration implications, and risk pillars
  • Be approved annually by the Board

What about Strategic Risk Appetite Key Indicators?

As part of the annual review, Strategic Risk Appetite Key Indicators, and associated thresholds that align to and support the qualitative statements in the RAS, must be reviewed and included in the approval, as applicable.

What is concentration risk?

Concentration risk relates to the risks arising from being overly concentrated in one sector, region, or client – this could lead to large losses should that sector experience a downturn, that region experience a shock, or that client decide to terminate their relationship with our bank. Although some sectors do outperform others at times, it is important to diversify our revenue sources to protect against concentration risk.

How does Citi manage concentration risk within the Strategic Risk management framework?

The Strategic Risk Policy requires that the development and execution of the Strategic and Operating Plan to be consistent with Citigroup’s and CBNA’s respective risks appetites, which includes enterprise-level risk appetite limits and relevant concentration risk limits.

Concentration Risk reports are also used as inputs in the Risk Assessment of the Plan (RAOP) process.

Enterprise Risk Management reviews and challenges the risk assessments from the perspective of the enterprise, including Concentration Risk.

Quantifying Strategic Risk Appetite

The Strategic Risk Appetite Statement is a qualitative statement that is then quantitatively measured by a number of strategic risk appetite metrics.

The Strategic Risk Chapter contains 3-4 key indicators and associated thresholds that are used to monitor Strategic Risk appetite. These key indicators are aligned with the definition of Strategic Risk and are focused on revenues, market capitalization, and capital.

Check Your Understanding

Who is responsible for coordinating annual reviews of the Strategic Risk Appetite Chapter of the Strategic Risk Appetite Statement?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Coming Next

Now that you know how we define and quantify Strategic Risk Appetite, let’s next turn to how it’s reviewed and assessed.

Quarterly Strategic Risk Appetite Assessment

Quarterly Strategic Risk Appetite Assessment

Every year, we update our firm-wide RAS to keep it refreshed, along with quarterly check-ins to see how we’re measuring up to our Risk Appetite. In this topic you’ll learn how we do this and how we use Key Risk Indicators to help us assess and navigate the wider Strategic Risk landscape.

Scroll down to continue.

Reviewing Strategic Risk Appetite

Strategic Risk Appetite Key Indicators must be monitored, assessed and reported on against the established risk appetite each quarter by 1LOD and reviewed and challenged by 2LOD.

To proceed, select the arrow on the right to learn more.

 

Quarterly Assessment

1LOD Financial Planning & Analysis (FP&A) generates an updated quarterly data and assessment against established thresholds. The assessment is reviewed and challenged by the ERM Strategic Risk (SR) team.

In instances where a metric is outside its threshold, 1LOD provides an explanation, offering context for the metric performance. This explanation is also reviewed and challenged by the ERM SR team.
 

Global Strategic Risk Committee

The quarterly assessment is reported to the Global Strategic Risk Committee (GSRC), once finalized. The GSRC must determine whether the firm is inside or outside of Strategic Risk Appetite based on the assessment of Strategic Risk Appetite Key Indicators, the firm’s performance, and risk drivers.

The GSRC considers both qualitative and quantitative factors before making a determination.
 

Breaches of Strategic Risk Appetite

In cases where the GSRC determines that the firm is outside of its Strategic Risk Appetite, the committee chair or delegate must notify the Citigroup CRO, the Strategic Risk Category Owner, and the CBNA CRO to the extent such breaches impact CBNA.
 

Remediation

Development and approval of a remediation plan must be conducted in line with the Risk Appetite Policy and Risk Appetite Standard. The maximum remediation period for Strategic Risk Appetite breaches is 24 months. Any risk appetite breaches exceeding the remediation period will be deemed long-dated and are subject to additional requirements per the Risk Appetite Standard.
 
 

Key Risk Indicators

The Strategic Risk Appetite is assessed with Strategic Risk Appetite Key Indicators. Key Risk Indicators (KRIs) are a broader, more dynamic set of measures to assess the Strategic Risk environment. External-facing indicators are beyond Citi’s control (e.g., inflation) but we need to know in what way these parameters are moving.

To proceed, select the arrow on the right to learn more.

Establishing KRIs
KRI Responsibilities
KRI Example

Establishing KRIs

KRIs must be identified, reviewed and/or developed to help monitor for Strategic Risks in line with the Enterprise Risk Identification Policy and Key Risk Indicator Standard.

In some cases, KRIs may not have limits or thresholds, e.g. GDP growth, but need to be assessed as they might indicate a change in risk profile.

go to next button

KRI Responsibilities

It is 1LOD’s responsibility to review or establish Strategic Risk KRIs, monitor and, where appropriate, review, or establish boundaries at the business level in line with the Enterprise Risk Identification Policy.

2LOD will also establish KRIs to measure the Strategic Risk profile at the enterprise level, including monitoring Top Risks.

go to next button

KRI Example

Citi has committed to net zero greenhouse gas emissions financing by 2050. This commitment presents a Strategic Risk, aligned with our Risk Taxonomy node of Environmental Risk.

A good Key Risk Indicator in this example would focus on revenue concentrations in climate-vulnerable industries. For instance, we could monitor revenue concentration in the Oil and Gas industry to assess whether our risk exposure is increasing or decreasing.

go to next button

Check Your Understanding

Who conducts the quarterly review of Strategic Risk Appetite Key Indicators?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Coming Next

You’ve just seen how we keep tabs on the Strategic Risk Appetite with Strategic Risk Appetite Key Indicators and how KRIs offer a dynamic set of measures to assess the wider Strategic Risk landscape. Of course, some of these indicators, like inflation, are out of our hands, but it’s crucial that we understand in which way these parameters are shifting.

As we move through our final topic, we’re going to stitch these insights into the wider fabric of Citi’s firm-wide processes and their links with Strategic Risks.

Linkages to Other Firm-wide Processes

Linkages to Other Firm-wide Processes

The Strategic Risk Program is woven into other risk management routines and processes across the enterprise. Together, they create a system that handles Strategic Risk smoothly and consistently, making sure everything’s under control.

Let’s see how.

Scroll down to continue.

Strategic and Financial Planning

As described in 'Why Is Strategic Risk Important?', Strategic Risk is closely tied to the Strategic and Financial Planning Process. This program is owned by Group Strategy in 1LOD and is responsible for defining, measuring, monitoring, and governing strategic, operational, and short-term planning processes (“the Plan”) for Citigroup and CBNA.

ERM is interested in associated risks that go into the Plan and come out of the Plan. In the Strategic Risk Taxonomy, this is reflected in the L2 risk categories Definition of Strategy and Execution of Strategy.

RAOP, which is governed by the RAOP Standard and is a child document of the Strategic and Financial Planning Policy, is a process that considers all risk types with respect to the Plan.

New Activity

Any time Citi engages in a new activity, such as a new service or product, it requires due diligence before going to market.

New activities that fall into scope are governed by the New Activity Policy and are subject to applicable assessments, including alignment to the business strategy. Applicable risk specialists are engaged in the due diligence process, including the ERM SR team for any Strategic Risk impacts.

Additional Firm-wide Processes

Strategic Risk is key to Citi’s planning process. You’ve seen how the two are closely tied and how any new product is assessed and aligned to the business strategy before release.

Here are some more firm-wide processes to which Strategic Risk is linked.

Additional Firm-wide Processes

To proceed, select each image to learn more.

Risk Identification

Risk Identification

Risk Identification is a standalone enterprise-wide program under ERM that Strategic Risk aligns with. Policy documents that govern this process are available on the Policy Directory and are also included in the Resources section of this training.
Risk Appetite and Limits & Threshold Management

Risk Appetite and Limits & Threshold Management

Strategic Risk also links to the Risk Appetite and Limits & Threshold Management programs. Policy documents that govern these processes are available on the Policy Directory and are also included in the Resources section of this training.
Strategic Risk Taxonomy and Definition

Strategic Risk Taxonomy and Definition

The Strategic Risk definition and Risk Taxonomy must be maintained and kept current. Together with all other L0 Risk Categories these are subject to annual review, revision, and approval in line with the applicable enterprise-wide governance.
Management Control Assessment

Management Control Assessment

Management Control Assessment (MCA) enables a robust internal control environment and control governance. Across 1LOD and 2LOD, there must be controls in place to ensure effective reduction and mitigation of key risk.

Check Your Understanding

Which of the following firm-wide processes is NOT linked to Strategic Risk?

Select the best response from the five options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Coming Next

Well, that brings us almost to the end of our journey through Strategic Risk.

Along the way we’ve unpacked the uniqueness of Strategic Risk and the crucial role it plays at Citi. We’ve seen how Citi handles Strategic Risks, from identification, through measurement and monitoring, to reporting – all in line with the ERMF.

And we connected the dots, with the linkages with RAOP processes and other risk management routines.

Now, review the key takeaways from this course before you take the assessment.

Summary

Key Takeaways

To proceed, select each section to recap what you learned in this course.

 

How Strategic Risk is Different

Strategic risk differs from other types of risk as it relates to the earnings streams of the firm rather than specific losses, requires both qualitative and quantitative inputs, and is better measured in terms of thresholds with indicators rather than metrics with limits.

Strategic Risk Taxonomy

The Strategic Risk Taxonomy provides tangible and robust guidance for identifying and challenging Strategic Risk statements. Insight into Strategic Risk can come from a variety of sources.

Quantitative and Qualitative Methods

Quantitative methods used to assess Strategic Risk include CCAR and QMMF. Qualitative methods include SWOT analysis and various additional sources of information.

SWOT analyses can inform the capture of risk statements in the MRI by the respective business lines.

Strategic Risk Appetite Statement

The Strategic Risk Appetite Statement describes the firm's Strategic Risk Appetite, risk appetite principles, strategy considerations, and risk pillars. It is a qualitative statement that is then quantitatively measured by a number of Risk Appetite key indicators.

Quarterly Strategic Risk Appetite Assessment

The Strategic Risk Appetite is assessed each quarter by 1LOD to help determine whether the firm is within Risk Appetite. KRIs are also used to measure and monitor Strategic Risk.

Linkages to Other Firm-wide Processes

The Strategic Risk Program is integrated with other risk management routines and processes across the enterprise, including Strategic and Financial Planning, New Activities, Risk Identification, Risk Appetite, Limits & Thresholds Management, Strategic Risk Taxonomy and Definition, and Management Control Assessment.

Coming Next

Now it’s time to check your understanding of the content by completing a short assessment.

Assessment

Assessent Intro

Which of the following accurately describes Strategic Risk?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Which of these statements is true regarding Strategic Risk?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Which of the following is a quantitative methodology in Strategic Risk identification?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Why is Strategic Risk management important for Citi?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

SWOT analyses may inform the capture of risk statements in which of the following?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

How is Strategic Risk Appetite measured?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Following the quarterly risk appetite assessment, who must determine whether the firm is inside or outside of Strategic Risk Appetite?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Whose responsibility is it to establish Strategic Risk Key Risk indicators (KRIs) at the business level?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Per the Strategic Risk definition, how are impacts to the firm’s core strategic objectives measured?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Which of the following firm-wide processes is NOT linked to Strategic Risk?

Select the best response from the four options and then select Submit.

Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key. Then you will be able to use the Space key again to select a radio option.

Submit

Assessment Results

Copyright © Citi and/or its affiliates. All rights reserved.

Select the Welcome topic to begin. Select the Home button at any time to return to this menu.

Welcome

Why Is Strategic Risk Important?

Strategic Risk Identification Process

SWOT Analysis

Strategic Risk Appetite Statements

Quarterly Strategic Risk Appetite Assessment

Linkages to Other Firm-wide Processes

Summary

Assessment

Home
Welcome
Why Is Strategic Risk Important?
Strategic Risk Identification Process
SWOT Analysis
Strategic Risk Appetite Statements
Quarterly Strategic Risk Appetite Assessment
Linkages to Other Firm-wide Processes
Summary
Assessment

go to close menu button

 

go to close button