Risk management is essential for the Debt Office. The costs of managing the central government debt, administering the central government payment systems and the pricing of guarantees and loans depend, among other factors, on the ability to assess and manage risks.
In addition, risks continually arise within the operations due to the Debt Office’s own actions and decisions. The aim of risk management is for the Debt Office to have good internal management and control through effective and appropriate risk management in accordance with market practice.
Financial and operational risks
There are two main types of risk that the Debt Office must manage:
- Financial risks: risks associated with central government debt management, the central government’s payment systems, guarantees and loans.
- Operational risks: risks as the result of inappropriate or failed internal processes, human error, faulty systems or external events.
We work systematically with risk management in five steps:
- Identify the different types of risk that occur in the operations.
- Evaluate the risk based on the probability that the risk will occur and the consequences if it does. Financial risks are evaluated using quantitative methods. Operational risks are more difficult to quantify, but are managed using the same procedural structure and evaluated qualitatively.
- Measures and prioritisation depend on how the risk has been evaluated. We weigh the expected cost against the risk.
- Implementation of measures to achieve the level of risk that is justified on the basis of risk and cost of managing the risk.
- Reporting and follow-up once we have evaluated the effects of the measures.
The Debt Office’s risk map illustrates the risks being managed.
Managing and controlling risks
In order to manage and control risks, the Debt Office uses standardised methods and models, internal policy documents and a well-defined assignment of responsibilities.
Responsibilities on multiple levels
The Board is ultimately responsible for limiting and monitoring the risks of the operations and to ensure that activities are conducted through effective internal management and control. The Board establishes an annual financial and risk policy and receives regular reports on the current risk level.
Each department is responsible for the risk level and risk management involved in its activities. The unit for risk management is responsible for independent and general control and for the overall reporting to the Management and Board. The Internal Audit Unit, which reports directly to the Board, evaluates the risk management as a whole.
Protection of personal data
Information about customers is processed in such a way as to prevent unauthorised access. The Debt Office complies with the General Data Protection Regulation (GDPR) and implements strict requirements for IT security and confidentiality, both internally and for external suppliers.
Financial risks describe a number of risks. The financial risks that the Debt Office manages regularly are:
- market risk
- credit risk
- liquidity risk
Risks arise in the management of the central government debt, for example due to changes in interest and exchange rates, which impact the value and costs of the debt. The effect on the value and costs of the debt depends on the composition of the debt. The Debt Office determines the composition by setting target values and limits based on the Government’s general guidelines.
In the central government’s payment system, financial risks are managed through external and internal policy documents and regular monitoring.
Financial risks that arise within central government guarantees and loans are the results of decisions made by the Riksdag and the Government. Consequently, the Debt Office cannot decide independently whether or not to accept these risks.
The Board of the Debt Office assess the level of market risks that is acceptable in the management of the central government debt using target values and standard deviation intervals. We monitor how the risks relate to these measures on a daily basis. This follow-up is conducted in part to verify that the debt does not deviate from acceptable levels, but also to monitor which transactions are necessary to manage the debt. Possible deviations are reported to the Management and Board.
We do not set any target values or limits within the guarantee and credit operations.
In order to manage our credit risks, we impose requirements on the credit rating of our counterparties. The Debt Office will only enter agreements with counterparties that have a high creditworthiness. There are also limits on the maximum credit exposure for each counterparty.
When it comes to derivatives, we also require agreements to limit the risk. In line with common market practice, we require netting agreements, exchange of collateral to cover exposure (Credit Support Annex, CSA) and agreements that allow the Debt Office to terminate the transactions if the counterparty’s credit rating decreases below a certain level (rating trigger).
Liquidity risks primarily arise in the central government debt management when the Debt Office borrows to cover budget deficits and when maturing loans need to be converted into new ones. These types of liquidity risk are often referred to as financing risk and refinancing risk. One way of managing long-term liquidity risk is to spread maturities over time, i.e. to keep an even debt maturity profile. Short-term liquidity risks are managed through liquidity planning using short-term investments and short-term borrowing.
Operational risks arise as the result of inappropriate or failed internal processes, human error, faulty systems or external events. The Debt Office continuously analyses operational risks.
The Debt Office analyses operational risks, for example in conjunction with operational planning, within projects and in preparation for major changes. These analyses are based on an operational method of self-evaluation. This method is used to identify and evaluate risks. We also plan and prioritise measures to reduce the risks. The Debt Office works actively to lower the risk level and regularly follows up on its analyses.
Process mapping is used to document the internal control environment. The mapping also provides a basis for evaluation and management of operational risks in daily activities.
In order to gain an overview of the Debt Office’s operational risks, employees report all operational incidents. The incidents are compiled and linked to the risk analysis.
Information regarding risks to the Board and Management
The Board and the Management are regularly informed of the current risk status. They are also informed of incidents that have had a great impact on the operations and of the measures taken.