Physical Macquarie logo atop of 50 Martin Place
Physical Macquarie logo atop of 50 Martin Place


Risk management

Our approach to risk management at Macquarie is based on stable and effective core risk management principles. It is supported by our longstanding approach to establishing and maintaining an appropriate risk culture.

Core risk management principles

Ownership of risk at the business level

Group Heads are responsible for ownership of material risks that arise in, or because of, the business’ operations, including identification, measurement, control and mitigation of these risks. Before taking decisions, clear analysis of the risks is sought to ensure those taken are consistent with the risk appetite and strategy of Macquarie.

Understanding of worst case outcomes

Macquarie’s risk management approach is based on examining the consequences of worst case outcomes and determining whether these are acceptable and within Macquarie’s risk appetite. This approach is adopted for all material risk types and is often achieved by stress testing. Macquarie operates a number of sophisticated quantitative risk management processes, but the foundation of the approach is the informed consideration of both quantitative and qualitative inputs by highly experienced professionals.

Requirement for an independent sign-off by risk management

Macquarie places significant importance on having a strong, independent Risk Management Group charged with signing off all material risk acceptance decisions. It is essential that RMG has the capability to do this effectively. RMG has invested in recruiting skilled professionals, including those with trading or investment banking experience. For all material proposals, RMG’s opinion must be sought at an early stage in the decision-making process. The approval document submitted to Senior Management must include independent input from RMG on risk and return.

The assumption of risk is made within a calculated and controlled framework that assigns clear risk roles and responsibilities represented by ‘three lines of defence’:

  • primary responsibility for risk management lies with the business. The risk owner is the first line of defence. An important part of the role of all staff throughout Macquarie is to ensure they manage risks appropriately
  • the Risk Management Group (RMG) forms the second line of defence and independently assesses all material risks
  • Internal Audit, as the third line, provides independent and objective risk-based assurance on the compliance with, and effectiveness of, Macquarie’s financial and risk management framework.

Risk culture and conduct risk management

A sound risk culture has been integral to Macquarie’s risk management framework since inception. Primary responsibility for risk management in Macquarie, including risk culture, is at the business level. The Board, assisted by the Board Risk Committee, is responsible for:

  • Reviewing, endorsing and monitoring Macquarie’s approach to risk culture and conduct.
  • Forming a view on Macquarie’s risk culture and the extent to which it supports the ability of Macquarie to operate consistently within its risk appetite.

Risks we manage

Macquarie’s risk management framework incorporates active management and monitoring of a range of material risks, they include:

The risk of behaviour or action taken by individuals employed by, or on behalf of, Macquarie or taken collectively in representing Macquarie that may have a negative outcome for our clients, counterparties, the communities and markets in which we operate, our staff, or Macquarie.

Macquarie defines conduct risk as the risk of behaviour or action taken by individuals employed by, or on behalf of, Macquarie or taken collectively in representing Macquarie that may have a negative outcome for our clients, counterparties, the communities and markets in which we operate, our staff, or Macquarie.

Such behaviour or action may include:

  • breaches of laws or regulations
  • disregard for Macquarie’s principles of What We Stand For or the Code of Conduct
  • negligence and/or a lack of reasonable care and diligence

Conduct risk can arise inadvertently or deliberately in any of Macquarie’s businesses.

Macquarie’s approach to conduct risk management is integrated in our risk management framework and is consistent with our three lines of defence model. Risk taking must be consistent with Macquarie’s principles of What We Stand For - OpportunityAccountability and Integrity which must form the basis of all behaviours and actions. These behavioural expectations are outlined in the Board approved Code of Conduct

Macquarie has a range of controls and processes in place to identify and manage conduct risk, including:

  • new and emerging conduct risks are identified through the annual strategy and business planning process

conduct risks that may arise when Macquarie establishes a new business or product, or makes a significant change to an existing business, product, process or system are identified 

  • and assessed through the new business and product approval process
  • independent monitoring and surveillance conducted by RMG, in addition to front line supervisory activities performed by the business
  • the Risk and Control Self-Assessment incorporates a conduct risk lens, requiring businesses to identify and assess their key conduct risks
  • where incidents occur, we investigate the underlying contributing behaviours, the impacts and resolve the issues appropriately and in a timely manner. Behavioural matters are addressed in accordance with our Consequence Management Guideline
  • performance based remuneration reflects an individual’s performance, which includes assessment of a range of factors including risk management and behavioural measures
  • an Integrity Office that is an independent point of contact for staff to safely raise concerns about misconduct, unethical behaviour or breaches of the Code of Conduct
  • a global Staff Hotline for staff who wish to speak up anonymously

For further details refer to:


The risk of a counterparty failing to complete its contractual obligations when they fall due. The consequent loss is either the amount of the loan or financial obligation not repaid, or the loss incurred in replicating a trading contract with a new counterparty.

The business owns Credit Risk arising from their activities. RMG Credit independently assesses, approves and monitors credit risk across the Group. Where businesses have established business credit teams, these are subject to RMG Credit oversight. The Heads of Business Credit have a functional reporting line to the Head of RMG Credit (or delegate).

Macquarie enforces a strict ‘no limit, no dealing’ principle. All proposed transactions are analysed and approved by individuals with discretion authority before they can proceed. Each proposal to incur a material credit exposure is assessed independently by RMG Credit. This assessment includes a comprehensive review of the creditworthiness of the counterparty and related entities, key risks and mitigants, and downside case scenarios. The assessment confirms consistency with risk appetite and portfolio limits.

Credit Risk is considered across several dimensions:

  • Single counterparty risk - Credit risk events associated with a single counterparty including default risk and migration risk.
  • Portfolio concentration risk - Risk of over-concentration of particular types of credit exposure in the portfolio
  • Country risk - Risk associated with events or conditions that arise within a country including economic risk, political risk and business environment risk.

Across these dimensions, Credit Risk is assessed for different exposure types, including committed, contingent and settlement risk.

RMG Credit is responsible for reporting on credit risk to senior RMG Credit staff, the CEO, Group Risk and Compliance Committee, Board Risk Committee and the Boards. The objective is to create transparency and visibility of accurate, relevant and timely information on credit risk to key decision makers at Macquarie.

The risk of accidental or intentional unauthorised use, modification, disclosure or destruction of information resources, which compromises their confidentiality, integrity or availability in a way that significantly impacts the operation of a Macquarie business.

Macquarie continues to invest in frameworks, policies, procedures and technical capabilities, to ensure we protect the confidentiality, integrity, and availability of our data and systems. Including:

  • A dedicated, centralised team responsible for detecting, monitoring and responding to cyber risk events
  • Specialist teams to provide information security expertise to the business, perform security reviews, design and implement protection controls to prevent cyber events occurring
  • Regular staff training to increase awareness of information security risks.

The risk of reputational or commercial impacts due to failure to identify or manage material environmental or social issues including labour and employment practices, human rights, resource efficiency, climate risk, pollution prevention, biodiversity and cultural heritage.

Read more

The risk of a change in value of a Macquarie entity investment.

The business owns equity risk arising from their activities. RMG Credit is responsible for independently assessing and approving equity risk across the Group, for rating equity for the purposes of capital treatment, and is included in reviews for impairment.

All material equity risk positions are subject to approval by RMG and by the CEO, Managing Director, Executive Committee and the Board, depending on the size and nature of the risk. The MGL and MBL Boards also delegate the discretion to approve equity exposures of a certain amount to designated individuals within Macquarie.

RMG Credit monitors the overall usage of the Equity Risk Limit (ERL), the upcoming transaction pipeline, and the portfolio composition. Reporting is provided monthly to the Board via the RMG Report, and the ERL is reviewed on a semi-annual basis by RMG and the results of the review are reported to the Group Risk and Compliance Committee and the relevant Boards.

The risk of loss arising from actual or perceived breaches of law and regulation and the risk of loss when enforcing contractual or legal relationships.

The Legal and Governance Group is responsible for legal risk oversight for the Group. It is headed by the Group General Counsel who is a member of the Group Risk and Compliance Committee (GRCC) and reports directly to the Managing Director and CEO of MGL. Each Operating Group has its own General Counsel who reports to the Group General Counsel and the relevant Group Head (or their delegate).

The Legal and Governance Group provides strategic and day-to-day legal advice on major corporate transactions, fund raising, insurance, commercial contracts (including outsourcings), establishing policies and risk assessment frameworks for legal, regulatory and reputation issues, and supporting Macquarie Group entities to meet their governance requirements.

The Legal and Governance Group is responsible for legal risk oversight for the Group. It is headed by the Group General Counsel who is a member of the Group Risk and Compliance Committee (GRCC) and reports directly to the Managing Director and CEO of MGL. Each Operating Group has its own General Counsel who reports to the Group General Counsel and the relevant Group Head (or their delegate).

The Legal and Governance Group provides strategic and day-to-day legal advice on major corporate transactions, fund raising, insurance, commercial contracts (including outsourcings), establishing policies and risk assessment frameworks for legal, regulatory and reputation issues, and supporting Macquarie Group entities to meet their governance requirements.

Liquidity management is performed and managed centrally by Group Treasury, with oversight from the Asset and Liability Committee (ALCO) and RMG. Macquarie’s liquidity policy is approved by the MGL and MBL Boards after endorsement by the ALCO and liquidity reporting is provided to the Boards on a regular basis. The ALCO includes the MGL Chief Executive Officer, MBL Chief Executive Officer, Chief Financial Officer, Chief Risk Officer, Group Treasurer, Head of Balance Sheet Management and Operating Group Heads.

RMG provides independent oversight of liquidity risk management, including ownership of liquidity policies and key limits and approval of material liquidity scenario assumptions.

Macquarie follows the following principles in managing liquidity risk:

  • Macquarie has a centralised approach to liquidity management
  • liquidity risk is managed through stress scenario analysis and setting limits on the composition and maturity of assets and liabilities
  • a regional liquidity framework is maintained that outlines Macquarie's approach to managing funding and liquidity requirements in offshore subsidiaries and branches
  • the liquidity position is managed to ensure all obligations can be met as required on an intraday basis
  • a liquidity contingency plan is maintained that provides an action plan in the event of a liquidity 'crisis'
  • a funding strategy is prepared annually and monitored on a regular basis
  • internal pricing allocates liquidity costs, benefits and risks to areas responsible for generating them
  • strong relationships are maintained to assist with managing confidence and liquidity
  • the MGL and MBL Boards and Senior Management receive regular reporting on Macquarie's liquidity position, including compliance with liquidity policy and regulatory requirements.

The risk of a change in the value of Macquarie’s positions as a result of changes in market conditions.

The business owns market risk arising from their activities. RMG Market Risk is responsible for the Market Risk Management Framework and independent oversight of market risk.

New products and markets require approval by RMG Market Risk prior to execution, in accordance with the New Product and Business Approval (NPA) policy.

RMG Market Risk provides regular reporting to the Group Risk and Compliance Committee, Board Risk Committee, and to the MGL and MBL Boards. Oversight of the Market Risk Management Framework is provided by the Market Risk Committee (MRC).

RMG Market Risk undertakes regular reviews of market risk taking areas and limit structures to confirm that the application of the risk management framework is current for each business reviewed. This includes a review of the appropriateness of the limit structure, and integrity of the RMG Market Risk monitoring process.

Traded Market Risk

Traded market risk is market risk arising in Macquarie’s Trading Book, being all trading positions that meet the criteria defined in Macquarie’s Trading Book Policy Statement.

Macquarie has long favoured transparent scenario analysis as the cornerstone of risk management. RMG Market Risk sets limits for all exposures in all markets. Limits are applied at a granular level to individual trading desks, through increasing levels of aggregation to Divisions and Operating Groups, and ultimately, Macquarie.

Limits are approved by Senior Management with appropriate authority for the size and nature of the risk and Macquarie adheres to a strict ‘no limit, no dealing’ policy, whereby trading positions taken must be within Traded Market Risk Limits and must be approved by RMG Market Risk prior to dealing.

Traded Market risk exposures are monitored by RMG Market Risk and reported daily to senior management. Limit breaches are immediately investigated by RMG Market Risk; a resolution sought with the trading desk concerned; and reported to senior management.

Value at Risk (VaR) exposures are calculated daily by RMG Market Risk for use in the daily calculation of regulatory capital requirements. RMG Market Risk also examines daily profits and losses for consistency with limits and riskiness of position.

Management flags are also used to supplement the monitoring of exposures. Management flags are trigger levels for discussion around risks that are not of an immediate or certain nature but may warrant further discussion between RMG and the business.

Non-traded market risk

Non-traded market risk (“NTMR”) is the risk of loss in Macquarie’s non-traded portfolios as a result of adverse movements in interest rates and foreign exchange rates. Macquarie has limited appetite for NTMR, as set out in the Risk Appetite Statement.

Some residual risks are unavoidable as a result of underlying business activity. Macquarie’s policy is to hold capital against these residual exposures and to constrain them within an approved limit framework. Interest rate exposures are reported to senior management on a monthly basis.

The risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events.

RMG Operational Risk is responsible for the establishment and oversight of the Operational Risk Management Framework (ORMF), which provides a framework for identifying, assessing and managing operational risks within the organisation. The three key objectives of the ORMF are:

  • Risk identification, analysis and remediation or acceptance
  • Execution and monitoring of risk management practices
  • Reporting and escalation of risk information on a routine and exception basis

All Operating and Central Service Groups are responsible for the management of operational risk and implementation of the ORMF in their Group. Groups are required to report and escalate significant operational incidents and unmitigated risks to business management, RMG, the MGL and MBL Boards and subsidiary boards as appropriate.

RMG Operational Risk sets and actively oversees and assesses the effectiveness of the implementation of the ORMF and provides insight on Macquarie’s operational risk profile. RMG Operational Risk reports regularly to the Group Risk and Compliance Committee and to Boards or Board Committees on Macquarie’s operational risk profile.

The risk of failure to comply with laws, regulations, rules statements of regulatory policy, and codes of conduct applicable to Macquarie’s financial services and other regulated activities.

Regulatory and compliance risks are assessed from a Macquarie-wide perspective to ensure that these risks are identified, and appropriate standards are applied consistently to manage these risks. Risks are identified as new businesses are developed, and through an understanding of changes to laws, regulations, regulatory sentiment or regulatory enforcement trends, both domestically and internationally. Macquarie seeks to maintain constructive relationships with its regulators, including through regular engagement at senior management levels.

Management of Regulatory and Compliance Risk is supported by RMG Compliance who establish policies, provide advice, training and independent monitoring of certain risks. RMG Compliance provide regular reporting to the Board Governance and Compliance Committee and Board.

RMG’s Prudential and Capital Management Division provides oversight of compliance with prudential regulation and is responsible for liaising with APRA and monitoring and managing changes made by APRA to its Prudential Standards.

The risk of damage to Macquarie’s reputation. In managing reputation risk, we consider damage to our reputation from the perspective of our clients, shareholders, regulators, staff or the communities in which we operate.

All activities have elements of reputation risk embedded in them. Managing reputation risk is an essential role of Senior Management as it has the potential to impact earnings and access to funding and capital. Macquarie seeks to manage and minimise reputation risk through its corporate governance structure and risk management framework.

Macquarie operates under a strong corporate governance structure consistent with regulatory requirements globally.

The Code of conduct outlines the ethical principles and the key policies that apply to all staff. The Conduct Risk Management Framework articulates Macquarie’s definition of and expectations in relation to the management of conduct risk, and Regional Integrity Officers and HR deal with potential issues of integrity.

Company policies, procedures and practices aim to minimise reputation risk. Regular reporting to the Group Risk and Compliance Committee, Boards and Board Committees includes relevant details on reputation risk issues.

The risk of failure to comply with applicable tax laws, regulations or rulings, or failure to meet other Revenue Authority requirements or expectations. This includes any event, action or inaction in tax strategy, operations, financial reporting or compliance that either adversely affects Macquarie’s tax or business objectives or results in an unanticipated or unacceptable level of monetary, financial statement or reputational loss or exposure.

The Tax Division, a specialist division within the Financial Management Group (FMG), oversees and monitors tax risks of all entities within the Macquarie Group.

The Tax Division is independent of the business and takes an integrated view of tax risk for the Macquarie Group as a whole.

The Tax Division provides taxation support to all areas of Macquarie and manages Macquarie’s relationships with revenue authorities globally. It has a robust tax risk management framework and a highly experienced global tax team. External tax advisors are engaged, with the approval of the Head of Tax, as part of managing the tax risk profile. Tax issues and risks are regularly considered with the CFO and escalated to Macquarie Board and the Board Audit Committee as appropriate. On relevant tax issues, the CRO will also be consulted.