Physical Macquarie logo atop of 50 Martin Place
Physical Macquarie logo atop of 50 Martin Place


Risk management

Our approach to risk management is based on stable and robust core risk management principles. It is supported by our longstanding approach to establishing and maintaining an appropriate risk culture.

Core risk management principles

Ownership of risk at the business level

Group Heads are responsible for ownership of material risks that arise in, or because of, the business’ operations, including identification, measurement, control and mitigation of these risks. Before taking decisions, clear analysis of the risks is sought to ensure those taken are consistent with the risk appetite and strategy of Macquarie.

Understanding of worst-case outcomes

Macquarie’s risk management approach is based on examining the consequences of worst-case outcomes and determining whether these are acceptable and within Macquarie’s risk appetite. This approach is adopted for all material risk types and is often achieved by stress testing. Macquarie operates a number of sophisticated quantitative risk management processes, but the foundation of the approach is the informed consideration of both quantitative and qualitative inputs by highly experienced professionals.

Requirement for an independent sign-off by RMG

Macquarie places significant importance on having a strong, independent Risk Management Group (RMG) charged with signing off all material risk acceptance decisions. It is essential that RMG has the capability to do this effectively. RMG has invested in recruiting skilled professionals, including those with trading or advisory and capital markets experience. For all material proposals, RMG’s opinion must be sought at an early stage in the decision-making process. The approval document submitted to senior management must include independent input from RMG on risk and return.

Clear accountability for risk management

The assumption of risk is made within a framework that assigns clear risk roles and responsibilities represented by ‘three lines of defence’:

  • primary responsibility for risk management lies with the business. The risk owner is the first line of defence. An important part of the role of all staff throughout Macquarie is to ensure they manage risks appropriately.
  • RMG forms the second line of defence and provides independent and objective review and challenge, oversight, monitoring and reporting in relation to Macquarie’s material risks.
  • Internal Audit, as the third line, provides independent and objective risk-based assurance on the compliance with, and effectiveness of, Macquarie’s financial and risk management framework.

Risk culture and conduct risk management

A sound risk culture has been integral to Macquarie’s risk management framework since inception. Primary responsibility for risk management in Macquarie, including risk culture, is at the business level. The Board, assisted by the Board Risk Committee, is responsible for:

  • reviewing, endorsing and monitoring Macquarie’s approach to risk culture and conduct
  • forming a view on Macquarie’s risk culture and the extent to which it supports the ability of Macquarie to operate consistently within its risk appetite.

Risks we manage

Macquarie’s risk management framework is the totality of systems, structures, policies, processes and people within Macquarie that identify, measure, monitor, report and control or mitigate internal and external sources of material risk. Material risks are those that could have a material impact, financial or non-financial on Macquarie. Macquarie’s material risks include:

The risk arising from the aggregation of all quantified risk measures across the Group.

Aggregate risk is constrained by the Global Risk Limit (GRL) which is defined by the Board approved Risk Appetite Test. The Risk Appetite Test is a key consideration when assessing material new transactions, sizing key risk limits and assessing capital management initiatives.

RMG Aggregate Risk monitors capacity within the GRL and provides reporting to the Board and the Asset and Liability Committee (ALCO). 

The risk of a change in the value of a physical asset owned by Macquarie, excluding trading book assets. Asset risk incorporates:

  • operating lease assets
  • real estate, excluding corporate premises

RMG Credit is responsible for independent monitoring of change in asset value.

RMG Credit and RMG Aggregate Risk are responsible for reporting on asset risk to senior management, Board Committees and the Board.

Macquarie defines conduct risk as the risk of behaviour, action or omission by individuals employed by, or on behalf of, Macquarie or taken collectively in representing Macquarie that may have a negative outcome for our clients, counterparties, the communities and markets in which we operate, our staff, or Macquarie.

Such behaviour, actions or omissions may include:

  • breaches of laws or regulations
  • disregard for Macquarie’s principles of What We Stand For or the Code of Conduct
  • negligence and/or a lack of reasonable care and diligence
  • failure to escalate improper conduct.

Conduct risk can arise inadvertently or deliberately in any of Macquarie’s Operating and Central Service Groups.

Macquarie’s approach to conduct risk management is integrated in our risk management framework and is consistent with our three lines of defence model.  Senior Management, with oversight from the Board, set behavioural expectations. The way we fulfil Macquarie’s purpose is defined by our principles of What We Stand For: Opportunity, Accountability and Integrity. Staff are made aware that these principles must form the basis of all behaviours and actions. These behavioural expectations are specified in the Board approved Code of Conduct, which is actively promoted by Management and cascaded through the organisation.

Macquarie has a range of controls and processes in place to identify and manage conduct risk, including:

  • new and emerging conduct risks are identified through the annual strategy and business planning process
  • conduct risks that may arise when Macquarie establishes a new business or product, or makes a significant change to an existing business, product, process or system are identified and assessed through the new business and product approval process
  • independent monitoring and surveillance conducted by RMG, in addition to front line supervisory activities performed by the business
  • the Risk and Control Self-Assessment incorporates a conduct risk lens, requiring businesses to identify and assess their key conduct risks
  • where incidents occur, we investigate the underlying contributing behaviours, and record where they are the root cause of the incident
  • performance-based remuneration reflects an individual’s performance, which includes assessment of a range of factors including risk management and behavioural measures
  • an Integrity Office that is an independent point of contact for staff to safely raise concerns about misconduct, unethical behaviour or breaches of the Code of Conduct
  • a global Staff Hotline for staff who wish to speak up anonymously.

For further details refer to:

The risk that a counterparty will fail to complete its contractual obligations when they fall due (default risk) or changes in the creditworthiness of the obligor (migration risk). The consequent loss is either the amount of the loan or financial obligation not paid back, the change in the value of a non-traded debt instrument, or the loss incurred in replicating a trading contract with a new counterparty.

The Credit Risk Management Framework provides an overview of the framework for the management of Credit Risk with references to more detailed policies, procedures and processes.

Credit risk is considered across a number of dimensions:

  • Single counterparty risk - Credit risk events associated with a single counterparty including default risk and migration risk
  • Portfolio concentration risk - Risk of over-concentration of particular types of credit exposure in the portfolio (considered in conjunction with Equity and Asset risk exposures)
  • Country risk - Risk associated with events or conditions that arise within a country including economic risk, political risk and business environment risk.

Across these dimensions, credit risk is assessed for different exposure types, including committed, contingent and settlement risk.

The business owns credit risk arising from their activities. RMG Credit independently assesses, approves and monitors credit risk across the Group. Credit risk is accepted on the basis of consistency with risk appetite and return on assessed risk.

Where businesses have established business credit teams, these are subject to RMG Credit oversight. The Heads of Business Credit have a functional reporting line to the Head of RMG Credit (or delegate).

The risk of reputational or commercial impacts due to failure to identify or manage material environmental or social issues including labour and employment practices, human rights, resource efficiency, climate risk, pollution prevention, biodiversity and cultural heritage.

Read more

The risk of a change in value of a Macquarie equity investment.

The business owns equity risk arising from their activities. RMG Credit is responsible for independently assessing and approving equity risk across the Group, for rating equity for the purposes of capital treatment, and is involved in reviews for impairment.

All material equity risk positions are subject to approval by RMG and by senior management and the Board, depending on the size and nature of the risk. The Board also delegate the discretion to approve equity exposures of a certain amount to designated individuals within Macquarie.

RMG Credit and RMG Aggregate Risk monitor the current and expected aggregate level of equity risk, the upcoming transaction pipeline, and the portfolio composition of Macquarie’s equity portfolio. 

The risk of knowingly or unknowingly perpetuating or helping parties to commit or to further potentially illegal activity through Macquarie. Financial crime risk encapsulates the risks of money laundering, terrorism financing, bribery and corruption, and sanctions.

The business is responsible for financial crime risk arising from its activities. RMG Financial Crime Risk (FCR) manage and oversee financial crime risk, engage with regulators and maintain and monitor the effectiveness of global financial crime risk frameworks, programs and policies for Macquarie. RMG FCR reports to the Group Risk and Compliance Committee and to the Board or Board Committees on Macquarie’s financial crime risk profile.

The risk of failure to comply with applicable laws or fulfil or enforce legal or contractual obligations (excluding Regulatory and Compliance laws and Tax laws).

Legal risk is managed through identification and assessment of legal risk, and by minimising or mitigating legal risk as far as practical. Legal risk includes actual or perceived breaches of law and regulation, and the risks associated with enforcing contractual or legal relationships.

Group Legal is responsible for oversight of legal risk for the Group. 

The risk that Macquarie is unable to meet financial obligations as and when they fall due.

Liquidity management is performed centrally by Group Treasury, with oversight from the Asset and Liability Committee (ALCO), the Board and RMG. The ALCO includes the MGL Chief Executive Officer, MBL Chief Executive Officer, Chief Financial Officer, Chief Risk Officer, Group Treasurer, Head of Balance Sheet Management and Operating Group Heads.

RMG Market Risk, Treasury Risk Management provides oversight of Group Treasury’s implementation of the liquidity risk framework.

The risk of a change in the value of Macquarie’s positions as a result of changes in market conditions.

The business owns market risk arising from their activities. RMG Market Risk is responsible for the Market Risk Management Framework and independent oversight of market risk. Oversight of the Market Risk Management Framework is provided by the Market Risk Committee.

RMG Market Risk undertakes reviews of market risk taking areas and limit structures to confirm that the application of the risk management framework is current for each business reviewed.

Traded Market Risk

Traded market risk is market risk arising in Macquarie’s Trading Book. The Trading Book includes all trading positions that meet the criteria defined in Macquarie’s Trading Book Policy Statement.

Macquarie enforces a strict ‘no limit, no dealing’ rule. Trading positions taken must be within Traded Market Risk Limits. Limits are set with reference to Board approved Risk Appetite Statements, and must be approved by RMG Market Risk prior to dealing.

Traded Market risk exposures are monitored by RMG Market Risk and reported daily to senior management. Limit breaches are immediately investigated by RMG Market Risk and a resolution sought with the trading desk concerned. Breaches are reported to senior management and the Board in accordance with the Market Risk Limits Policy.

Value at Risk (VaR) exposures are calculated daily by RMG Market Risk, in accordance with the Market Risk Limits Policy, for use in the daily calculation of regulatory capital requirements. RMG Market Risk also examines daily profits and losses for consistency with limits and riskiness of position.

Management flags are also used to supplement the monitoring of exposures. Management flags are trigger levels for discussion around risks that are not of an immediate or certain nature but may warrant further discussion between RMG and the business.

Interest Rate Risk in the Banking Book

Interest Rate Risk in the Banking Book (IRRBB) is the risk of loss in earnings or in the economic value of banking book items as a consequence of movements in interest rates. Macquarie has limited appetite for IRRBB as set out in the Board approved Risk Appetite Statements.

Some residual interest rate risks are unavoidable as a result of underlying business activity. Macquarie’s policy is to hold capital against the economic value sensitivity of these residual interest rate risks. RMG Market Risk provide independent oversight of residual Interest rate risk on a monthly basis.

The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

RMG Operational Risk and Governance is responsible for the establishment and oversight of key enterprise wide risk management framework elements and the Operational Risk Management Framework (ORMF), for the identification, assessment and management of the risks arising from failures of people, processes, systems and external events. The three key objectives of the ORMF are:

  • risk identification, analysis and remediation or acceptance
  • execution and monitoring of risk management practices
  • reporting and escalation of risk information on a routine and exception basis.

All Operating and Central Service Groups are responsible for the management of operational risk and implementation of the ORMF in their Groups.

RMG Operational Risk and Governance sets, actively oversees and assesses the effectiveness of the implementation of the ORMF and provides insight on Macquarie’s operational risk profile. RMG Operational Risk and Governance reports regularly to the Group Risk and Compliance Committee and to Boards or Board Committees on Macquarie’s operational risk profile.

Cyber and information security risk

The risk of accidental or intentional unauthorised use, modification, disclosure or destruction of information resources, which compromises their confidentiality, integrity or availability in a way that significantly impacts the operations of a Macquarie business.

Macquarie has a dedicated, centralised team responsible for monitoring, detecting and responding to cyber risk events. Dedicated specialist teams provide expertise to the broader business, perform security reviews, design and implement protection controls to prevent cyber events from occurring and minimise the impact of a cyber and information security incident.

The risk of failure to comply with laws, regulations, rules statements of regulatory policy, and codes of conduct applicable to Macquarie’s financial services and other regulated activities.

The business is responsible for the regulatory and compliance risks arising from their business activities, and for having adequate systems, processes and controls to manage these risks.

As a diverse global financial services company, Macquarie is regulated and supervised by a significant number of regulators globally. Macquarie seeks to maintain constructive relationships with its regulators, including through regular engagement at senior management levels.

RMG Regulatory Affairs develops the framework to ensure Macquarie has a consistent approach to managing regulatory engagements globally and providing oversight for these, collaborating closely with teams across RMG and Macquarie. Management of regulatory and compliance risk is supported by RMG Compliance who establish policies and provide advice, review and challenge of certain risks. RMG Compliance provide regular reporting to the Board Governance and Compliance Committee and Board.

The risk of damage to Macquarie’s reputation. In managing reputation risk, we consider damage to our reputation from the perspective of our clients, shareholders, regulators, staff or the communities and markets in which we operate.

Macquarie recognises that all activities have elements of reputation risk embedded in them. Managing reputation risk is an essential role of senior management as it has the potential to impact earnings and access to funding and capital. Macquarie seeks to manage and minimise reputation risk through its overall corporate governance structure and risk management framework.

Company policies, procedures and practices aim to minimise reputation risk. Regular reporting to the Group Risk and Compliance Committee, Boards and Board Committees includes relevant details on reputation risk issues.

The risk of Macquarie’s business model being inadequate in the medium to long term.

Strategic / business risk is managed through Macquarie’s annual strategy and business planning process. Businesses are responsible for continually reassessing their business strategy and the return for risk arising from their strategy.

The risk of failure to comply with applicable tax laws, regulations or rulings, or failure to meet other Revenue Authority requirements or expectations. This includes any event, action, or inaction in tax strategy, operations, financial reporting or compliance that either adversely affects Macquarie’s tax or business objectives or results in any unanticipated or unacceptable level of monetary, financial statement or reputational loss or exposure.

Oversight of tax risk is undertaken by FMG Tax, a specialist division within Macquarie’s Financial Management Group, which is independent of the business and takes an integrated view of tax risk for the Macquarie Group as a whole. FMG Tax provides taxation support to all areas of Macquarie and manages Macquarie’s relationships with revenue authorities globally.

FMG Tax oversee and monitor tax risk of all entities within the Macquarie Group, and have a robust tax risk management framework and an experienced global tax team. External tax advisors are engaged, with the approval of the Head of Tax, as part of managing the tax risk profile.

The risk of incidence of work-related injury, illness or disease or other events impacting health and safety of employees, contractors, visitors, and members of the public; and regulatory breach/failure or inspection by a health and/or safety regulator.

Macquarie recognises, supports, and promotes the right of every worker to return home safely from their workplace.  To that extent, we seek to build and promote safe workplaces which enable and empower people to do their best work. To achieve this, we build and maintain a positive safety culture and manage our Work Health and Safety (WHS) risks effectively.

The business owns WHS risk arising from their activities. RMG Behavioural Risk are responsible for the assessment, challenge and advice on the effective identification, evaluation and management of WHS risk.

WHS risk is governed by the WHS Policy and associated standards, procedures and processes which provide detailed requirements for businesses to ensure consistent and effective management of WHS risk.

Significant incidents and unmitigated risks are escalated to business management, RMG and the MGL and MBL Boards as appropriate.

For further details refer to: