Risk management in banks - Final

8/7/2019 Risk management in banks - Final

1/41

INTRODUCTION TO RISK MANAGEMENT

RISK

Risk is the probability that a hazard will turn into a disaster. Vulnerability and hazards are

not dangerous, taken separately. But if they come together, they become a risk or, in other words,

the probability that a disaster will happen.

Nevertheless, risks can be reduced or managed. If we are careful about how we treat the

environment, and if we are aware of our weaknesses and vulnerabilities to existing hazards, then

we can take measures to make sure that hazards do not turn into disasters.

"What is risk?" And what is a pragmatic definition of risk? Since risk is accepted in

business as a trade off between reward and threat, it does mean that taking risk bring forth

benefits as well. In other words it is necessary to accept risks, if the desire is to reap the

anticipated benefits.

Risk in its pragmatic definition, therefore, includes both threats that can materialize and

opportunities, which can be exploited. This definition of risk is very pertinent today as the

current business environment offers both challenges and opportunities to organizations, and it isup to an organization to manage these to their competitive advantage.

RISK MANAGEMENT

Risk Management is the process of measuring or assessing the actual or potential

dangers of a particular situation.

Risk management is a discipline for dealing with the possibility that some future event will

cause harm. It provides strategies, techniques, and an approach to recognizing and confronting

any threat faced by an organization in fulfilling its mission. Risk management may be as

uncomplicated as asking and answering three basic questions:

1

What can go wrong?


2/41

What will we do (both to prevent the harm from occurring and in the aftermath of an"incident")?

If something happens, how will we pay for it?

2


3/41

RISK MANAGEMENT IN BANKS

Risk management does not aim at risk elimination, but enables the organization to bring

their risks to manageable proportions while not severely affecting their income. This balancing

act between the risk levels and profits needs to be well-planned. Apart from bringing the risks to

manageable proportions, they should also ensure that one risk does not get transformed into any

other undesirable risk. This transformation takes place due to the inter-linkage present among the

various risks. The focal point in managing any risk will be to understand the nature of the

transaction in a way to unbundle the risks it is exposed to.

Risk Management is a more mature subject in the western world. This is largely a result

of lessons from major corporate failures, most telling and visible being the Barings collapse. In

addition, regulatory requirements have been introduced, which expect organizations to have

effective risk management practices. In India, whilst risk management is still in its infancy, there

has been considerable debate on the need to introduce comprehensive risk management

practices.

RISK MANAGEMENT PROCESS IN BANKS

1. Risks in BankingRisks manifest themselves in many ways and the risks in banking are a result of many

diverse activities, executed from many locations and by numerous people. As a financial

intermediary, banks borrow funds and lend them as a part of their primary activity. This

intermediation activity, of banks exposes them to a host of risks. The volatility in the operating

environment of banks will aggravate the effect of the various risks.

3


4/41

2. Risk Assessment:The very first event in the risk management process is risk assessment, where you identify

the various kinds of risk that are faced by the banks. This is a very crucial step in the

management of risk.

4

3. Risk IdentificationRisk identification sets out to identify an organizations exposure to uncertainty. This

requires an intimate knowledge of the organization, the market in which it operates, the legal,

social, political and cultural environment in which it exists, as well as the development of a

sound understanding of its strategic and operational objectives, These concern the effective

management and control of the finances of the organization and the effects of external factors

such as availability of credit, foreign exchange rates, interest rate movement and other market

exposures.


5/41

4. Risk DescriptionThe objective of risk description is to display the identified risks in a structured format,

5. Risk Estimation and EvaluationRisk estimation can be quantitative, semi quantitative or qualitative in terms of the

probability of occurrence and the possible consequence. Tabulate the consequences of the risk

that can happen with the rate of being high medium or low risk. This would need to not only

evaluation but also evaluation of the risk. When the risk analysis process has been completed, it

is necessary to compare the estimated risks against risk criteria which the organization has

established.

6. Risk ReportingIt can be an internal reporting of risk as well as external reporting of risk. Different levels

within an organization need different information from the risk management process. Any

significant deficiencies uncovered by the system, or in the system itself, should be reported

together

7. Risk TreatmentRisk treatment is the process of selecting and implementing measures to modify the risk.

Risk treatment includes as its major element, risk control/mitigation, but extends further to, for

example, risk avoidance, risk transfer, risk financing, etc.

8. MonitoringEffective risk management requires a reporting and review structure to ensure that risks are

effectively identified and assessed and that appropriate controls and responses are in place.

5


6/41

BENEFITS OF RISK MANAGEMENT IN BANKS

Proper risk management allows a financial institution to prosper through taking and avoidingrisks. Well run companies are now taking a closer interest in what its management is doing to

mitigate risk exposure, allowing for a more efficient, effective and prudently run business.

Good risk management will greatly improve the transparency of how an organization

operates, providing a roadmap to achieve strategic goals and objectives and reassurance over the

management of risks. A risk based approach can make a company more flexible and responsive

to market fluctuations, making it better able to satisfy the needs of its various stakeholders, in a

constantly changing environment. Companies can also gain an advantage over competitors byidentifying and adapting to circumstances faster than their rivals.

Increased risk awareness: With the advent of risk management in banks and in bankingsystem, there is increased awareness on the several of types of risk, this has lead to the

systematized pattern of working and thereby has created awareness among various people

and management for the safe working of the banks. Also RBI has ensured that there is

enough awareness of various risk and thereby banks take care of the risk prior to its

happening.

Prioritization of business risks to those that matter: With the recognition of the variousrisk that are to be happening to the banks and with the increased awareness now banks can

prioritize the risk to that of the other matters.

Fewer unexpected and unwelcome surprises: Due to increased use of risk management andits process there are few unexpected surprises, as banks are ready to face the financial and

other hurdles that are on the way. Not only that because of risk management all contingent

risk are reduced to a greater extent

6

A better focus internally on doing the right things well: Banks can now focus on theinternal process and its betterment thereby increasing the efficiency of the banks and


7/41

increasing the overall brand of the company. Risk management has lead to the increased

efficiency and effectiveness of the banks due to prioritization of the process.

Reduced losses through process improvements developed by the business of banks: Asthere is increased efficiency in the process these results in better outputand therebyreducing

the losses that can take places due to process improvements of banks. This increases the

utility of banks and its assets, as a result of these banks have reduced losses and better

process in place.

Providing a better basis for making key strategic decisions: Risk Management leads toestimation of the future and the various risks that can be on the way in future. This leads to

proper knowledge of the future, thereby making the future bit more stable and predictable.

This helps in making key strategic decisions and its better implementation for the further

betterment.

Increasing the chance of change initiatives being achieved: Risk management in banksleads to various benefits as stated above, all of those benefits leads to increasing the chance

of change initiatives being achieved at earlier stage thereby outperforming the set standards

with better vision of the future.

Creating a greater likelihood of achieving business goals and objectives: Riskmanagement leads to effective, efficient business, with vision and goals achieved in due to

time, reducing the possible losses and streamlining the business of banks this leads to

creating a greater likelihood of achieving business goals and objectives

7


8/41

TYPES OF RISKS

Business activities entail a variety of risks. The banking industry has long viewed the

problem of risk management as the need to control four of the above risks which make up most,

if not all, of their risk exposure, viz., credit, interest rate, foreign exchange and liquidity risk For

convenience, we distinguish between different categories of risk: market risk, credit risk,

liquidity risk, etc. Although such categorization is convenient, it is only informal. Usage and

definitions vary. Boundaries between categories are blurred. A loss due to widening credit

spreads may reasonably be called a market loss or a credit loss, so market risk and credit risk

overlap. Liquidity risk compounds other risks, such as market risk and credit risk. It cannot be

divorced from the risks it compounds.

There are various types of risks that occur in the banks and affect its functioning.

Some of these kinds of Risks are as follows:

1. Liquidity Risk

2. Market Risk

3. Interest Rate Risk

4. Credit Risk

5. Operational Risk

6. Strategic Risk

7. Reputation Risk

8


9/41

LIQUIDITY RISK

Liquidity risk is part and parcel for every banking institution. Unfortunately it isnt an

isolated risk like credit or market risk, but a consequential risk. It is contingent on other factors

like maturity mismatches or external events such as credit downgrades or market turmoil.

Liquidity risk is financial risk due to uncertain liquidity. An institution might lose

liquidity if its credit rating falls, it experiences sudden unexpected cash outflows, or some other

event causes counterparties to avoid trading with or lending to the institution. A firm is also

exposed to liquidity risk if markets on which it depends are subject to loss of liquidity. Liquidity

Risk also arises from the long term funding of long term assets by the short term liabilities. The

funding liquidity risk is defined as the inability to obtain funds to meet the cash flow obligations.

The funding risk arises from the need to replace net outflow due to unanticipated withdrawal or

non- renewal of deposits.

Liquidity risk tends to compound other risks. If a trading organization has a position in an

illiquid asset, its limited ability to liquidate that position at short notice will compound its market

risk. Suppose a firm has offsetting cash flows with two different counterparties on a given day. If

the counterparty that owes it a payment defaults, the firm will have to raise cash from other

sources to make its payment. Here, liquidity risk is compounding credit risk.

Liquidity risk comprises of:

1. Funding liquidity risk2. Trading-related liquidity risk.1. Funding liquidity risk:

Funding liquidity risk relates to a financial institutions ability to raise the necessary cash

to roll over its debt, to meet the cash, margin, and collateral requirements of counterparties, and

(in the case of funds) to satisfy capital withdrawals. Funding liquidity risk is affected by variousfactors such as the maturities of the liabilities, the extent of reliance of secured sources of

funding, the terms of financing, and the breadth of funding sources, including the ability to

access public market such as commercial paper market. Funding can also be achieved through

cash or cash equivalents, buying power, and available credit lines.

9


10/41

2. Trading-related liquidity risk:Trading-related liquidity risk, often simply called as liquidity risk, is the risk that an

institution will not be able to execute a transaction at the prevailing market price because thereis, temporarily, no appetite for the deal on the other side of the market. If the transaction cannot

be postponed its execution my lead to substantial losses on position. This risk is generally very

hard to quantify. It may reduce an institutions ability to manage and hedge market risk as well

as its capacity to satisfy any shortfall on the funding side through asset liquidation.

Managing the Liquidity Risk in the Banks:

Business risk is managed with a long-term focus. Techniques include the careful

development of business plans and appropriate management oversight. Book-value accounting isgenerally used, so the issue of day-to-day performance is not material. The focus is on achieving

a good return on investment over an extended horizon.

Liquidity risk has to be managed in addition to market, credit and other risks. Because of

its tendency to compound other risks, it is difficult or impossible to isolate liquidity risk. In all

but the most simple of circumstances, comprehensive metrics of liquidity risk don't exist. Certain

techniques of asset-liability management can be applied to assessing liquidity risk. A simple test

for liquidity risk is to look at future net cash flows on a day-by-day basis. Any day that has a

sizeable negative net cash flow is of concern. Such an analysis can be supplemented with stress

testing. Look at net cash flows on a day-to-day basis assuming that an important counterpartydefaults.

Most financial firms including banks use a variety of metrics to monitor the level of

liquidity risk to which they are exposed. The basic approaches may be categorized into three

types: the liquid assets approach, the cash flow approach, and a mixture of the two.

1. Liquid Assets ApproachUnder the liquid assets approach, the firm maintains liquid instruments on its balance

sheet that can be drawn upon when needed. As a variation on this approach, the firm may

maintain a pool of unencumbered assets (usually government securities) that can be used to

obtain secured funding through repurchase agreements and other secured facilities. (The relevant

metrics in this approach are ratios.)

2. Cash Flow Matching Approach

10

Under the cash flow matching approach, the firm attempts to match cash outflows against

contractual cash inflows across a variety of near-term maturity buckets.


11/41

3. Mixed ApproachThe mixed approach combines elements of the cash flow matching approach and the liquid assets

approach. The firm attempts to match cash outflows in each time bucket against a combination ofcontractual cash inflows plus inflows that can be generated through the sale of assets, repurchase

agreement or other secured borrowing. Assets that are most liquid are typically counted in the

earliest time buckets, while less liquid assets are counted in later time buckets.

11


12/41

MARKET RISK

Market risk consumes about nearly 25% of the risk capital in the bank. It is rightly said

that to win without risk is to triumph without glory.

Market Risk may be defined as the possibility of loss to a bank caused by changes in the

market variables. The Bank for International Settlements (BIS) defines market risk as the risk

that the value of 'on' or 'off' balance sheet positions will be adversely affected by movements in

equity and interest rate markets, currency exchange rates and commodity prices". Thus, Market

Risk is the risk to the bank's earnings and capital due to changes in the market level of interest

rates or prices of securities, foreign exchange and equities, as well as the volatilities of those

changes.

Besides, it is equally concerned about the bank's ability to meet its obligations as and

when they fall due. In other words, it should be ensured that the bank is not exposed to Liquidity

Risk. Thus, focus on the management of Liquidity Risk and Market Risk, further categorized

into interest rate risk, foreign exchange risk, commodity price risk and equity price risk. An

effective market risk management framework in a bank comprises risk identification, setting up

of limits and triggers, risk monitoring, models of analysis that value positions or measure market

risk, risk reporting, etc.

It is a risk of adverse deviation of the mark to market value of trading portfolio due to the

market movements during the period required to liquidate the transactions. It is also referred toas Price Risk. It occurs when the assets are sold before their stated maturities. Price Risk is

closely associated to the trading book, which is created for making profit out of short term

movements in the interest rates.

Market risk is managed with a short-term focus. Long-term losses are avoided by

avoiding losses from one day to the next. On a tactical level, traders and portfolio managers

employ a variety of risk metrics duration and convexity, the Greeks, beta, etc.to assess their

exposures. These allow them to identify and reduce any exposures they might consider

excessive. On a more strategic level, organizations manage market risk by applying risk limits to

traders' or portfolio managers' activities. Increasingly, value-at-risk is being used to define andmonitor these limits. Some organizations also apply stress testing to their portfolios.

12


13/41

Benefits of Market Risk

The effective measurement of market risk benefits the banks in the following ways:

1. Efficient allocation of the capital to exploit the different risks or rewards pattern.

2. Better product pricing.

3. There is reduced earnings volatility.

4. There is increase in the shareholders value.

Managing the Market Risk in the Banks:

The measurement of risk has changed over time. It has evolved from the simple

indicators, such as Face value/ Notional amount for an individual security to the latestmethodologies of computing VaR. the quest for better and more accurate measure of market risk

is ongoing; each new market turmoil reveals the limitations of even the most sophisticated

measure of market risk. There are various methods of measuring the market risks:

1. The Notional Amount Approach:Until recently, trading desks in major banks were allocated economic capital by reference to

notional amount. The notional approach measures risk as the notional, or nominal, amount of a

security, or the sum of the notional values of the holdings for a portfolio.

This method is flawed since it does not:

Differentiate between short and long positions. Reflect price volatility and correlation between prices.

Moreover, in the case of derivative positions in the over the counter market, there are

often very large discrepancies between true amount of market exposure, which is often small,

and the notional amount which may be huge. For example, two call options on the same

underlying instrument with the same notional value and same maturity, with one option being in

the money and the other one out-of-the-money, have very different market values and risk

exposures.

13

2. Value At Risk (VaR):Value at risk can be defined as the worst loss that might be expected from holding a security

or portfolio over a given period of time (say a single day, 10 days for the purpose of regulatory

capital reporting), given a specified level of probability (known as the confidence level)


14/41

14

Value at risk is a measure of market risk, which measures the maximum loss in the market

value of the portfolio with a given confidence. VaR is denominated in the units of currency or as

a percentage of the portfolio holdings.

For example, if we say that a position has a daily VaR of Rs. 10 million at the 99%

confidence level, we mean that the realized daily losses from the position will, on average, behigher than Rs. 10 million on only one day every 100 trading days (i.e., two to three days each

year).VaR offers probability statement about the potential change in the value of a portfolio

resulting from a change in the market factors, over a specified period of time.

For e.g. a set of portfolio having current value of say Rs.100000 can be described to have a

daily value at risk of Rs.5000 at 99% confidence level, which means there is 1/100 th chance of

loss exceeding Rs.5000 considering there are no shifts in the underlying factors.

It is thus a probability of the occurrence and hence it is a statistical measure of the risk

exposure.


15/41

CREDIT RISK

Credit risk is the oldest and biggest risk that a bank, by virtue of its very nature of

business, inherits. This has, however, acquired a greater significance in the recent past for

various reasons. Foremost among them is the wind of economic liberalization that is blowing

across the globe. India is no exception to this swing towards market-driven economy. Better

credit portfolio diversification enhances the prospects of the reduced concentration credit risk as

empirically evidenced by direct relationship between concentration credit risk profile and NPAs

of public sector banks.

Bank optimizes utilization of deposits by deploying funds for developmental activities

and productive purposes through credit creation process. Deposit mobilization & Credit

deployment constitute the core of banking activities and substantial portion of expenditure and

income are associated with them. In the case of deposits, baring few stray instances of

operational risks linked to the system and human failure culminating in fraud, forgeries & loss,

there may not be anything very alarming. But credit portfolio is the real dynamic activity that

requires close monitoring and continuous management.

Credit risk is defined as the possibility that a borrower or counterparty will fail tomeet its obligations in accordance with agreed terms. Credit risk, therefore, arises from the

banks' dealings with or lending to a corporate, individual, another bank, financial institution or a

country.

Credit risk may take various forms, such as:

In the case of direct lending, that funds will not be repaid; In the case of guarantees or letters of credit, that funds will not be forthcoming from the

customer upon crystallization of the liability under the contract;

In the case of treasury products, that the payment or series of payments due from thecounterparty under the respective contracts is not forthcoming or ceases;

15

In the case of securities trading businesses, that settlement will not be effected;


16/41

In the case of cross-border exposure, that the availability and free transfer of currency isrestricted or ceases.

COMPONENTS OF CREDIT RISK MANAGEMENT

Credit risk management framework broadly categorized into following main components.

a) Board and senior Managements Oversight

b) Organizational structure

c) Systems and procedures for identification, acceptance, measurement, monitoring and control

risks.

A) Board And Senior Managements OversightIt is the overall responsibility of banks Board to approve banks credit risk strategy and

significant policies relating to credit risk and its management which should be based on the

banks overall business strategy. To keep it current, the overall strategy has to be reviewed by the

board, preferably annually.

The responsibilities of the Board with regard to credit risk management include:

1. Delineate banks overall risk tolerance in relation to credit risk.2. Ensure that banks overall credit risk exposure is maintained at prudent levels and consistent

with the available capital

3. Ensure that top management as well as individuals responsible for credit4. risk management possess sound expertise and knowledge to accomplish the risk management

function

5. Ensure that the bank implements sound fundamental principles that facilitate theidentification, measurement, monitoring and control of credit risk.

6. Ensure that appropriate plans and procedures for credit risk management are in place.The senior management of the bank should develop and establish credit policies and credit

administration procedures as a part of overall credit risk management framework and get those

approved from board. Such policies and procedures shall provide guidance to the staff on various

types of lending including corporate, SME, consumer, agriculture, etc.

16


17/41

At minimum the policy should include,

1. Detailed and formalized credit evaluation/ appraisal process.2. Credit approval authority at various hierarchy levels including authority for approving

exceptions.

3. Risk identification, measurement, monitoring and control4. Risk acceptance criteria5. Credit origination and credit administration and loan documentation procedures6. Roles and responsibilities of units/staff involved in origination and management of credit.

B) Organizational Structure

To maintain banks overall credit risk exposure within the parameters set by the board ofdirectors, the importance of a sound risk management structure is second to none. While the

banks may choose different structures, it is important that such structure should be

commensurate with institutions size, complexity and diversification of its activities. It must

facilitate effective management oversight and proper execution of credit risk management and

control processes.

Each bank, depending upon its size, should constitute a Credit Risk Management

Committee (CRMC), ideally comprising of head of credit risk management Department, credit

department and treasury. This committee reporting to banks risk management committee should

be empowered to oversee credit risk taking activities and overall credit risk management

function.

Functions of CRMD:

To follow a holistic approach in management of risks inherent in banks portfolio and Ensure the risks remain within the boundaries established by the Board or Credit Risk

Management Committee.

The department also ensures that business lines comply with risk parameters and

17

Prudential limits established by the Board or CRMC.


18/41

Establish systems and procedures relating to risk identification, Management InformationSystem, monitoring of loan / investment portfolio quality and early warning. The department

would work out remedial measure when deficiencies/problems are identified.

C) Systems And ProceduresBanks must operate within a sound and well-defined criteria for new credits as well as the

expansion of existing credits. Credits should be extended within the target markets and lending

strategy of the institution. Before allowing a credit facility, the bank must make an assessment of

risk profile of the customer/transaction. This may include:

Credit assessment of the borrowers industry, and macro economic factors.

The purpose of credit and source of repayment. The track record / repayment history of borrower. Assess/evaluate the repayment capacity of the borrower. The Proposed terms and conditions and covenants. Adequacy and enforceability of collaterals. Approval from appropriate authority

Limit setting

An important element of credit risk management is to establish exposure limits for single

obligors and group of connected obligors. Institutions are expected to develop their own limit

structure while remaining within the exposure limits set by RBI. The size of the limits should be

based on the credit strength of the obligor, genuine requirement of credit, economic conditions

and the institutions risk tolerance. Appropriate limits should be set for respective products and

activities. Institutions may establish limits for a specific industry, economic sector or geographic

regions to avoid concentration risk.

Credit limits should be reviewed regularly at least annually or more frequently if

obligors credit quality deteriorates. All requests of increase in credit limits should be

substantiated.

18


19/41

Credit Administration:-

Credit administration unit performs following functions:

1. DocumentationIt is the responsibility of credit administration to ensure completeness of documentation

(loan agreements, guarantees, transfer of title of collaterals etc) in accordance with approved

terms and conditions. Outstanding documents should be tracked and followed up to ensure

execution and receipt.

2. Credit DisbursementThe credit administration function should ensure that the loan application has proper

approval before entering facility limits into computer systems. Disbursement should be

effected only after completion of covenants, and receipt of collateral holdings. In case of

exceptions necessary approval should be obtained from competent authorities.

3. Risk Rating ModelSet up comprehensive risk scoring system on a six to nine point scale. Clearly define

rating thresholds and review the ratings periodically preferably at half yearly intervals.

Rating migration is to be mapped to estimate the expected loss.

4. Credit monitoringAfter the loan is approved and draw down allowed, the loan should be continuously

watched over. These include keeping track of borrowers compliance with credit terms,

identifying early signs of irregularity, conducting periodic valuation of collateral and

monitoring timely repayments.

5. Loan RepaymentThe obligors should be communicated ahead of time as and when the principal/markup

installment becomes due. Any exceptions such as non-payment or late payment should be

tagged and communicated to the management. Proper records and updates should also be

made after receipt.

19

6. Maintenance of Credit FilesInstitutions should devise procedural guidelines and standards for maintenance of credit

files. The credit files not only include all correspondence with the borrower but should also

contain sufficient information necessary to assess financial health of the borrower and its

repayment performance.


20/41

7. Collateral and Security DocumentsInstitutions should ensure that all security documents are kept in a fireproof safe under

dual control. Registers for documents should be maintained to keep track of their movement.

Procedures should also be established to track and review relevant insurance coverage for

certain facilities/collateral. Physical checks on security documents should be conducted on a

regular basis.

Measuring Credit RiskThe measurement of credit risk is of vital importance in credit risk management. A number

of qualitative and quantitative techniques to measure risk inherent in credit portfolio are

evolving. To start with, banks should establish a credit risk rating framework across all type ofcredit activities. Among other things, the rating framework may, incorporate:

Business Risk1. Industry Characteristics2. Competitive Position (e.g. marketing/technological edge)3. Management

Financial Risk1. Financial condition2. Profitability3. Capital Structure4. Present and future Cash flows

Types of Credit Rating

Credit rating can be classified as:

1. External credit rating.2. Internal credit rating

20

1. External Credit Rating:A credit rating is not, in general, an investment recommendation concerning a given

security. In the words of S&P, A credit rating is S&P's opinion of the general creditworthiness

of an obligor, or the creditworthiness of an obligor with respect to a particular debt security or

other financial obligation, based on relevant risk factors. In Moody's words, a rating is, an


21/41

opinion on the future ability and legal obligation of an issuer to make timely payments of

principal and interest on a specific fixed-income security.

Since S&P and Moody's are considered to have expertise in credit rating and are regarded

as unbiased evaluators, there ratings are widely accepted by market participants and regulatory

agencies. Financial institutions, when required to hold investment grade bonds by their regulators

use the rating of credit agencies such as S&P and Moody's to determine which bonds are of

investment grade.

The rating process includes quantitative, qualitative, and legal analyses, quantitative

analyses. The quantitative analysis is mainly financial analysis and is based on the firms

financial reports. The qualitative analysis is concerned with the quality of management, and

includes a through review of the firms competitiveness within its industry as well as the

expected growth of the industry and its vulnerability to technological changes, regulatory

changes, and labor relations.

Internal Credit Rating:

21

A typical risk rating system (RRS) will assign both an obligor rating to each borrower (or

group of borrowers), and a facility rating to each available facility. A risk rating (RR) is designed

to depict the risk of loss in a credit facility. A robust RRS should offer a carefully designed,

structured, and documented series of steps for the assessment of each rating.


22/41

Risk Rating Models

SShhoorrtt tteerrmm rraattiinnggss RRiisskk wweeiigghhttss

CCAARREE CCRRIISSIILL FFIITTCCHH IICCRRAA

PPRR11++ PP11++ FF11++ AA11++ 2200%%

PPRR11 PP11 FF11 AA11 3300%%

PPRR22 PP22 FF22 AA22 5500%%

PPRR33 PP33 FF33 AA33 110000%%

PPRR44//PPRR55 PP44//PP55 BB//CC//DD AARR//AA55 115500%%

UUNNRRAATTEEDD UUNNRRAATTEEDD UUNNRRAATTEEDD UUNNRRAATTEEDD 110000%%

Under the New Basel II Accord, assessment of Credit Risk can be carried out in any of the

three approaches viz.

1. Standardized Approach2. Foundation Internal Rating Based Approach and3. Advanced Internal Rating Based Approach.

At present, banks in India in general and PSU banks in particular, are ready to migrate to Basel II

only at a conceptual and academic level.

1. Standardized Approach

22

Banks may use external credit ratings by institutions recognized for the purpose by the

central bank for determining the risk weight. Exposure on sovereigns and their central banks

could vary from zero percent to 150 percent depending on credit assessment from AAA to

below B- . Similarly, exposure on public sector entities, multilateral development banks, other

banks, securities firms and corporates also may have risk weights from 20 percent to 150

percent. Exposure on retail portfolio may carry risk weight of 75 percent. While Basel II

stipulates minimum capital requirement of 8 percent on risk weighted assets, India has prescribed


23/41

9 percent. Under Basel II exposure on a corporate with AAA rating will have a risk weight of

only 20 percent. This implies that for Rs. 100 crore exposure on a AAA rated corporate the

capital adequacy will be only Rs.1.8 crore (100 x 20% x 9%) compared to the earlier requirement

of Rs. 9 crore. However, claims on a corporate with below BB- rating will carry a risk weight of

150 percent and the capital requirement will be Rs.13.50 crore (100 x 150% x 9%). Thus, a bank

with a credit portfolio with superior rating may be able to save capital while banks having lower

rated credit exposure will have to mobilize more capital.

2. Internal Ratings Based (IRB) Approach: Foundation and Advanced Approach.Banks, which have developed reliable Management Information System (MIS) and have

received the approval of the central bank, can use the IRB approach to measure credit risk on

their own. The bank should have reliable data on Probability of Default (PD), Loss Given

Default (LGD), Exposure at Default (EAD) and effective maturity (M) to make use of IRB

approach.

Example of Union Bank of India:-

23

In UBI, a business receiving Credit Rating above level 6 are not considered good from

point of investment and thus are avoided.


24/41

24

Rating Score Revised w.e.f. 01.04.09

Working capital Term loan

CR-1 >90 BPLR BPLR+ 0.25%

CR-2 86-90 BPLR+ 0.25% BPLR+ 0.75%

CR-3 81-85 BPLR+ 0.75% BPLR+ 1.25%

CR-4 76-80 BPLR+ 1.00% BPLR+ 1.75%

CR-5 71-75 BPLR+ 1.25% BPLR+ 2.25%

CR-6 61-70 BPLR+ 1.75% BPLR+ 2.75%

CR-7 51-60 BPLR+ 3.50% BPLR+ 3.50%

CR-8 50 & below BPLR+ 3.50% BPLR+ 3.50%


25/41

INTEREST RATE RISK

Interest rate risk arises when there is a mismatch between positions, which are subject

to interest rate adjustment within a specified period. The banks lending, funding and investment

activities give rise to interest rate risk. The immediate impact of variation in interest rate is on

banks net interest income, while a long term impact is on banks net worth since the economic

value of banks assets, liabilities and off-balance sheet exposures are affected.

Consequently there are two common perspectives for the assessment of interest rate risk

1. Earning perspective:In earning perspective, the focus of analysis is the impact of variation in interest rates on

accrual or reported earnings. This is a traditional approach to interest rate risk assessment and

obtained by measuring the changes in the Net Interest Income (NII) or Net Interest Margin

(NIM) i.e. the difference between the total interest income and the total interest expense.

2. Economic Value perspective:Economic Value perspective involves analyzing the expected cash inflows on assets minus

expected cash out flows on liabilities plus the net cash flows on off-balance sheet items. The

economic value perspective identifies risk arising from long-term interest rate gaps.

Objective of Interest Rate Risk Management

1. To maintain earnings2. Improve the capability,3. Ability to absorb potential loss4. To ensure the adequacy of the compensation received for the risk taken and effect risk return

trade-off.

25

In order to manage interest rate risk, banks should begin evaluating the vulnerability of their

portfolios to the risk of fluctuations in market interest rates. One such measure is Duration of

market value of a bank asset or liabilities to a percentage change in the market interest rate. The


26/41

difference between the average duration for bank assets and the average duration for bank

liabilities is known as the duration gap which assesses the banks exposure to interest rate risk.

The Asset Liability Committee (ALCO) of a bank uses the information contained in the duration

gap analysis to guide and frame strategies. By reducing the size of the duration gap, banks can

minimize the interest rate risk.

SOURCES OF INTEREST RATE RISKS:

Interest rate risk occurs due to,

1. Differences between the timing of rate changes and the timing of cash flows(re-pricingrisk);

2.

Changing rate relationships among different yield curves effecting bank activities(basisrisk);

3. changing rate relationships across the range of maturities (yield curve risk);4. Interest-related options embedded in bank products (options risk).Types of Interest Rate Risks

1. Gap/Mismatch risk:It arises from holding assets and liabilities and off balance sheet items with different

principal amounts, maturity dates & re-pricing dates thereby creating exposure to unexpected

changes in the level of market interest rates.

2. Basis Risk:It is the risk that the Interest rat of different Assets/liabilities and off balance items may

change in different magnitude. The degree of basis risk is fairly high in respect of banks that

create composite assets out of composite liabilities.

3. Embedded option Risk:Option of pre-payment of loan and Fore- closure of deposits before their stated maturities

constitute embedded option risk,

4. Yield curve risk:Movement in yield curve and the impact of that on portfolio values and income.

26

5. Reprice risk:When assets are sold before maturities.


27/41

6. Reinvestment risk:Uncertainty with regard to interest rate at which the future cash flows could be reinvested.

7. Net interest position risk:When banks have more earning assets than paying liabilities, net interest position risk arises in

case market interest rates adjust downwards. There are different techniques such a

a) the traditional Maturity Gap Analysis to measure the interest rate sensitivity,

b) Duration Gap Analysis to measure interest rate sensitivity of capital,

c) Simulation and

d) Value at Risk for measurement of interest rate risk.

Interest Rate Risk Management

While rising interest rates make banks vulnerable to treasury losses, banks in India have a

number of lines of defense. First, banks have, in recent years, realized substantial profits from

their holdings of government securities, thanks to the soft interest rate environment. Banks are

required to follow conservative accounting practices in respect of unrealized capital gains on

their investment portfolio and have constituted latent reserves. Moreover, banks in India have

been encouraged to build up investment fluctuation reserves as a cushion gainst interest rate

risk. Finally, banks can adjust their behavior to offset treasury losses by adequately managing

their asset-liability mismatch.

Banks manage interest rate risk through a number of measures. Banks could

(i) Reduce the duration of their assets by selling long-dated government securities;(ii) Reduce their holdings of government securities and increase their loan books by building

on the recent high growth in consumer credit and infrastructure;

(iii) Increase the contribution of fee-based income to operating income.

27


28/41

REPUTATION RISK

Reputation risk is arising from negative public opinion. This risk may be exposed the

financial loss or a decline in a customer based or decline in the reputation of business.

Reputation risk is the risk to earning or capital arising from negative public opinion of the

bank. Negative public opinion can arise from poor service, failure to serve the credit needs of

their communities or for other reasons. This affects the institutions ability to establish new

relationships or services or continue servicing existing relationships.

The Bank manages reputation risk with the aimto bring potential losses down, preserve

and maintain the Banks reputation among customers, counteragents, shareholders, participantsof the financial market, state governmental authorities, local self-government, the Bank unions

(association), self-governed organizations, in which the Bank participates.

Aggregate Level of Reputation Risk Indicators:

The following indicators should be used when assessing the aggregate level of reputation.

Low1. Management anticipates and responds well to changes of a market or regulatory nature that

impact its reputation in the marketplace.

2. Management fosters a sound culture that is well supported throughout the organization andhas proven very effective over time.

3. The Bank effectively self-policies risks.4. Internal control and audit are fully effective5. Franchise value is only minimally exposed by reputation risk. Exposure from reputation risk

is expected to remain low in the foreseeable future.

28

6. Losses from fiduciary activities are low relative to the number of accounts, the volume ofassets under Management, and the number of affected transactions. The Bank does not

regularly experience litigation or customer complaints.


29/41

7. Management has a clear awareness of privacy issues and uses customer informationresponsibly.

Moderate1. Management adequately responds to changes of a market or regulatory nature that impact the

institutions reputation in the marketplace.

2. Administration procedures and processes are satisfactory. Management has a good record ofcorrecting problems. Any deficiencies in management information systems are minor.

3. The Bank adequately self-policies risks.4. Internal control and audit are generally effective.5.

The exposure of franchise value from reputation risk is controlled. Exposure is not expectedto increase in the foreseeable future.

6. The Bank has avoided conflicts of interest and other legal or control breaches. The level oflitigation, losses, and customer complaints are manageable and commensurate with the

volume of business conducted.

7. Management understands privacy issues and generally uses customer informationresponsibly.

High1. Management does not anticipate or take timely or appropriate actions in response to changes

of a market or regulatory nature.

2. Weaknesses may be observed in one or more critical operational, administrative, orinvestment activities. Management information at various levels exhibits significant

weaknesses.

3.

The institutions performance in self-policing risk is insufficient.4. Internal control or audit are not effective in reducing exposure. Management has either not

initiated, or has a poor record of, corrective action to address problems.

29

5. Franchise value is substantially exposed by reputation risk shown in significant litigation,large dollar losses, or a high volume of customer complaints. The potential exposure is


30/41

increased by the number of accounts, the volume of assets under Management, or the number

of affected transactions. Exposure is expected to continue in the foreseeable future.

6. Poor administration, conflicts of interest, and other legal or control breaches may be evident.7. Management is not aware and/or concerned with privacy issues and may use customer

information irresponsibly.

The Bank manages reputation risks by

The system of marginal values (limits); The system of authorities and decision-making; The system of reputation risk monitoring; The system of minimization and control

30


31/41

STRATEGIC RISK

Strategic risk is a risk arising from adverse business decisions, improper implementation

of decisions of lack of responsiveness to industry change. Strategic risk is the risk to earnings

or capital arising from making bad business decisions that adversely affect the value of the

bank.

Strategic risk is the risk of losses of the credit organization as a result of mistakes made

(imperfections) in taking decisions. Strategic risk is the risk associated with the financial

institutions future business plans and strategies. This risk category includes plans for entering

new business lines, expanding existing services through mergers and acquisitions, and enhancing

infrastructure (e.g., physical plant and equipment and information technology and networking).

The Bank uses the following methods of strategic risk management:

Business planning; Financial planning; Market analysis; Readjustment of plans.

31


32/41

OPERATIONAL RISK

Operational risk is faced by all organizations in one way or the other. The exposure toOperational risk depends upon the complexity of the Organization. Operational risk would arise

due to deviations from normal and planned functioning of systems, procedures, technology and

human failures of omission and commission. This not only affects the revenue of the

organization but also cost it in terms of opportunities loss that would be otherwise feasible. Basel

Committee has defined 'Operational Risk' as follows

The risk of loss resulting from inadequate or failed internal processes, people and

systems, or from external events".

Need For Operational Risk Management

The criticality of operational risk in the functioning of banks has to be viewed in the

context of changes that has taken place in the banking industry. Since late nineties in India, there

has been a remarkable change in the functioning of banks. Driven by deregulation and need to

become globally competitive, the banks have made tremendous technological advances, brought

in a plethora of new financial products, and are catering to a very large volume of customers on

several platforms.

32

The time tested systems and procedures in traditional banking were developed over

several decades. In the process of perfecting the systems and procedures banks may have faced

operational losses but as the changes were only few and far between, systems had time to

stabilize. For e.g. the computerization of banks which took place slowly in Indian banking

industry. In the present context of fast changing environment and work practices, the time

required to stabilize systems and procedures is not enough. So, as banks respond to the needs of

competition, systems and procedures and human adaptation of the changes create operational

risks inherent in the banking business. Accordingly, this risk needs to be factored in and taken

into account in the banking business. Therefore, proper management of operational risks is an


33/41

imperative. If operational risks are managed well, the rewards are available by way of lesser risk

capital and cost reductions in operations. Both have a favorable impact on competitive edge.

Basic motivation for management of operational risk stems from it.

Types Operational Risk

Operational risk arises from almost all the activities undertaken and consequently it is

everywhere in an Organization. Impact of various forms of operational risk on the organization

may vary in degree i.e., some risks may have more potential of causing damages while some

may have less potential, some may occur more frequently while some may occur less frequently.

As the activities of an organization changes in response to market and competition, new and until

then unknown factors may add to operational risks.

Operational risks vary in their components. Some are high occurrence low value risks,

while some are low occurrence high value risks. Operational risks in the Organization

continuously change especially when an Organization is undergoing changes.

Basel II suggested classification of operational risks based on the 'Causes' and 'Effects'.

That is classifications based on causes that are responsible for operational risks or classifications

based on effects of risks were suggested. Classifications based on 'Causes' and 'Effects' are listed

below.

1. CAUSE BASED People oriented causes: negligence, incompetence, insufficient training, integrity, key man. Process oriented (Transaction based) causes: business volume fluctuation, organizational

complexity, product complexity, and major changes.

Process oriented (Operational control based) causes: inadequate segregation of duties,lack of management supervision, inadequate procedures.

Technology oriented causes: poor technology and telecom, obsolete applications, lack ofautomation, information system complexity, poor design, development and testing.

33

External causes: natural disasters, operational failures of a third party, deteriorated socialor political context.


34/41


35/41

Damage to physical assetsLosses arising from loss or damage to physical assets from natural disasters or other events.

Business disruption and system failuresLosses arising from disruption of business or system failures

Execution, delivery and process managementLosses from failed transaction processing or process management, from relations with trade

counterparties and vendors

OPERATIONAL RISK MANAGEMENT (ORM) PRACTICES

Basel II document provides guidelines for operational risk management practices. These

are called 'Sound Practices for the Management of Operational Risks'. Out of 10 first 7 are

relevant at the organization level. Out of remaining three, two are relevant to

regulators/supervisors and one related to disclosure requirements have not been reproduced.

Principle 1

Board of directors' should be aware of the major aspects of bank's operational risk as a distinct

risk category that should be managed, and it should approve and periodically review the bank's

ORM (Operational Risk Management) framework. The framework should provide a firm wide

definition of operational risk and lay down the principles of how operational risk is to be

identified, assessed, monitored, and controlled/ mitigated.

Principle 2

The Board of Directors should ensure that the ORM framework is subject to effective and

comprehensive internal audit by operationally independent and competent staff. The internal

audit function should not be directly responsible for operational risk management.

Principle 3

35

Senior management should have responsibility for implementing ORM framework approved by

board of directors. The framework should be consistently implemented throughout the whole


36/41

banking organization, and all levels of staff should understand their responsibilities with respect

to ORM. Senior management should also have responsibility for developing policies, processes

and procedures for managing operational risk in all of the bank's material products, processes

and systems.

Principle 4

Banks should identify and assess OR inherent in all material products, activities, processes and

systems. Banks should also ensure that before new products, activities, processes and systems are

introduced or undertaken, the operational risk inherent in them is subject to adequate assessment

procedures.

Principle 5

Banks should implement a process to regularly monitor operational risk profiles and material

exposures to losses. There should be regular reporting of pertinent information to senior

management and the board of directors that supports the proactive management of operational

risk.

Principle 6

Banks should have Policies, processes and procedures to control/mitigate material operational

risks. Banks should periodically review their risk limitation and control strategies and should

adjust their operational risk profile accordingly using appropriate strategies, in light of their

overall risk appetite and profile.

Principle 7

Banks should have in place contingency and business continuity plans to ensure their ability to

operate on an ongoing basis and limit losses in the event of severe business disruption.

Principle 8

36

Banking supervisors should require that all banks, regardless of size, have an effective

framework in place to identify, assess, monitor and control or mitigate material operational risks

as part of an overall approach to risk management.


37/41

Principle 9

Supervisors should conduct, directly or indirectly, regular independent evaluation of a banks

policies, procedures and practices related to operational risks. Supervisors should ensure that

there are appropriate reporting mechanisms in place which allow them to remain apprised of

developments at banks.

Principle 10

Banks should make sufficient public disclosure to allow market participants to assess their

approach to operational risk management

Operational Risk Management Practices should be based on a well laid out policy duly

approved at the board level that describes the processes involved in controlling operational risks.

It should meet the standards set in terms of the principles mentioned above. In addition, well laid

down procedures in dealing with various products and activities should be in place. The policies

and procedures should also be communicated across the Organization.

The Policy should cover

Operational risk management structure Role and responsibilities Operational risk management processes Operational risk assessment/measurement methodologies

Operational Risk Quantification

The measurement of this risk is most difficult. This is because behavioral pattern of

operational risk does not the statistically normal distribution pattern and that makes it difficult to

estimate the probability of an event resulting in losses. Basel II has recognized this and has

provided options in the measurement of operational risk for this purpose.

1. The Basic Indicator Approach2. The Standardized Approach

37

3. Advanced Measurement Approaches (AMA)


38/41

Of these, basic indicator approach and Standardized approach are based on income

generated. The advance measurement approach is based on operational loss measurement.

1. The Basic Indicator ApproachBanks using the Basic Indicator Approach must hold capital for operational risk. Equal to the

average over the previous three years of a fixed percentage (15%) of positive annual gross

income. Figures for any year in which annual gross income is negative or zero should be

excluded from both the numerator and denominator when calculating the average.

Gross income is defined as net interest income plus net non interest income, gross of any

provisions (e.g. for unpaid interest) , gross of operating expenses, including fees paid to

outsourcing service providers, exclude realized profits/ losses from the sale of securities in the

banking book; and exclude extraordinary or irregular items as well as income derived from

insurance.

2. The Standardized ApproachIn the Standardized Approach, banks' activities are divided into eight business lines:

commercial banking, Corporate finance, trading and sales, retail banking, payment and

settlement, agency services, asset management, and retail brokerage.

Within each business line, gross income is a broad indicator that serves as a proxy for the

scale of business operations and thus the likely scale of operational risk exposure within each of

these business lines. The capital charge for each business line is calculated by multiplying gross

income by a factor (denoted beta) assigned to that business line (Beta Factors).

38

Business Lines Beta Factors

corporate finance 18%

Trading and sales 18%

Retail banking 12%

Commercial banking 15%

Payment and settlement 18%

Agency services 15%


39/41

Business Lines Beta Factors

Asset management 12%

Retail brokerage 12%

3. Advanced Measurement Approaches (AMA)Under the AMA, the regulatory capital requirement will equal the risk measure generated by

the bank's internal operational risk measurement system using the quantitative and qualitative

criteria for the AMA discussed below. Use of the AMA is subject to supervisory approval.

A Generic Measurement Approach

The first step in measurement approach is operation profiling. The steps involved OP Profiling

is:

Identification and quantification of operational risks in terms of its components Prioritization of operational risks and identification of risk concentrations hot spots

resulting in lower exposure.

Formulation of bank's strategy for operational risk management and risk based auditEstimated level of operational risk depends on

Estimated probability of occurrence Estimated potential financial impact Estimated impact of internal controlsEstimated Probability of Occurrence

This will be based on historical frequency of occurrence and estimated likelihood of future

occurrence. Probability is mapped on a scale of 5 say where

1. implies negligible risk2. implies low risk3. implies medium risk4. implies high risk

39

5. implies very high risk


40/41

Estimated Potential Financial Impact

This will be based on severity of historical impact and estimated severity of impact from

unforeseen events. Probability is mapped on a scale of 5 as mentioned above.

Estimated Impact of Internal Controls

This will be based on historical effectiveness of internal controls and estimated impact of internal

controls on risks. This is estimated as fraction in relation to total control, which is valued at

100%.

Estimated level of operational risk = Estimated probability of occurrence x Estimated potential

financial impact x Estimated impact of internal controls

In case of a hypothetical example where Probability of occurrence = 2 (Medium)

40

Potential financial impact = 4 (very high) impact of internal controls = 50% Estimated level of

operational risk = [( 2 x 4 x (1 0.501 ^ 0.5 = 2.0 or 'Low'


41/41

CONCLUSION

In the todays fierce competitive world, each sector in the industry is undergoing

revolution every now and then. Banking Sector is no exception to it. But with it comes great

uncertainty of events making banks vulnerable in the market. Thus for all banks risk

management becomes necessary to stay in the competition. Risk management allows banks to

access the actual as well as potential dangers. The banks have become more conscious about risk

management as negligence may not only cost bank loosing its profit but also it may wipe out the

presence of the bank. Although some risks can not be avoided but they can be managed properly

so as to cause less damage, whereas others can be avoided completely.

Date post:	08-Apr-2018
Category:	Documents
Upload:	alpesh-patel
View:	218 times
Download:	0 times