Date post: | 06-Apr-2018 |
Category: |
Documents |
Upload: | goutham-raj |
View: | 219 times |
Download: | 0 times |
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 1/64
Risk Management in Banking Sector.
Introduction.
The significant transformation of the banking industry in India is clearly
evident from the changes that have occurred in the financial markets, institutions
and products. While deregulation has opened up new vistas for banks to
argument revenues, it has entailed greater competition and consequently greater
risks. Cross- border flows and entry of new products, particularly derivative
instruments, have impacted significantly on the domestic banking sector forcing
banks to adjust the product mix, as also to effect rapid changes in their processes
and operations in order to remain competitive to the globalized environment.
These developments have facilitated greater choice for consumers, who have
become more discerning and demanding compelling banks to offer a broader
range of products through diverse distribution channels. The traditional face of
banks as mere financial intermediaries has since altered and risk management
has emerged as their defining attribute.
Currently, the most important factor shaping the world is globalization. The
benefits of globalization have been well documented and are being increasingly
recognized. Integration of domestic markets with international financial markets
has been facilitated by tremendous advancement in information and
communications technology. But, such an environment has also meant that a
problem in one country can sometimes adversely impact one or more countries
instantaneously, even if they are fundamentally strong.
There is a growing realisation that the ability of countries to conduct
business across national borders and the ability to cope with the possible
downside risks would depend, interalia, on the soundness of the financial system.This has consequently meant the adoption of a strong and transparent,
prudential, regulatory, supervisory, technological and institutional framework in
the financial sector on par with international best practices. All this necessitates a
transformation: a transformation in the mindset, a transformation in the business
processes and finally, a transformation in knowledge management. This process
1
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 2/64
Risk Management in Banking Sector.
is not a one shot affair; it needs to be appropriately phased in the least disruptive
manner.
The banking and financial crises in recent years in emerging economieshave demonstrated that, when things go wrong with the financial system, they can
result in a severe economic downturn. Furthermore, banking crises often impose
substantial costs on the exchequer, the incidence of which is ultimately borne by
the taxpayer. The World Bank Annual Report (2002) has observed that the loss of
US $1 trillion in banking crisis in the 1980s and 1990s is equal to the total flow of
official development assistance to developing countries from 1950s to the present
date. As a consequence, the focus of financial market reform in many emerging
economies has been towards increasing efficiency while at the same time
ensuring stability in financial markets.
From this perspective, financial sector reforms are essential in order to
avoid such costs. It is, therefore, not surprising that financial market reform is at
the forefront of public policy debate in recent years. The crucial role of sound
financial markets in promoting rapid economic growth and ensuring financial
stability. Financial sector reform, through the development of an efficient financialsystem, is thus perceived as a key element in raising countries out of their 'low
level equilibrium trap'. As the World Bank Annual Report (2002) observes, ‘ a
robust financial system is a precondition for a sound investment climate, growth
and the reduction of poverty ’.
Financial sector reforms were initiated in India a decade ago with a view to
improving efficiency in the process of financial intermediation, enhancing the
effectiveness in the conduct of monetary policy and creating conditions for
integration of the domestic financial sector with the global system. The first phase
of reforms was guided by the recommendations of Narasimham Committee.
• The approach was to ensure that ‘the financial services industry operates
on the basis of operational flexibility and functional autonomy with a view to
2
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 3/64
Risk Management in Banking Sector.
enhancing efficiency, productivity and profitability'.
• The second phase, guided by Narasimham Committee II, focused on
strengthening the foundations of the banking system and bringing about
structural improvements. Further intensive discussions are held on
important issues related to corporate governance, reform of the capital
structure, (in the context of Basel II norms), retail banking, risk
management technology, and human resources development, among
others.
Since 1992, significant changes have been introduced in the Indian
financial system. These changes have infused an element of competition in the
financial system, marking the gradual end of financial repression characterized by
price and non-price controls in the process of financial intermediation. While
financial markets have been fairly developed, there still remains a large extent of
segmentation of markets and non-level playing field among participants, which
contribute to volatility in asset prices. This volatility is exacerbated by the lack of
liquidity in the secondary markets. The purpose of this paper is to highlight the
need for the regulator and market participants to recognize the risks in the
financial system, the products available to hedge risks and the instruments,
including derivatives that are required to be developed/introduced in the Indian
system.
The financial sector serves the economic function of intermediation by
ensuring efficient allocation of resources in the economy. Financial intermediation
is enabled through a four-pronged transformation mechanism consisting of
liability-asset transformation, size transformation, maturity transformation and risk
transformation.
Risk is inherent in the very act of transformation. However, prior to reform
of 1991-92, banks were not exposed to diverse financial risks mainly because
interest rates were regulated, financial asset prices moved within a narrow band
3
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 4/64
Risk Management in Banking Sector.
and the roles of different categories of intermediaries were clearly defined. Credit
risk was the major risk for which banks adopted certain appraisal standards.
Several structural changes have taken place in the financial sector since1992. The operating environment has undergone a vast change bringing to fore
the critical importance of managing a whole range of financial risks. The key
elements of this transformation process have been
1. The deregulation of coupon rate on Government securities.
2. Substantial liberalization of bank deposit and lending rates.
3. A gradual trend towards disintermediation in the financial system in the
wake of increased access of corporates to capital markets.
4. Blurring of distinction between activities of financial institutions.
5. Greater integration among the various segments of financial markets and
their increased order of globalisation, diversification of ownership of public
sector banks.
6. Emergence of new private sector banks and other financial institutions,
and,
7. The rapid advancement of technology in the financial system.
Definition of Risk?
4
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 5/64
Risk Management in Banking Sector.
What is Risk?
"What is risk?" And what is a pragmatic definition of risk? Risk means
different things to different people. For some it is "financial (exchange rate,
interest-call money rates), mergers of competitors globally to form more powerful
entities and not leveraging IT optimally" and for someone else "an event or
commitment which has the potential to generate commercial liability or damage
to the brand image". Since risk is accepted in business as a trade off between
reward and threat, it does mean that taking risk bring forth benefits as well. In
other words it is necessary to accept risks, if the desire is to reap the anticipated
benefits.
Risk in its pragmatic definition, therefore, includes both threats that can
materialize and opportunities, which can be exploited. This definition of risk is
very pertinent today as the current business environment offers both challenges
and opportunities to organizations, and it is up to an organization to manage
these to their competitive advantage.
What is Risk Management - Does it eliminate risk?
Risk management is a discipline for dealing with the possibility that some
future event will cause harm. It provides strategies, techniques, and an approach
to recognizing and confronting any threat faced by an organization in fulfilling its
mission. Risk management may be as uncomplicated as asking and answering
three basic questions:
1. What can go wrong?
2. What will we do (both to prevent the harm from occurring and in theaftermath of an "incident")?
3. If something happens, how will we pay for it?
Risk management does not aim at risk elimination, but enables the
organization to bring their risks to manageable proportions while not severely
5
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 6/64
Risk Management in Banking Sector.
affecting their income. This balancing act between the risk levels and profits
needs to be well-planned. Apart from bringing the risks to manageable
proportions, they should also ensure that one risk does not get transformed into
any other undesirable risk. This transformation takes place due to the inter-
linkage present among the various risks. The focal point in managing any risk will
be to understand the nature of the transaction in a way to unbundle the risks it is
exposed to.
Risk Management is a more mature subject in the western world. This is
largely a result of lessons from major corporate failures, most telling and visible
being the Barings collapse. In addition, regulatory requirements have been
introduced, which expect organizations to have effective risk management
practices. In India, whilst risk management is still in its infancy, there has been
considerable debate on the need to introduce comprehensive risk management
practices.
Objectives of Risk Management Function
Two distinct viewpoints emerge –
• One which is about managing risks, maximizing profitability and creating
opportunity out of risks• And the other which is about minimising risks/loss and protecting
corporate assets.
The management of an organization needs to consciously decide on
whether they want their risk management function to 'manage' or 'mitigate' Risks.
• Managing risks essentially is about striking the right balance between risks
and controls and taking informed management decisions on opportunities
and threats facing an organization. Both situations, i.e. over or under
controlling risks are highly undesirable as the former means higher costs
and the latter means possible exposure to risk.
• Mitigating or minimising risks, on the other hand, means mitigating all risks
even if the cost of minimising a risk may be excessive and outweighs the
6
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 7/64
Risk Management in Banking Sector.
cost-benefit analysis. Further, it may mean that the opportunities are not
adequately exploited.
In the context of the risk management function, identification and
management of Risk is more prominent for the financial services sector and less
so for consumer products industry. What are the primary objectives of your risk
management function? When specifically asked in a survey conducted, 33% of
respondents stated that their risk management function is indeed expressly
mandated to optimise risk.
Risks in Banking
Risks manifest themselves in many ways and the risks in banking are aresult of many diverse activities, executed from many locations and by numerous
people. As a financial intermediary, banks borrow funds and lend them as a part
of their primary activity. This intermediation activity, of banks exposes them to a
host of risks. The volatility in the operating environment of banks will aggravate
the effect of the various risks. The case discusses the various risks that arise due
to financial intermediation and by highlighting the need for asset-liability
management; it discusses the Gap Model for risk management.
Typology of Risk Exposure
Based on the origin and their nature, risks are classified into various
categories. The most prominent financial risks to which the banks are exposed to
taking into consideration practical issues including the limitations of models and
theories, human factor, existence of frictions such as taxes and transaction cost
and limitations on quality and quantity of information, as well as the cost of
acquiring this information, and more.
7
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 8/64
Risk Management in Banking Sector.
8
FINANCIAL RISKS
MARKET
RISK
LIQUIDITY
RISK
OPERATIONAL
RISK
HUMAN
FACTOR RISK
CREDIT RISK LEGAL &
REGULATORY RISK
FUNDING
LIQUIDITY RISK
TRADING
LIQUIDITY RISK
TRANSACTION
RISK
PORTFOLIO
CONCENTRATION
ISSUE RISK ISSUER RISK COUNTERPARTY
RISK
EQUITY RISK INEREST
RATE RISK
CURRENCY
RISK
COMMODITY
RISK
TRADING
RISK
GAP RISK
GENERAL
MARKET RISK
SPECIFIC
RISK
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 9/64
Risk Management in Banking Sector.
MARKET RISK
Market risk is that risk that changes in financial market prices and rates
will reduce the value of the bank’s positions. Market risk for a fund is often
measured relative to a benchmark index or portfolio, is referred to as a “risk of
tracking error” market risk also includes “basis risk,” a term used in risk
management industry to describe the chance of a breakdown in the relationship
between price of a product, on the one hand, and the price of the instrument
used to hedge that price exposure on the other. The market-Var methodology
attempts to capture multiple component of market such as directional risk,
convexity risk, volatility risk, basis risk, etc.
CREDIT RISK
Credit risk is that risk that a change in the credit quality of a counterparty
will affect the value of a bank’s position. Default, whereby a counterparty is
unwilling or unable to fulfill its contractual obligations, is the extreme case;
however banks are also exposed to the risk that the counterparty might
downgraded by a rating agency.
Credit risk is only an issue when the position is an asset, i.e., when it
exhibits a positive replacement value. In that instance if the counterparty
defaults, the bank either loses all of the market value of the position or, more
commonly, the part of the value that it cannot recover following the credit event.
However, the credit exposure induced by the replacement values of derivative
instruments are dynamic: they can be negative at one point of time, and yet
become positive at a later point in time after market conditions have changed.
Therefore the banks must examine not only the current exposure, measured by
the current replacement value, but also the profile of future exposures up to the
termination of the deal.
LIQUIDITY RISK
Liquidity risk comprises both
• Funding liquidity risk
9
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 10/64
Risk Management in Banking Sector.
• Trading-related liquidity risk.
Funding liquidity risk relates to a financial institution’s ability to raise the
necessary cash to roll over its debt, to meet the cash, margin, and collateral
requirements of counterparties, and (in the case of funds) to satisfy capital
withdrawals. Funding liquidity risk is affected by various factors such as the
maturities of the liabilities, the extent of reliance of secured sources of funding,
the terms of financing, and the breadth of funding sources, including the ability to
access public market such as commercial paper market. Funding can also be
achieved through cash or cash equivalents, “buying power ,” and available credit
lines.
Trading-related liquidity risk, often simply called as liquidity risk, is the risk
that an institution will not be able to execute a transaction at the prevailing
market price because there is, temporarily, no appetite for the deal on the other
side of the market. If the transaction cannot be postponed its execution my lead
to substantial losses on position. This risk is generally very hard to quantify. It
may reduce an institution’s ability to manage and hedge market risk as well as its
capacity to satisfy any shortfall on the funding side through asset liquidation.
OPERATIONAL RISKIt refers to potential losses resulting from inadequate systems,
management failure, faulty control, fraud and human error. Many of the recent
large losses related to derivatives are the direct consequences of operational
failure. Derivative trading is more prone to operational risk than cash transactions
because derivatives are, by heir nature, leveraged transactions. This means that
a trader can make very large commitment on behalf of the bank, and generate
huge exposure in to the future, using only small amount of cash. Very tight
controls are an absolute necessary if the bank is to avoid huge losses.
Operational risk includes” fraud,” for example when a trader or other
employee intentionally falsifies and misrepresents the risk incurred in a
transaction. Technology risk, and principally computer system risk also fall into
the operational risk category.
10
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 11/64
Risk Management in Banking Sector.
LEGAL RISK
Legal risk arises for a whole of variety of reasons. For example,
counterparty might lack the legal or regulatory authority to engage in a
transaction. Legal risks usually only become apparent when counterparty, or an
investor, lose money on a transaction and decided to sue the bank to avoid
meeting its obligations. Another aspect of regulatory risk is the potential impact of
a change in tax law on the market value of a position.
HUMAN FACTOR RISK
Human factor risk is really a special form of operational risk. It relates to
the losses that may result from human errors such as pushing the wrong button
on a computer, inadvertently destroying files, or entering wrong value for the
parameter input of a model.
11
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 12/64
Risk Management in Banking Sector.
Market Risk
What is Market Risk?
Market Risk may be defined as the possibility of loss to a bank caused by
changes in the market variables. The Bank for International Settlements (BIS)
defines market risk as “the risk that the value of 'on' or 'off' balance sheet
positions will be adversely affected by movements in equity and interest rate
markets, currency exchange rates and commodity prices". Thus, Market Risk is
the risk to the bank's earnings and capital due to changes in the market level of
interest rates or prices of securities, foreign exchange and equities, as well as
the volatilities of those changes. Besides, it is equally concerned about the
bank's ability to meet its obligations as and when they fall due. In other words, it
should be ensured that the bank is not exposed to Liquidity Risk. Thus, focus on
the management of Liquidity Risk and Market Risk, further categorized into
interest rate risk, foreign exchange risk, commodity price risk and equity price
risk. An effective market risk management framework in a bank comprises risk
identification, setting up of limits and triggers, risk monitoring, models of analysis
that value positions or measure market risk, risk reporting, etc.
Types of market risk
• Interest rate risk:
Interest rate risk is the risk where changes in market interest rates might
adversely affect a bank's financial condition. The immediate impact of changes in
interest rates is on the Net Interest Income (NII). A long term impact of changinginterest rates is on the bank's networth since the economic value of a bank's
assets, liabilities and off-balance sheet positions get affected due to variation in
market interest rates. The interest rate risk when viewed from these two
perspectives is known as 'earnings perspective' and 'economic value'
perspective, respectively.
12
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 13/64
Risk Management in Banking Sector.
Management of interest rate risk aims at capturing the risks arising from
the maturity and repricing mismatches and is measured both from the earnings
and economic value perspective.
Earnings perspective involves analyzing the impact of changes in
interest rates on accrual or reported earnings in the near term. This is
measured by measuring the changes in the Net Interest Income (NII) or
Net Interest Margin (NIM) i.e. the difference between the total interest
income and the total interest expense.
Economic Value perspective involves analyzing the changes of
impact on interest on the expected cash flows on assets minus the
expected cash flows on liabilities plus the net cash flows on off-balance
sheet items. It focuses on the risk to networth arising from all repricing
mismatches and other interest rate sensitive positions. The economic
value perspective identifies risk arising from long-term interest rate gaps.
The management of Interest Rate Risk should be one of the critical
components of market risk management in banks. The regulatory restrictions in
the past had greatly reduced many of the risks in the banking system.Deregulation of interest rates has, however, exposed them to the adverse
impacts of interest rate risk. The Net Interest Income (NII) or Net Interest Margin
(NIM) of banks is dependent on the movements of interest rates. Any
mismatches in the cash flows (fixed assets or liabilities) or repricing dates
(floating assets or liabilities), expose bank's NII or NIM to variations. The earning
of assets and the cost of liabilities are now closely related to market interest rate
volatility
Generally, the approach towards measurement and hedging of IRR varies
with the segmentation of the balance sheet. In a well functioning risk
management system, banks broadly position their balance sheet into Trading
and Banking Books. While the assets in the trading book are held primarily for
13
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 14/64
Risk Management in Banking Sector.
generating profit on short-term differences in prices/yields, the banking book
comprises assets and liabilities, which are contracted basically on account of
relationship or for steady income and statutory obligations and are generally held
till maturity. Thus, while the price risk is the prime concern of banks in trading
book, the earnings or economic value changes are the main focus of banking
book.
• Equity price risk:
The price risk associated with equities also has two components” General
market risk” refers to the sensitivity of an instrument / portfolio value to the
change in the level of broad stock market indices.” Specific / Idiosyncratic” risk
refers to that portion of the stock’s price volatility that is determined bycharacteristics specific to the firm, such as its line of business, the quality of its
management, or a breakdown in its production process. The general market risk
cannot be eliminated through portfolio diversification while specific risk can be
diversified away.
• Foreign exchange risk:
Foreign Exchange Risk maybe defined as the risk that a bank may suffer
losses as a result of adverse exchange rate movements during a period in which
it has an open position, either spot or forward, or a combination of the two, in an
individual foreign currency. The banks are also exposed to interest rate risk,
which arises from the maturity mismatching of foreign currency positions. Even in
cases where spot and forward positions in individual currencies are balanced, the
maturity pattern of forward transactions may produce mismatches. As a result,
banks may suffer losses as a result of changes in premia/discounts of the
currencies concerned.
In the forex business, banks also face the risk of default of the
counterparties or settlement risk. While such type of risk crystallization does not
cause principal loss, banks may have to undertake fresh transactions in the
cash/spot market for replacing the failed transactions. Thus, banks may incur
14
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 15/64
Risk Management in Banking Sector.
replacement cost, which depends upon the currency rate movements. Banks
also face another risk called time-zone risk or Herstatt risk which arises out of
time-lags in settlement of one currency in one center and the settlement of
another currency in another time-zone. The forex transactions with
counterparties from another country also trigger sovereign or country risk (dealt
with in details in the guidance note on credit risk).
The three important issues that need to be addressed in this regard are:
1. Nature and magnitude of exchange risk
2. Exchange managing or hedging for adopted be to strategy>
3. The tools of managing exchange risk
• Commodity price risk:
The price of the commodities differs considerably from its interest rate risk
and foreign exchange risk, since most commodities are traded in the market in
which the concentration of supply can magnify price volatility. Moreover,
fluctuations in the depth of trading in the market (i.e., market liquidity) often
accompany and exacerbate high levels of price volatility. Therefore, commodity
prices generally have higher volatilities and larger price discontinuities.
Measuring Market Risk
The measurement of risk has changed over time. It has evolved from the
simple indicators, such as Face value/ Notional amount for an individual security
to the latest methodologies of computing VaR. the quest for better and more
accurate measure of market risk is ongoing; each new market turmoil reveals the
limitations of even the most sophisticated measure of market risk.
1. The Notional Amount Approach:
Until recently, trading desks in major banks were allocated economic
capital by reference to notional amount. The notional approach measures risk as
the notional, or nominal, amount of a security, or the sum of the notional values
of the holdings for a portfolio.
This method is flawed since it does not:
15
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 16/64
Risk Management in Banking Sector.
1. Differentiate between short and long positions.
2. Reflect price volatility and correlation between prices.
Moreover, in the case of derivative positions in the over the counter
market, there are often very large discrepancies between true amount of market
exposure, which is often small, and the notional amount which may be huge.
For example, two call options on the same underlying instrument with the same
notional value and same maturity, with one option being in the money and the
other one out-of-the-money, have very different market values and risk
exposures.
2. Value At Risk (VaR):
Value at risk can be defined as the worst loss that might be expected
from holding a security or portfolio over a given period of time (say a single day,
10 days for the purpose of regulatory capital reporting), given a specified level of
probability (known as the “confidence level”)
For example, if we say that a position has a daily VaR of Rs. 10 million at
the 99% confidence level, we mean that the realized daily losses from the
position will, on average, be higher than Rs. 10 million on only one day every 100
trading days ( i.e., two to three days each year).VaR offers probability statement
about the potential change in the value of a portfolio resulting from a change in
the market factors, over a specified period of time.
VaR is the answer to the following question:” What is the maximum loss
over a given period of time period such that there is a low probability, say a 1%
probability, that the actual loss over the given period will be larger?”
Note that the VaR measure does not state by how much actual losses will
exceed the VaR figure; it simply states how likely ( or unlikely) it is that the VaR
figure will be exceeded. Most VaR models are designed to measure risk over a
short period of time, such as one day or, in the case of the risk measurements
required by the regulators to report regulatory capital, 10 days. BIS 1998
imposes a confidence level, c, of 99% .however, for the purposes of allocating
internal capital, VaR may be derived at a higher confidence level, say c=99.96%,
which is consistent with an AA rating.
16
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 17/64
Risk Management in Banking Sector.
Calculating VaR involves following steps:
1. Derive the forward distribution of the portfolio, or alternatively returns on
the portfolio, at the chosen horizon, H (of, say, one day or 10 days). The
distribution can be derived directly from historical price distributions
(nonparametric VaR) or the distributions may be assumed to be analytic;
e.g., it is common practice to assume that the prices are log-normally
distributed, or equivalently that returns follow a normal distribution
(parametric VaR).
2. Assuming that the confidence level is 99%, calculate the first percentile of
this distribution; if the confidence level is 99.96%, and then calculate the
4-bp quantile.
The VaR is the maximum loss at the 99% confidence level, measured
relative to the expected value of the portfolio at the target horizon, i.e., VaR is the
distance of the first percentile from the mean of the distribution.
VaR = Expected profit/loss – Worst case loss at 99% confidence level….
(1)
An alternative definition of VaR is that is that it represents the worst case
loss at the 99% confidence level:
VaR’ = Worst case loss at the 99% confidence level…. (2)
VaR’ is also known as “absolute VaR “. Only the first definition of VaR is
consistent with economic capital attribution and RAROC calculations. Indeed, in
VaR the expected profit/loss is already priced in, and accounted for, in the return
calculation. Capital is provided only as a cushion against unexpected losses.
Note that the VaR relates to the economic capital that shareholders should
invest in the firm to limit the probability of default to a given predetermined level,
1-c, while the regulatory capital is the minimum amount of capital imposed by the
regulator. Economic capital differs from regulatory capital because the
confidence level and the time horizon chosen are different. Most of the time,
banks choose a higher confidence level that the 99% set by the regulator to
determine their economic capital. However, the time horizon in economic capital
calculations may vary from one day for very liquid positions, such as a
17
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 18/64
Risk Management in Banking Sector.
Government bond desk, to several weeks for illiquid positions, such as long-
dated OTC derivatives portfolios.
More formally, if
V = the current marked-to-market value of the position.
R = the return over the horizon H
μ = the expected return [μ = E(R)]
R* = the return corresponding to the worst case loss at the c
V* = V (1+ R*)
VaR (H; c) = E (V) – V* = V (1 + μ) – V (μ – R*)
VaR (H; c) = -VR*
The following table describes the three main methodologies to calculate VaR:
Methodology Description Applications
Parametric
Estimates VaR with
equation that specifies
parameters such as
volatility, correlation,
delta, and gamma
Accurate for traditional
assets and linear
derivatives, but less
accurate for non linear
derivatives
Monte Carlo simulation
Estimates VaR by
simulating random
scenarios and revaluing
positions in the portfolio
Appropriate for all types
of instruments, linear and
nonlinear
Historical simulationEstimates Var by reliving
history;
Takes actual historical
rates and revalues
positions for each change
in the market
There are three main approaches to calculating value-at-risk: the
correlation method, also known as
1. The variance/covariance matrix method;
2. Historical simulation
18
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 19/64
Risk Management in Banking Sector.
3. Monte Carlo simulation.
All three methods require a statement of three basic parameters
•
Holding period• Confidence interval and
• The historical time horizon over which the asset prices are observed.
Under the correlation method, the change in the value of the position is
calculated by combining the sensitivity of each component to price changes in
the underlying asset(s), with a variance/covariance matrix of the various
components' volatilities and correlation. It is a deterministic approach.
The historical simulation approach calculates the change in the value of a
position using the actual historical movements of the underlying asset(s), but
starting from the current value of the asset. It does not need a
variance/covariance matrix. The length of the historical period chosen does
impact the results because if the period is too short, it may not capture the full
variety of events and relationships between the various assets and within each
asset class, and if it is too long, may be too stale to predict the future. The
advantage of this method is that it does not require the user to make any explicitassumptions about correlations and the dynamics of the risk factors because the
simulation follows every historical move.
The Monte Carlo simulation method calculates the change in the value of
a portfolio using a sample of randomly generated price scenarios. Here the user
has to make certain assumptions about market structures, correlations between
risk factors and the volatility of these factors. He is essentially imposing his views
and experience as opposed to the naive approach of the historical simulation
method.
At the heart of all three methods is the model. The closer the models fit
economic reality, the more accurate the estimated VAR numbers and therefore
the better they will be at predicting the true VAR of the firm. There is no
19
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 20/64
Risk Management in Banking Sector.
guarantee that the numbers returned by each VAR method will be anywhere near
each other.
Stress Testing
"Stress testing" has been adopted as a generic term describing various
techniques used by banks to gauge their potential vulnerability to exceptional, but
plausible, events. Stress testing addresses the large moves in key market
variables of that kind that lie beyond day to day risk monitoring but that could
potentially occur. The process of stress testing, therefore, involves first identifying
these potential movements, including which market variables to stress, how
much to stress them by, and what time frame to run the stress analysis over.
Once these market movements and underlying assumptions are decided
upon, shocks are applied to the portfolio. Revaluing the portfolios allows one to
see what the effect of a particular market movement has on the value of the
portfolio and the overall Profit and Loss.
Stress test reports can be constructed that summaries the effects of
different shocks of different magnitudes. Normally, then there is some kind of
reporting procedure and follow up with traders and management to determinewhether any action need to be taken in response
• Stress testing and value-at-risk*
Stress tests supplement value-at-risk (VaR). VaR is thought to be a critical
tool for tracking the riskiness of a firm's portfolio on a day-to-day level, and for
assessing the risk-adjusted performance of individual business units. However,
VaR has been found to be of limited use in measuring firms' exposures toextreme market events. This is because, by definition, such events occur too
rarely to be captured by empirically driven statistical models. Furthermore,
observed correlation patterns between various financial prices (and thus the
correlations that would be estimated using data from ordinary times) tend to
change when the price movements themselves are large. Stress tests offer a
20
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 21/64
Risk Management in Banking Sector.
way of measuring and monitoring the portfolio consequences of extreme price
movements of this type.
• Stress Testing Techniques
Stress testing covers many different techniques. The four discussed here
are listed in the Table below along with the information typically referred to as the
"result" of that type of a stress test.
Technique What is the "stress test result"
1. Simple Sensitivity TestChange in portfolio value for one or
more shocks to a single risk factor 2. Scenario Analysis (hypothetical or
historical)
Change in portfolio value if the scenario
were to occur
3. Maximum lossSum of individual trading units' worst-
case scenarios
4. Extreme value theoryProbability distribution of extreme
losses
A simple sensitivity test isolates the short-term impact on a portfolio's
value of a series of predefined moves in a particular market risk factor. For example, if the risk factor were an exchange rate, the shocks might be exchange
rate changes of +/_ 2 percent, 4 percent, 6 percent and 10 percent.
A scenario analysis specifies the shocks that might plausibly affect a
number of market risk factors simultaneously if an extreme, but possible, event
occurs. It seeks to assess the potential consequences for a firm of an extreme,
but possible, state of the world. A scenario analysis can be based on an historical
event or a hypothetical event. Historical scenarios employ shocks that occurred
in specific historical episodes. Hypothetical scenarios use a structure of shocks
thought to be plausible in some foreseeable, but unlikely circumstances for which
there is no exact parallel in recent history. Scenario analysis is currently the
leading stress testing technique.
21
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 22/64
Risk Management in Banking Sector.
A maximum loss approach assesses the riskiness of a business unit's
portfolio by identifying the most potentially damaging combination of moves of
market risk factors. Interviewed risk managers who use such "maximum loss"
approaches find the output of such exercises to be instructive but they tend not to
rely on the results of such exercises in the setting of exposure limits in any
systematic manner, an implicit recognition of the arbitrary character of the
combination of shocks captured by such a measure.
Extreme value theory (EVT) is a means to better capture the risk of loss
in extreme, but possible, circumstances. EVT is the statistical theory on the
behavior of the "tails" (i.e., the very high and low potential values) of probability
distributions. Because it focuses only on the tail of a probability distribution, themethod can be more flexible. For example, it can accommodate skewed and fat-
tailed distributions. A problem with the extreme value approach is adapting it to a
situation where many risk factors drive the underlying return distribution.
Moreover, the usually unstated assumption that extreme events are not
correlated through time is questionable. Despite these drawbacks, EVT is
notable for being the only stress test technique that attempts to attach a
probability to stress test results.
• How should risk managers use stress tests
Stress tests produce information summarizing the firm's exposure to
extreme, but possible, circumstances. The role of risk managers in the bank
should be assembling and summarizing information to enable senior
management to understand the strategic relationship between the firm's risk-
taking (such as the extent and character of financial leverage employed) and risk
appetite. Typically, the results of a small number of stress scenarios should be
computed on a regular basis and monitored over time.
Some of the specific ways stress tests are used to influence decision-
making are to:
1. manage funding risk
22
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 23/64
Risk Management in Banking Sector.
2. provide a check on modeling assumptions
3. set limits for traders
4. determine capital charges on trading desks’ positions
1. Manage funding risk:
Senior managers use stress tests to help them make decisions
regarding funding risk. Managers have come to accept the need to
manage risk exposures in anticipation of unfavorable circumstances. The
significance of such information will vary according to a bank's exposure to
funding or liquidity risk.
2. Provide a check on modeling assumptions:
Scenario analysis is also used to highlight the role of particular
correlation and volatility assumptions in the construction of banks'
portfolios of market risk exposures. In this case, scenario analysis can be
thought of as a means through which banks check on the portfolio's
sensitivity to assumptions about the extent of effective portfolio
diversification.
3. Set limits for traders:
Stress tests are also used to set limits. Simple sensitivity tests may
be used to put hard limits on bank's market risk exposures.4. Determine capital charges on trading desks' positions:
Banks may also initiate capital charges based on hypothetical
losses under certain stress scenarios. The capital charges are deducted
from each business unit's bonus pool. This procedure may be designed to
provide each business unit with an economic incentive to reduce the risk
of extreme losses.
• Limitations of Stress Tests
Stress testing can appear to be a straightforward technique. In practice,
however, stress tests are often neither transparent nor straightforward. They are
based on a large number of practitioner choices as to what risk factors to stress,
how to combine factors stressed, what range of values to consider, and what
time frame to analyze. Even after such choices are made, a risk manager is
23
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 24/64
Risk Management in Banking Sector.
faced with the considerable tasks of sifting through results and identifying what
implications, if any, the stress test results might have for how the firm should
manage its risk-taking activities.
A well-understood limitation of stress testing is that there are no
probabilities attached to the outcomes. Stress tests help answer the question
"How much could be lost?" The lack of probability measures exacerbates the
issue of transparency and the seeming arbitrariness of stress test design.
Systems incompatibilities across business units make frequent stress testing
costly for some firms, reflecting the limited role that stress testing had played in
influencing the firm's prior investments in information technology.
Treatment of Market Risk in the Proposed Basel Capital Accord
The Basle Committee on Banking Supervision (BCBS) had issued
comprehensive guidelines to provide an explicit capital cushion for the price risks
to which banks are exposed, particularly those arising from their trading activities.
The banks have been given flexibility to use in-house models based on VaR for
measuring market risk as an alternative to a standardized measurement
framework suggested by Basle Committee. The internal models should, however,
comply with quantitative and qualitative criteria prescribed by Basle Committee.
Reserve Bank of India has accepted the general framework suggested by
the Basle Committee. RBI has also initiated various steps in moving towards
prescribing capital for market risk. As an initial step, a risk weight of 2.5% has
been prescribed for investments in Government and other approved securities,
besides a risk weight each of 100% on the open position limits in forex and gold.
RBI has also prescribed detailed operating guidelines for Asset-LiabilityManagement System in banks. As the ability of banks to identify and measure
market risk improves, it would be necessary to assign explicit capital charge for
market risk. While the small banks operating predominantly in India could adopt
the standardized methodology, large banks and those banks operating in
24
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 25/64
Risk Management in Banking Sector.
international markets should develop expertise in evolving internal models for
measurement of market risk.
The Basle Committee on Banking Supervision proposes to develop capital
charge for interest rate risk in the banking book as well for banks where the
interest rate risks are significantly above average ('outliers'). The Committee is
now exploring various methodologies for identifying 'outliers' and how best to
apply and calibrate a capital charge for interest rate risk for banks. Once the
Committee finalizes the modalities, it may be necessary, at least for banks
operating in the international markets to comply with the explicit capital charge
requirements for interest rate risk in the banking book. As the valuation norms on
banks' investment portfolio have already been put in place and aligned with theinternational best practices, it is appropriate to adopt the Basel norms on capital
for market risk. In view of this, banks should study the Basel framework on
capital for market risk as envisaged in Amendment to the Capital Accord to
incorporate market risks published in January 1996 by BCBS and prepare
themselves to follow the international practices in this regard at a suitable date to
be announced by RBI.
The Proposed New Capital Adequacy Framework
The Basel Committee on Banking Supervision has released a Second
Consultative Document, which contains refined proposals for the three pillars of
the New Accord - Minimum Capital Requirements, Supervisory Review and
Market Discipline. It may be recalled that the Basel Committee had released in
June 1999 the first Consultative Paper on a New Capital Adequacy Framework
for comments. However, the proposal to provide explicit capital charge for market
risk in the banking book which was included in the Pillar I of the June 1999Document has been shifted to Pillar II in the second Consultative Paper issued in
January 2001. The Committee has also provided a technical paper on evaluation
of interest rate risk management techniques. The Document has defined the
criteria for identifying outlier banks. According to the proposal, a bank may be
defined as an outlier whose economic value declined by more than 20% of the
25
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 26/64
Risk Management in Banking Sector.
sum of Tier 1 and Tier 2 capital as a result of a standardized interest rate shock
(200 bps.)
The second Consultative Paper on the New Capital Adequacy framework
issued in January, 2001 has laid down 13 principles intended to be of general
application for the management of interest rate risk, independent of whether the
positions are part of the trading book or reflect banks' non-trading activities. They
refer to an interest rate risk management process, which includes the
development of a business strategy, the assumption of assets and liabilities in
banking and trading activities, as well as a system of internal controls. In
particular, they address the need for effective interest rate risk measurement,
monitoring and control functions within the interest rate risk managementprocess. The principles are intended to be of general application, based as they
are on practices currently used by many international banks, even though their
specific application will depend to some extent on the complexity and range of
activities undertaken by individual banks. Under the New Basel Capital Accord,
they form minimum standards expected of internationally active banks. The
principles are given in Annexure II.
Credit risk
What is Credit Risk?
Credit risk is defined as the possibility of losses associated with diminution
in the credit quality of borrowers or counterparties. In a bank's portfolio, losses
stem from outright default due to inability or unwillingness of a customer or
counterparty to meet commitments in relation to lending, trading, settlement and
other financial transactions. Alternatively, losses result from reduction in portfolio
26
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 27/64
Risk Management in Banking Sector.
value arising from actual or perceived deterioration in credit quality. Credit risk
emanates from a bank's dealings with an individual, corporate, bank, financial
institution or a sovereign. Credit risk may take the following forms
• In the case of direct lending: principal/and or interest amount may not be
repaid;
• In the case of guarantees or letters of credit: funds may not be
forthcoming from the constituents upon crystallization of the liability;
• In the case of treasury operations: the payment or series of payments due
from the counter parties under the respective contracts may not be
forthcoming or ceases;
•
In the case of securities trading businesses: funds/ securities settlementmay not be effected;
• In the case of cross-border exposure: the availability and free transfer of
foreign currency funds may either cease or the sovereign may impose
restrictions.
Types of Credit Rating
Credit rating can be classified as:
2. External credit rating.
3. Internal credit rating
External credit rating:
A credit rating is not, in general, an investment recommendation
concerning a given security. In the words of S&P,” A credit rating is S&P's
opinion of the general creditworthiness of an obligor, or the creditworthiness of
an obligor with respect to a particular debt security or other financial obligation,
based on relevant risk factors.” In Moody's words, a rating is, “ an opinion on the
future ability and legal obligation of an issuer to make timely payments of
principal and interest on a specific fixed-income security.”
Since S&P and Moody's are considered to have expertise in credit rating
and are regarded as unbiased evaluators, there ratings are widely accepted by
market participants and regulatory agencies. Financial institutions, when required
27
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 28/64
Risk Management in Banking Sector.
to hold investment grade bonds by their regulators use the rating of credit
agencies such as S&P and Moody's to determine which bonds are of investment
grade.
The subject of credit rating might be a company issuing debt obligations.
In the case of such “issuer credit ratings” the rating is an opinion on the obligor’s
overall capacity to meet its financial obligations. The opinion is not specific to any
particular liability of the company, nor does it consider merits of having
guarantors for some of the obligations. In the issuer credit rating categories are
a) Counterparty ratings
b) Corporate credit ratings
c) Sovereign credit ratings
The rating process includes quantitative, qualitative, and legal analyses.
The quantitative analyses. The quantitative analysis is mainly financial analysis
and is based on the firm’s financial reports. The qualitative analysis is concerned
with the quality of management, and includes a through review of the firm’s
competitiveness within its industry as well as the expected growth of the industry
and its vulnerability to technological changes, regulatory changes, and labor
relations.
Internal credit rating:A typical risk rating system (RRS) will assign both an obligor rating to each
borrower (or group of borrowers), and a facility rating to each available facility. A
risk rating (RR) is designed to depict the risk of loss in a credit facility. A robust
RRS should offer a carefully designed, structured, and documented series of
steps for the assessment of each rating.
The following are the steps for assessment of rating:
a) Objectivity and Methodology:
The goal is to generate accurate and consistent risk rating, yet also to
allow professional judgment to significantly influence a rating where it is
appropriate. The expected loss is the product of an exposure (say, Rs. 100) and
the probability of default (say, 2%) of an obligor (or borrower) and the loss rate
given default (say, 50%) in any specific credit facility. In this example,
28
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 29/64
Risk Management in Banking Sector.
The expected loss = 100*.02*.50 = Rs. 1
A typical risk rating methodology (RRM)
a. Initial assign an obligor rating that identifies the expected probability of
default by that borrower (or group) in repaying its obligations in normal
course of business.
b. The RRS then identifies the risk loss (principle/interest) by assigning
an RR to each individual credit facility granted to an obligor.
The obligor rating represents the probability of default by a borrower in
repaying its obligation in the normal course of business. The facility rating
represents the expected loss of principal and/ or interest on any business credit
facility. It combines the likelihood of default by a borrower and conditional
severity of loss, should default occur, from the credit facilities available to the
borrower.
Risk Rating Continuum (Prototype Risk Rating System)
RISK RR Corresponding
Probable S&P or
Moody's RatingSovereign 0 Not Applicable
Low 1 AAA2 AA Investment Grade3 A4 BBB+/BBB
Average 5 BBB-
29
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 30/64
Risk Management in Banking Sector.
6 BB+/BB7 BB-
High 8
9
10
B+/B
B-
CCC+/CCC
Below Investment
Grade11 CC-12 In Default
The steps in the RRS (nine, in our prototype system) typically start with a
financial assessment of the borrower (initial obligor rating), which sets a floor on
the obligor rating (OR). A series of further steps (four) arrive at the final obligor
rating. Each one of steps 2 to 5 may result in the downgrade of the initial rating
attributed at step 1. These steps include analyzing the managerial capability of
the borrower (step 2), examining the borrower’s absolute and relative position
within the industry (step 3), reviewing the quality of the financial information (step
4) and the country risk (step 5). The process ensures that all credits are
objectively rated using a consistent process to arrive at the accurate rating.
Additional steps (four, in our example) are associated with arriving at a final
facility rating, which may be above OR below the final obligor rating. These
steps include examining third-party support (step 6), factoring in the maturity of
the transaction (step 7), reviewing how strongly the transaction is structured.
(step 8), and assessing the amount of collateral (step 9).
b) Measurement of Default Probability and Recovery Rates.
Credit rating systems can be compared to multivariate credit scoring
systems to evaluate their ability to predict bankruptcy rates and also to provide
estimates of the severity of losses. Altman and Saunders (1998) provide a
detailed survey of credit risk management approaches. They compare four
methodologies for credit scoring:1. The linear probability model
2. The logit model
3. The probit model
4. The discriminant analysis model
30
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 31/64
Risk Management in Banking Sector.
The logit model assumes that the default probability is logistically
distributed, and applies a few accounting variables to predict the default
probability. The linear probability model is based on a linear regression model,
and makes use of a number of accounting variables to try to predict the
probability of default. The multiple discriminant analysis (MDA), proposed and
advocated by Aitman is based on finding a linear function of both accounting and
market based variables that best discriminates between two groups: firms that
actually defaulted and firms that did not default.
The linear models are based on empirical procedures. They are not found
in theory of the firm OR any theoretical stochastic processes for leveraged firms.
Credit Risk Management
In this backdrop, it is imperative that banks have a robust credit risk
management system which is sensitive and responsive to these factors. The
effective management of credit risk is a critical component of comprehensive risk
management and is essential for the long term success of any banking
organization. Credit risk management encompasses identification, measurement,
monitoring and control of the credit risk exposures.
Building Blocks of Credit Risk Management:
In a bank, an effective credit risk management framework would comprise
of the following distinct building blocks:
• Policy and Strategy
• Organizational Structure
• Operations/ Systems
Policy and Strategy
The Board of Directors of each bank shall be responsible for approving
and periodically reviewing the credit risk strategy and significant credit risk
policies.
Credit Risk Policy
31
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 32/64
Risk Management in Banking Sector.
1. Every bank should have a credit risk policy document approved by the
Board. The document should include risk identification, risk measurement,
risk grading/ aggregation techniques, reporting and risk control/ mitigation
techniques, documentation, legal issues and management of problem
loans.
2. Credit risk policies should also define target markets, risk acceptance
criteria, credit approval authority, credit origination/ maintenance
procedures and guidelines for portfolio management.
3. The credit risk policies approved by the Board should be communicated to
branches/controlling offices. All dealing officials should clearly understand
the bank's approach for credit sanction and should be held accountable for
complying with established policies and procedures.
4. Senior management of a bank shall be responsible for implementing the
credit risk policy approved by the Board.</P< LI>
Credit Risk Strategy
1. Each bank should develop, with the approval of its Board, its own credit
risk strategy or plan that establishes the objectives guiding the bank's
credit-granting activities and adopt necessary policies/ procedures for
conducting such activities. This strategy should spell out clearly the
organization’s credit appetite and the acceptable level of risk-reward
trade-off for its activities.
2. The strategy would, therefore, include a statement of the bank's
willingness to grant loans based on the type of economic activity,
geographical location, currency, market, maturity and anticipated
profitability. This would necessarily translate into the identification of target
markets and business sectors, preferred levels of diversification and
concentration, the cost of capital in granting credit and the cost of bad
debts.
3. The credit risk strategy should provide continuity in approach as also take
into account the cyclical aspects of the economy and the resulting shifts in
32
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 33/64
Risk Management in Banking Sector.
the composition/ quality of the overall credit portfolio. This strategy should
be viable in the long run and through various credit cycles.
4. Senior management of a bank shall be responsible for implementing the
credit risk strategy approved by the Board.
Organizational Structure
Sound organizational structure is sine qua non for successful
implementation of an effective credit risk management system. The
organizational structure for credit risk management should have the following
basic features:
1. The Board of Directors should have the overall responsibility for
management of risks. The Board should decide the risk managementpolicy of the bank and set limits for liquidity, interest rate, foreign
exchange and equity price risks.
The Risk Management Committee will be a Board level Sub committee
including CEO and heads of Credit, Market and Operational Risk Management
Committees. It will devise the policy and strategy for integrated risk management
containing various risk exposures of the bank including the credit risk. For this
purpose, this Committee should effectively coordinate between the Credit Risk
Management Committee (CRMC), the Asset Liability Management Committee
and other risk committees of the bank, if any. It is imperative that the
independence of this Committee is preserved. The Board should, therefore,
ensure that this is not compromised at any cost. In the event of the Board not
accepting any recommendation of this Committee, systems should be put in
place to spell out the rationale for such an action and should be properly
documented. This document should be made available to the internal andexternal auditors for their scrutiny and comments. The credit risk strategy and
policies adopted by the committee should be effectively
Operations / Systems
33
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 34/64
Risk Management in Banking Sector.
Banks should have in place an appropriate credit administration, credit risk
measurement and monitoring processes. The credit administration process
typically involves the following phases:
1. Relationship management phase i.e. business development.
2. Transaction management phase covers risk assessment, loan pricing,
structuring the facilities, internal approvals, documentation, loan
administration, on going monitoring and risk measurement.
3. Portfolio management phase entails monitoring of the portfolio at a macro
level and the management of problem loans
4. On the basis of the broad management framework stated above, the
banks should have the following credit risk measurement and monitoringprocedures:
5. Banks should establish proactive credit risk management
practices like annual / half yearly industry studies and individual
obligor reviews, periodic credit calls that are documented,
periodic visits of plant and business site, and at least quarterly
management reviews of troubled exposures/weak credits
Credit Risk Models
A credit risk model seeks to determine, directly or indirectly, the answer to
the following question: Given our past experience and our assumptions about the
future, what is the present value of a given loan or fixed income security? A credit
risk model would also seek to determine the (quantifiable) risk that the promised
cash flows will not be forthcoming. The techniques for measuring credit risk that
have evolved over the last twenty years are prompted by these questions and
dynamic changes in the loan market.
The increasing importance of credit risk modeling should be seen as the
consequence of the following three factors:
34
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 35/64
Risk Management in Banking Sector.
1. Banks are becoming increasingly quantitative in their treatment of credit
risk.
2. New markets are emerging in credit derivatives and the marketability of
existing loans is increasing through securitization/ loan sales market."
3. Regulators are concerned to improve the current system of bank capital
requirements especially as it relates to credit risk.
• Importance of Credit Risk Models
Credit Risk Models have assumed importance because they provide the
decision maker with insight or knowledge that would not otherwise be readily
available or that could be marshalled at prohibitive cost. In a marketplace where
margins are fast disappearing and the pressure to lower pricing is unrelenting,
models give their users a competitive edge. The credit risk models are intended
to aid banks in quantifying, aggregating and managing risk across geographical
and product lines. The outputs of these models also play increasingly important
roles in banks' risk management and performance measurement processes,
customer profitability analysis, risk-based pricing, active portfolio management
and capital structure decisions. Credit risk modeling may result in better internal
risk management and may have the potential to be used in the supervisory
oversight of banking organizations. Techniques for Measuring Credit Risk
In the measurement of credit risk, models may be classified along three
different dimensions:
1. the techniques employed,
2. the domain of applications in the credit process and
3. the products to which they are applied.
Techniques:
The following are the more commonly used techniques:
1. Econometric Techniques such as linear and multiple discriminant
analysis, multiple regression, logic analysis and probability of default, etc.
35
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 36/64
Risk Management in Banking Sector.
2. Neural networks are computer-based systems that use the same data
employed in the econometric techniques but arrive at the decision model
using alternative implementations of a trial and error method.
3. Optimization models are mathematical programming techniques that
discover the optimum weights for borrower and loan attributes that
minimize lender error and maximize profits.
4. Rule-based or expert are characterized by a set of decision rules, a
knowledge base consisting of data such as industry financial ratios, and a
structured inquiry process to be used by the analyst in obtaining the data
on a particular borrower.
5. Hybrid Systems. In these systems simulation are driven in part by a
direct causal relationship, the parameters of which are determined through
estimation techniques.
RBI Guidelines on Credit Risk New Capital Accord:
Implications for Credit Risk Management
The Basel Committee on Banking Supervision had released in June 1999
the first Consultative Paper on a New Capital Adequacy Framework with the
intention of replacing the current broad-brush 1988 Accord. The Basel
Committee has released a Second Consultative Document in January 2001,which contains refined proposals for the three pillars of the New Accord -
Minimum Capital Requirements, Supervisory Review and Market Discipline.
The Committee proposes two approaches, for estimating regulatory
capital. viz.,
1. Standardized and
2. Internal Rating Based (IRB)
Under the standardized approach, the Committee desires neither to
produce a net increase nor a net decrease, on an average, in minimum
regulatory capital, even after accounting for operational risk. Under the Internal
Rating Based (IRB) approach, the Committee's ultimate goals are to ensure that
the overall level of regulatory capital is sufficient to address the underlying credit
36
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 37/64
Risk Management in Banking Sector.
risks and also provides capital incentives relative to the standardized approach,
i.e., a reduction in the risk weighted assets of 2% to 3% (foundation IRB
approach) and 90% of the capital requirement under foundation approach for
advanced IRB approach to encourage banks to adopt IRB approach for providing
capital.
The minimum capital adequacy ratio would continue to be 8% of the risk-
weighted assets, which cover capital requirements for market (trading book),
credit and operational risks. For credit risk, the range of options to estimate
capital extends to include a standardized, a foundation IRB and an advanced IRB
approaches.
• RBI Guidelines for Credit Risk Management Credit Rating Framework
A Credit-risk Rating Framework (CRF) is necessary to avoid the limitations
associated with a simplistic and broad classification of loans/exposures into a
"good" or a "bad" category. The CRF deploys a number/ alphabet/ symbol as a
primary summary indicator of risks associated with a credit exposure. Such a
rating framework is the basic module for developing a credit risk management
system and all advanced models/approaches are based on this structure. In spite
of the advancement in risk management techniques, CRF is continued to beused to a great extent. These frameworks have been primarily driven by a need
to standardize and uniformly communicate the "judgment" in credit selection
procedures and are not a substitute to the vast lending experience accumulated
by the banks' professional staff.
Broadly, CRF can be used for the following purposes:
1. Individual credit selection, wherein either a borrower or a particular exposure/ facility is rated on the CRF
2. Pricing (credit spread) and specific features of the loan facility. This would
largely constitute transaction-level analysis.
3. Portfolio-level analysis.
4. Surveillance, monitoring and internal MIS
37
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 38/64
Risk Management in Banking Sector.
Assessing the aggregate risk profile of bank/ lender. These would be relevant for
portfolio-level analysis. For instance, the spread of credit exposures across
various CRF categories, the mean and the standard deviation of losses occurring
in each CRF category and the overall migration of exposures would highlight the
aggregated credit-risk for the entire portfolio of the bank.
Operational Risk
What is Operational Risk?
Operational risk is the risk associated with
operating a business. Operational risk covers such a wide area that it is useful to
subdivide operational risk into two components:
• Operational failure risk.
• Operational strategic risk.
Operational failure risk arises from the potential for failure in the course
of operating the business. A firm uses people, processes and technology to
achieve the business plans, and any one of these factors may experience a
failure of some kind. Accordingly, operational failure risk can be defined as therisk that there will be a failure of people, processes or technology within the
business unit. A portion of failure may be anticipated, and these risks should be
built into the business plan. But it is unanticipated, and therefore uncertain,
failures that give rise to key operational risks. These failures can be expected to
38
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 39/64
Risk Management in Banking Sector.
occur periodically, although both their impact and their frequency may be
uncertain.
The impact or severity of a financial loss can be divided into two
categories:
• An expected amount
• An unexpected amount.
The latter is itself subdivided into two classes: an amount classed as severe, and
a catastrophic amount. The firm should provide for the losses that arise from the
expected component of these failures by charging expected revenues with a
sufficient amount of reserves. In addition, the firm should set aside sufficient
economic capital to cover the unexpected component, or resort to insurance.
Operational strategic risk arises from environmental factors, such as a new
competitor that changes the business paradigram, a major political and
regulatory regime change, and earthquakes and other such factors that are
outside the control of the firm. It also arises from major new strategic initiatives,
such as developing a new line of business or re-engineering an existing business
line. All business rely on people, processes and technology outside their
business unit, and the potential for failure exists there too, this type of risk is
referred to as external dependency risk.
39
Figure: Two Broad Categories of Operational Risk
O erational Risk
Operational failure risk(Internal operational risk)
The risk encountered in pursuitof a particular strategy due to:
• People• Process• Technology
Operational strategic risk(External operational risk)
The risk of choosing aninappropriate strategy inresponse to environmentalfactor, such as
• Political• Taxation• Regulation• Government• Societal•
Competition, etc.
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 40/64
Risk Management in Banking Sector.
The figure above summarizes the relationship between operational failure risk
and operational strategic risk. These two principal categories of risk are also
sometimes defined as “internal” and “ external” operational risk.
Operational risk is often thought to be limited to losses that can occur in
operating or processing centers. This type of operational risk, sometimes referred
as operations risk, is an important component, but it by no means covers all of
the operational risks facing the firm. Our definition of operational risk as the risk
associated with operating the business means significant amounts of operational
risk are also generated outside the processing centers.
Risk begins to accumulate even before the design of the potential
transaction gets underway. It is present during negotiations with the client
(regardless of whether the negotiation is a lengthy structuring exercise or a
routine electronic negotiation.) and continues after the negotiation as the
transaction is serviced.
A complete picture of operational risk can only be obtained if the bank’s
activity is analyzed from beginning to end. Several things have to be in place
before a transaction is negotiated, and each exposes the firm to operational risk.
The activity carried on behalf of the client by the staff can expose the institution
to “people risk”. “People risk” are not only in the form of risk found early in a
transaction. But they further rely on using sophisticated financial models to price
the transaction. This creates what is called as Model risk which can arise
because of wrong parameters like input to the model, or because the model is
used inappropriately and so on.
Once the transaction is negotiated and a ticket is written, errors can occur
as the transaction is recorded in various systems or reports. An error here may
result in the delayed settlement of the transaction, which in turn can give rise to
fines and other penalties. Further an error in market risk and credit risk report
40
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 41/64
Risk Management in Banking Sector.
might lead to the exposures generated by the deal being understated. In turn this
can lead to the execution of additional transactions that would otherwise not have
been executed. These are examples of what is often called as “process risk”
The system that records the transaction may not be capable of handling
the transaction or it may not have the capacity to handle such transactions. If any
one of the step is out-sourced, then external dependency risk also arises.
However, each type of risk can be captured either as people, processes,
technology, or an external dependency risk, and each can be analyzed in terms
of capacity, capability or availability
Who Should Manage Operational Risk?
The responsibility for setting policies concerning operational risk remains
with the senior management, even though the development of those policies may
be delegated, and submitted to the board of directors for approval. Appropriate
policies must be put in place to limit the amount of operational risk that is
assumed by an institution. Senior management needs to give authority to change
the operational risk profile to those who are the best able to take action. They
must also ensure that a methodology for the timely and effective monitoring of
the risks that are incurred is in place. To avoid any conflict of interest, no single
group within the bank should be responsible for simultaneously setting policies,taking action and monitoring risk.
41
Internal Audit
Senior Management
Business Management Risk Management
Legal
Operations
InformationTechnology
Finance
Insurance
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 42/64
Risk Management in Banking Sector.
Policy Setting
The authority to take action generally rests with business management,
which is responsible for controlling the amount of operational risk taken within
each business line. The infrastructure and the governance groups share with
business management the responsibility for managing operational risk.
The responsibility for the development of a methodology for measuring
and monitoring operational risks resides most naturally with group risk
management functions. The risk management function also needs to ensure the
proper operational risk/ reward analysis is performed in the review of existing
businesses and before the introduction of new initiatives and products. In this
regard, the risk management function works very closely with, but independent
from, business management, infrastructure, and other governance group
Senior management needs to know whether the responsibilities it has
delegated are actually being tended to, and whether the resulting processes are
effective. The internal audit function within the bank is charged with this
responsibility.
Key to Implementing Bank-wide Operational Risk Management:
The eight key elements are necessary to successfully implement a bank-
wide operational risk management framework. They involve setting policy and
identifying risk as an outgrowth of having designed a common language,
constructing business process maps, building a best measurement methodology,
providing exposure management, installing a timely reporting capability,
performing risk analysis inclusive of stress testing, and allocating economic
capital as a function of operational risk.
EIGHT KEY ELEMENTS TO ACHIEVE BEST OPERATIONAL RISK
MANAGEMENT.
42
1. Policy
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 43/64
Risk Management in Banking Sector.
1. Develop well-defined operational risk policies. This includes explicitly
articulating the desired standards for the risk measurement. One also
needs to establish clear guidelines for practices that may contribute to a
reduction of operational risk.
2. Establish a common language of risk identification. For e.g., the term
“people risk” includes a failure to deploy skilled staff. “Technology risk”
would include system failure, and so on.
3. Develop business process maps of each business. For e.g., one should
create an “operational risk catalogue” which categories and defines the
various operational risks arising from each organizational unit in terms of
people, process, and technology risk. This catalogue should be tool to
help with operational risk identification and assessment.
Types of Operational Failure Risk1. People Risk 1. Incompetancy.
2. Fraud.2. Process Risk
• Model Risk
• TR
1. Model/ methodology error
2. Mark-to-model error.
1. Execution error.
2. Product complexity.
43
Best Practice
2.Risk Identification
3. Business Process
4. Measuring Methodology
8. Economic Capital
7. Risk Analysis
6. Reporting
5. Exposure Management
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 44/64
Risk Management in Banking Sector.
• OCR
3. Booking error.
4. Settlement error.
1. Exceeding limits.
2. Security risk.
3.Volume risk.3. Technology Risk 1. System failure.
2. Programming error.
3. Information risk.
4. Telecommunications failure.
4. Develop a comprehensible set of operational risk metrics. Operational risk
assessment is a complex process. It needs to be performed on a firm-wide
basis at regular intervals using standard metrics. In early days, business
and infrastructure groups performed their own assessment of operational
risk. Today, self-assessment has been discredited. Sophisticated financial
institutions are trying to develop objective measures of operational risk
that build significantly more reliability into the quantification of operational
risk.
5. Decide how to manage operational risk exposure and take appriate action
to hedge the risks. The bank should address the economic question of th
cost-benefit of insuring a given risk for those operational risks that can be
insured.
6. Decide how to report exposure.
7. Develop tools for risk analysis, and procedures for when these tools
should deploped. For e.g., risk analysis is typically performed as part of a
new product process, periodic business reviews, and so on. Stress testingshould be a standard part of risk analysis process. The frequency of risk
assessment should be a function of the degree to which operational risks
are expected to change over time as businesses undertake new initiatives,
or as business circumstances evolve. This frequency might be reviewed
as operational risk measurement is rolled out across the bank a bank
44
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 45/64
Risk Management in Banking Sector.
should update its risk assessment more frequently. Further one should
reassess whenever the operational risk profile changes significantly.
8. Develop techniques to translate the calculation of operational risk into a
required amount of economic capital. Tools and procedures should be
developed to enable businesses to make decisions about operational risk
based on risk/reward analysis.
Four-Step Measurement Process For Operational Risk
Clear guiding principle for the operational risk measurement process
should be set to ensure that it provides an appropriate measure of operational
risk across all business units throughout the bank. This problem of measuring
operational risk can be best achieved by means of a four-step operational risk
process. The following are the four steps involved in the process:
1. Input.
2. Risk assessment framework.
3. Review and validation.
4. Output.
1. Input:
The first step in the operational risk measurement process is to gather the
information needed to perform a complete assessment of all significantoperational risks. A key source of this information is often the finished product of
other groups. For example, a unit that supports the business group often
publishes report or documents that may provide an excellent starting point for the
operational risk assessment.
Sources of Information in the Measurement Process of Operational Risk
:The Inputs (for Assessment)
Likelihood of Occurrence Severity
• Audit report • Management interviews
• Regulatory report • Loss history
• Management report
• Expert opinion
• Business Recovery Plan
45
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 46/64
Risk Management in Banking Sector.
• Business plans
• Budget plans
• Operations plans
For example, if one is relying on audit documents as an indication of thedegree of control, then one needs to ask if the audit assessment is current and
sufficient. Have there been any significant changes made since the last audit
assessment? Did the audit scope include the area of operational risk that is of
concern to the present risk assessment? As one diligently works through
available information, gaps often become apparent. These gaps in the
information often need to be filled through discussion with the relevant managers.
Typically, there are not sufficient reliable historical data available to
confidently project the likelihood or severity of operational losses. One often
needs to rely on the expertise of business management, until reliable data are
compiled to offer an assessment of the severity of the operational failure for each
of the risks. The time frame employed for all aspects of the assessment process
is typically one year. The one-year time horizon is usually selected to align with
the business planning cycle of the bank.
2. Risk Assessment Framework
The input information gathered in the above step needs to be analyzedand processed through the risk assessment framework. Risk assessment
framework includes:
1. Risk categories:
The operational risk can be broken down into four headline risk categories
like the risk of unexpected loss due to operational failure in people, process
and technology deployed within the business
Internal dependencies should each be reviewed according to a set of factors.
We examine these 9nternal dependencies according to three key
components of capability, capacity and availability.
External dependencies can also be analyzed in terms of the specific type of
external interaction.
2. Connectivity and interdependencies
46
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 47/64
Risk Management in Banking Sector.
The headline risk categories cannot be viewed in isolation from one another.
One needs to examine the degree of interconnected risk exposures that cut
across the headline operational risk categories, in order to understand the full
impact of risk.
3. Change, complexity, compliancy:
One may view the sources that drive the headline risk categories as falling
under the broad categories of “Change” refers to such items as introducing
new technology or new products, a merger or acquisition, or moving from
internal supply to outsourcing, etc. “Complexity’ refers to such items as
complexity of products, process or technology. “ Complacency” refer to
ineffective management of the business.
4. Net likelihood assessment
The likelihood that an operational failure might occur within the next year
should be assessed, net of risk mitigants such as insurance, for each
identified risk exposure and for each of the four headline risk categories.
Since it is often unclear how to quantify risk, this assessment can be rated
along five point likelihood continuum from very low, low, medium, high and
very high.
5. Severity assessment
Severity describes the potential loss to the bank given that an operational
risk failure has occurred. It should be assessed for each identified risk
exposure.
6. Combined likelihood and severity into the overall Operational Risk
Assessment
Operational risk measures are constrained in that there is not usually a
defensible way to combine the individual likelihood of loss and severity
assessments into overall measure of operational risk within a business unit.
To do so, the likelihood of loss would need to be expressed in numerical
terms. This cannot be accomplished without statistically significant historical
data on operational losses.
7. Defining Cause and Effect:
47
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 48/64
Risk Management in Banking Sector.
Loss data are easier to collect than data associated with the cause of loss.
This complicates the measurement of operational risk because each loss is
likely to have several causes. This relationship between these causes, and
the relative importance of each, can be difficult to assess in an objective
fashion.
8. Sample of a risk assessment report.
Risk Assessment Report
Risk Category Cause Effect Source of
Probability &
Magnitude of Loss
Data
People Loss of key staff,
due to defection to
a competitor.
Variance in revenue /
profit
• Delphic
technique
based on
businessassessment.
Process Declining
productivity as
volume grows
Variance in process
costs from predicted
levels, excluding
process malfunctions
• Historical
variance.
• Suppliers
estimates
• Industry
benchmarking
Technology Year 2000 upgrade
expenditure
Variance in
technology running
costs from predicted
levels
• Historical
variance.
• Suppliers
estimates
• Industry
48
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 49/64
Risk Management in Banking Sector.
benchmarking
3. Review and validation:
Once the report is generated. First the centralised operational risk
management group (ORMG) reviews the assessment results with senior
business unit management and key officers, in order to finalize the proposed
operational risk rating. Second, one may want an operational risk rating
committee to review the assessment – a validation process similar to that
followed by credit rating agencies. This takes the form of review of the individual
risk assessments by knowledgeable senior committee personnel to ensure that
the framework has been consistently applied across businesses, that there has
been sufficient scrutiny to remove any imperfections, and so on. The committee
should have representation from business management, audit, and functional
areas, and be chaired by risk management unit.
4. Output
The final assessment of operational risk will be formally reported to
business management, the centralised risk-adjusted return on capital (RAROC)
group, and the partners in corporate governance such as internal audit and
compliance. The output of the assessment process has two main uses:1. The assessment provides better operational risk information to
management for use in improving risk management decisions.
2. The assessment improves the allocation of economic capital to better
reflect the extent of the operational riskier, being taken by a business unit.
3. The over all assessment of the likelihood of operational risk & severity of
loss for a business unit can be shown as:
Mgmt. Attention
Severity of Loss ($)
49
MediumRisk HighRisk
MediumRisk
LowRisk
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 50/64
Risk Management in Banking Sector.
Likelihood of Loss ($)
A business unit may address its operational risks in several ways. First,
one can invest in business unit. Second, one can avoid the risk by withdrawing
from business activity. Third, one can accept and manage risk through effective
monitoring and control. Fourth, one can transfer risk to another party. Of course,
not all-operational risks are insurable, and in that case of those that are insurable
the required premium may be prohibitive. The strategy and eventually the
decision should be based on cost benefit analysis.
50
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 51/64
Risk Management in Banking Sector.
Risk Management in Future
The bank of the future will be recognized around a new vision. To
succeed, it will have to be able to respond to opportunities as they present
themselves. And it will have to strive to improve the portfolio management of its
balance sheet and capital.
To manage conflicting objectives, it will need to determine a number of
policy variables such as a target risk-adjusted rate of returns (RAROC), target
regulatory return, target tier 1 ratio, target liquidity, and so on. (Figure 17.1)
51
Target RAROC by:TransactionCustomer ProductLine of Business
Target RegulatoryReturn by:1. Transaction2. Customer 3. Product4. Line of Business
Target Return on
Equity Target LiquidityTarget Tier 1Ratio
Target Risk –WeightedAssets (RWA)
Target Leverage Ratio
Target Senior DebtRating
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 52/64
Risk Management in Banking Sector.
In turn, this will mean transforming the risk management function. Risk
management will need to encompass limit management, risk analysis, RAROC,
and active portfolio management of risk (APMR). These changes in the risk
management will be induced by:
1. Advances in technology
2. Introduction of more sophisticated regulatory measures
3. Rapidly accelerating market forces
4. Complex legal environment
1. Advances in technology:
Banking is moving into an era in which complex mathematical model
programmed into risk engines will provide the foundation of portfolio
management. Banks with sophisticated risk engine will be able to measure the
risk of sophisticated products, compute and implement hedging strategies, and
understand the relative risk-adjusted return almost instantaneously.
Given the current trend toward consolidation, vast and complex
organizations will demand the ability to quickly and consistently provide key
decision-support tools for comparing profitability measures and risk tolerance for
diverse businesses.
Technology will allow risk management information to be integrated into
overall management reporting- including intraday risk reporting. The Internet and
intranet will become the delivery vehicles of choice for the results of risk
analyses.
Infrastructure investment will be required within many banks to improve
performance in a variety of tasks. The task includes information collection and
normalization, storage and dimensioning, and analytics processing as well as
information sharing and distribution.
One method of deployment for information, as shown in figure 17.3, will be
via either the intranet or the Internet. There should only be official risk measure
52
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 53/64
Risk Management in Banking Sector.
from a fully integrated risk infrastructure. Real-time access will be provided to the
risk system via web-based technologies. Independent risk calculators may exist
for offline use, but these will be able to use the same analytics as the official
reporting process.
The benefits of this type of infrastructure are consistency-one source for
one “answer”; efficiency –work is executed once to serve multiple purposes; and
ease of use- one place, one view. The risk database will include transaction
details (e.g., cash flows, principle amount, currencies); cross-references to other
internal systems, which house critical data (e.g., credit rating, counterparty,
instrument); external data (e.g., yield curve, prices, industry classifications); and
a variety of dimension indicators (e.g., product identification codes, asset class,
currency).
The infrastructure will include appropriate linkages within a robust
environment for data collection and scrubbing, data warehousing, and risk
analytics – as well as the appropriate data and systems maintenance
components. Above all, the risk management information system (risk MIS)
should be designed to provide full risk transparency from the bottom to the top of
the house.
2. Regulatory Measures and Market Forces:In the future, the regulatory review process (e.g., review of bank internal
models) will become more sophisticated. Regulators will hire staff with a greater
risk management expertise. Regulators will increasingly sever as a catalyst for
quantifying risk ( market, credit, operational, liquidity,etc.) through their imposition
of new capital regimes as discussed in the Basle Accord Consultative Paper
(Basle 1999).
Market forces will also bring change. External users of financial
information will demand better information on which to make investment
decisions. In the future there will be more detailed and more frequent reporting of
risk positions to company shareholders, creditors, etc. this will lead to generally
accepted reporting principles (GARP) for risk along the lines of the existing
generally accepted accounting principles (GAAP) for financial statements.
53
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 54/64
Risk Management in Banking Sector.
There will be increasing growth in consulting services such as data
providers, risk advisory service bureaus, treasury transaction services, etc.
independent external reviewers may even be hooked up to a bank’s systems to
allow them to offer regular automated independent risk reviews. The reviews will
be intended to provide comfort to senior managers and regulators, and to show
that internal systems provide sound risk measures.
The risk management function will be fully independent from the business
and centralized. Risk management processes will be fully and seamlessly
integrated into the business process. Risk/ return will be assessed for new
business opportunities and incorporated into the design of new products. All
risks-credit, market, operational, liquidity, and so on – will be combined, reported,
and managed on an ever more integrated basis. The total figures for credit risk
by counterparty will use credit value-at-risk methodologies to combine the risk
arising from more traditional lending. The problem of liquidating portfolios during
turbulent markets will also become an important factor in the total risk numbers.
The banks of the future will have a sophisticated central risk engine
capable of measuring the risk and the price of anything that the bank trades and
originates. Risk management will be a value added “ never center ” for trading,
ideas and deal structuring as well as provide the impetus for new marketing
initiaties, while pricing will become more complex and competitive.
The risk management function will become much more tightly integrated
with profit & loss reporting. Risk capital will be charged to a business unit
according to its contribution to the total risk of the firm, not according to its
contribution to the total risk of the firm, not according to the volatility of the
business line’s revenues. And the balance sheet will be supplemented by
business unit value-at-risk (VaR) report. Information will pass back and forth
between the risk management function and the business units, and they will work
in parternership to balance risk and return.
3. Legal Environment:
Legal risk is the risk that contracts are not legally enforceable or
documented correctly. Legal risks should be limited and managed through
54
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 55/64
Risk Management in Banking Sector.
policies developed by the institution's legal counsel (typically in consultation with
officers in the risk management process) that have been approved by the
institution's senior management and board of directors. At a minimum, there
should be guidelines and processes in place to ensure the enforceability of
counterparty agreements. Prior to engaging in derivatives transactions, an
institution should reasonably satisfy itself that its counterparties have the legal
and necessary regulatory authority to engage in those transactions. In addition to
determining the authority of a counterparty to enter into a derivatives transaction,
an institution should also reasonably satisfy itself that the terms of any contract
governing its derivatives activities with counterparty are legally sound.
An institution should adequately evaluate the enforceability of its
agreements before individual transactions are consummated. Participants in the
derivatives markets have experienced significant losses because they were
unable to recover losses from a defaulting counterparty when a court held the
counterparty had acted outside of its authority in entering into such transactions.
An institution should ensure that its counterparties have the power and authority
to enter into derivatives transactions and that the counterparties' obligations
arising from them are enforceable. Similarly, an institution should also ensure
that its rights with respect to any margin or collateral received from counterparty
are enforceable and exercisable.
The advantages of netting arrangements can include a reduction in credit
and liquidity risks, the potential to do more business with existing counterparties
within existing credit lines and a reduced need for collateral to support
counterparty obligations. The institution should ascertain that its netting
agreements are adequately documented and that they have been executed
properly. Only when a netting arrangement is legally enforceable in all relevant
jurisdictions should an institution monitor its credit and liquidity risks on a net
basis. The institution should have knowledge of relevant tax laws and
interpretations governing the use of derivatives instruments. Knowledge of these
laws is necessary not only for the institution's marketing activities but also for its
own use of these products.
55
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 56/64
Risk Management in Banking Sector.
4. Building Block to Create Shareholders Value:
To use a sporting analogy, first-class risk management is not only about
outstanding goal keeping, but also about the ability to move upfield and help the
team score. Advances in leading edge risk and capital management tools
suggest that banks are ready to move to this next stage of implementation.
RAROC will be used to drive pricing, performance measurement, portfolio
management, and capital management. The new paradigm of a total risk enabled
enterprise (TREE) will increase shareholders value at tactical and strategic level,
as well as attracting new clients.
Dynamic economic capital management has already emerged as a
powerful competitive weapon. The challenge is to pull all these component parts
together to create and sustain shareholders value. The evolution of risk
management towards simultaneously serving both internal and client-related
needs is natural. Risk management tools that have been developed to serve
internal bank purposes also have significant external commercial value.
The structure of a total risk enabled enterprise (TREE) is therefore likely to
evolve from attempts to leverage risk management skills in a whole variety of
ways. The trunk of the TREE represents policy, methodology, and infrastructure
elements that were built for internal risk management purposes. The branches of
the TREE make use of elements of this framework to serve both tactical and
strategic bank ambitions.
The tactical elements touch on pricing, portfolio management, and
incentive compensation issues, and thus provide bottom-up shareholder value.
The strategic elements shape business management, business development,
capital allocation, and earnings volatility, while helping management to provide
top-down shareholder value. The branches of TREE also reach out to connect
with bank client and to serve their objectives.
An Idealized Bank Of The Future:
The efficient bank of the future will be driven by a single analytical risk
engine that draws its data from a single logical data repository. This engine will
power front-, middle-, and back-office functions, and supply information about
56
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 57/64
Risk Management in Banking Sector.
enterprise-wide risk. The ability to control and manage risk will be finely tuned to
meet specific business objectives. For example, far fewer significantly large
losses, beyond a clearly articulate tolerance for loss, will be incurred and the
return to risk profile will be vastly improved.
With the appropriate technology in place, financial trading across all asset
classes will move from the current vertical, product-oriented environment (e.g.,
swaps, foreign exchange, equities, loans, etc.) to a horizontal, customer-oriented
environment in which complex combinations of asset types will be traded.
There will be less need for desks that specialize in single product lines.
The focus will shift to customer needs rather than instrument types. The
management of limits will be based on capital, set in such a manner so as to
maximize the risk-adjusted return on capital for the firm. Business managers will
be remunerated on their risk-adjusted earnings rather than on earnings alone,
orienting them much more consistently with the goals of the firm.
The firm’s exposure will be known and disseminated in real time.
Evaluating the risk of a specific deal will take into account its effect on the firm’s
total risk exposure, rather than simply the exposure of the individual deal.
Banks that dominate this technology will gain a tremendous competitive
advantage. Their information technology and trading infrastructure will be
cheaper than today’s by orders of magnitude. Conversely, banks that attempt to
build this infrastructure in-house will become trapped in a quagmire of large,
expensive IT departments-and poorly supported software.
The successful banks will require far fewer risk systems. Most of which will
be based on a combination of industry standard, reusable, robust risk software
and highly sophisticated proprietary analytics. More importantly, they will be free
to focus on their core business and offer products more directly suited to their
customers’ desired return to risk profiles.
57
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 58/64
Risk Management in Banking Sector.
Study of Operational Risk of ICICI Bank
About ICICI Bank
ICICI Bank is one of the leading private sector bank in the country. It has
established its position further through the acquisition of Bank of Madura in
March 2001. The bank now has presence in 17 states in India, with a branch
network of 395 and over 3.7mn customer’s accounts. ICICI Bank has the largest
network of ATM in the country. The promoters of ICICI divested part of its stake
to comply with the RBI’s bank licensing condition. ICICI now holds only 47%
stake in ICICI Bank and it has ceased to be subsidiary of ICICI.
It offers wide spectrum of domestic and international banking services. It is
the first bank to start the Internet banking service in India and has around 110000
Internet banking accounts.
Operational Risk
ICICI Bank is exposed to many types of operational risk. Operational risk can
result from a variety of factors, including:
1. Failure to obtain proper internal authorizations,
2. Improperly documented transactions,
3. Failure of operational and information security procedures,
4. Computer systems,
5. Software or equipment,
6. Fraud,
7. Inadequate training and employee errors.
ICICI Bank attempts to mitigate operational risk by maintaining a comprehensive
system of internal controls, establishing systems and procedures to monitor
58
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 59/64
Risk Management in Banking Sector.
transactions, maintaining key back–up procedures and undertaking regular
contingency planning.
I. Operational Controls and Procedures in Branches
ICICI Bank has operating manuals detailing the procedures for the processing of
various banking transactions and the operation of the application software.
Amendments to these manuals are implemented through circulars sent to all
offices.
When taking a deposit from a new customer, ICICI Bank requires the new
customer to complete a relationship form, which details the terms and conditions
for providing various banking services.
Photographs of customers are also obtained for ICICI Bank’s records, and
specimen signatures are scanned and stored in the system for online verification.
ICICI Bank enters into a relationship with a customer only after the customer is
properly introduced to ICICI Bank. When time deposits become due for
repayment, the deposit is paid to the depositor. System generated reminders are
sent to depositors before the due date for repayment. Where the depositor does
not apply for repayment on the due date, the amount is transferred to an overdue
deposits account for follow up.
ICICI Bank has a scheme of delegation of financial powers that sets out the
monetary limit for each employee with respect to the processing of transactions
in a customer's account. Withdrawals from customer accounts are controlled by
dual authorization. Senior officers have delegated power to authorize larger
withdrawals. ICICI Bank’s operating system validates the check number and
balance before permitting withdrawals. Cash transactions over Rs. 1 million (US$
21,030) are subject to special scrutiny to avoid money laundering. ICICI Bank’s
banking software has multiple security features to protect the integrity of
applications and data.
ICICI Bank gives importance to computer security and has s a comprehensive
information technology security policy. Most of the information technology assets
including critical servers are hosted in centralised data centers, which are subject
to appropriate physical and logical access controls.
59
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 60/64
Risk Management in Banking Sector.
II. Operational Controls and Procedures for Internet Banking
In order to open an Internet banking account, the customer must provide ICICI
Bank with documentation to prove the customer's identity, including a copy of the
customer's passport, a photograph and specimen signature of the customer.
After verification of the same, ICICI Bank opens the Internet banking account and
issues the customer a user ID and password to access his account online.
III. Operational Controls and Procedures in Regional Processing
Centers & Central Processing Centers
To improve customer service at ICICI Bank’s physical locations, ICICI Bank
handles transaction processing centrally by taking away such operations from
branches. ICICI Bank has centralized operations at regional processing centers
located at 15 cities in the country. These regional processing centers process
clearing checks and inter-branch transactions, make inter-city check collections,
and engage in back office activities for account opening, standing instructions
and auto-renewal of deposits.
In Mumbai, ICICI Bank has centralized transaction processing on a nationwide
basis for transactions like the issue of ATM cards and PIN mailers, reconciliation
of ATM transactions, monitoring of ATM functioning, issue of passwords to
Internet banking customers, depositing post-dated cheques received from retail
loan customers and credit card transaction processing. Centralized processing
has been extended to the issuance of personalized check books, back office
activities of non-resident Indian accounts, opening of new bank accounts for
customers who seek web broking services and recovery of service charges for
accounts for holding shares in book-entry form.
IV. Operational Controls and Procedures in Treasury
ICICI Bank has a high level of automation in trading operations. ICICI Bank uses
technology to monitor risk limits and exposures. ICICI Bank’s front office, back
office and accounting and reconciliation functions are fully segregated in both the
domestic treasury and foreign exchange treasury. The respective middle offices
use various risk monitoring tools such as counterparty limits, position limits,
exposure limits and individual dealer limits. Procedures for reporting breaches in
60
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 61/64
Risk Management in Banking Sector.
limits are also in place.
ICICI Bank’s front office treasury operation for rupee transactions consists of
operations in fixed income securities, equity securities and inter-bank money
markets. ICICI Bank’s dealers analyze the market conditions and take views on
price movements. Thereafter, they strike deals in conformity with various limits
relating to counterparties, securities and brokers. The deals are then forwarded
to the back office for settlement.
The inter-bank foreign exchange treasury operations are conducted through
Reuters dealing systems. Brokered deals are concluded through voice systems.
Deals done through Reuters systems are captured on a real time basis for
processing. Deals carried out through voice systems are input in the system by
the dealers for processing. The entire process from deal origination to settlement
and accounting takes place via straight through processing. The processing
ensures adequate checks at critical stages. Trade strategies are discussed
frequently and decisions are taken based on market forecasts, information and
liquidity considerations. Trading operations are conducted in conformity with the
code of conduct prescribed by internal and regulatory guidelines.
The Treasury Middle Office Group, which reports to the Executive Director,
Corporate Centre, monitors counterparty limits, evaluates the mark-to-market
impact on various positions taken by dealers and monitors market risk exposure
of the investment portfolio and adherence to various market risk limits set up by
the Risk, Compliance and Audit Group.
ICICI Bank’s back office undertakes the settlement of funds and securities. The
back office has procedures and controls for minimizing operational risks,
including procedures with respect to deal confirmations with counterparties,
verifying the authenticity of counterparty checks and securities, ensuring receipt
of contract notes from brokers, monitoring receipt of interest and principal
amounts on due dates, ensuring transfer of title in the case of purchases of
securities, reconciling actual security holdings with the holdings pursuant to the
records and reports any irregularity or shortcoming observed.
V. Audit
61
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 62/64
Risk Management in Banking Sector.
The Internal Audit Group undertakes a comprehensive audit of all business
groups and other functions, in accordance with a risk-based audit plan. This plan
allocates audit resources based on an assessment of the operational risks in the
various businesses. The Internal Audit group conceptualizes and implements
improved systems of internal controls, to minimize operational risk. The audit
plan for every fiscal year is approved by the Audit Committee of ICICI Bank’s
board of directors. The Internal Audit group also has a dedicated team
responsible for information technology security audits. Various components of
information technology from applications to databases, networks and operating
systems are covered under the annual audit plan.
The Reserve Bank of India requires banks to have a process of concurrent audits
at branches handling large volumes, to cover a minimum of 50.0% of business
volumes. ICICI Bank has instituted systems to conduct concurrent audits, using
reputed chartered accountancy firms. Concurrent audits have also been
arranged at the Regional Processing Centers and other centralized processing
Operations to ensure existence of and adherence to internal controls.
62
8/3/2019 Risk Mgmt - Banks
http://slidepdf.com/reader/full/risk-mgmt-banks 63/64
Risk Management in Banking Sector.
Bibliography
Books:
Risk Management---Galai, Mark, Crouny.
Risk. The new Management Imperative in Finance---James. t.
Gleason.
Credit Risk Management---Anthony Saunders.
Risk Management---Bell. Schleiferr.
WEBSITES:
www.rbi.org
www.bis.com
www.iib.org
www.google.co.in
63