Risk Management in Banking Sector Main01

8/2/2019 Risk Management in Banking Sector Main01

1/42

Risk Management in

Banking Sector

Under the guidance of Prof. Kamal Rohra


2/42

[Type text]

Risk Management In Banking Sector Page 2

Royal College of Arts, Science and CommerceSUBJECT: .5.3 (INTERNATIONAL BANKING & FINANCE)

PROJECT ON : RISK MANAGEMENT

T.Y.BANKING & INSURANCESEMESTER5

(2011-2012)GROUP NO: 07

Names Roll no

NEHA

MAKWANA

14

AZIM SAMNANI 39

YASHRAJ UCHIL 41

MANISHA

SINGH

15

RAHAT SHAIKH 27


3/42


4/42

[Type text]


INDEX

SR.NO PARTICULARS PAGE NO

1. INTRODUCTION 2. DEFINITION OF RISK 93. WHAT IS RISK MANAGEMENT 104. OBJECTIVE OF RISK MANAGEMENT

FUNCTION

11

5. RISK IN BANKING 126. TYPES OF RISK 147. MARKET RISK 8. CREDIT RISK 269. OPERATIONAL RISK 2910. CONCLUSION 4111. REFERENCE


5/42

[Type text]


INTRODUCTION

The significant transformation of the banking industry in India is clearly

evident from the changes that have occurred in the financial markets, institutions

and products. While deregulation has opened up new vistas for banks to argumentrevenues, it has entailed greater competition and consequently greater risks.

Cross- border flows and entry of new products, particularly derivative

instruments, have impacted significantly on the domestic banking sector forcing

banks to adjust the product mix, as also to effect rapid changes in their processes

and operations in order to remain competitive to the globalized environment.

These developments have facilitated greater choice for consumers, who have

become more discerning and demanding compelling banks to offer a broader

range of products through diverse distribution channels. The traditional face ofbanks as mere financial intermediaries has since altered and risk management has

emerged as their defining attribute.

Currently, the most important factor shaping the world is globalization. The

benefits of globalization have been well documented and are being increasingly

recognized. Integration of domestic markets with international financial markets

has been facilitated by tremendous advancement in information and

communications technology. But, such an environment has also meant that a

problem in one country can sometimes adversely impact one or more countriesinstantaneously, even if they are fundamentally strong.

There is a growing realisation that the ability of countries to conduct

business across national borders and the ability to cope with the possible downside

risks would depend, interalia, on the soundness of the financial system. This has

consequently meant the adoption of a strong and transparent, prudential,

regulatory, supervisory, technological and institutional framework in the financial

sector on par with international best practices. All this necessitates a

transformation: a transformation in the mindset, a transformation in the business

processes and finally, a transformation in knowledge management. This process is

not a one shot affair; it needs to be appropriately phased in the least disruptive

manner.


6/42

[Type text]


The banking and financial crises in recent years in emerging economies

have demonstrated that, when things go wrong with the financial system, they can

result in a severe economic downturn. Furthermore, banking crises often impose

substantial costs on the exchequer, the incidence of which is ultimately borne by

the taxpayer. The World Bank Annual Report (2002) has observed that the loss ofUS $1 trillion in banking crisis in the 1980s and 1990s is equal to the total flow of

official development assistance to developing countries from 1950s to the present

date. As a consequence, the focus of financial market reform in many emerging

economies has been towards increasing efficiency while at the same time ensuring

stability in financial markets.

From this perspective, financial sector reforms are essential in order to

avoid such costs. It is, therefore, not surprising that financial market reform is at

the forefront of public policy debate in recent years. The crucial role of sound

financial markets in promoting rapid economic growth and ensuring financial

stability. Financial sector reform, through the development of an efficient

financial system, is thus perceived as a key element in raising countries out of

their 'low level equilibrium trap'. As the World Bank Annual Report (2002)

observes, a robust financial system is a precondition for a sound inve stment

climate, growth and the reduction of poverty .

Financial sector reforms were initiated in India a decade ago with a view toimproving efficiency in the process of financial intermediation, enhancing the

effectiveness in the conduct of monetary policy and creating conditions for

integration of the domestic financial sector with the global system. The first phase

of reforms was guided by the recommendations of Narasimham Committee.

The approach was to ensure that the financial services industry operates on

the basis of operational flexibility and functional autonomy with a view to

enhancing efficiency, productivity and profitability'.

The second phase, guided by Narasimham Committee II, focused on

strengthening the foundations of the banking system and bringing about

structural improvements. Further intensive discussions are held on


7/42

[Type text]


important issues related to corporate governance, reform of the capital

structure, (in the context of Basel II norms), retail banking, risk

management technology, and human resources development, among others.

Since 1992, significant changes have been introduced in the Indian financialsystem. These changes have infused an element of competition in the financial

system, marking the gradual end of financial repression characterized by price and

non-price controls in the process of financial intermediation. While financial

markets have been fairly developed, there still remains a large extent of

segmentation of markets and non-level playing field among participants, which

contribute to volatility in asset prices. This volatility is exacerbated by the lack of

liquidity in the secondary markets. The purpose of this paper is to highlight the

need for the regulator and market participants to recognize the risks in the

financial system, the products available to hedge risks and the instruments,

including derivatives that are required to be developed/introduced in the Indian

system.

The financial sector serves the economic function of intermediation by

ensuring efficient allocation of resources in the economy. Financial intermediation

is enabled through a four-pronged transformation mechanism consisting of

liability-asset transformation, size transformation, maturity transformation and

risk transformation.

Risk is inherent in the very act of transformation. However, prior to reform

of 1991-92, banks were not exposed to diverse financial risks mainly because

interest rates were regulated, financial asset prices moved within a narrow band

and the roles of different categories of intermediaries were clearly defined. Credit

risk was the major risk for which banks adopted certain appraisal standards.

Several structural changes have taken place in the financial sector since

1992. The operating environment has undergone a vast change bringing to fore the

critical importance of managing a whole range of financial risks. The key

elements of this transformation process have been


8/42

[Type text]


1. The deregulation of coupon rate on Government securities.

2. Substantial liberalization of bank deposit and lending rates.

3. A gradual trend towards disintermediation in the financial system in the

wake of increased access of corporates to capital markets.

4. Blurring of distinction between activities of financial institutions.5. Greater integration among the various segments of financial markets and

their increased order of globalisation, diversification of ownership of public

sector banks.

6. Emergence of new private sector banks and other financial institutions, and,

7. The rapid advancement of technology in the financial system.


9/42

[Type text]


DEFINITION OF RISK

What is Risk?

"What is risk?" And what is a

pragmatic definition of risk? Risk means

different things to different people. For some

it is "financial (exchange rate, interest-call

money rates), mergers of competitors

globally to form more powerful entities and

not leveraging IT optimally" and for

someone else "an event or commitment

which has the potential to generate

commercial liability or damage to the brand

image". Since risk is accepted in business as a trade off between reward and

threat, it does mean that taking risk bring forth benefits as well. In other words it

is necessary to accept risks, if the desire is to reap the anticipated benefits.

Risk in its pragmatic definition, therefore, includes both threats that can

materialize and opportunities, which can be exploited. This definition of risk isvery pertinent today as the current business environment offers both challenges

and opportunities to organizations, and it is up to an organization to manage these

to their competitive advantage.


10/42

[Type text]


What is Risk Management - Does it eliminate risk?

Risk management is a discipline for dealing with the possibility that some

future event will cause harm. It provides strategies, techniques, and an approach to

recognizing and confronting any threat faced by an organization in fulfilling its

mission. Risk management may be as uncomplicated as asking and answering

three basic questions:

1. What can go wrong?

2. What will we do (both to prevent the harm from occurring and in the

aftermath of an "incident")?

3. If something happens, how will we pay for it?

Risk management does not aim at risk elimination, but enables the

organization to bring their risks to manageable proportions while not severely

affecting their income. This balancing act between the risk levels and profits

needs to be well-planned. Apart from bringing the risks to manageable

proportions, they should also ensure that one risk does not get transformed into

any other undesirable risk. This transformation takes place due to the inter-linkage

present among the various risks. The focal point in managing any risk will be to

understand the nature of the transaction in a way to unbundle the risks it is

exposed to.

Risk Management is a more mature subject in the western world. This is

largely a result of lessons from major corporate failures, most telling and visible

being the Barings collapse. In addition, regulatory requirements have been

introduced, which expect organizations to have effective risk management

practices. In India, whilst risk management is still in its infancy, there has been

considerable debate on the need to introduce comprehensive risk management

practices.


11/42

[Type text]


Objectives of Risk Management Function

Two distinct viewpoints emerge

One which is about managing risks, maximizing profitability and creatingopportunity out of risks

And the other which is about minimising risks/loss and protecting

corporate assets.

The management of an organization needs to consciously decide on

whether they want their risk management function to 'manage' or 'mitigate' Risks.

Managing risks essentially is about striking the right balance between risks

and controls and taking informed management decisions on opportunities

and threats facing an organization. Both situations, i.e. over or undercontrolling risks are highly undesirable as the former means higher costs

and the latter means possible exposure to risk.

Mitigating or minimising risks, on the other hand, means mitigating all risks

even if the cost of minimising a risk may be excessive and outweighs the

cost-benefit analysis. Further, it may mean that the opportunities are not

adequately exploited.

In the context of the risk management function, identification and

management of Risk is more prominent for the financial services sector and less

so for consumer products industry. What are the primary objectives of your risk

management function? When specifically asked in a survey conducted, 33% of

respondents stated that their risk management function is indeed expressly

mandated to optimise risk.


12/42

[Type text]


Risks in Banking

Risks manifest themselves in many ways and the risks in banking are a

result of many diverse activities, executed from many locations and by numerous

people. As a financial intermediary, banks borrow funds and lend them as a part of

their primary activity. This intermediation activity, of banks exposes them to a

host of risks. The volatility in the operating environment of banks will aggravate

the effect of the various risks. The case discusses the various risks that arise due to

financial intermediation and by highlighting the need for asset-liability

management; it discusses the Gap Model for risk management


13/42

[Type text]


FINANCIAL RISKS

MARKETRISK

LIQUIDITYRISK

OPERATIONALRISK

HUMANFACTOR RISK

CREDIT RISK LEGAL &REGULATORY RISK

FUNDINGLIQUIDITYRISK

TRADINGLIQUIDITY RISK

TRANSACTIONRISK

PORTFOLIOCONCENTRATION

ISSUE RISK ISSUER RISK COUNTERPARTY

RISK

EQUITY RISK INERESTRATE RISK

CURRENCYRISK

COMMODITYRISK

TRADINGRISK

GAP RISK

GENERALMARKET RISK

SPECIFICRISK


14/42

[Type text]


TYPES OF RISK

1.MARKET RISK

Market risk is that risk that changesin financial market prices and rates will

reduce the value of the banks positions.

Market risk for a fund is often measured

relative to a benchmark index or portfolio,

is referred to as a risk of tracking error

market risk also includes basis risk, a

term used in risk management industry to

describe the chance of a breakdown in therelationship between price of a product, on

the one hand, and the price of the

instrument used to hedge that price

exposure on the other. The market-Var

methodology attempts to capture multiple

component of market such as directional

risk, convexity risk, volatility risk, basis

risk, etc

Components of market risk

RiskGrades measure the four subcomponents of market risk: equity risk, interest

rate risk, currency risk, and commodity risk. Each investment you make will face

one or more of these component risks.

Example

For example, the table below shows the risks associated with each investment,

from the perspective of a U.S. investor:
http://openwindow%28%22help/glossary.html#Equity%20Riskhttp://openwindow%28%22help/glossary.html#Interest%20Rate%20Riskhttp://openwindow%28%22help/glossary.html#Interest%20Rate%20Riskhttp://openwindow%28%22help/glossary.html#Currency%20Riskhttp://openwindow%28%22help/glossary.html#Commodity%20Riskhttp://openwindow%28%22help/glossary.html#Commodity%20Riskhttp://openwindow%28%22help/glossary.html#Currency%20Riskhttp://openwindow%28%22help/glossary.html#Interest%20Rate%20Riskhttp://openwindow%28%22help/glossary.html#Interest%20Rate%20Riskhttp://openwindow%28%22help/glossary.html#Equity%20Risk


15/42

[Type text]


InvestmentsEquity

Risk

Interest Rate

Risk

Currency

Risk

Commodity

Risk

IBM stock

Bangkok Bank stock5yr GE bond 8.25%

5yr US T-Note

Gold (CMX)

CREDIT RISK

Credit risk is that risk that a change in the credit quality of a counterparty

will affect the value of a banks position. Default, whereby a counterparty is

unwilling or unable to fulfill its contractual obligations, is the extreme case;

however banks are also exposed to the risk that the counterparty might

downgraded by a rating agency.

Credit risk is only an issue when the position is an asset, i.e., when it

exhibits a positive replacement value. In that instance if the counterparty defaults,

the bank either loses all of the market value of the position or, more commonly,

the part of the value that it cannot recover following the credit event. However,

the credit exposure induced by the replacement values of derivative instruments isdynamic: they can be negative at one point of time, and yet become positive at a

later point in time after market conditions have changed. Therefore the banks must

examine not only the current exposure, measured by the current replacement

value, but also the profile of future exposures up to the termination of the deal.


16/42

[Type text]


LIQUIDITY RISK

Liquidity risk comprises both Funding liquidity risk

Trading-related liquidity risk.

Funding liquidity risk relates to a financial institutions ability to ra ise the

necessary cash to roll over its debt, to meet the cash, margin, and collateral

requirements of counterparties, and (in the case of funds) to satisfy capital

withdrawals. Funding liquidity risk is affected by various factors such as the

maturities of the liabilities, the extent of reliance of secured sources of funding,

the terms of financing, and the breadth of funding sources, including the ability toaccess public market such as commercial paper market. Funding can also be

achieved through cash or cash equivalents, buying power , and available credit

lines.

Trading-related liquidity risk, often simply called as liquidity risk, is the

risk that an institution will not be able to execute a transaction at the prevailing

market price because there is, temporarily, no appetite for the deal on the other

side of the market. If the transaction cannot be postponed its execution my lead to

substantial losses on position. This risk is generally very hard to quantify. It may

reduce an institutions ability to manage and hedge market risk as well as its

capacity to satisfy any shortfall on the funding side through asset liquidation.


17/42

[Type text]


OPERATIONAL RISK

It refers to potential losses resulting from inadequate systems, management

failure, faulty control, fraud and human error. Many of the recent large lossesrelated to derivatives are the direct consequences of operational failure. Derivative

trading is more prone to operational risk than cash transactions because

derivatives are, by heir nature, leveraged transactions. This means that a trader can

make very large commitment on behalf of the bank, and generate huge exposure

in to the future, using only small amount of cash. Very tight controls are an

absolute necessary if the bank is to avoid huge losses.

Operational risk includes fraud, for example when a trader or other

employee intentionally falsifies and misrepresents the risk incurred in atransaction. Technology risk, and principally computer system risk also fall into

the operational risk category.

LEGAL RISK

Legal risk arises for a whole of variety of reasons. For example,

counterparty might lack the legal or regulatory authority to engage in a

transaction. Legal risks usually only become apparent when counterparty, or an

investor, lose money on a transaction and decided to sue the bank to avoid

meeting its obligations. Another aspect of regulatory risk is the potential impact of

a change in tax law on the market value of a position.


18/42

[Type text]


HUMAN FACTOR RISK

Human factor risk is really a special form of operational risk. It relates to

the losses that may result from human errors such as pushing the wrong button on

a computer, inadvertently destroying files, or entering wrong value for the

parameter input of a model.


19/42

[Type text]


MARKET RISK

What is Market Risk?

Market Risk may be defined as the possibility of loss to a bank caused by

changes in the market variables. The Bank for International Settlements (BIS)

defines market risk as the risk that the value of 'on' or 'off' balance sheet positions

will be adversely affected by movements in equity and interest rate markets,

currency exchange rates and commodity prices". Thus, Market Risk is the risk to

the bank's earnings and capital due to changes in the market level of interest rates

or prices of securities, foreign exchange and equities, as well as the volatilities of

those changes. Besides, it is equally concerned about the bank's ability to meet itsobligations as and when they fall due. In other words, it should be ensured that the

bank is not exposed to Liquidity Risk. Thus, focus on the management of

Liquidity Risk and Market Risk, further categorized into interest rate risk, foreign

exchange risk, commodity price risk and equity price risk. An effective market

risk management framework in a bank comprises risk identification, setting up of

limits and triggers, risk monitoring, models of analysis that value positions or

measure market risk, risk reporting, etc.

Types of market risk

Interest rate risk:

Interest rate risk is the risk where changes in market interest rates might

adversely affect a bank's financial condition. The immediate impact of changes in

interest rates is on the Net Interest Income (NII). A long term impact of changing

interest rates is on the bank's networth since the economic value of a bank's assets,

liabilities and off-balance sheet positions get affected due to variation in market


20/42

[Type text]


interest rates. The interest rate risk when viewed from these two perspectives is

known as 'earnings perspective' and 'economic value' perspective, respectively.

Management of interest rate risk aims at capturing the risks arising from the

maturity and repricing mismatches and is measured both from the earnings andeconomic value perspective.

Earnings perspective involves analyzing the impact of changes in interest rates

on accrual or reported earnings in the near term. This is measured by measuring

the changes in the Net Interest Income (NII) or Net Interest Margin (NIM) i.e. the

difference between the total interest income and the total interest expense.

Economic Value perspective involves analyzing the changes of impact on

interest on the expected cash flows on assets minus the expected cash flows onliabilities plus the net cash flows on off-balance sheet items. It focuses on the risk

to networth arising from all repricing mismatches and other interest rate sensitive

positions. The economic value perspective identifies risk arising from long-term

interest rate gaps.

The management of Interest Rate Risk should be one of the critical

components of market risk management in banks. The regulatory restrictions in

the past had greatly reduced many of the risks in the banking system. Deregulationof interest rates has, however, exposed them to the adverse impacts of interest rate

risk. The Net Interest Income (NII) or Net Interest Margin (NIM) of banks is

dependent on the movements of interest rates. Any mismatches in the cash flows

(fixed assets or liabilities) or repricing dates (floating assets or liabilities), expose

bank's NII or NIM to variations. The earning of assets and the cost of liabilities

are now closely related to market interest rate volatility

Generally, the approach towards measurement and hedging of IRR varies

with the segmentation of the balance sheet. In a well functioning risk managementsystem, banks broadly position their balance sheet into Trading and Banking

Books. While the assets in the trading book are held primarily for generating

profit on short-term differences in prices/yields, the banking book comprises


21/42

[Type text]


assets and liabilities, which are contracted basically on account of relationship or

for steady income and statutory obligations and are generally held till maturity.

Thus, while the price risk is the prime concern of banks in trading book, the

earnings or economic value changes are the main focus of banking book.

For example :-- Bond prices are obviously interest rate sensitive. If rates rise, then

the present value of a bond will fall sharply. This can also be thought of in terms

of market rates: if interest rates rise, then the price of a bond will have to fall for

the yield to match the new market rates.The longer the duration of a bond the

more sensitive it will be to movements in interest rates.Shares are also sensitive to

interest rates, again it is obvious that if interest rates change (and other things

remain equal, which the Fisher effect suggests may not be the case)

then DCF valuations will fall. In addition, the profits of highly geared companies

will be significantly affected by the level of their interest payments.Banks can also

have significant interest rate risk: for example they may have depositors locked

into fixed rates and borrowers on floating rates or vice versa.Interest rate risk can

be hedged using swaps and interest rate based derivatives.

Treatment of Market Risk in the Proposed Basel Capital Accord

The Basle Committee on Banking Supervision (BCBS) had issued

comprehensive guidelines to provide an explicit capital cushion for the price risksto which banks are exposed, particularly those arising from their trading activities.

The banks have been given flexibility to use in-house models based on VaR for

measuring market risk as an alternative to a standardized measurement framework

suggested by Basle Committee. The internal models should, however, comply

with quantitative and qualitative criteria prescribed by Basle Committee.

Reserve Bank of India has accepted the general framework suggested by the Basle

Committee. RBI has also initiated various steps in moving towards prescribingcapital for market risk. As an initial step, a risk weight of 2.5% has been

prescribed for investments in Government and other approved securities, besides a

risk weight each of 100% on the open position limits in forex and gold. RBI has


22/42

[Type text]


also prescribed detailed operating guidelines for Asset-Liability Management

System in banks. As the ability of banks to identify and measure market risk

improves, it would be necessary to assign explicit capital charge for market risk.

While the small banks operating predominantly in India could adopt the

standardized methodology, large banks and those banks operating in internationalmarkets should develop expertise in evolving internal models for measurement of

market risk.

The Basle Committee on Banking Supervision proposes to develop capital

charge for interest rate risk in the banking book as well for banks where the

interest rate risks are significantly above average ('outliers'). The Committee is

now exploring various methodologies for identifying 'outliers' and how best to

apply and calibrate a capital charge for interest rate risk for banks. Once the

Committee finalizes the modalities, it may be necessary, at least for banks

operating in the international markets to comply with the explicit capital charge

requirements for interest rate risk in the banking book. As the valuation norms on

banks' investment portfolio have already been put in place and aligned with the

international best practices, it is appropriate to adopt the Basel norms on capital

for market risk. In view of this, banks should study the Basel framework on

capital for market risk as envisaged in Amendment to the Capital Accord to

incorporate market risks published in January 1996 by BCBS and prepare

themselves to follow the international practices in this regard at a suitable date to

be announced by RBI

The Proposed New Capital Adequacy Framework

The Basel Committee on Banking Supervision has released a Second

Consultative Document, which contains refined proposals for the three pillars of

the New Accord - Minimum Capital Requirements, Supervisory Review and

Market Discipline. It may be recalled that the Basel Committee had released inJune 1999 the first Consultative Paper on a New Capital Adequacy Framework

for comments. However, the proposal to provide explicit capital charge for market

risk in the banking book which was included in the Pillar I of the June 1999


23/42

[Type text]


Document has been shifted to Pillar II in the second Consultative Paper issued in

January 2001. The Committee has also provided a technical paper on evaluation

of interest rate risk management techniques. The Document has defined the

criteria for identifying outlier banks. According to the proposal, a bank may be

defined as an outlier whose economic value declined by more than 20% of thesum of Tier 1 and Tier 2 capital as a result of a standardized interest rate shock

(200 bps.)

The second Consultative Paper on the New Capital Adequacy framework

issued in January, 2001 has laid down 13 principles intended to be of general

application for the management of interest rate risk, independent of whether the

positions are part of the trading book or reflect banks' non-trading activities. They

refer to an interest rate risk management process, which includes the development

of a business strategy, the assumption of assets and liabilities in banking and

trading activities, as well as a system of internal controls. In particular, they

address the need for effective interest rate risk measurement, monitoring and

control functions within the interest rate risk management process. The principles

are intended to be of general application, based as they are on practices currently

used by many international banks, even though their specific application will

depend to some extent on the complexity and range of activities undertaken by

individual banks. Under the New Basel Capital Accord, they form minimum

standards expected of internationally active banks. The principles are given in

Annexure II.

Equity price risk:

The price risk associated with equities also has two components General

market risk refers to the sensitivity of an instrument / portfolio value to the

change in the level of broad stock market indices. Specific / Idiosyncratic risk

refers to that portion of the stocks price volatility that is determined by

characteristics specific to the firm, such as its line of business, the quality of its

management, or a breakdown in its production process. The general market risk

cannot be eliminated through portfolio diversification while specific risk can be

diversified away.


24/42

[Type text]


Foreign exchange risk:

Foreign Exchange Risk maybe defined as the risk that a bank may suffer

losses as a result of adverse exchange rate movements during a period in which it

has an open position, either spot or forward, or a combination of the two, in an

individual foreign currency. The banks are also exposed to interest rate risk, which

arises from the maturity mismatching of foreign currency positions. Even in cases

where spot and forward positions in individual currencies are balanced, the

maturity pattern of forward transactions may produce mismatches. As a result,

banks may suffer losses as a result of changes in premia/discounts of the

currencies concerned.

In the forex business, banks also face the risk of default of thecounterparties or settlement risk. While such type of risk crystallization does not

cause principal loss, banks may have to undertake fresh transactions in the

cash/spot market for replacing the failed transactions. Thus, banks may incur

replacement cost, which depends upon the currency rate movements. Banks also

face another risk called time-zone risk or Herstatt risk which arises out of time-

lags in settlement of one currency in one center and the settlement of another

currency in another time-zone. The forex transactions with counterparties from

another country also trigger sovereign or country risk (dealt with in details in the

guidance note on credit risk).

The three important issues that need to be addressed in this regard are:

1. Nature and magnitude of exchange risk

2. Exchange managing or hedging for adopted be to strategy>

3. The tools of managing exchange risk

Commodity price risk:The price of the commodities differs considerably from its interest rate risk

and foreign exchange risk, since most commodities are traded in the market in

which the concentration of supply can magnify price volatility. Moreover,


25/42

[Type text]


fluctuations in the depth of trading in the market (i.e., market liquidity) often

accompany and exacerbate high levels of price volatility. Therefore, commodity

prices generally have higher volatilities and larger price discontinuities.


26/42

[Type text]


CREDIT RISK

What is Credit Risk?

Credit risk is defined as the possibility of losses associated with diminution

in the credit quality of borrowers or counterparties. In a bank's portfolio, losses

stem from outright default due to inability or unwillingness of a customer or

counterparty to meet commitments in relation to lending, trading, settlement and

other financial transactions. Alternatively, losses result from reduction in portfolio

value arising from actual or perceived deterioration in credit quality. Credit risk

emanates from a bank's dealings with an individual, corporate, bank, financial

institution or a sovereign. Credit risk may take the following forms

In the case of direct lending: principal/and or interest amount may not be

repaid;

In the case of guarantees or letters of credit: funds may not be forthcoming

from the constituents upon crystallization of the liability;

In the case of treasury operations: the payment or series of payments due

from the counter parties under the respective contracts may not be

forthcoming or ceases;

In the case of securities trading businesses: funds/ securities settlement maynot be effected;

In the case of cross-border exposure: the availability and free transfer of

foreign currency funds may either cease or the sovereign may impose

restriction

Credit Risk Management

In this backdrop, it is imperative that banks have a robust credit risk

management system which is sensitive and responsive to these factors. Theeffective management of credit risk is a critical component of comprehensive risk

management and is essential for the long term success of any banking


27/42

[Type text]


organization. Credit risk management encompasses identification, measurement,

monitoring and control of the credit risk exposures.

Building Blocks of Credit Risk Management:

In a bank, an effective credit risk management framework would comprise

of the following distinct building blocks:

Policy and Strategy

Organizational Structure

Operations/ Systems

Policy and Strategy

The Board of Directors of each bank shall be responsible for approving and

periodically reviewing the credit risk strategy and significant credit risk policies.

Credit Risk Policy

1. Every bank should have a credit risk policy document approved by the

Board. The document should include risk identification, risk measurement, risk

grading/ aggregation techniques, reporting and risk control/ mitigation

techniques, documentation, legal issues and management of problem loans.

2. Credit risk policies should also define target markets, risk acceptance

criteria, credit approval authority, credit origination/ maintenance

procedures and guidelines for portfolio management.

3. The credit risk policies approved by the Board should be communicated to

branches/controlling offices. All dealing officials should clearly understand

the bank's approach for credit sanction and should be held accountable for

complying with established policies and procedures.

4. Senior management of a bank shall be responsible for implementing the

credit risk policy approved by the Board.


28/42

[Type text]


Credit Risk Strategy

1. Each bank should develop, with the approval of its Board, its own credit

risk strategy or plan that establishes the objectives guiding the bank's credit-

granting activities and adopt necessary policies/ procedures for conductingsuch activities. This strategy should spell out clearly the organizations

credit appetite and the acceptable level of risk-reward trade-off for its

activities.

2. The strategy would, therefore, include a statement of the bank's willingness

to grant loans based on the type of economic activity, geographical location,

currency, market, maturity and anticipated profitability. This would

necessarily translate into the identification of target markets and business

sectors, preferred levels of diversification and concentration, the cost of

capital in granting credit and the cost of bad debts.

3. The credit risk strategy should provide continuity in approach as also take

into account the cyclical aspects of the economy and the resulting shifts in

the composition/ quality of the overall credit portfolio. This strategy should

be viable in the long run and through various credit cycles.

4. Senior management of a bank shall be responsible for implementing the

credit risk strategy approved by the Board.


29/42

[Type text]


OPERATIONAL RISK

What is Operational Risk?

Operational risk is the risk associated with operating a business.

Operational risk covers such a wide area that it is useful to subdivide operational

risk into two components:

Operational failure risk.

Operational strategic risk.

Operational failure risk arises from the potential for failure in the

course of operating the business. A firm uses people, processes and technology to

achieve the business plans, and any one of these factors may experience a failureof some kind. Accordingly, operational failure risk can be defined as the risk that

there will be a failure of people, processes or technology within the business unit.

A portion of failure may be anticipated, and these risks should be built into the

business plan. But it is unanticipated, and therefore uncertain, failures that give

rise to key operational risks. These failures can be expected to occur periodically,

although both their impact and their frequency may be uncertain.

The impact or severity of a financial loss can be divided into two

categories: An expected amount

An unexpected amount.

The latter is itself subdivided into two classes: an amount classed as

severe, and a catastrophic amount. The firm should provide for the losses that

arise from the expected component of these failures by charging expected

revenues with a sufficient amount of reserves. In addition, the firm should set

aside sufficient economic capital to cover the unexpected component, or resort to

insurance.

Operational strategic risk arises from environmental factors,

such as a new competitor that changes the business paradigram, a major political

and regulatory regime change, and earthquakes and other such factors that are


30/42

[Type text]


outside the control of the firm. It also arises from major new strategic initiatives,

such as developing a new line of business or re-engineering an existing business

line. All business rely on people, processes and technology outside their business

unit, and the potential for failure exists there too, this type of risk is referred to as

external dependency risk.

The figure above summarizes the relationship between operational failure risk and

operational strategic risk. These two principal categories of risk are also

sometimes defined as internal and external operational risk.

Figure: Two Broad Categories of Operational Risk

Operational Risk

Operational failure risk(Internal operational risk)

The risk encountered in pursuitof a particular strategy due to:

People Process Technology

Operational strategic risk(External operational risk)

The risk of choosing aninappropriate strategy inresponse to environmentalfactor, such as

Political Taxation Regulation Government Societal Competition, etc.


31/42

[Type text]


Operational risk is often thought to be limited to losses that can occur in

operating or processing centers. This type of operational risk, sometimes referred

as operations risk, is an important component, but it by no means covers all of the

operational risks facing the firm. Our definition of operational risk as the risk

associated with operating the business means significant amounts of operationalrisk are also generated outside the processing centers.

Risk begins to accumulate even before the design of the potential

transaction gets underway. It is present during negotiations with the client

(regardless of whether the negotiation is a lengthy structuring exercise or a routine

electronic negotiation.) and continues after the negotiation as the transaction is

serviced.

A complete picture of operational risk can only be obtained if the banks

activity is analyzed from beginning to end. Several things have to be in placebefore a transaction is negotiated, and each exposes the firm to operational risk.

The activity carried on behalf of the client by the staff can expose the institution to

people risk. People risk are not only in the form of risk found early in a

transaction. But they further rely on using sophisticated financial models to price

the transaction. This creates what is called as Model risk which can arise because

of wrong parameters like input to the model, or because the model is used

inappropriately and so on.

Once the transaction is negotiated and a ticket is written, errors can occur as

the transaction is recorded in various systems or reports. An error here may result

in the delayed settlement of the transaction, which in turn can give rise to fines

and other penalties. Further an error in market risk and credit risk report might

lead to the exposures generated by the deal being understated. In turn this can lead

to the execution of additional transactions that would otherwise not have been

executed. These are examples of what is often called as process risk

The system that records the transaction may not be capable of handling the

transaction or it may not have the capacity to handle such transactions. If any one

of the step is out-sourced, then external dependency risk also arises. However,

each type of risk can be captured either as people, processes, technology, or an

external dependency risk, and each can be analyzed in terms of capacity,

capability or availability


32/42

[Type text]


Who Should Manage Operational Risk?The responsibility for setting policies concerning operational risk remains

with the senior management, even though the development of those policies may

be delegated, and submitted to the board of directors for approval. Appropriate

policies must be put in place to limit the amount of operational risk that is

assumed by an institution. Senior management needs to give authority to change

the operational risk profile to those who are the best able to take action. They must

also ensure that a methodology for the timely and effective monitoring of the risks

that are incurred is in place. To avoid any conflict of interest, no single group

within the bank should be responsible for simultaneously setting policies, taking

action and monitoring risk.

Internal Audit

SeniorManagement

Business Management Risk Management

Le alO erations

InformationTechnology

FinanceInsurance


33/42

[Type text]


Policy Setting

The authority to take action generally rests with business management,

which is responsible for controlling the amount of operational risk taken within

each business line. The infrastructure and the governance groups share with

business management the responsibility for managing operational risk.

The responsibility for the development of a methodology for measuring and

monitoring operational risks resides most naturally with group risk management

functions. The risk management function also needs to ensure the proper

operational risk/ reward analysis is performed in the review of existing businesses

and before the introduction of new initiatives and products. In this regard, the risk

management function works very closely with, but independent from, business

management, infrastructure, and other governance group

Senior management needs to know whether the responsibilities it has

delegated are actually being tended to, and whether the resulting processes are

effective. The internal audit function within the bank is charged with this

responsibility.

EIGHT KEY ELEMENTS TO ACHIEVE BEST OPERATIONAL

RISK MANAGEMENT.

1. Policy

Best Practice

2.Risk Identification

3. Business Process

4. Measuring Methodology

8. Economic Capital

7. Risk Analysis

6. Reporting

5. Exposure Management


34/42

[Type text]


1. Develop well-defined operational risk policies. This includes explicitly

articulating the desired standards for the risk measurement. One also needs

to establish clear guidelines for practices that may contribute to a reduction

of operational risk.

2. Establish a common language of risk identification. For e.g., the termpeople risk includes a failure to deploy skilled staff. Technology risk

would include system failure, and so on.

3. Develop business process maps of each business. For e.g., one should create

an operational risk catalogue which categories and defines the various

operational risks arising from each organizational unit in terms of people,

process, and technology risk. This catalogue should be tool to help with

operational risk identification and assessment.


35/42

[Type text]


4. Develop a comprehensible set of operational risk metrics. Operational risk

assessment is a complex process. It needs to be performed on a firm-wide

basis at regular intervals using standard metrics. In early days, business and

infrastructure groups performed their own assessment of operational risk.

Today, self-assessment has been discredited. Sophisticated financial

institutions are trying to develop objective measures of operational risk thatbuild significantly more reliability into the quantification of operational

risk.

Types of Operational Failure Risk

1. People Risk 1. Incompetancy.

2. Fraud.

2. Process Risk

Model Risk

TR

OCR

1. Model/ methodology error

2. Mark-to-model error.

1. Execution error.

2. Product complexity.

3. Booking error.

4. Settlement error.

1. Exceeding limits.

2. Security risk.

3.Volume risk.

3. Technology Risk 1. System failure.

2. Programming error.

3. Information risk.4. Telecommunications failure.


36/42

[Type text]


5. Decide how to manage operational risk exposure and take appriate action to

hedge the risks. The bank should address the economic question of th cost-

benefit of insuring a given risk for those operational risks that can be

insured.

6. Decide how to report exposure.7. Develop tools for risk analysis, and procedures for when these tools should

deploped. For e.g., risk analysis is typically performed as part of a new

product process, periodic business reviews, and so on. Stress testing should

be a standard part of risk analysis process. The frequency of risk assessment

should be a function of the degree to which operational risks are expected

to change over time as businesses undertake new initiatives, or as business

circumstances evolve. This frequency might be reviewed as operational risk

measurement is rolled out across the bank a bank should update its riskassessment more frequently. Further one should reassess whenever the

operational risk profile changes significantly.

8. Develop techniques to translate the calculation of operational risk into a

required amount of economic capital. Tools and procedures should be

developed to enable businesses to make decisions about operational risk

based on risk/reward analysis.

Four-Step Measurement Process For Operational Risk

Clear guiding principle for the operational risk measurement process should

be set to ensure that it provides an appropriate measure of operational risk across

all business units throughout the bank. This problem of measuring operational risk

can be best achieved by means of a four-step operational risk process. The

following are the four steps involved in the process:

1. Input.

2. Risk assessment framework.

3. Review and validation.4. Output.


37/42

[Type text]


1. Input:

The first step in the operational risk measurement process is to gather the

information needed to perform a complete assessment of all significant

operational risks. A key source of this information is often the finished product of

other groups. For example, a unit that supports the business group often publishesreport or documents that may provide an excellent starting point for the

operational risk assessment.

Sources of Information in the Measurement Process of Operational Risk

:The Inputs (for Assessment)

Likelihood of Occurrence Severity

Audit report Management interviews

Regulatory report Loss history

Management report

Expert opinion

Business Recovery Plan

Business plans

Budget plans

Operations plans

For example, if one is relying on audit documents as an indication of the

degree of control, then one needs to ask if the audit assessment is current and

sufficient. Have there been any significant changes made since the last audit

assessment? Did the audit scope include the area of operational risk that is of

concern to the present risk assessment? As one diligently works through availableinformation, gaps often become apparent. These gaps in the information often

need to be filled through discussion with the relevant managers.


38/42

[Type text]


Typically, there are not sufficient reliable historical data available to

confidently project the likelihood or severity of operational losses. One often

needs to rely on the expertise of business management, until reliable data are

compiled to offer an assessment of the severity of the operational failure for each

of the risks. The time frame employed for all aspects of the assessment process istypically one year. The one-year time horizon is usually selected to align with the

business planning cycle of the bank.

2. Risk Assessment Framework

The input information gathered in the above step needs to be analyzed and

processed through the risk assessment framework. Risk assessment framework

includes:

1. Risk categories:

The operational risk can be broken down into four headline risk categories like

the risk of unexpected loss due to operational failure in people, process and

technology deployed within the business

Internal dependencies should each be reviewed according to a set of factors.

We examine these 9nternal dependencies according to three key components of

capability, capacity and availability.

External dependencies can also be analyzed in terms of the specific type of

external interaction.2. Connectivity and interdependencies

The headline risk categories cannot be viewed in isolation from one another.

One needs to examine the degree of interconnected risk exposures that cut

across the headline operational risk categories, in order to understand the full

impact of risk.

3. Change, complexity, compliancy:

One may view the sources that drive the headline risk categories as falling

under the broad categories of Change refers to such items as introducing newtechnology or new products, a merger or acquisition, or moving from internal

supply to outsourcing, etc. Complexity refers to such items as complexity of


39/42

[Type text]


products, process or technology. Complacency refer to ineffective

management of the business.

4. Net likelihood assessment

The likelihood that an operational failure might occur within the next year

should be assessed, net of risk mitigants such as insurance, for each identifiedrisk exposure and for each of the four headline risk categories. Since it is often

unclear how to quantify risk, this assessment can be rated along five point

likelihood continuum from very low, low, medium, high and very high.

5. Severity assessment

Severity describes the potential loss to the bank given that an operational risk

failure has occurred. It should be assessed for each identified risk exposure.

6. Combined likelihood and severity into the overall Operational Risk

AssessmentOperational risk measures are constrained in that there is not usually a

defensible way to combine the individual likelihood of loss and severity

assessments into overall measure of operational risk within a business unit. To

do so, the likelihood of loss would need to be expressed in numerical terms.

This cannot be accomplished without statistically significant historical data on

operational losses.

7. Defining Cause and Effect:

Loss data are easier to collect than data associated with the cause of loss. This

complicates the measurement of operational risk because each loss is likely to

have several causes. This relationship between these causes, and the relative

importance of each, can be difficult to assess in an objective fashion.

1. Review and validation:

Once the report is generated. First the centralised operational risk

management group (ORMG) reviews the assessment results with senior business

unit management and key officers, in order to finalize the proposed operational

risk rating. Second, one may want an operational risk rating committee to review

the assessment a validation process similar to that followed by credit rating

agencies. This takes the form of review of the individual risk assessments by

knowledgeable senior committee personnel to ensure that the framework has been


40/42

[Type text]


consistently applied across businesses, that there has been sufficient scrutiny to

remove any imperfections, and so on. The committee should have representation

from business management, audit, and functional areas, and be chaired by risk

management unit.

2. Output

The final assessment of operational risk will be formally reported to

business management, the centralised risk-adjusted return on capital (RAROC)

group, and the partners in corporate governance such as internal audit and

compliance. The output of the assessment process has two main uses:

1. The assessment provides better operational risk information to management

for use in improving risk management decisions.

2. The assessment improves the allocation of economic capital to better reflectthe extent of the operational riskier, being taken by a business unit.

3. The over all assessment of the likelihood of operational risk & severity of

loss for a business unit can be shown as:

Mgmt. Attention

Severity of Loss ($)

MediumRisk

HighRisk

MediumRisk

LowRisk


41/42

[Type text]


Risk management underscores the fact that the survival of an organization

depends heavily on its capabilities to anticipate and prepare for the change rather

than just waiting for the change and react to it. The objective of risk management

is not to prohibit or prevent risk taking activity, but to ensure that the risks are

consciously taken with full knowledge, clear purpose and understanding so that it

can be measured and mitigated. It also prevents an institution from suffering

unacceptable loss causing an institution to fail or materially damage its

competitive position. Functions of risk management should actually be bank

specific dictated by the size and quality of balance sheet, complexity of functions,

technical/ professional manpower and the status of MIS in place in that bank.

There may not be one-size-fits-all risk management module for all the banks to be

made applicable uniformly. Balancing risk and return is not an easy task as risk

is subjective and not quantifiable where as return is objective and measurable. If

there exist a way of converting the subjectivity of the risk into a number then the

balancing exercise would be meaningful and much easier.


42/42

[Type text]

REFERENCES

Books:

Book name: - Risk management

Author name: - Macmillan

WEBSITES:

@ http://en.wikipedia.org/wiki/Risk_management

@ http://www.icai.org/resource_file/11490p841-851.pdf

Thank you
http://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/Risk_managementhttp://www.icai.org/resource_file/11490p841-851.pdfhttp://www.icai.org/resource_file/11490p841-851.pdfhttp://en.wikipedia.org/wiki/Risk_management

Risk Management in Banking Sector Main01

Documents

Transcript of Risk Management in Banking Sector Main01