Risk management in banks - Final
-
Upload
alpesh-patel -
Category
Documents
-
view
219 -
download
0
Transcript of Risk management in banks - Final
-
8/7/2019 Risk management in banks - Final
1/41
INTRODUCTION TO RISK MANAGEMENT
RISK
Risk is the probability that a hazard will turn into a disaster. Vulnerability and hazards are
not dangerous, taken separately. But if they come together, they become a risk or, in other words,
the probability that a disaster will happen.
Nevertheless, risks can be reduced or managed. If we are careful about how we treat the
environment, and if we are aware of our weaknesses and vulnerabilities to existing hazards, then
we can take measures to make sure that hazards do not turn into disasters.
"What is risk?" And what is a pragmatic definition of risk? Since risk is accepted in
business as a trade off between reward and threat, it does mean that taking risk bring forth
benefits as well. In other words it is necessary to accept risks, if the desire is to reap the
anticipated benefits.
Risk in its pragmatic definition, therefore, includes both threats that can materialize and
opportunities, which can be exploited. This definition of risk is very pertinent today as the
current business environment offers both challenges and opportunities to organizations, and it isup to an organization to manage these to their competitive advantage.
RISK MANAGEMENT
Risk Management is the process of measuring or assessing the actual or potential
dangers of a particular situation.
Risk management is a discipline for dealing with the possibility that some future event will
cause harm. It provides strategies, techniques, and an approach to recognizing and confronting
any threat faced by an organization in fulfilling its mission. Risk management may be as
uncomplicated as asking and answering three basic questions:
1
What can go wrong?
-
8/7/2019 Risk management in banks - Final
2/41
What will we do (both to prevent the harm from occurring and in the aftermath of an"incident")?
If something happens, how will we pay for it?
2
-
8/7/2019 Risk management in banks - Final
3/41
RISK MANAGEMENT IN BANKS
Risk management does not aim at risk elimination, but enables the organization to bring
their risks to manageable proportions while not severely affecting their income. This balancing
act between the risk levels and profits needs to be well-planned. Apart from bringing the risks to
manageable proportions, they should also ensure that one risk does not get transformed into any
other undesirable risk. This transformation takes place due to the inter-linkage present among the
various risks. The focal point in managing any risk will be to understand the nature of the
transaction in a way to unbundle the risks it is exposed to.
Risk Management is a more mature subject in the western world. This is largely a result
of lessons from major corporate failures, most telling and visible being the Barings collapse. In
addition, regulatory requirements have been introduced, which expect organizations to have
effective risk management practices. In India, whilst risk management is still in its infancy, there
has been considerable debate on the need to introduce comprehensive risk management
practices.
RISK MANAGEMENT PROCESS IN BANKS
1. Risks in BankingRisks manifest themselves in many ways and the risks in banking are a result of many
diverse activities, executed from many locations and by numerous people. As a financial
intermediary, banks borrow funds and lend them as a part of their primary activity. This
intermediation activity, of banks exposes them to a host of risks. The volatility in the operating
environment of banks will aggravate the effect of the various risks.
3
-
8/7/2019 Risk management in banks - Final
4/41
2. Risk Assessment:The very first event in the risk management process is risk assessment, where you identify
the various kinds of risk that are faced by the banks. This is a very crucial step in the
management of risk.
4
3. Risk IdentificationRisk identification sets out to identify an organizations exposure to uncertainty. This
requires an intimate knowledge of the organization, the market in which it operates, the legal,
social, political and cultural environment in which it exists, as well as the development of a
sound understanding of its strategic and operational objectives, These concern the effective
management and control of the finances of the organization and the effects of external factors
such as availability of credit, foreign exchange rates, interest rate movement and other market
exposures.
-
8/7/2019 Risk management in banks - Final
5/41
4. Risk DescriptionThe objective of risk description is to display the identified risks in a structured format,
5. Risk Estimation and EvaluationRisk estimation can be quantitative, semi quantitative or qualitative in terms of the
probability of occurrence and the possible consequence. Tabulate the consequences of the risk
that can happen with the rate of being high medium or low risk. This would need to not only
evaluation but also evaluation of the risk. When the risk analysis process has been completed, it
is necessary to compare the estimated risks against risk criteria which the organization has
established.
6. Risk ReportingIt can be an internal reporting of risk as well as external reporting of risk. Different levels
within an organization need different information from the risk management process. Any
significant deficiencies uncovered by the system, or in the system itself, should be reported
together
7. Risk TreatmentRisk treatment is the process of selecting and implementing measures to modify the risk.
Risk treatment includes as its major element, risk control/mitigation, but extends further to, for
example, risk avoidance, risk transfer, risk financing, etc.
8. MonitoringEffective risk management requires a reporting and review structure to ensure that risks are
effectively identified and assessed and that appropriate controls and responses are in place.
5
-
8/7/2019 Risk management in banks - Final
6/41
BENEFITS OF RISK MANAGEMENT IN BANKS
Proper risk management allows a financial institution to prosper through taking and avoidingrisks. Well run companies are now taking a closer interest in what its management is doing to
mitigate risk exposure, allowing for a more efficient, effective and prudently run business.
Good risk management will greatly improve the transparency of how an organization
operates, providing a roadmap to achieve strategic goals and objectives and reassurance over the
management of risks. A risk based approach can make a company more flexible and responsive
to market fluctuations, making it better able to satisfy the needs of its various stakeholders, in a
constantly changing environment. Companies can also gain an advantage over competitors byidentifying and adapting to circumstances faster than their rivals.
Increased risk awareness: With the advent of risk management in banks and in bankingsystem, there is increased awareness on the several of types of risk, this has lead to the
systematized pattern of working and thereby has created awareness among various people
and management for the safe working of the banks. Also RBI has ensured that there is
enough awareness of various risk and thereby banks take care of the risk prior to its
happening.
Prioritization of business risks to those that matter: With the recognition of the variousrisk that are to be happening to the banks and with the increased awareness now banks can
prioritize the risk to that of the other matters.
Fewer unexpected and unwelcome surprises: Due to increased use of risk management andits process there are few unexpected surprises, as banks are ready to face the financial and
other hurdles that are on the way. Not only that because of risk management all contingent
risk are reduced to a greater extent
6
A better focus internally on doing the right things well: Banks can now focus on theinternal process and its betterment thereby increasing the efficiency of the banks and
-
8/7/2019 Risk management in banks - Final
7/41
increasing the overall brand of the company. Risk management has lead to the increased
efficiency and effectiveness of the banks due to prioritization of the process.
Reduced losses through process improvements developed by the business of banks: Asthere is increased efficiency in the process these results in better outputand therebyreducing
the losses that can take places due to process improvements of banks. This increases the
utility of banks and its assets, as a result of these banks have reduced losses and better
process in place.
Providing a better basis for making key strategic decisions: Risk Management leads toestimation of the future and the various risks that can be on the way in future. This leads to
proper knowledge of the future, thereby making the future bit more stable and predictable.
This helps in making key strategic decisions and its better implementation for the further
betterment.
Increasing the chance of change initiatives being achieved: Risk management in banksleads to various benefits as stated above, all of those benefits leads to increasing the chance
of change initiatives being achieved at earlier stage thereby outperforming the set standards
with better vision of the future.
Creating a greater likelihood of achieving business goals and objectives: Riskmanagement leads to effective, efficient business, with vision and goals achieved in due to
time, reducing the possible losses and streamlining the business of banks this leads to
creating a greater likelihood of achieving business goals and objectives
7
-
8/7/2019 Risk management in banks - Final
8/41
TYPES OF RISKS
Business activities entail a variety of risks. The banking industry has long viewed the
problem of risk management as the need to control four of the above risks which make up most,
if not all, of their risk exposure, viz., credit, interest rate, foreign exchange and liquidity risk For
convenience, we distinguish between different categories of risk: market risk, credit risk,
liquidity risk, etc. Although such categorization is convenient, it is only informal. Usage and
definitions vary. Boundaries between categories are blurred. A loss due to widening credit
spreads may reasonably be called a market loss or a credit loss, so market risk and credit risk
overlap. Liquidity risk compounds other risks, such as market risk and credit risk. It cannot be
divorced from the risks it compounds.
There are various types of risks that occur in the banks and affect its functioning.
Some of these kinds of Risks are as follows:
1. Liquidity Risk
2. Market Risk
3. Interest Rate Risk
4. Credit Risk
5. Operational Risk
6. Strategic Risk
7. Reputation Risk
8
-
8/7/2019 Risk management in banks - Final
9/41
LIQUIDITY RISK
Liquidity risk is part and parcel for every banking institution. Unfortunately it isnt an
isolated risk like credit or market risk, but a consequential risk. It is contingent on other factors
like maturity mismatches or external events such as credit downgrades or market turmoil.
Liquidity risk is financial risk due to uncertain liquidity. An institution might lose
liquidity if its credit rating falls, it experiences sudden unexpected cash outflows, or some other
event causes counterparties to avoid trading with or lending to the institution. A firm is also
exposed to liquidity risk if markets on which it depends are subject to loss of liquidity. Liquidity
Risk also arises from the long term funding of long term assets by the short term liabilities. The
funding liquidity risk is defined as the inability to obtain funds to meet the cash flow obligations.
The funding risk arises from the need to replace net outflow due to unanticipated withdrawal or
non- renewal of deposits.
Liquidity risk tends to compound other risks. If a trading organization has a position in an
illiquid asset, its limited ability to liquidate that position at short notice will compound its market
risk. Suppose a firm has offsetting cash flows with two different counterparties on a given day. If
the counterparty that owes it a payment defaults, the firm will have to raise cash from other
sources to make its payment. Here, liquidity risk is compounding credit risk.
Liquidity risk comprises of:
1. Funding liquidity risk2. Trading-related liquidity risk.1. Funding liquidity risk:
Funding liquidity risk relates to a financial institutions ability to raise the necessary cash
to roll over its debt, to meet the cash, margin, and collateral requirements of counterparties, and
(in the case of funds) to satisfy capital withdrawals. Funding liquidity risk is affected by variousfactors such as the maturities of the liabilities, the extent of reliance of secured sources of
funding, the terms of financing, and the breadth of funding sources, including the ability to
access public market such as commercial paper market. Funding can also be achieved through
cash or cash equivalents, buying power, and available credit lines.
9
-
8/7/2019 Risk management in banks - Final
10/41
2. Trading-related liquidity risk:Trading-related liquidity risk, often simply called as liquidity risk, is the risk that an
institution will not be able to execute a transaction at the prevailing market price because thereis, temporarily, no appetite for the deal on the other side of the market. If the transaction cannot
be postponed its execution my lead to substantial losses on position. This risk is generally very
hard to quantify. It may reduce an institutions ability to manage and hedge market risk as well
as its capacity to satisfy any shortfall on the funding side through asset liquidation.
Managing the Liquidity Risk in the Banks:
Business risk is managed with a long-term focus. Techniques include the careful
development of business plans and appropriate management oversight. Book-value accounting isgenerally used, so the issue of day-to-day performance is not material. The focus is on achieving
a good return on investment over an extended horizon.
Liquidity risk has to be managed in addition to market, credit and other risks. Because of
its tendency to compound other risks, it is difficult or impossible to isolate liquidity risk. In all
but the most simple of circumstances, comprehensive metrics of liquidity risk don't exist. Certain
techniques of asset-liability management can be applied to assessing liquidity risk. A simple test
for liquidity risk is to look at future net cash flows on a day-by-day basis. Any day that has a
sizeable negative net cash flow is of concern. Such an analysis can be supplemented with stress
testing. Look at net cash flows on a day-to-day basis assuming that an important counterpartydefaults.
Most financial firms including banks use a variety of metrics to monitor the level of
liquidity risk to which they are exposed. The basic approaches may be categorized into three
types: the liquid assets approach, the cash flow approach, and a mixture of the two.
1. Liquid Assets ApproachUnder the liquid assets approach, the firm maintains liquid instruments on its balance
sheet that can be drawn upon when needed. As a variation on this approach, the firm may
maintain a pool of unencumbered assets (usually government securities) that can be used to
obtain secured funding through repurchase agreements and other secured facilities. (The relevant
metrics in this approach are ratios.)
2. Cash Flow Matching Approach
10
Under the cash flow matching approach, the firm attempts to match cash outflows against
contractual cash inflows across a variety of near-term maturity buckets.
-
8/7/2019 Risk management in banks - Final
11/41
3. Mixed ApproachThe mixed approach combines elements of the cash flow matching approach and the liquid assets
approach. The firm attempts to match cash outflows in each time bucket against a combination ofcontractual cash inflows plus inflows that can be generated through the sale of assets, repurchase
agreement or other secured borrowing. Assets that are most liquid are typically counted in the
earliest time buckets, while less liquid assets are counted in later time buckets.
11
-
8/7/2019 Risk management in banks - Final
12/41
MARKET RISK
Market risk consumes about nearly 25% of the risk capital in the bank. It is rightly said
that to win without risk is to triumph without glory.
Market Risk may be defined as the possibility of loss to a bank caused by changes in the
market variables. The Bank for International Settlements (BIS) defines market risk as the risk
that the value of 'on' or 'off' balance sheet positions will be adversely affected by movements in
equity and interest rate markets, currency exchange rates and commodity prices". Thus, Market
Risk is the risk to the bank's earnings and capital due to changes in the market level of interest
rates or prices of securities, foreign exchange and equities, as well as the volatilities of those
changes.
Besides, it is equally concerned about the bank's ability to meet its obligations as and
when they fall due. In other words, it should be ensured that the bank is not exposed to Liquidity
Risk. Thus, focus on the management of Liquidity Risk and Market Risk, further categorized
into interest rate risk, foreign exchange risk, commodity price risk and equity price risk. An
effective market risk management framework in a bank comprises risk identification, setting up
of limits and triggers, risk monitoring, models of analysis that value positions or measure market
risk, risk reporting, etc.
It is a risk of adverse deviation of the mark to market value of trading portfolio due to the
market movements during the period required to liquidate the transactions. It is also referred toas Price Risk. It occurs when the assets are sold before their stated maturities. Price Risk is
closely associated to the trading book, which is created for making profit out of short term
movements in the interest rates.
Market risk is managed with a short-term focus. Long-term losses are avoided by
avoiding losses from one day to the next. On a tactical level, traders and portfolio managers
employ a variety of risk metrics duration and convexity, the Greeks, beta, etc.to assess their
exposures. These allow them to identify and reduce any exposures they might consider
excessive. On a more strategic level, organizations manage market risk by applying risk limits to
traders' or portfolio managers' activities. Increasingly, value-at-risk is being used to define andmonitor these limits. Some organizations also apply stress testing to their portfolios.
12
-
8/7/2019 Risk management in banks - Final
13/41
Benefits of Market Risk
The effective measurement of market risk benefits the banks in the following ways:
1. Efficient allocation of the capital to exploit the different risks or rewards pattern.
2. Better product pricing.
3. There is reduced earnings volatility.
4. There is increase in the shareholders value.
Managing the Market Risk in the Banks:
The measurement of risk has changed over time. It has evolved from the simple
indicators, such as Face value/ Notional amount for an individual security to the latestmethodologies of computing VaR. the quest for better and more accurate measure of market risk
is ongoing; each new market turmoil reveals the limitations of even the most sophisticated
measure of market risk. There are various methods of measuring the market risks:
1. The Notional Amount Approach:Until recently, trading desks in major banks were allocated economic capital by reference to
notional amount. The notional approach measures risk as the notional, or nominal, amount of a
security, or the sum of the notional values of the holdings for a portfolio.
This method is flawed since it does not:
Differentiate between short and long positions. Reflect price volatility and correlation between prices.
Moreover, in the case of derivative positions in the over the counter market, there are
often very large discrepancies between true amount of market exposure, which is often small,
and the notional amount which may be huge. For example, two call options on the same
underlying instrument with the same notional value and same maturity, with one option being in
the money and the other one out-of-the-money, have very different market values and risk
exposures.
13
2. Value At Risk (VaR):Value at risk can be defined as the worst loss that might be expected from holding a security
or portfolio over a given period of time (say a single day, 10 days for the purpose of regulatory
capital reporting), given a specified level of probability (known as the confidence level)
-
8/7/2019 Risk management in banks - Final
14/41
14
Value at risk is a measure of market risk, which measures the maximum loss in the market
value of the portfolio with a given confidence. VaR is denominated in the units of currency or as
a percentage of the portfolio holdings.
For example, if we say that a position has a daily VaR of Rs. 10 million at the 99%
confidence level, we mean that the realized daily losses from the position will, on average, behigher than Rs. 10 million on only one day every 100 trading days (i.e., two to three days each
year).VaR offers probability statement about the potential change in the value of a portfolio
resulting from a change in the market factors, over a specified period of time.
For e.g. a set of portfolio having current value of say Rs.100000 can be described to have a
daily value at risk of Rs.5000 at 99% confidence level, which means there is 1/100 th chance of
loss exceeding Rs.5000 considering there are no shifts in the underlying factors.
It is thus a probability of the occurrence and hence it is a statistical measure of the risk
exposure.
-
8/7/2019 Risk management in banks - Final
15/41
CREDIT RISK
Credit risk is the oldest and biggest risk that a bank, by virtue of its very nature of
business, inherits. This has, however, acquired a greater significance in the recent past for
various reasons. Foremost among them is the wind of economic liberalization that is blowing
across the globe. India is no exception to this swing towards market-driven economy. Better
credit portfolio diversification enhances the prospects of the reduced concentration credit risk as
empirically evidenced by direct relationship between concentration credit risk profile and NPAs
of public sector banks.
Bank optimizes utilization of deposits by deploying funds for developmental activities
and productive purposes through credit creation process. Deposit mobilization & Credit
deployment constitute the core of banking activities and substantial portion of expenditure and
income are associated with them. In the case of deposits, baring few stray instances of
operational risks linked to the system and human failure culminating in fraud, forgeries & loss,
there may not be anything very alarming. But credit portfolio is the real dynamic activity that
requires close monitoring and continuous management.
Credit risk is defined as the possibility that a borrower or counterparty will fail tomeet its obligations in accordance with agreed terms. Credit risk, therefore, arises from the
banks' dealings with or lending to a corporate, individual, another bank, financial institution or a
country.
Credit risk may take various forms, such as:
In the case of direct lending, that funds will not be repaid; In the case of guarantees or letters of credit, that funds will not be forthcoming from the
customer upon crystallization of the liability under the contract;
In the case of treasury products, that the payment or series of payments due from thecounterparty under the respective contracts is not forthcoming or ceases;
15
In the case of securities trading businesses, that settlement will not be effected;
-
8/7/2019 Risk management in banks - Final
16/41
In the case of cross-border exposure, that the availability and free transfer of currency isrestricted or ceases.
COMPONENTS OF CREDIT RISK MANAGEMENT
Credit risk management framework broadly categorized into following main components.
a) Board and senior Managements Oversight
b) Organizational structure
c) Systems and procedures for identification, acceptance, measurement, monitoring and control
risks.
A) Board And Senior Managements OversightIt is the overall responsibility of banks Board to approve banks credit risk strategy and
significant policies relating to credit risk and its management which should be based on the
banks overall business strategy. To keep it current, the overall strategy has to be reviewed by the
board, preferably annually.
The responsibilities of the Board with regard to credit risk management include:
1. Delineate banks overall risk tolerance in relation to credit risk.2. Ensure that banks overall credit risk exposure is maintained at prudent levels and consistent
with the available capital
3. Ensure that top management as well as individuals responsible for credit4. risk management possess sound expertise and knowledge to accomplish the risk management
function
5. Ensure that the bank implements sound fundamental principles that facilitate theidentification, measurement, monitoring and control of credit risk.
6. Ensure that appropriate plans and procedures for credit risk management are in place.The senior management of the bank should develop and establish credit policies and credit
administration procedures as a part of overall credit risk management framework and get those
approved from board. Such policies and procedures shall provide guidance to the staff on various
types of lending including corporate, SME, consumer, agriculture, etc.
16
-
8/7/2019 Risk management in banks - Final
17/41
At minimum the policy should include,
1. Detailed and formalized credit evaluation/ appraisal process.2. Credit approval authority at various hierarchy levels including authority for approving
exceptions.
3. Risk identification, measurement, monitoring and control4. Risk acceptance criteria5. Credit origination and credit administration and loan documentation procedures6. Roles and responsibilities of units/staff involved in origination and management of credit.
B) Organizational Structure
To maintain banks overall credit risk exposure within the parameters set by the board ofdirectors, the importance of a sound risk management structure is second to none. While the
banks may choose different structures, it is important that such structure should be
commensurate with institutions size, complexity and diversification of its activities. It must
facilitate effective management oversight and proper execution of credit risk management and
control processes.
Each bank, depending upon its size, should constitute a Credit Risk Management
Committee (CRMC), ideally comprising of head of credit risk management Department, credit
department and treasury. This committee reporting to banks risk management committee should
be empowered to oversee credit risk taking activities and overall credit risk management
function.
Functions of CRMD:
To follow a holistic approach in management of risks inherent in banks portfolio and Ensure the risks remain within the boundaries established by the Board or Credit Risk
Management Committee.
The department also ensures that business lines comply with risk parameters and
17
Prudential limits established by the Board or CRMC.
-
8/7/2019 Risk management in banks - Final
18/41
Establish systems and procedures relating to risk identification, Management InformationSystem, monitoring of loan / investment portfolio quality and early warning. The department
would work out remedial measure when deficiencies/problems are identified.
C) Systems And ProceduresBanks must operate within a sound and well-defined criteria for new credits as well as the
expansion of existing credits. Credits should be extended within the target markets and lending
strategy of the institution. Before allowing a credit facility, the bank must make an assessment of
risk profile of the customer/transaction. This may include:
Credit assessment of the borrowers industry, and macro economic factors.
The purpose of credit and source of repayment. The track record / repayment history of borrower. Assess/evaluate the repayment capacity of the borrower. The Proposed terms and conditions and covenants. Adequacy and enforceability of collaterals. Approval from appropriate authority
Limit setting
An important element of credit risk management is to establish exposure limits for single
obligors and group of connected obligors. Institutions are expected to develop their own limit
structure while remaining within the exposure limits set by RBI. The size of the limits should be
based on the credit strength of the obligor, genuine requirement of credit, economic conditions
and the institutions risk tolerance. Appropriate limits should be set for respective products and
activities. Institutions may establish limits for a specific industry, economic sector or geographic
regions to avoid concentration risk.
Credit limits should be reviewed regularly at least annually or more frequently if
obligors credit quality deteriorates. All requests of increase in credit limits should be
substantiated.
18
-
8/7/2019 Risk management in banks - Final
19/41
Credit Administration:-
Credit administration unit performs following functions:
1. DocumentationIt is the responsibility of credit administration to ensure completeness of documentation
(loan agreements, guarantees, transfer of title of collaterals etc) in accordance with approved
terms and conditions. Outstanding documents should be tracked and followed up to ensure
execution and receipt.
2. Credit DisbursementThe credit administration function should ensure that the loan application has proper
approval before entering facility limits into computer systems. Disbursement should be
effected only after completion of covenants, and receipt of collateral holdings. In case of
exceptions necessary approval should be obtained from competent authorities.
3. Risk Rating ModelSet up comprehensive risk scoring system on a six to nine point scale. Clearly define
rating thresholds and review the ratings periodically preferably at half yearly intervals.
Rating migration is to be mapped to estimate the expected loss.
4. Credit monitoringAfter the loan is approved and draw down allowed, the loan should be continuously
watched over. These include keeping track of borrowers compliance with credit terms,
identifying early signs of irregularity, conducting periodic valuation of collateral and
monitoring timely repayments.
5. Loan RepaymentThe obligors should be communicated ahead of time as and when the principal/markup
installment becomes due. Any exceptions such as non-payment or late payment should be
tagged and communicated to the management. Proper records and updates should also be
made after receipt.
19
6. Maintenance of Credit FilesInstitutions should devise procedural guidelines and standards for maintenance of credit
files. The credit files not only include all correspondence with the borrower but should also
contain sufficient information necessary to assess financial health of the borrower and its
repayment performance.
-
8/7/2019 Risk management in banks - Final
20/41
7. Collateral and Security DocumentsInstitutions should ensure that all security documents are kept in a fireproof safe under
dual control. Registers for documents should be maintained to keep track of their movement.
Procedures should also be established to track and review relevant insurance coverage for
certain facilities/collateral. Physical checks on security documents should be conducted on a
regular basis.
Measuring Credit RiskThe measurement of credit risk is of vital importance in credit risk management. A number
of qualitative and quantitative techniques to measure risk inherent in credit portfolio are
evolving. To start with, banks should establish a credit risk rating framework across all type ofcredit activities. Among other things, the rating framework may, incorporate:
Business Risk1. Industry Characteristics2. Competitive Position (e.g. marketing/technological edge)3. Management
Financial Risk1. Financial condition2. Profitability3. Capital Structure4. Present and future Cash flows
Types of Credit Rating
Credit rating can be classified as:
1. External credit rating.2. Internal credit rating
20
1. External Credit Rating:A credit rating is not, in general, an investment recommendation concerning a given
security. In the words of S&P, A credit rating is S&P's opinion of the general creditworthiness
of an obligor, or the creditworthiness of an obligor with respect to a particular debt security or
other financial obligation, based on relevant risk factors. In Moody's words, a rating is, an
-
8/7/2019 Risk management in banks - Final
21/41
opinion on the future ability and legal obligation of an issuer to make timely payments of
principal and interest on a specific fixed-income security.
Since S&P and Moody's are considered to have expertise in credit rating and are regarded
as unbiased evaluators, there ratings are widely accepted by market participants and regulatory
agencies. Financial institutions, when required to hold investment grade bonds by their regulators
use the rating of credit agencies such as S&P and Moody's to determine which bonds are of
investment grade.
The rating process includes quantitative, qualitative, and legal analyses, quantitative
analyses. The quantitative analysis is mainly financial analysis and is based on the firms
financial reports. The qualitative analysis is concerned with the quality of management, and
includes a through review of the firms competitiveness within its industry as well as the
expected growth of the industry and its vulnerability to technological changes, regulatory
changes, and labor relations.
Internal Credit Rating:
21
A typical risk rating system (RRS) will assign both an obligor rating to each borrower (or
group of borrowers), and a facility rating to each available facility. A risk rating (RR) is designed
to depict the risk of loss in a credit facility. A robust RRS should offer a carefully designed,
structured, and documented series of steps for the assessment of each rating.
-
8/7/2019 Risk management in banks - Final
22/41
Risk Rating Models
SShhoorrtt tteerrmm rraattiinnggss RRiisskk wweeiigghhttss
CCAARREE CCRRIISSIILL FFIITTCCHH IICCRRAA
PPRR11++ PP11++ FF11++ AA11++ 2200%%
PPRR11 PP11 FF11 AA11 3300%%
PPRR22 PP22 FF22 AA22 5500%%
PPRR33 PP33 FF33 AA33 110000%%
PPRR44//PPRR55 PP44//PP55 BB//CC//DD AARR//AA55 115500%%
UUNNRRAATTEEDD UUNNRRAATTEEDD UUNNRRAATTEEDD UUNNRRAATTEEDD 110000%%
Under the New Basel II Accord, assessment of Credit Risk can be carried out in any of the
three approaches viz.
1. Standardized Approach2. Foundation Internal Rating Based Approach and3. Advanced Internal Rating Based Approach.
At present, banks in India in general and PSU banks in particular, are ready to migrate to Basel II
only at a conceptual and academic level.
1. Standardized Approach
22
Banks may use external credit ratings by institutions recognized for the purpose by the
central bank for determining the risk weight. Exposure on sovereigns and their central banks
could vary from zero percent to 150 percent depending on credit assessment from AAA to
below B- . Similarly, exposure on public sector entities, multilateral development banks, other
banks, securities firms and corporates also may have risk weights from 20 percent to 150
percent. Exposure on retail portfolio may carry risk weight of 75 percent. While Basel II
stipulates minimum capital requirement of 8 percent on risk weighted assets, India has prescribed
-
8/7/2019 Risk management in banks - Final
23/41
9 percent. Under Basel II exposure on a corporate with AAA rating will have a risk weight of
only 20 percent. This implies that for Rs. 100 crore exposure on a AAA rated corporate the
capital adequacy will be only Rs.1.8 crore (100 x 20% x 9%) compared to the earlier requirement
of Rs. 9 crore. However, claims on a corporate with below BB- rating will carry a risk weight of
150 percent and the capital requirement will be Rs.13.50 crore (100 x 150% x 9%). Thus, a bank
with a credit portfolio with superior rating may be able to save capital while banks having lower
rated credit exposure will have to mobilize more capital.
2. Internal Ratings Based (IRB) Approach: Foundation and Advanced Approach.Banks, which have developed reliable Management Information System (MIS) and have
received the approval of the central bank, can use the IRB approach to measure credit risk on
their own. The bank should have reliable data on Probability of Default (PD), Loss Given
Default (LGD), Exposure at Default (EAD) and effective maturity (M) to make use of IRB
approach.
Example of Union Bank of India:-
23
In UBI, a business receiving Credit Rating above level 6 are not considered good from
point of investment and thus are avoided.
-
8/7/2019 Risk management in banks - Final
24/41
24
Rating Score Revised w.e.f. 01.04.09
Working capital Term loan
CR-1 >90 BPLR BPLR+ 0.25%
CR-2 86-90 BPLR+ 0.25% BPLR+ 0.75%
CR-3 81-85 BPLR+ 0.75% BPLR+ 1.25%
CR-4 76-80 BPLR+ 1.00% BPLR+ 1.75%
CR-5 71-75 BPLR+ 1.25% BPLR+ 2.25%
CR-6 61-70 BPLR+ 1.75% BPLR+ 2.75%
CR-7 51-60 BPLR+ 3.50% BPLR+ 3.50%
CR-8 50 & below BPLR+ 3.50% BPLR+ 3.50%
-
8/7/2019 Risk management in banks - Final
25/41
INTEREST RATE RISK
Interest rate risk arises when there is a mismatch between positions, which are subject
to interest rate adjustment within a specified period. The banks lending, funding and investment
activities give rise to interest rate risk. The immediate impact of variation in interest rate is on
banks net interest income, while a long term impact is on banks net worth since the economic
value of banks assets, liabilities and off-balance sheet exposures are affected.
Consequently there are two common perspectives for the assessment of interest rate risk
1. Earning perspective:In earning perspective, the focus of analysis is the impact of variation in interest rates on
accrual or reported earnings. This is a traditional approach to interest rate risk assessment and
obtained by measuring the changes in the Net Interest Income (NII) or Net Interest Margin
(NIM) i.e. the difference between the total interest income and the total interest expense.
2. Economic Value perspective:Economic Value perspective involves analyzing the expected cash inflows on assets minus
expected cash out flows on liabilities plus the net cash flows on off-balance sheet items. The
economic value perspective identifies risk arising from long-term interest rate gaps.
Objective of Interest Rate Risk Management
1. To maintain earnings2. Improve the capability,3. Ability to absorb potential loss4. To ensure the adequacy of the compensation received for the risk taken and effect risk return
trade-off.
25
In order to manage interest rate risk, banks should begin evaluating the vulnerability of their
portfolios to the risk of fluctuations in market interest rates. One such measure is Duration of
market value of a bank asset or liabilities to a percentage change in the market interest rate. The
-
8/7/2019 Risk management in banks - Final
26/41
difference between the average duration for bank assets and the average duration for bank
liabilities is known as the duration gap which assesses the banks exposure to interest rate risk.
The Asset Liability Committee (ALCO) of a bank uses the information contained in the duration
gap analysis to guide and frame strategies. By reducing the size of the duration gap, banks can
minimize the interest rate risk.
SOURCES OF INTEREST RATE RISKS:
Interest rate risk occurs due to,
1. Differences between the timing of rate changes and the timing of cash flows(re-pricingrisk);
2.
Changing rate relationships among different yield curves effecting bank activities(basisrisk);
3. changing rate relationships across the range of maturities (yield curve risk);4. Interest-related options embedded in bank products (options risk).Types of Interest Rate Risks
1. Gap/Mismatch risk:It arises from holding assets and liabilities and off balance sheet items with different
principal amounts, maturity dates & re-pricing dates thereby creating exposure to unexpected
changes in the level of market interest rates.
2. Basis Risk:It is the risk that the Interest rat of different Assets/liabilities and off balance items may
change in different magnitude. The degree of basis risk is fairly high in respect of banks that
create composite assets out of composite liabilities.
3. Embedded option Risk:Option of pre-payment of loan and Fore- closure of deposits before their stated maturities
constitute embedded option risk,
4. Yield curve risk:Movement in yield curve and the impact of that on portfolio values and income.
26
5. Reprice risk:When assets are sold before maturities.
-
8/7/2019 Risk management in banks - Final
27/41
6. Reinvestment risk:Uncertainty with regard to interest rate at which the future cash flows could be reinvested.
7. Net interest position risk:When banks have more earning assets than paying liabilities, net interest position risk arises in
case market interest rates adjust downwards. There are different techniques such a
a) the traditional Maturity Gap Analysis to measure the interest rate sensitivity,
b) Duration Gap Analysis to measure interest rate sensitivity of capital,
c) Simulation and
d) Value at Risk for measurement of interest rate risk.
Interest Rate Risk Management
While rising interest rates make banks vulnerable to treasury losses, banks in India have a
number of lines of defense. First, banks have, in recent years, realized substantial profits from
their holdings of government securities, thanks to the soft interest rate environment. Banks are
required to follow conservative accounting practices in respect of unrealized capital gains on
their investment portfolio and have constituted latent reserves. Moreover, banks in India have
been encouraged to build up investment fluctuation reserves as a cushion gainst interest rate
risk. Finally, banks can adjust their behavior to offset treasury losses by adequately managing
their asset-liability mismatch.
Banks manage interest rate risk through a number of measures. Banks could
(i) Reduce the duration of their assets by selling long-dated government securities;(ii) Reduce their holdings of government securities and increase their loan books by building
on the recent high growth in consumer credit and infrastructure;
(iii) Increase the contribution of fee-based income to operating income.
27
-
8/7/2019 Risk management in banks - Final
28/41
REPUTATION RISK
Reputation risk is arising from negative public opinion. This risk may be exposed the
financial loss or a decline in a customer based or decline in the reputation of business.
Reputation risk is the risk to earning or capital arising from negative public opinion of the
bank. Negative public opinion can arise from poor service, failure to serve the credit needs of
their communities or for other reasons. This affects the institutions ability to establish new
relationships or services or continue servicing existing relationships.
The Bank manages reputation risk with the aimto bring potential losses down, preserve
and maintain the Banks reputation among customers, counteragents, shareholders, participantsof the financial market, state governmental authorities, local self-government, the Bank unions
(association), self-governed organizations, in which the Bank participates.
Aggregate Level of Reputation Risk Indicators:
The following indicators should be used when assessing the aggregate level of reputation.
Low1. Management anticipates and responds well to changes of a market or regulatory nature that
impact its reputation in the marketplace.
2. Management fosters a sound culture that is well supported throughout the organization andhas proven very effective over time.
3. The Bank effectively self-policies risks.4. Internal control and audit are fully effective5. Franchise value is only minimally exposed by reputation risk. Exposure from reputation risk
is expected to remain low in the foreseeable future.
28
6. Losses from fiduciary activities are low relative to the number of accounts, the volume ofassets under Management, and the number of affected transactions. The Bank does not
regularly experience litigation or customer complaints.
-
8/7/2019 Risk management in banks - Final
29/41
7. Management has a clear awareness of privacy issues and uses customer informationresponsibly.
Moderate1. Management adequately responds to changes of a market or regulatory nature that impact the
institutions reputation in the marketplace.
2. Administration procedures and processes are satisfactory. Management has a good record ofcorrecting problems. Any deficiencies in management information systems are minor.
3. The Bank adequately self-policies risks.4. Internal control and audit are generally effective.5.
The exposure of franchise value from reputation risk is controlled. Exposure is not expectedto increase in the foreseeable future.
6. The Bank has avoided conflicts of interest and other legal or control breaches. The level oflitigation, losses, and customer complaints are manageable and commensurate with the
volume of business conducted.
7. Management understands privacy issues and generally uses customer informationresponsibly.
High1. Management does not anticipate or take timely or appropriate actions in response to changes
of a market or regulatory nature.
2. Weaknesses may be observed in one or more critical operational, administrative, orinvestment activities. Management information at various levels exhibits significant
weaknesses.
3.
The institutions performance in self-policing risk is insufficient.4. Internal control or audit are not effective in reducing exposure. Management has either not
initiated, or has a poor record of, corrective action to address problems.
29
5. Franchise value is substantially exposed by reputation risk shown in significant litigation,large dollar losses, or a high volume of customer complaints. The potential exposure is
-
8/7/2019 Risk management in banks - Final
30/41
increased by the number of accounts, the volume of assets under Management, or the number
of affected transactions. Exposure is expected to continue in the foreseeable future.
6. Poor administration, conflicts of interest, and other legal or control breaches may be evident.7. Management is not aware and/or concerned with privacy issues and may use customer
information irresponsibly.
The Bank manages reputation risks by
The system of marginal values (limits); The system of authorities and decision-making; The system of reputation risk monitoring; The system of minimization and control
30
-
8/7/2019 Risk management in banks - Final
31/41
STRATEGIC RISK
Strategic risk is a risk arising from adverse business decisions, improper implementation
of decisions of lack of responsiveness to industry change. Strategic risk is the risk to earnings
or capital arising from making bad business decisions that adversely affect the value of the
bank.
Strategic risk is the risk of losses of the credit organization as a result of mistakes made
(imperfections) in taking decisions. Strategic risk is the risk associated with the financial
institutions future business plans and strategies. This risk category includes plans for entering
new business lines, expanding existing services through mergers and acquisitions, and enhancing
infrastructure (e.g., physical plant and equipment and information technology and networking).
The Bank uses the following methods of strategic risk management:
Business planning; Financial planning; Market analysis; Readjustment of plans.
31
-
8/7/2019 Risk management in banks - Final
32/41
OPERATIONAL RISK
Operational risk is faced by all organizations in one way or the other. The exposure toOperational risk depends upon the complexity of the Organization. Operational risk would arise
due to deviations from normal and planned functioning of systems, procedures, technology and
human failures of omission and commission. This not only affects the revenue of the
organization but also cost it in terms of opportunities loss that would be otherwise feasible. Basel
Committee has defined 'Operational Risk' as follows
The risk of loss resulting from inadequate or failed internal processes, people and
systems, or from external events".
Need For Operational Risk Management
The criticality of operational risk in the functioning of banks has to be viewed in the
context of changes that has taken place in the banking industry. Since late nineties in India, there
has been a remarkable change in the functioning of banks. Driven by deregulation and need to
become globally competitive, the banks have made tremendous technological advances, brought
in a plethora of new financial products, and are catering to a very large volume of customers on
several platforms.
32
The time tested systems and procedures in traditional banking were developed over
several decades. In the process of perfecting the systems and procedures banks may have faced
operational losses but as the changes were only few and far between, systems had time to
stabilize. For e.g. the computerization of banks which took place slowly in Indian banking
industry. In the present context of fast changing environment and work practices, the time
required to stabilize systems and procedures is not enough. So, as banks respond to the needs of
competition, systems and procedures and human adaptation of the changes create operational
risks inherent in the banking business. Accordingly, this risk needs to be factored in and taken
into account in the banking business. Therefore, proper management of operational risks is an
-
8/7/2019 Risk management in banks - Final
33/41
imperative. If operational risks are managed well, the rewards are available by way of lesser risk
capital and cost reductions in operations. Both have a favorable impact on competitive edge.
Basic motivation for management of operational risk stems from it.
Types Operational Risk
Operational risk arises from almost all the activities undertaken and consequently it is
everywhere in an Organization. Impact of various forms of operational risk on the organization
may vary in degree i.e., some risks may have more potential of causing damages while some
may have less potential, some may occur more frequently while some may occur less frequently.
As the activities of an organization changes in response to market and competition, new and until
then unknown factors may add to operational risks.
Operational risks vary in their components. Some are high occurrence low value risks,
while some are low occurrence high value risks. Operational risks in the Organization
continuously change especially when an Organization is undergoing changes.
Basel II suggested classification of operational risks based on the 'Causes' and 'Effects'.
That is classifications based on causes that are responsible for operational risks or classifications
based on effects of risks were suggested. Classifications based on 'Causes' and 'Effects' are listed
below.
1. CAUSE BASED People oriented causes: negligence, incompetence, insufficient training, integrity, key man. Process oriented (Transaction based) causes: business volume fluctuation, organizational
complexity, product complexity, and major changes.
Process oriented (Operational control based) causes: inadequate segregation of duties,lack of management supervision, inadequate procedures.
Technology oriented causes: poor technology and telecom, obsolete applications, lack ofautomation, information system complexity, poor design, development and testing.
33
External causes: natural disasters, operational failures of a third party, deteriorated socialor political context.
-
8/7/2019 Risk management in banks - Final
34/41
-
8/7/2019 Risk management in banks - Final
35/41
Damage to physical assetsLosses arising from loss or damage to physical assets from natural disasters or other events.
Business disruption and system failuresLosses arising from disruption of business or system failures
Execution, delivery and process managementLosses from failed transaction processing or process management, from relations with trade
counterparties and vendors
OPERATIONAL RISK MANAGEMENT (ORM) PRACTICES
Basel II document provides guidelines for operational risk management practices. These
are called 'Sound Practices for the Management of Operational Risks'. Out of 10 first 7 are
relevant at the organization level. Out of remaining three, two are relevant to
regulators/supervisors and one related to disclosure requirements have not been reproduced.
Principle 1
Board of directors' should be aware of the major aspects of bank's operational risk as a distinct
risk category that should be managed, and it should approve and periodically review the bank's
ORM (Operational Risk Management) framework. The framework should provide a firm wide
definition of operational risk and lay down the principles of how operational risk is to be
identified, assessed, monitored, and controlled/ mitigated.
Principle 2
The Board of Directors should ensure that the ORM framework is subject to effective and
comprehensive internal audit by operationally independent and competent staff. The internal
audit function should not be directly responsible for operational risk management.
Principle 3
35
Senior management should have responsibility for implementing ORM framework approved by
board of directors. The framework should be consistently implemented throughout the whole
-
8/7/2019 Risk management in banks - Final
36/41
banking organization, and all levels of staff should understand their responsibilities with respect
to ORM. Senior management should also have responsibility for developing policies, processes
and procedures for managing operational risk in all of the bank's material products, processes
and systems.
Principle 4
Banks should identify and assess OR inherent in all material products, activities, processes and
systems. Banks should also ensure that before new products, activities, processes and systems are
introduced or undertaken, the operational risk inherent in them is subject to adequate assessment
procedures.
Principle 5
Banks should implement a process to regularly monitor operational risk profiles and material
exposures to losses. There should be regular reporting of pertinent information to senior
management and the board of directors that supports the proactive management of operational
risk.
Principle 6
Banks should have Policies, processes and procedures to control/mitigate material operational
risks. Banks should periodically review their risk limitation and control strategies and should
adjust their operational risk profile accordingly using appropriate strategies, in light of their
overall risk appetite and profile.
Principle 7
Banks should have in place contingency and business continuity plans to ensure their ability to
operate on an ongoing basis and limit losses in the event of severe business disruption.
Principle 8
36
Banking supervisors should require that all banks, regardless of size, have an effective
framework in place to identify, assess, monitor and control or mitigate material operational risks
as part of an overall approach to risk management.
-
8/7/2019 Risk management in banks - Final
37/41
Principle 9
Supervisors should conduct, directly or indirectly, regular independent evaluation of a banks
policies, procedures and practices related to operational risks. Supervisors should ensure that
there are appropriate reporting mechanisms in place which allow them to remain apprised of
developments at banks.
Principle 10
Banks should make sufficient public disclosure to allow market participants to assess their
approach to operational risk management
Operational Risk Management Practices should be based on a well laid out policy duly
approved at the board level that describes the processes involved in controlling operational risks.
It should meet the standards set in terms of the principles mentioned above. In addition, well laid
down procedures in dealing with various products and activities should be in place. The policies
and procedures should also be communicated across the Organization.
The Policy should cover
Operational risk management structure Role and responsibilities Operational risk management processes Operational risk assessment/measurement methodologies
Operational Risk Quantification
The measurement of this risk is most difficult. This is because behavioral pattern of
operational risk does not the statistically normal distribution pattern and that makes it difficult to
estimate the probability of an event resulting in losses. Basel II has recognized this and has
provided options in the measurement of operational risk for this purpose.
1. The Basic Indicator Approach2. The Standardized Approach
37
3. Advanced Measurement Approaches (AMA)
-
8/7/2019 Risk management in banks - Final
38/41
Of these, basic indicator approach and Standardized approach are based on income
generated. The advance measurement approach is based on operational loss measurement.
1. The Basic Indicator ApproachBanks using the Basic Indicator Approach must hold capital for operational risk. Equal to the
average over the previous three years of a fixed percentage (15%) of positive annual gross
income. Figures for any year in which annual gross income is negative or zero should be
excluded from both the numerator and denominator when calculating the average.
Gross income is defined as net interest income plus net non interest income, gross of any
provisions (e.g. for unpaid interest) , gross of operating expenses, including fees paid to
outsourcing service providers, exclude realized profits/ losses from the sale of securities in the
banking book; and exclude extraordinary or irregular items as well as income derived from
insurance.
2. The Standardized ApproachIn the Standardized Approach, banks' activities are divided into eight business lines:
commercial banking, Corporate finance, trading and sales, retail banking, payment and
settlement, agency services, asset management, and retail brokerage.
Within each business line, gross income is a broad indicator that serves as a proxy for the
scale of business operations and thus the likely scale of operational risk exposure within each of
these business lines. The capital charge for each business line is calculated by multiplying gross
income by a factor (denoted beta) assigned to that business line (Beta Factors).
38
Business Lines Beta Factors
corporate finance 18%
Trading and sales 18%
Retail banking 12%
Commercial banking 15%
Payment and settlement 18%
Agency services 15%
-
8/7/2019 Risk management in banks - Final
39/41
Business Lines Beta Factors
Asset management 12%
Retail brokerage 12%
3. Advanced Measurement Approaches (AMA)Under the AMA, the regulatory capital requirement will equal the risk measure generated by
the bank's internal operational risk measurement system using the quantitative and qualitative
criteria for the AMA discussed below. Use of the AMA is subject to supervisory approval.
A Generic Measurement Approach
The first step in measurement approach is operation profiling. The steps involved OP Profiling
is:
Identification and quantification of operational risks in terms of its components Prioritization of operational risks and identification of risk concentrations hot spots
resulting in lower exposure.
Formulation of bank's strategy for operational risk management and risk based auditEstimated level of operational risk depends on
Estimated probability of occurrence Estimated potential financial impact Estimated impact of internal controlsEstimated Probability of Occurrence
This will be based on historical frequency of occurrence and estimated likelihood of future
occurrence. Probability is mapped on a scale of 5 say where
1. implies negligible risk2. implies low risk3. implies medium risk4. implies high risk
39
5. implies very high risk
-
8/7/2019 Risk management in banks - Final
40/41
Estimated Potential Financial Impact
This will be based on severity of historical impact and estimated severity of impact from
unforeseen events. Probability is mapped on a scale of 5 as mentioned above.
Estimated Impact of Internal Controls
This will be based on historical effectiveness of internal controls and estimated impact of internal
controls on risks. This is estimated as fraction in relation to total control, which is valued at
100%.
Estimated level of operational risk = Estimated probability of occurrence x Estimated potential
financial impact x Estimated impact of internal controls
In case of a hypothetical example where Probability of occurrence = 2 (Medium)
40
Potential financial impact = 4 (very high) impact of internal controls = 50% Estimated level of
operational risk = [( 2 x 4 x (1 0.501 ^ 0.5 = 2.0 or 'Low'
-
8/7/2019 Risk management in banks - Final
41/41
CONCLUSION
In the todays fierce competitive world, each sector in the industry is undergoing
revolution every now and then. Banking Sector is no exception to it. But with it comes great
uncertainty of events making banks vulnerable in the market. Thus for all banks risk
management becomes necessary to stay in the competition. Risk management allows banks to
access the actual as well as potential dangers. The banks have become more conscious about risk
management as negligence may not only cost bank loosing its profit but also it may wipe out the
presence of the bank. Although some risks can not be avoided but they can be managed properly
so as to cause less damage, whereas others can be avoided completely.