Upload
jayesh-bhanushali
View
230
Download
0
Embed Size (px)
Citation preview
8/3/2019 PRINTTTTT LAL
1/69
Risk Management in Banking Sector.
INTRODUCTION
The significant transformation of the banking industry in India is clearly evident
from the changes that have occurred in the financial markets, institutions and products.
While deregulation has opened up new vistas for banks to argument revenues, it has
entailed greater competition and consequently greater risks. Cross- border flows and entry
of new products, particularly derivative instruments, have impacted significantly on the
domestic banking sector forcing banks to adjust the product mix, as also to effect rapid
changes in their processes and operations in order to remain competitive to the globalized
environment. These developments have facilitated greater choice for consumers, who
have become more discerning and demanding compelling banks to offer a broader range
of products through diverse distribution channels. The traditional face of banks as mere
financial intermediaries has since altered and risk management has emerged as their
defining attribute.
Currently, the most important factor shaping the world is globalization. The
benefits of globalization have been well documented and are being increasingly
recognized. Integration of domestic markets with international financial markets has been
facilitated by tremendous advancement in information and communications technology.
But, such an environment has also meant that a problem in one country can sometimesadversely impact one or more countries instantaneously, even if they are fundamentally
strong.
There is a growing realisation that the ability of countries to conduct business
across national borders and the ability to cope with the possible downside risks would
depend, interalia, on the soundness of the financial system. This has consequently meantthe adoption of a strong and transparent, prudential, regulatory, supervisory, technological
and institutional framework in the financial sector on par with international best practices.
All this necessitates a transformation: a transformation in the mindset, a transformation in
the business processes and finally, a transformation in knowledge management. This
process is not a one shot affair; it needs to be appropriately phased in the least disruptive
1
8/3/2019 PRINTTTTT LAL
2/69
Risk Management in Banking Sector.
manner.
The banking and financial crises in recent years in emerging economies have
demonstrated that, when things go wrong with the financial system, they can result in a
severe economic downturn. Furthermore, banking crises often impose substantial costs on
the exchequer, the incidence of which is ultimately borne by the taxpayer. The World
Bank Annual Report (2002) has observed that the loss of US $1 trillion in banking crisis
in the 1980s and 1990s is equal to the total flow of official development assistance to
developing countries from 1950s to the present date. As a consequence, the focus of
financial market reform in many emerging economies has been towards increasing
efficiency while at the same time ensuring stability in financial markets.
From this perspective, financial sector reforms are essential in order to avoid such
costs. It is, therefore, not surprising that financial market reform is at the forefront of
public policy debate in recent years. The crucial role of sound financial markets in
promoting rapid economic growth and ensuring financial stability. Financial sector
reform, through the development of an efficient financial system, is thus perceived as a
key element in raising countries out of their 'low level equilibrium trap'. As the World
Bank Annual Report (2002) observes, a robust financial system is a precondition for a
sound investment climate, growth and the reduction of poverty .
Financial sector reforms were initiated in India a decade ago with a view to
improving efficiency in the process of financial intermediation, enhancing the
effectiveness in the conduct of monetary policy and creating conditions for integration of
the domestic financial sector with the global system. The first phase of reforms was
guided by the recommendations of Narasimham Committee.
The approach was to ensure that the financial services industry operates on the
basis of operational flexibility and functional autonomy with a view to enhancing
efficiency, productivity and profitability'.
The second phase, guided by Narasimham Committee II, focused on strengthening
the foundations of the banking system and bringing about structural
2
8/3/2019 PRINTTTTT LAL
3/69
Risk Management in Banking Sector.
improvements. Further intensive discussions are held on important issues related
to corporate governance, reform of the capital structure, (in the context of Basel II
norms), retail banking, risk management technology, and human resources
development, among others.
Since 1992, significant changes have been introduced in the Indian financial system.
These changes have infused an element of competition in the financial system, marking
the gradual end of financial repression characterized by price and non-price controls in the
process of financial intermediation. While financial markets have been fairly developed,
there still remains a large extent of segmentation of markets and non-level playing field
among participants, which contribute to volatility in asset prices. This volatility is
exacerbated by the lack of liquidity in the secondary markets. The purpose of this paper is
to highlight the need for the regulator and market participants to recognize the risks in the
financial system, the products available to hedge risks and the instruments, including
derivatives that are required to be developed/introduced in the Indian system.
The financial sector serves the economic function of intermediation by ensuring
efficient allocation of resources in the economy. Financial intermediation is enabled
through a four-pronged transformation mechanism consisting of liability-asset
transformation, size transformation, maturity transformation and risk transformation.
Risk is inherent in the very act of transformation. However, prior to reform of
1991-92, banks were not exposed to diverse financial risks mainly because interest rates
were regulated, financial asset prices moved within a narrow band and the roles of
different categories of intermediaries were clearly defined. Credit risk was the major risk
for which banks adopted certain appraisal standards.
Several structural changes have taken place in the financial sector since 1992. Theoperating environment has undergone a vast change bringing to fore the critical
importance of managing a whole range of financial risks. The key elements of this
transformation process have been
1. The deregulation of coupon rate on Government securities.
3
8/3/2019 PRINTTTTT LAL
4/69
Risk Management in Banking Sector.
2. Substantial liberalization of bank deposit and lending rates.
3. A gradual trend towards disintermediation in the financial system in the wake of
increased access of corporates to capital markets.
4. Blurring of distinction between activities of financial institutions.
5. Greater integration among the various segments of financial markets and their
increased order of globalisation, diversification of ownership of public sector
banks.
6. Emergence of new private sector banks and other financial institutions, and,
7. The rapid advancement of technology in the financial system.
CHAPTER -1
INTRODUCTION TO RISK
"What is risk?" And what is a pragmatic definition of risk? Risk means different
things to different people. For some it is "financial (exchange rate, interest-call money
rates), mergers of competitors globally to form more powerful entities and not leveraging
IT optimally" and for someone else "an event or commitment which has the potential to
4
8/3/2019 PRINTTTTT LAL
5/69
Risk Management in Banking Sector.
generate commercial liability or damage to the brand image". Since risk is accepted in
business as a trade off between reward and threat, it does mean that taking risk bring forth
benefits as well. In other words it is necessary to accept risks, if the desire is to reap the
anticipated benefits.
Risk in its pragmatic definition, therefore, includes both threats that can materialize
and opportunities, which can be exploited. This definition of risk is very pertinent today as
the current business environment offers both challenges and opportunities to organizations,
and it is up to an organization to manage these to their competitive advantage.
What is Risk Management - Does it eliminate risk?
Risk management is a discipline for dealing with the possibility that some future
event will cause harm. It provides strategies, techniques, and an approach to recognizing
and confronting any threat faced by an organization in fulfilling its mission. Risk
management may be as uncomplicated as asking and answering three basic questions:
1. What can go wrong?
2. What will we do (both to prevent the harm from occurring and in the aftermath of
an "incident")?
3. If something happens, how will we pay for it?
Risk management does not aim at risk elimination, but enables the organization to
bring their risks to manageable proportions while not severely affecting their income. This
balancing act between the risk levels and profits needs to be well-planned. Apart from
bringing the risks to manageable proportions, they should also ensure that one risk does not
get transformed into any other undesirable risk. This transformation takes place due to the
inter-linkage present among the various risks. The focal point in managing any risk will be
to understand the nature of the transaction in a way to unbundled the risks it is exposed to.
Risk Management is a more mature subject in the western world. This is largely a
result of lessons from major corporate failures, most telling and visible being the Barings
collapse. In addition, regulatory requirements have been introduced, which expect
5
8/3/2019 PRINTTTTT LAL
6/69
Risk Management in Banking Sector.
organizations to have effective risk management practices. In India, whilst risk
management is still in its infancy, there has been considerable debate on the need to
introduce comprehensive risk management practices.
Objectives of Risk Management Function
Two distinct viewpoints emerge
One which is about managing risks, maximizing profitability and creating
opportunity out of risks
And the other which is about minimizing risks/loss and protecting corporate assets.
The management of an organization needs to consciously decide on whether they
want their risk management function to 'manage' or 'mitigate' Risks.
Managing risks essentially is about striking the right balance between risks and
controls and taking informed management decisions on opportunities and threats
facing an organization. Both situations, i.e. over or under controlling risks are
highly undesirable as the former means higher costs and the latter means possible
exposure to risk.
Mitigating or minimizing risks, on the other hand, means mitigating all risks even if
the cost of minimizing a risk may be excessive and outweighs the cost-benefit
analysis. Further, it may mean that the opportunities are not adequately exploited.
In the context of the risk management function, identification and management of
Risk is more prominent for the financial services sector and less so for consumer products
industry. What are the primary objectives of your risk management function? When
specifically asked in a survey conducted, 33% of respondents stated that their risk
management function is indeed expressly mandated to optimise risk.
Risks in Banking
Risks manifest themselves in many ways and the risks in banking are a result of
many diverse activities, executed from many locations and by numerous people. As a
financial intermediary, banks borrow funds and lend them as a part of their primary
activity. This intermediation activity, of banks exposes them to a host of risks. The
6
8/3/2019 PRINTTTTT LAL
7/69
Risk Management in Banking Sector.
volatility in the operating environment of banks will aggravate the effect of the various
risks. The case discusses the various risks that arise due to financial intermediation and by
highlighting the need for asset-liability management; it discusses the Gap Model for risk
management.
Typology of Risk Exposure
Based on the origin and their nature, risks are classified into various categories. The
most prominent financial risks to which the banks are exposed to taking into consideration
practical issues including the limitations of models and theories, human factor, existence of
frictions such as taxes and transaction cost and limitations on quality and quantity of
information, as well as the cost of acquiring this information, and more.
CHAPTER 2
RISK IN BANKING BUSINESS
7
FINANCIAL RISKS
8/3/2019 PRINTTTTT LAL
8/69
Risk Management in Banking Sector.
8
MARKET
RISK
LIQUIDITY
RISK
OPERATIONAL
RISK
HUMAN
FACTOR RISK
CREDIT RISK LEGAL &
REGULATORY RISK
FUNDING
LIQUIDITYRISKTRADING
LIQUIDITY RISK
TRANSACTION
RISK
PORTFOLIO
CONCENTRATION
ISSUE RISK ISSUER RISK COUNTERPARTY
RISK
EQUITY RISK INEREST
RATE RISK
CURRENCY
RISK
COMMODITY
RISK
TRADING
RISK
GAP RISK
GENERAL
MARKET RISK
SPECIFIC
RISK
8/3/2019 PRINTTTTT LAL
9/69
Risk Management in Banking Sector.
LIQUIDITY RISK
Liquidity risk comprises both
Funding liquidity risk
Trading-related liquidity risk.
Funding liquidity risk relates to a financial institutions ability to raise the necessary
cash to roll over its debt, to meet the cash, margin, and collateral requirements of
counterparties, and (in the case of funds) to satisfy capital withdrawals. Funding liquidity
risk is affected by various factors such as the maturities of the liabilities, the extent of
reliance of secured sources of funding, the terms of financing, and the breadth of funding
sources, including the ability to access public market such as commercial paper market.
Funding can also be achieved through cash or cash equivalents, buying power, and
available credit lines.
Trading-related liquidity risk, often simply called as liquidity risk, is the risk that an
institution will not be able to execute a transaction at the prevailing market price because
there is, temporarily, no appetite for the deal on the other side of the market. If the
transaction cannot be postponed its execution my lead to substantial losses on position.
This risk is generally very hard to quantify. It may reduce an institutions ability to manage
and hedge market risk as well as its capacity to satisfy any shortfall on the funding side
through asset liquidation.
LEGAL RISK
Legal risk arises for a whole of variety of reasons. For example, counterparty might
lack the legal or regulatory authority to engage in a transaction. Legal risks usually only
become apparent when counterparty, or an investor, lose money on a transaction and
decided to sue the bank to avoid meeting its obligations. Another aspect of regulatory risk
is the potential impact of a change in tax law on the market value of a position.
9
8/3/2019 PRINTTTTT LAL
10/69
Risk Management in Banking Sector.
HUMAN FACTOR RISK
Human factor risk is really a special form of operational risk. It relates to the losses
that may result from human errors such as pushing the wrong button on a computer,
inadvertently destroying files, or entering wrong value for the parameter input of a model.
MARKET RISK
Market risk is that risk that changes in financial market prices and rates will reduce
the value of the banks positions. Market risk for a fund is often measured relative to a
benchmark index or portfolio, is referred to as a risk of tracking error market risk also
includes basis risk, a term used in risk management industry to describe the chance of a
breakdown in the relationship between price of a product, on the one hand, and the price of
the instrument used to hedge that price exposure on the other. The market-Vary
methodology attempts to capture multiple component of market such as directional risk,
convexity risk, volatility risk, basis risk, etc
10
8/3/2019 PRINTTTTT LAL
11/69
Risk Management in Banking Sector.
Market Risk may be defined as the possibility of loss to a bank caused by changes
in the market variables. The Bank for International Settlements (BIS) defines market risk as
the risk that the value of 'on' or 'off' balance sheet positions will be adversely affected by
movements in equity and interest rate markets, currency exchange rates and commodityprices". Thus, Market Risk is the risk to the bank's earnings and capital due to changes in
the market level of interest rates or prices of securities, foreign exchange and equities, as
well as the volatilities of those changes. Besides, it is equally concerned about the bank's
ability to meet its obligations as and when they fall due. In other words, it should be
ensured that the bank is not exposed to Liquidity Risk. Thus, focus on the management of
Liquidity Risk and Market Risk, further categorized into interest rate risk, foreign exchange
risk, commodity price risk and equity price risk. An effective market risk management
framework in a bank comprises risk identification, setting up of limits and triggers, risk
monitoring, models of analysis that value positions or measure market risk, risk reporting,
etc.
Types of market risk
Interest rate risk:
Interest rate risk is the risk where changes in market interest rates might adversely
affect a bank's financial condition. The immediate impact of changes in interest rates is on
the Net Interest Income (NII). A long term impact of changing interest rates is on the
bank's net worth since the economic value of a bank's assets, liabilities and off-balance
sheet positions get affected due to variation in market interest rates. The interest rate risk
when viewed from these two perspectives is known as 'earnings perspective' and 'economic
value' perspective, respectively.
11
8/3/2019 PRINTTTTT LAL
12/69
Risk Management in Banking Sector.
Management of interest rate risk aims at capturing the risks arising from the
maturity and repricing mismatches and is measured both from the earnings and economic
value perspective.
Earnings perspective involves analyzing the impact of changes in interest rates onaccrual or reported earnings in the near term. This is measured by measuring the changes in
the Net Interest Income (NII) or Net Interest Margin (NIM) i.e. the difference between the
total interest income and the total interest expense.
Economic Value perspective involves analyzing the changes of impact on interest
on the expected cash flows on assets minus the expected cash flows on liabilities plus the
net cash flows on off-balance sheet items. It focuses on the risk to net worth arising from
all repricing mismatches and other interest rate sensitive positions. The economic value
perspective identifies risk arising from long-term interest rate gaps.
The management of Interest Rate Risk should be one of the critical components of
market risk management in banks. The regulatory restrictions in the past had greatly
reduced many of the risks in the banking system. Deregulation of interest rates has,
however, exposed them to the adverse impacts of interest rate risk. The Net Interest Income
(NII) or Net Interest Margin (NIM) of banks is dependent on the movements of interest
rates. Any mismatches in the cash flows (fixed assets or liabilities) or repricing dates
(floating assets or liabilities), expose bank's NII or NIM to variations. The earning of assets
and the cost of liabilities are now closely related to market interest rate volatility
Generally, the approach towards measurement and hedging of IRR varies with the
segmentation of the balance sheet. In a well functioning risk management system, banks
broadly position their balance sheet into Trading and Banking Books. While the assets in
the trading book are held primarily for generating profit on short-term differences inprices/yields, the banking book comprises assets and liabilities, which are contracted
basically on account of relationship or for steady income and statutory obligations and are
generally held till maturity. Thus, while the price risk is the prime concern of banks in
trading book, the earnings or economic value changes are the main focus of banking book.
12
8/3/2019 PRINTTTTT LAL
13/69
Risk Management in Banking Sector.
Equity price risk:
The price risk associated with equities also has two components General market
risk refers to the sensitivity of an instrument / portfolio value to the change in the level of
broad stock market indices. Specific / Idiosyncratic risk refers to that portion of thestocks price volatility that is determined by characteristics specific to the firm, such as its
line of business, the quality of its management, or a breakdown in its production process.
The general market risk cannot be eliminated through portfolio diversification while
specific risk can be diversified away.
Foreign exchange risk:
Foreign Exchange Risk maybe defined as the risk that a bank may suffer losses as a
result of adverse exchange rate movements during a period in which it has an open
position, either spot or forward, or a combination of the two, in an individual foreign
currency. The banks are also exposed to interest rate risk, which arises from the maturity
mismatching of foreign currency positions. Even in cases where spot and forward positions
in individual currencies are balanced, the maturity pattern of forward transactions may
produce mismatches. As a result, banks may suffer losses as a result of changes in
premia/discounts of the currencies concerned.
In the forex business, banks also face the risk of default of the counterparties or
settlement risk. While such type of risk crystallization does not cause principal loss, banks
may have to undertake fresh transactions in the cash/spot market for replacing the failed
transactions. Thus, banks may incur replacement cost, which depends upon the currency
rate movements. Banks also face another risk called time-zone risk or Herstatt risk which
arises out of time-lags in settlement of one currency in one center and the settlement of
another currency in another time-zone. The forex transactions with counterparties from
another country also trigger sovereign or country risk (dealt with in details in the guidance
note on credit risk).
The three important issues that need to be addressed in this regard are:
13
8/3/2019 PRINTTTTT LAL
14/69
Risk Management in Banking Sector.
Nature and magnitude of exchange risk
Exchange managing or hedging for adopted be to strategy>
The tools of managing exchange risk
14
8/3/2019 PRINTTTTT LAL
15/69
Risk Management in Banking Sector.
Commodity price risk:
The price of the commodities differs considerably from its interest rate risk and
foreign exchange risk, since most commodities are traded in the market in which the
concentration of supply can magnify price volatility. Moreover, fluctuations in the depth of
trading in the market (i.e., market liquidity) often accompany and exacerbate high levels of
price volatility. Therefore, commodity prices generally have higher volatilities and larger
price discontinuities.
Measuring Market Risk
The measurement of risk has changed over time. It has evolved from the simple
indicators, such as Face value/ Notional amount for an individual security to the latest
methodologies of computing VaR. the quest for better and more accurate measure of
market risk is ongoing; each new market turmoil reveals the limitations of even the most
sophisticated measure of market risk.
The Notional Amount Approach:
Until recently, trading desks in major banks were allocated economic capital by
reference to notional amount. The notional approach measures risk as the notional, or
nominal, amount of a security, or the sum of the notional values of the holdings for a
portfolio.
This method is flawed since it does not:
Differentiate between short and long positions.
Reflect price volatility and correlation between prices.
Moreover, in the case of derivative positions in the over the counter market, there
are often very large discrepancies between true amount of market exposure, which is often
15
8/3/2019 PRINTTTTT LAL
16/69
Risk Management in Banking Sector.
small, and the notional amount which may be huge. For example, two call options on the
same underlying instrument with the same notional value and same maturity, with one
option being in the money and the other one out-of-the-money, have very different market
values and risk exposures.
Value At Risk (VaR):
Value at risk can be defined as the worst loss that might be expected from holding
a security or portfolio over a given period of time (say a single day, 10 days for the purpose
of regulatory capital reporting), given a specified level of probability (known as the
confidence level)
For example, if we say that a position has a daily VaR of Rs. 10 million at the 99%confidence level, we mean that the realized daily losses from the position will, on average,
be higher than Rs. 10 million on only one day every 100 trading days (i.e., two to three
days each year).VaR offers probability statement about the potential change in the value of
a portfolio resulting from a change in the market factors, over a specified period of time.
VaR is the answer to the following question: What is the maximum loss over a
given period of time period such that there is a low probability, say a 1% probability, that
the actual loss over the given period will be larger?
Treatment of Market Risk in the Proposed Basel Capital Accord
The Basle Committee on Banking Supervision (BCBS) had issued comprehensive
guidelines to provide an explicit capital cushion for the price risks to which banks are
exposed, particularly those arising from their trading activities. The banks have been given
flexibility to use in-house models based on VaR for measuring market risk as an alternative
to a standardized measurement framework suggested by Basle Committee. The internal
models should, however, comply with quantitative and qualitative criteria prescribed by
Basle Committee.
Reserve Bank of India has accepted the general framework suggested by the Basle
Committee. RBI has also initiated various steps in moving towards prescribing capital for
16
8/3/2019 PRINTTTTT LAL
17/69
Risk Management in Banking Sector.
market risk. As an initial step, a risk weight of 2.5% has been prescribed for investments in
Government and other approved securities, besides a risk weight each of 100% on the open
position limits in forex and gold. RBI has also prescribed detailed operating guidelines for
Asset-Liability Management System in banks. As the ability of banks to identify and
measure market risk improves, it would be necessary to assign explicit capital charge for
market risk. While the small banks operating predominantly in India could adopt the
standardized methodology, large banks and those banks operating in international markets
should develop expertise in evolving internal models for measurement of market risk.
The Basle Committee on Banking Supervision proposes to develop capital charge
for interest rate risk in the banking book as well for banks where the interest rate risks are
significantly above average ('outliers'). The Committee is now exploring various
methodologies for identifying 'outliers' and how best to apply and calibrate a capital charge
for interest rate risk for banks. Once the Committee finalizes the modalities, it may be
necessary, at least for banks operating in the international markets to comply with the
explicit capital charge requirements for interest rate risk in the banking book. As the
valuation norms on banks' investment portfolio have already been put in place and aligned
with the international best practices, it is appropriate to adopt the Basel norms on capital
for market risk. In view of this, banks should study the Basel framework on capital for
market risk as envisaged in Amendment to the Capital Accord to incorporate market risks
published in January 1996 by BCBS and prepare themselves to follow the international
practices in this regard at a suitable date to be announced by RBI.
The Proposed New Capital Adequacy Framework
The Basel Committee on Banking Supervision has released a Second Consultative
Document, which contains refined proposals for the three pillars of the New Accord -
Minimum Capital Requirements, Supervisory Review and Market Discipline. It may be
recalled that the Basel Committee had released in June 1999 the first Consultative Paper on
a New Capital Adequacy Framework for comments. However, the proposal to provide
explicit capital charge for market risk in the banking book which was included in the Pillar
I of the June 1999 Document has been shifted to Pillar II in the second Consultative Paper
issued in January 2001. The Committee has also provided a technical paper on evaluation
17
8/3/2019 PRINTTTTT LAL
18/69
Risk Management in Banking Sector.
of interest rate risk management techniques. The Document has defined the criteria for
identifying outlier banks. According to the proposal, a bank may be defined as an outlier
whose economic value declined by more than 20% of the sum of Tier 1 and Tier 2 capital
as a result of a standardized interest rate shock (200 bps.)
The second Consultative Paper on the New Capital Adequacy framework issued in
January, 2001 has laid down 13 principles intended to be of general application for the
management of interest rate risk, independent of whether the positions are part of the
trading book or reflect banks' non-trading activities. They refer to an interest rate risk
management process, which includes the development of a business strategy, the
assumption of assets and liabilities in banking and trading activities, as well as a system of
internal controls. In particular, they address the need for effective interest rate risk
measurement, monitoring and control functions within the interest rate risk management
process. The principles are intended to be of general application, based as they are on
practices currently used by many international banks, even though their specific application
will depend to some extent on the complexity and range of activities undertaken by
individual banks. Under the New Basel Capital Accord, they form minimum standards
expected of internationally active banks. The principles are given in Annexure II.
18
8/3/2019 PRINTTTTT LAL
19/69
Risk Management in Banking Sector.
CHAPTER 3
CREDIT RISK
Credit risk is that risk that a change in the credit quality of a
counterparty will affect the value of a banks position. Default, whereby
counterparty is unwilling or unable to fulfill its contractual obligations, is the
extreme case; however banks are also exposed to the risk that the counterparty
might downgraded by a rating agency.
Credit risk is only an issue when the position is an asset, i.e., when it
exhibits a positive replacement value. In that instance if the counterparty
defaults, the bank either loses all of the market value of the position or, more
commonly, the part of the value that it cannot recover following the credit
event. However, the credit exposure induced by the replacement values of
derivative instruments is dynamic: they can be negative at one point of time,
and yet become positive at a later point in time after market conditions have
changed. Therefore the banks must examine not only the current exposure,
measured by the current replacement value, but also the profile of future
exposures up to the termination of the deal.
Credit risk is defined as the possibility of losses associated with
diminution in the credit quality of borrowers or counterparties. In a bank's
portfolio, losses stem from outright default due to inability or unwillingness of
a customer or counterparty to meet commitments in relation to lending,
trading, settlement and other financial transactions. Alternatively, losses result
from reduction in portfolio value arising from actual or perceived
deterioration in credit quality. Credit risk emanates from a bank's dealings
19
8/3/2019 PRINTTTTT LAL
20/69
Risk Management in Banking Sector.
with an individual, corporate, bank, financial institution or a sovereign. Credit
risk may take the following forms
In the case of direct lending: principal/and or interest amount may not
be repaid;
In the case of guarantees or letters of credit: funds may not be
forthcoming from the constituents upon crystallization of the liability;
In the case of treasury operations: the payment or series of payments
due from the counter parties under the respective contracts may not be
forthcoming or ceases;
In the case of securities trading businesses: funds/ securities settlement
may not be effected;
In the case of cross-border exposure: the availability and free transfer of
foreign currency funds may either cease or the sovereign may impose
restrictions.
Types of Credit Rating
Credit rating can be classified as:1. External credit rating.
2. Internal credit rating
External credit rating:
A credit rating is not, in general, an investment recommendation
concerning a given security. In the words of S&P, A credit rating is S&P's
opinion of the general creditworthiness of an obligor, or the creditworthiness
of an obligor with respect to a particular debt security or other financial
obligation, based on relevant risk factors. In Moody's words, a rating is, an
opinion on the future ability and legal obligation of an issuer to make timely
payments of principal and interest on a specific fixed-income security.
20
8/3/2019 PRINTTTTT LAL
21/69
Risk Management in Banking Sector.
Since S&P and Moody's are considered to have expertise in credit
rating and are regarded as unbiased evaluators, there ratings are widely
accepted by market participants and regulatory agencies. Financial
institutions, when required to hold investment grade bonds by their regulatorsuse the rating of credit agencies such as S&P and Moody's to determine which
bonds are of investment grade.
The subject of credit rating might be a company issuing debt
obligations. In the case of such issuer credit ratings the rating is an opinion
on the obligors overall capacity to meet its financial obligations. The
opinion is not specific to any particular liability of the company, nor does it
consider merits of having guarantors for some of the obligations. In the issuer
credit rating categories are
a) Counterparty ratings
b) Corporate credit ratings
c) Sovereign credit ratings
The rating process includes quantitative, qualitative, and legal analyses.
The quantitative analyses. The quantitative analysis is mainly financial
analysis and is based on the firms financial reports. The qualitative analysis is
concerned with the quality of management, and includes a through review of
the firms competitiveness within its industry as well as the expected growth
of the industry and its vulnerability to technological changes, regulatory
changes, and labor relations.
Internal credit rating:
A typical risk rating system (RRS) will assign both an obligor rating to
each borrower (or group of borrowers), and a facility rating to each available
facility. A risk rating (RR) is designed to depict the risk of loss in a credit
21
8/3/2019 PRINTTTTT LAL
22/69
Risk Management in Banking Sector.
facility. A robust RRS should offer a carefully designed, structured, and
documented series of steps for the assessment of each rating.
The following are the steps for assessment of rating:
a) Objectivity and Methodology:The goal is to generate accurate and consistent risk rating, yet also to
allow professional judgment to significantly influence a rating where it is
appropriate. The expected loss is the product of an exposure (say, Rs. 100)
and the probability of default (say, 2%) of an obligor (or borrower) and the
loss rate given default (say, 50%) in any specific credit facility. In this
example,
The expected loss = 100*.02*.50 = Rs. 1
A typical risk rating methodology (RRM)
a. Initial assign an obligor rating that identifies the expected
probability of default by that borrower (or group) in repaying its
obligations in normal course of business.
b. The RRS then identifies the risk loss (principle/interest) by assigning
an RR to each individual credit facility granted to an obligor.
The obligor rating represents the probability of default by a borrower in
repaying its obligation in the normal course of business. The facility rating
represents the expected loss of principal and/ or interest on any business credit
facility. It combines the likelihood of default by a borrower and conditional
severity of loss, should default occur, from the credit facilities available to the
borrower.
22
8/3/2019 PRINTTTTT LAL
23/69
Risk Management in Banking Sector.
Risk Rating Continuum (Prototype Risk Rating System)
RISK RR Corresponding
Probable S&P or
Moody's Rating
Sovereign 0 Not Applicable
Low 1 AAA2 AA Investment Grade3 A
4 BBB+/BBBAverage 5 BBB-
6 BB+/BB7 BB-
High 8
9
10
B+/B
B-
CCC+/CCC
Below Investment
Grade11 CC-
12 In Default
The steps in the RRS (nine, in our prototype system) typically start with
a financial assessment of the borrower (initial obligor rating), which sets a
floor on the obligor rating (OR). A series of further steps (four) arrive at the
final obligor rating. Each one of steps 2 to 5 may result in the downgrade of
the initial rating attributed at step 1. These steps include analyzing the
managerial capability of the borrower (step 2), examining the borrowers
absolute and relative position within the industry (step 3), reviewing the
quality of the financial information (step 4) and the country risk (step 5). The
process ensures that all credits are objectively rated using a consistent process
to arrive at the accurate rating.
23
8/3/2019 PRINTTTTT LAL
24/69
Risk Management in Banking Sector.
Additional steps (four, in our example) are associated with arriving at a final
facility rating, which may be above OR below the final obligor rating. These
steps include examining third-party support (step 6), factoring in the maturity
of the transaction (step 7), reviewing how strongly the transaction isstructured. (Step 8), and assessing the amount of collateral (step 9).
Credit Risk Management
In this backdrop, it is imperative that banks have a robust credit risk
management system which is sensitive and responsive to these factors. The
effective management of credit risk is a critical component of comprehensive
risk management and is essential for the long term success of any banking
organization. Credit risk management encompasses identification,
measurement, monitoring and control of the credit risk exposures.
Credit Risk Policy
1. Every bank should have a credit risk policy document approved by the
Board. The document should include risk identification, risk
measurement, risk grading/ aggregation techniques, reporting and risk
control/ mitigation techniques, documentation, legal issues and
management of problem loans.
2. Credit risk policies should also define target markets, risk acceptance
criteria, credit approval authority, credit origination/ maintenance
procedures and guidelines for portfolio management.
3. The credit risk policies approved by the Board should be communicated
to branches/controlling offices. All dealing officials should clearly
understand the bank's approach for credit sanction and should be held
accountable for complying with established policies and procedures.
24
8/3/2019 PRINTTTTT LAL
25/69
Risk Management in Banking Sector.
4. Senior management of a bank shall be responsible for implementing the
credit risk policy approved by the Board.
25
8/3/2019 PRINTTTTT LAL
26/69
Risk Management in Banking Sector.
CHAPTER 4
CREDIT RISK STRATEGY
Each bank should develop, with the approval of its Board, its own credit risk
strategy or plan that establishes the objectives guiding the bank's credit-
granting activities and adopt necessary policies/ procedures for conducting
such activities. This strategy should spell out clearly the organizations credit
appetite and the acceptable level of risk-reward trade-off for its activities.
The strategy would, therefore, include a statement of the bank's willingness to
grant loans based on the type of economic activity, geographical location,
currency, market, maturity and anticipated profitability. This would
necessarily translate into the identification of target markets and business
sectors, preferred levels of diversification and concentration, the cost of
capital in granting credit and the cost of bad debts.
The credit risk strategy should provide continuity in approach as also take into
account the cyclical aspects of the economy and the resulting shifts in the
composition/ quality of the overall credit portfolio. This strategy should be
viable in the long run and through various credit cycles.
Senior management of a bank shall be responsible for implementing the credit
risk strategy approved by the Board.
26
8/3/2019 PRINTTTTT LAL
27/69
Risk Management in Banking Sector.
Organizational Structure
Sound organizational structure is sine qua non for successful implementation
of an effective credit risk management system. The organizational structure
for credit risk management should have the following basic features:
1. The Board of Directors should have the overall responsibility for
management of risks. The Board should decide the risk management
policy of the bank and set limits for liquidity, interest rate, foreign
exchange and equity price risks.
The Risk Management Committee will be a Board level Sub committeeincluding CEO and heads of Credit, Market and Operational Risk
Management Committees. It will devise the policy and strategy for integrated
risk management containing various risk exposures of the bank including the
credit risk. For this purpose, this Committee should effectively coordinate
between the Credit Risk Management Committee (CRMC), the Asset
Liability Management Committee and other risk committees of the bank, if
any. It is imperative that the independence of this Committee is preserved.
The Board should, therefore, ensure that this is not compromised at any cost.
In the event of the Board not accepting any recommendation of this
Committee, systems should be put in place to spell out the rationale for such
an action and should be properly documented. This document should be made
available to the internal and external auditors for their scrutiny and comments.
The credit risk strategy and policies adopted by the committee should be
effectively
27
8/3/2019 PRINTTTTT LAL
28/69
Risk Management in Banking Sector.
Operations / Systems
Banks should have in place an appropriate credit administration, credit
risk measurement and monitoring processes. The credit administration process
typically involves the following phases:
1. Relationship management phase i.e. business development.
2. Transaction management phase covers risk assessment, loan pricing,
structuring the facilities, internal approvals, documentation, loan
administration, on going monitoring and risk measurement.
3. Portfolio management phase entails monitoring of the portfolio at a
macro level and the management of problem loans
4. On the basis of the broad management framework stated above, the
banks should have the following credit risk measurement and
monitoring procedures:
5. Banks should establish proactive credit risk management practices like
annual / half yearly industry studies and individual obligor reviews,
periodic credit calls that are documented, periodic visits of plant andbusiness site, and at least quarterly management reviews of troubled
exposures/weak credits
28
8/3/2019 PRINTTTTT LAL
29/69
Risk Management in Banking Sector.
Credit Risk Models
A credit risk model seeks to determine, directly or indirectly, the answer to the
following question: Given our past experience and our assumptions about the
future, what is the present value of a given loan or fixed income security? A
credit risk model would also seek to determine the (quantifiable) risk that the
promised cash flows will not be forthcoming. The techniques for measuring
credit risk that have evolved over the last twenty years are prompted by these
questions and dynamic changes in the loan market.
The increasing importance of credit risk modeling should be seen as the
consequence of the following three factors:
1. Banks are becoming increasingly quantitative in their treatment of
credit risk.
2. New markets are emerging in credit derivatives and the marketability of
existing loans is increasing through securitization/ loan sales market."
3. Regulators are concerned to improve the current system of bank capitalrequirements especially as it relates to credit risk.
CHAPTER - 5
IMPORTANCE OF CREDIT RISK MODELS
29
8/3/2019 PRINTTTTT LAL
30/69
Risk Management in Banking Sector.
Credit Risk Models have assumed importance because they provide the
decision maker with insight or knowledge that would not otherwise be readily
available or that could be marshalled at prohibitive cost. In a marketplace
where margins are fast disappearing and the pressure to lower pricing isunrelenting, models give their users a competitive edge. The credit risk
models are intended to aid banks in quantifying, aggregating and managing
risk across geographical and product lines. The outputs of these models also
play increasingly important roles in banks' risk management and performance
measurement processes, customer profitability analysis, risk-based pricing,
active portfolio management and capital structure decisions. Credit risk
modeling may result in better internal risk management and may have the
potential to be used in the supervisory oversight of banking organizations.
Techniques for Measuring Credit Risk
In the measurement of credit risk, models may be classified along three
different dimensions:
1. the techniques employed,
2. the domain of applications in the credit process and
3. The products to which they are applied.
CHAPTER - 6
RBI GUIDELINES ON CREDIT RISK
New Capital Accord: Implications for Credit Risk Management
30
8/3/2019 PRINTTTTT LAL
31/69
Risk Management in Banking Sector.
The Basel Committee on Banking Supervision had released in June
1999 the first Consultative Paper on a New Capital Adequacy Framework
with the intention of replacing the current broad-brush 1988 Accord. The
Basel Committee has released a Second Consultative Document in January2001, which contains refined proposals for the three pillars of the New Accord
- Minimum Capital Requirements, Supervisory Review and Market
Discipline.
The Committee proposes two approaches, for estimating regulatory
capital. Viz.,
1. Standardized and
2. Internal Rating Based (IRB)
Under the standardized approach, the Committee desires neither to
produce a net increase nor a net decrease, on an average, in minimum
regulatory capital, even after accounting for operational risk. Under the
Internal Rating Based (IRB) approach, the Committee's ultimate goals are to
ensure that the overall level of regulatory capital is sufficient to address the
underlying credit risks and also provides capital incentives relative to the
standardized approach, i.e., a reduction in the risk weighted assets of 2% to
3% (foundation IRB approach) and 90% of the capital requirement under
foundation approach for advanced IRB approach to encourage banks to adopt
IRB approach for providing capital.
The minimum capital adequacy ratio would continue to be 8% of the
risk-weighted assets, which cover capital requirements for market (trading
book), credit and operational risks. For credit risk, the range of options to
estimate capital extends to include a standardized, a foundation IRB and an
advanced IRB approaches.
31
8/3/2019 PRINTTTTT LAL
32/69
Risk Management in Banking Sector.
CHAPTER - 7
RBI GUIDELINES FOR CREDIT RISK MANAGEMENT
Credit Rating FrameworkA Credit-risk Rating Framework (CRF) is necessary to avoid the limitations
associated with a simplistic and broad classification of loans/exposures into a
"good" or a "bad" category. The CRF deploys a number/ alphabet/ symbol as
a primary summary indicator of risks associated with a credit exposure. Such
a rating framework is the basic module for developing a credit risk
management system and all advanced models/approaches are based on this
structure. In spite of the advancement in risk management techniques, CRF is
continued to be used to a great extent. These frameworks have been primarily
driven by a need to standardize and uniformly communicate the "judgment" in
credit selection procedures and are not a substitute to the vast lending
experience accumulated by the banks' professional staff.
Broadly, CRF can be used for the following purposes:
1. Individual credit selection, wherein either a borrower or a particular
exposure/ facility is rated on the CRF
2. Pricing (credit spread) and specific features of the loan facility. This
would largely constitute transaction-level analysis.
3. Portfolio-level analysis.
4. Surveillance, monitoring and internal MIS
Assessing the aggregate risk profile of bank/ lender. These would be relevant
for portfolio-level analysis. For instance, the spread of credit exposures across
various CRF categories, the mean and the standard deviation of losses
32
8/3/2019 PRINTTTTT LAL
33/69
Risk Management in Banking Sector.
occurring in each CRF category and the overall migration of exposures would
highlight the aggregated credit-risk for the entire portfolio of the bank.
CHAPTER - 8
OPERATIONAL RISK
33
8/3/2019 PRINTTTTT LAL
34/69
Risk Management in Banking Sector.
It refers to potential losses resulting from inadequate systems, management
failure, faulty control, fraud and human error. Many of the recent large losses
related to derivatives are the direct consequences of operational failure.
Derivative trading is more prone to operational risk than cash transactionsbecause derivatives are, by heir nature, leveraged transactions. This means
that a trader can make very large commitment on behalf of the bank, and
generate huge exposure in to the future, using only small amount of cash.
Very tight controls are an absolute necessary if the bank is to avoid huge
losses.
Operational risk includes fraud, for example when a trader or other
employee intentionally falsifies and misrepresents the risk incurred in a
transaction. Technology risk and principally computer system risk also fall
into the operational risk category.
Operational risk is the risk associated with operating a business. Operational
risk covers such a wide area that it is useful to subdivide operational risk into
two components:
Operational failure risk.
Operational strategic risk.
Operational failure riskarises from the potential for failure in
the course of operating the business. A firm uses people,
processes and technology to achieve the business plans, and anyone of these factors may experience a failure of some kind.
Accordingly, operational failure risk can be defined as the risk
that there will be a failure of people, processes or technology
within the business unit. A portion of failure may be anticipated,
34
8/3/2019 PRINTTTTT LAL
35/69
Risk Management in Banking Sector.
and these risks should be built into the business plan. But it is
unanticipated, and therefore uncertain, failures that give rise to
key operational risks. These failures can be expected to occur
periodically, although both their impact and their frequency maybe uncertain.
The impact or severity of a financial loss can be divided into two
categories:
An expected amount
An unexpected amount.
The latter is itself subdivided into two classes: an amount classed as severe,
and a catastrophic amount. The firm should provide for the losses that arise
from the expected component of these failures by charging expected revenues
with a sufficient amount of reserves. In addition, the firm should set aside
sufficient economic capital to cover the unexpected component, or resort to
insurance.
Operational strategic riskarises from environmental factors, such as
a new competitor that changes the business paradigram, a major
political and regulatory regime change, and earthquakes and other such
factors that are outside the control of the firm. It also arises from major
new strategic initiatives, such as developing a new line of business or
re-engineering an existing business line. All business relies on people,
processes and technology outside their business unit and the potentialfor failure exists there too, this type of risk is referred to as external
dependency risk.
35
8/3/2019 PRINTTTTT LAL
36/69
Risk Management in Banking Sector.
The figure above summarizes the relationship between operational failure risk
and operational strategic risk. These two principal categories of risk are also
sometimes defined as internal and external operational risk.
Operational risk is often thought to be limited to losses that can occur in
operating or processing centers. This type of operational risk, sometimes
referred as operations risk, is an important component, but it by no means
covers all of the operational risks facing the firm. Our definition ofoperational risk as the risk associated with operating the business means
significant amounts of operational risk are also generated outside the
processing centers.
36
Figure: Two Broad Categories of Operational Risk
Operational Risk
Operational failure risk(Internal operational risk)
The risk encountered in pursuitof a particular strategy due to:
People Process Technology
Operational strategic risk(External operational risk)
The risk of choosing aninappropriate strategy inresponse to environmentalfactor, such as
Political Taxation Regulation Government Societal Competition, etc.
8/3/2019 PRINTTTTT LAL
37/69
Risk Management in Banking Sector.
Risk begins to accumulate even before the design of the potential
transaction gets underway. It is present during negotiations with the client
(regardless of whether the negotiation is a lengthy structuring exercise or a
routine electronic negotiation.) and continues after the negotiation as thetransaction is serviced.
A complete picture of operational risk can only be obtained if the
banks activity is analyzed from beginning to end. Several things have to be in
place before a transaction is negotiated, and each exposes the firm to
operational risk. The activity carried on behalf of the client by the staff can
expose the institution to people risk. People risk is not only in the form of
risk found early in a transaction. But they further rely on using sophisticated
financial models to price the transaction. This creates what is called as Model
risk which can arise because of wrong parameters like input to the model, or
because the model is used inappropriately and so on.
Once the transaction is negotiated and a ticket is written, errors can
occur as the transaction is recorded in various systems or reports. An error
here may result in the delayed settlement of the transaction, which in turn can
give rise to fines and other penalties. Further an error in market risk and credit
risk report might lead to the exposures generated by the deal being
understated. In turn this can lead to the execution of additional transactions
that would otherwise not have been executed. These are examples of what is
often called as process risk
The system that records the transaction may not be capable of handlingthe transaction or it may not have the capacity to handle such transactions. If
any one of the step is out-sourced, then external dependency risk also arises.
However, each type of risk can be captured either as people, processes,
37
8/3/2019 PRINTTTTT LAL
38/69
Risk Management in Banking Sector.
technology, or an external dependency risk, and each can be analyzed in terms
of capacity, capability or availability
Who Should Manage Operational Risk?
The responsibility for setting policies concerning operational risk
remains with the senior management, even though the development of those
policies may be delegated, and submitted to the board of directors for
approval. Appropriate policies must be put in place to limit the amount of
operational risk that is assumed by an institution. Senior management needs
to give authority to change the operational risk profile to those who are the
best able to take action. They must also ensure that a methodology for the
timely and effective monitoring of the risks that are incurred is in place. To
avoid any conflict of interest, no single group within the bank should be
responsible for simultaneously setting policies, taking action and monitoring
risk.
38
Internal Audit
8/3/2019 PRINTTTTT LAL
39/69
Risk Management in Banking Sector.
Policy Setting
The authority to take action generally rests with business management,
which is responsible for controlling the amount of operational risk taken
within each business line. The infrastructure and the governance groups share
with business management the responsibility for managing operational risk.
The responsibility for the development of a methodology for measuring
and monitoring operational risks resides most naturally with group risk
management functions. The risk management function also needs to ensure
the proper operational risk/ reward analysis is performed in the review of
existing businesses and before the introduction of new initiatives andproducts. In this regard, the risk management function works very closely
with, but independent from, business management, infrastructure, and other
governance group
39
Senior Management
Business Management Risk Management
Legal
Operations
InformationTechnology
Finance
Insurance
8/3/2019 PRINTTTTT LAL
40/69
Risk Management in Banking Sector.
Senior management needs to know whether the responsibilities it has
delegated are actually being tended to, and whether the resulting processes are
effective. The internal audit function within the bank is charged with this
responsibility.
40
8/3/2019 PRINTTTTT LAL
41/69
Risk Management in Banking Sector.
CHAPTER 9
KEY TO IMPLEMENTING BANK-WIDE OPERATIONAL RISK
MANAGEMENT
The eight key elements are necessary to successfully implement a bank-wide operational risk management framework. They involve setting policy
and identifying risk as an outgrowth of having designed a common language,
constructing business process maps, building a best measurement
methodology, providing exposure management, installing a timely reporting
capability, performing risk analysis inclusive of stress testing, and allocating
economic capital as a function of operational risk.
EIGHT KEY ELEMENTS TO ACHIEVE BEST OPERATIONAL
RISK MANAGEMENT.
1. Develop well-defined operational risk policies. This includes explicitly
articulating the desired standards for the risk measurement. One also
41
1. Policy
Best Practice
2. Risk Identification
3. Business Process
4. Measuring Methodology
8. Economic Capital
7. Risk Analysis
6. Reporting
5. Exposure Management
8/3/2019 PRINTTTTT LAL
42/69
Risk Management in Banking Sector.
needs to establish clear guidelines for practices that may contribute to a
reduction of operational risk.
2. Establish a common language of risk identification. For e.g., the term
people risk includes a failure to deploy skilled staff. Technologyrisk would include system failure, and so on.
3. Develop business process maps of each business. For e.g., one should
create an operational risk catalogue which categories and defines the
various operational risks arising from each organizational unit in terms
of people, process, and technology risk. This catalogue should be tool
to help with operational risk identification and assessment.
4. Develop a comprehensible set of operational risk metrics. Operational
risk assessment is a complex process. It needs to be performed on a
firm-wide basis at regular intervals using standard metrics. In early
days, business and infrastructure groups performed their own
assessment of operational risk. Today, self-assessment has been
discredited. Sophisticated financial institutions are trying to develop
objective measures of operational risk that build significantly more
reliability into the quantification of operational risk.
5. Decide how to manage operational risk exposure and take appriate
action to hedge the risks. The bank should address the economic
question of the cost-benefit of insuring a given risk for those
operational risks that can be insured.
6. Decide how to report exposure.
42
8/3/2019 PRINTTTTT LAL
43/69
Risk Management in Banking Sector.
Types of Operational Failure Risk
1. People Risk 1. Incompetancy.
2. Fraud.
2. Process Risk
Model Risk
TR
OCR
1. Model/ methodology error
2. Mark-to-model error.
1. Execution error.
2. Product complexity.
3. Booking error.
4. Settlement error.1. Exceeding limits.
2. Security risk.
3. Volume risk.
3. Technology Risk 1. System failure.
2. Programming error.
3. Information risk.
4. Telecommunications failure.
7. Develop tools for risk analysis, and procedures for when these tools
should deploy. For e.g., risk analysis is typically performed as part of a
new product process, periodic business reviews, and so on. Stress
testing should be a standard part of risk analysis process. The frequency
of risk assessment should be a function of the degree to which
operational risks are expected to change over time as businesses
undertake new initiatives, or as business circumstances evolve. This
frequency might be reviewed as operational risk measurement is rolled
out across the bank a bank should update its risk assessment more
43
8/3/2019 PRINTTTTT LAL
44/69
Risk Management in Banking Sector.
frequently. Further one should reassess whenever the operational risk
profile changes significantly.
8. Develop techniques to translate the calculation of operational risk into a
required amount of economic capital. Tools and procedures should bedeveloped to enable businesses to make decisions about operational risk
based on risk/reward analysis.
44
8/3/2019 PRINTTTTT LAL
45/69
Risk Management in Banking Sector.
CHAPTER 10
FOUR-STEP MEASUREMENT PROCESS FOR OPERATIONAL
RISK
Clear guiding principle for the operational risk measurement processshould be set to ensure that it provides an appropriate measure of operational
risk across all business units throughout the bank. This problem of measuring
operational risk can be best achieved by means of a four-step operational risk
process. The following are the four steps involved in the process:
1. Input.
2. Risk assessment framework.
3. Review and validation.
4. Output.
1. Input:
The first step in the operational risk measurement process is to gather
the information needed to perform a complete assessment of all significant
operational risks. A key source of this information is often the finished
product of other groups. For example, a unit that supports the business group
often publishes report or documents that may provide an excellent starting
point for the operational risk assessment.
45
8/3/2019 PRINTTTTT LAL
46/69
Risk Management in Banking Sector.
Sources of Information in the Measurement Process of Operational Risk:
The Inputs (for Assessment)
Likelihood of Occurrence Severity Audit report Management interviews
Regulatory report Loss history
Management report
Expert opinion
Business Recovery Plan
Business plans
Budget plans
Operations plans
For example, if one is relying on audit documents as an indication of
the degree of control, then one needs to ask if the audit assessment is current
and sufficient. Have there been any significant changes made since the last
audit assessment? Did the audit scope include the area of operational risk that
is of concern to the present risk assessment? As one diligently works through
available information, gaps often become apparent. These gaps in the
information often need to be filled through discussion with the relevant
managers.
Typically, there are not sufficient reliable historical data available to
confidently project the likelihood or severity of operational losses. One often
needs to rely on the expertise of business management, until reliable data are
compiled to offer an assessment of the severity of the operational failure for
each of the risks. The time frame employed for all aspects of the assessment
process is typically one year. The one-year time horizon is usually selected to
align with the business planning cycle of the bank.
2. Risk Assessment Framework
46
8/3/2019 PRINTTTTT LAL
47/69
Risk Management in Banking Sector.
The input information gathered in the above step needs to be analyzed
and processed through the risk assessment framework. Risk assessment
framework includes:
1. Risk categories:The operational risk can be broken down into four headline risk categories
like the risk of unexpected loss due to operational failure in people, process
and technology deployed within the business
Internal dependencies should each be reviewed according to a set of
factors. We examine these 9nternal dependencies according to three key
components of capability, capacity and availability.
External dependencies can also be analyzed in terms of the specific type of
external interaction.
2. Connectivity and interdependencies
The headline risk categories cannot be viewed in isolation from one
another. One needs to examine the degree of interconnected risk exposures
that cut across the headline operational risk categories, in order to
understand the full impact of risk.
3. Change, complexity, compliancy:
One may view the sources that drive the headline risk categories as falling
under the broad categories of Change refers to such items as introducing
new technology or new products, a merger or acquisition, or moving from
internal supply to outsourcing, etc. Complexity refers to such items as
complexity of products, process or technology. Complacency refers toineffective management of the business.
4. Net likelihood assessment
The likelihood that an operational failure might occur within the next year
should be assessed, net of risk mitigants such as insurance, for each
47
8/3/2019 PRINTTTTT LAL
48/69
Risk Management in Banking Sector.
identified risk exposure and for each of the four headline risk categories.
Since it is often unclear how to quantify risk, this assessment can be rated
along five point likelihood continuum from very low, low, medium, high
and very high.5. Severity assessment
Severity describes the potential loss to the bank given that an operational
risk failure has occurred. It should be assessed for each identified risk
exposure.
6. Combined likelihood and severity into the overall Operational Risk
Assessment
Operational risk measures are constrained in that there is not usually a
defensible way to combine the individual likelihood of loss and severity
assessments into overall measure of operational risk within a business unit.
To do so, the likelihood of loss would need to be expressed in numerical
terms. This cannot be accomplished without statistically significant
historical data on operational losses.
7. Defining Cause and Effect:
Loss data are easier to collect than data associated with the cause of loss.
This complicates the measurement of operational risk because each loss is
likely to have several causes. This relationship between these causes, and
the relative importance of each, can be difficult to assess in an objective
fashion.
48
8/3/2019 PRINTTTTT LAL
49/69
Risk Management in Banking Sector.
8. Sample of a risk assessment report.
Risk Assessment Report
RiskCa
teg
or
y
Cause Effect Source ofProbability &
Magnitude of Loss
Data
People Loss of key staff,due to defection toa competitor.
Variance in revenue/ profit
Delphictechnique
based onbusiness
assessment.Process Declining
productivity asvolume grows
Variance in processcosts from predictedlevels, excluding
processmalfunctions
Historicalvariance.
Suppliersestimates
Industrybenchmarking
Technology Year 2000upgrade
expenditure
Variance intechnology running
costs from predictedlevels
Historicalvariance.
Suppliersestimates
Industrybenchmarking
Review and validation:
Once the report is generated. First the centralized operational risk
management group (ORMG) reviews the assessment results with senior
business unit management and key officers, in order to finalize the proposed
operational risk rating. Second, one may want an operational risk rating
committee to review the assessment a validation process similar to that
followed by credit rating agencies. This takes the form of review of the
individual risk assessments by knowledgeable senior committee personnel to
49
8/3/2019 PRINTTTTT LAL
50/69
Risk Management in Banking Sector.
ensure that the framework has been consistently applied across businesses,
that there has been sufficient scrutiny to remove any imperfections, and so on.
The committee should have representation from business management, audit,
and functional areas, and be chaired by risk management unit.3. Output
The final assessment of operational risk will be formally reported to
business management, the centralized risk-adjusted return on capital
(RAROC) group, and the partners in corporate governance such as internal
audit and compliance. The output of the assessment process has two main
uses:
1. The assessment provides better operational risk information to
management for use in improving risk management decisions.
2. The assessment improves the allocation of economic capital to better
reflect the extent of the operational riskier, being taken by a business
unit.
3. The over all assessment of the likelihood of operational risk & severity
of loss for a business unit can be shown as:
Mgmt. Attention
Severity of Loss ($)
Likelihood of Loss ($)
A business unit may address its operational risks in several ways. First,
one can invest in business unit. Second, one can avoid the risk by withdrawing
50
MediumRisk
HighRisk
MediumRisk
LowRisk
8/3/2019 PRINTTTTT LAL
51/69
Risk Management in Banking Sector.
from business activity. Third, one can accept and manage risk through
effective monitoring and control. Fourth, one can transfer risk to another
party. Of course, not all-operational risks are insurable, and in that case of
those that are insurable the required premium may be prohibitive. The strategyand eventually the decision should be based on cost benefit analysis.
Risk Management in Future
51
8/3/2019 PRINTTTTT LAL
52/69
Risk Management in Banking Sector.
The bank of the future will be recognized around a new vision. To
succeed, it will have to be able to respond to opportunities as they present
themselves. And it will have to strive to improve the portfolio management of
its balance sheet and capital.To manage conflicting objectives, it will need to determine a number of
policy variables such as a target risk-adjusted rate of returns (RAROC), target
regulatory return, target tier 1 ratio, target liquidity, and so on. (Figure 17.1)
In turn, this will mean transforming the risk management function. Risk
management will need to encompass limit management, risk analysis,
RAROC, and active portfolio management of risk (APMR). These changes in
the risk management will be induced by:
52
Target RAROC by:TransactionCustomer
ProductLine of Business
Target RegulatoryReturn by:1. Transaction
2. Customer3. Product4. Line of Business
Target Return onEquity Target LiquidityTarget Tier 1
Ratio
Target Risk WeightedAssets (RWA)
Target Leverage Ratio
Target Senior DebtRating
8/3/2019 PRINTTTTT LAL
53/69
Risk Management in Banking Sector.
1. Advances in technology
2. Introduction of more sophisticated regulatory measures
3. Rapidly accelerating market forces
4. Complex legal environment1. Advances in technology:
Banking is moving into an era in which complex mathematical model
programmed into risk engines will provide the foundation of portfolio
management. Banks with sophisticated risk engine will be able to measure the
risk of sophisticated products, compute and implement hedging strategies, and
understand the relative risk-adjusted return almost instantaneously.
Given the current trend toward consolidation, vast and complex
organizations will demand the ability to quickly and consistently provide
key decision-support tools for comparing profitability measures and risk
tolerance for diverse businesses.
Technology will allow risk management information to be integrated
into overall management reporting- including intraday risk reporting. The
Internet and intranet will become the delivery vehicles of choice for the results
of risk analyses.
Infrastructure investment will be required within many banks to
improve performance in a variety of tasks. The task includes information
collection and normalization, storage and dimensioning, and analytics
processing as well as information sharing and distribution.
One method of deployment for information, as shown in figure 17.3,will be via either the intranet or the Internet. There should only be official risk
measure from a fully integrated risk infrastructure. Real-time access will be
provided to the risk system via web-based technologies. Independent risk
53
8/3/2019 PRINTTTTT LAL
54/69
Risk Management in Banking Sector.
calculators may exist for offline use, but these will be able to use the same
analytics as the official reporting process.
The benefits of this type of infrastructure are consistency-one source for
one answer; efficiency work is executed once to serve multiple purposes;and ease of use- one place, one view. The risk database will include
transaction details (e.g., cash flows, principle amount, currencies); cross-
references to other internal systems, which house critical data (e.g., credit
rating, counterparty, instrument); external data (e.g., yield curve, prices,
industry classifications); and a variety of dimension indicators (e.g., product
identification codes, asset class, currency).
The infrastructure will include appropriate linkages within a robust
environment for data collection and scrubbing, data warehousing, and risk
analytics as well as the appropriate data and systems maintenance
components. Above all, the risk management information system (risk MIS)
should be designed to provide full risk transparency from the bottom to the
top of the house.
2. Regulatory Measures and Market Forces:
In the future, the regulatory review process (e.g., review of bank
internal models) will become more sophisticated. Regulators will hire staff
with a greater risk management expertise. Regulators will increasingly sever
as a catalyst for quantifying risk ( market, credit, operational, liquidity,etc.)
through their imposition of new capital regimes as discussed in the Basle
Accord Consultative Paper (Basle 1999).Market forces will also bring change. External users of financial
information will demand better information on which to make investment
decisions. In the future there will be more detailed and more frequent
reporting of risk positions to company shareholders, creditors, etc. this will
54
8/3/2019 PRINTTTTT LAL
55/69
Risk Management in Banking Sector.
lead to generally accepted reporting principles (GARP) for risk along the lines
of the existing generally accepted accounting principles (GAAP) for financial
statements.
There will be increasing growth in consulting services such as dataproviders, risk advisory service bureaus, treasury transaction services, etc.
independent external reviewers may even be hooked up to a banks systems to
allow them to offer regular automated independent risk reviews. The reviews
will be intended to provide comfort to senior managers and regulators, and to
show that internal systems provide sound risk measures.
The risk management function will be fully independent from the
business and centralized. Risk management processes will be fully and
seamlessly integrated into the business process. Risk/ return will be assessed
for new business opportunities and incorporated into the design of new
products. All risks-credit, market, operational, liquidity, and so on will be
combined, reported, and managed on an ever more integrated basis. The total
figures for credit risk by counterparty will use credit value-at-risk
methodologies to combine the risk arising from more traditional lending. The
problem of liquidating portfolios during turbulent markets will also become an
important factor in the total risk numbers.
The banks of the future will have a sophisticated central risk engine
capable of measuring the risk and the price of anything that the bank trades
and originates. Risk management will be a value added never center for
trading, ideas and deal structuring as well as provide the impetus for newmarketing initiatives, while pricing will become more complex and
competitive.
The risk management function will become much more tightly
integrated with profit & loss reporting. Risk capital will be charged to a
55
8/3/2019 PRINTTTTT LAL
56/69
Risk Management in Banking Sector.
business unit according to its contribution to the total risk of the firm, not
according to its contribution to the total risk of the firm, not according to the
volatility of the business lines revenues. And the balance sheet will be
supplemented by business unit value-at-risk (VaR) report. Information willpass back and forth between the risk management function and the business
units, and they will work in parternership to balance risk and return.
3. Legal Environment:
Legal risk is the risk that contracts are not legally enforceable or
documented correctly. Legal risks should be limited and managed through
policies developed by the institution's legal counsel (typically in consultation
with officers in the risk management process) that have been approved by the
institution's senior management and board of directors. At a minimum, there
should be guidelines and processes in place to ensure the enforceability of
counterparty agreements. Prior to engaging in derivatives transactions, an
institution should reasonably satisfy itself that its counterparties have the legal
and necessary regulatory authority to engage in those transactions. In addition
to determining the authority of a counterparty to enter into a derivatives
transaction, an institution should also reasonably satisfy itself that the terms of
any contract governing its derivatives activities with counterparty are legally
sound.
An institution should adequately evaluate the enforceability of its
agreements before individual transactions are consummated. Participants in
the derivatives markets have experienced significant losses because they wereunable to recover losses from a defaulting counterparty when a court held the
counterparty had acted outside of its authority in entering into such
transactions. An institution should ensure that its counterparties have the
power and authority to enter into derivatives transactions and that the
56
8/3/2019 PRINTTTTT LAL
57/69
Risk Management in Banking Sector.
counterparties' obligations arising from them are enforceable. Similarly, an
institution should also ensure that its rights with respect to any margin or
collateral received from counterparty are enforceable and exercisable.
The advantages of netting arrangements can include a reduction incredit and liquidity risks, the potential to do more business with existing
counterparties within existing credit lines and a reduced need for collateral to
support counterparty obligations. The institution should ascertain that its
netting agreements are adequately documented and that they have been
executed properly. Only when a netting arrangement is legally enforceable in
all relevant jurisdictions should an institution monitor its credit and liquidity
risks on a net basis. The institution should have knowledge of relevant tax
laws and interpretations governing the use of derivatives instruments.
Knowledge of these laws is necessary not only for the institution's marketing
activities but also for its own use of these products.
4. Building Block to Create Shareholders Value:
To use a sporting analogy, first-class risk management is not only about
outstanding goal keeping, but also about the ability to move up field and help
the team score. Advances in leading edge risk and capital management tools
suggest that banks are ready to move to this next stage of implementation.
RAROC will be used to drive pricing, performance measurement, portfolio
management, and capital management. The new paradigm of a total risk
enabled enterprise (TREE) will increase shareholders value at tactical and
strategic level, as well as attracting