RISK MANAGEMENT IN BANKS

Risk Management in Banks

INTRODUCTION

Banks in the process of financial intermediation are confronted with

various kinds of financial and non-financial risks viz., credit, interest rate,
foreign exchange rate, liquidity, equity price, commodity price, legal,
regulatory, reputation, etc. These risks are highly interdependent and events
that affect one area of risk can have ramifications for a range of other risk
categories. Thus, top management of banks should attach considerable
importance to improve the ability to identify measure, monitor and control
the overall level of risks undertaken.

RISK DEFINED

“Risk is the possibility of loss or damage”.

“Risk is the measure of profitability and severity of adverse effects”.
“Risk is the potential for realization of unwanted negative consequences
of an event”.

In any transaction, when there is a possibility of loss or peril, it may be

termed as a risky transaction.

As discussed above, risks are inherent in financial intermediation and cannot

be eliminated. However, they cannot only be managed and controlled but
even be turned into opportunities.

1
 RISK MANAGEMENT IN BANKS

THE BROAD PARAMETERS OF RISK MANAGEMENT

FUNCTION SHOULD ENCOMPASS

(i) Organizational structure;

(ii) Comprehensive risk measurement approach;
(iii) Risk management policies approved by the Board which should be
consistent with the broader business strategies, capital strength,
management expertise and overall willingness to assume risk;
(iv) Guidelines and other parameters used to govern risk taking
including detailed structure of prudential limits;
(v) Strong MIS for reporting, monitoring and controlling risks;
(vi) Well laid out procedures, effective control and comprehensive risk
reporting framework;
(vii) Separate risk management framework independent of operational
Departments and with clear delineation of levels of responsibilities
for management of risk; and
(viii) Periodical review and evaluation.

2
 RISK MANAGEMENT IN BANKS

THE PROCESS OF RISK MANAGEMENT INVOLVES

THE FOLLOWING

• Recognition and understanding,

• Measurement and
• Monitoring and control.

For effective risk management, a comprehensive risk management policy

has to be formulated incorporating a detailed structure of limits and
guidelines to be followed, and a strong management information system
built up for continuous monitoring and reporting of risk exposures.

Risk management is a process, by which an organization, say a bank,

identifies, measures, monitors and controls its risk exposures. Risk
management is a continuous process and not a one time activity.

Diagrammatically risk management process can be presented as under.

3
 RISK MANAGEMENT IN BANKS

By this process, the bank ensures that:

 There is a common understanding of risks across the

organizations.
 Risks are within the tolerances established by the board of
directors.
 Risk taking decisions are consistent with strategic business
objectives.
 Appropriate processes facilitate explicit and clear risk-taking
decisions.
 Expected return compensates for the risk taken and
 Capital allocation is consistent with risk exposures.

4
 RISK MANAGEMENT IN BANKS

TYPES OF RISKS

As per the RESERVE BANK OF INDIA guidelines issued in October

1999, there are three major types of risks encountered by the banks and
these CREDIT RISK, MARKET RISK AND OPERATIONAL RISK. In the
article, we will see what the components of these three major risks are. In
August 2001, a discussion paper on move towards Risk based Supervision
was published. Further, in September 2001 a guidance note on Credit Risk
Management was sent to all the banks. Recently in March 2002, a guidance
note on Market Risk Management was also circulated to all the banks and
this was followed by a discussion paper on Country Risk released in May
2002.

Risk is the potentiality that both the expected and unexpected events
may have as adverse impact on the bank’s capital or earnings. The expected
loss is to be borne by the borrower and hence is taken care of by adequately
pricing the products through risk premium and reserves created out of the
earnings. It is the amount expected to be lost due to changes in credit quality
resulting in default.

Whereas, the unexpected loss on account of the individual exposure

and the whole portfolio in entirety is to be borne by the bank itself and
hence is to be taken care of by the capital.

5
 RISK MANAGEMENT IN BANKS

Keeping in view the foregoing, a bank should have the following in

place: -

1. Dedicated policies and procedures to control exposures to designated

higher risk sectors such as capital markets, aviation, shipping,
property development, defence equipment, highly leveraged
transactions, bullion etc.
2. Sound procedures to ensure that all risks associated with requested
credit facilities are promptly and fully evaluated by the relevant
lending and credit officers.
3. Systems to assign a risk rating to each customer/borrower to who

credit facilities have been sanctioned.

4. A mechanism to price facilities depending on the risk grading of the

customer, and to attribute accurately the associated risk weightings to

the facilities.
5. Efficient and effective credit approval process operating within the
approval limits authorized by the Boards.
6. Procedures and systems which allow for monitoring financial
performance of customers and for controlling outstanding within
limits.
7. Systems to manage problem loans to ensure appropriate restructuring
schemes. A conservative policy for the provisioning of non-performing
advances should be followed.
8. A process to conduct regular analysis of the portfolio and to ensure
on-going control of risk concentrations.

6
 RISK MANAGEMENT IN BANKS

RISK MANAGEMENT IN BANKS

The history of banking is full of major and minor failures. It is now

argued that many of these failures were due to the fact that the risks were
not identified and managed properly. The reserve bank of India has issued
elaborate guidelines on asset liability management and risk management to
banks in India. Banks have been making vigorous in following these
guidelines.

Types of Financial Risks In Banks

Financial Risks

Credit Risk Market Risk Operational

Risk

7
 RISK MANAGEMENT IN BANKS

[I] CREDIT RISKS:-

Unlike market risks, where the measurement, monitoring, control etc.

are to a great extent centralized. Credit risks management is a
decentralized function or activity. This is to say that credit risk taking
activity is spread across the length and breadth of the network of branches,
as lending is a decentralized function. Proper a sufficient care has to be
taken for appropriate management of credit risk.

Credit risk or default risk involves inability or unwillingness of a

customer or counterparty to meet commitments in relation to lending,
trading, hedging, settlement and other financial transactions. The objective
of credit risk management is to minimize the risk and maximize banks risk
adjusted rate of return by assuming and maintaining credit exposure within
the acceptable parameters.

The Credit Risk is generally made up of transaction risk or default

risk and portfolio risk. The portfolio risk in turn comprises intrinsic and
concentration risk. The credit risk of a banks portfolio depends on both
external and internal factors. The external factors are the state of the
economy, rates and interest rates, trade restrictions, economic sanctions,
wide swings in commodity/equity prices, foreign exchange rates and interest
rates, trade restrictions, economic sanctions, Government policies, etc. The
internal factors are deficiencies in loan policies/administration, absence of
prudential credit concentration limits, inadequately defined lending limits
for Loan Officers/Credit Committees, deficiencies in appraisal of borrowers

8
 RISK MANAGEMENT IN BANKS

financial position, excessive dependence on collaterals and inadequate risk

pricing, absence of loan review mechanism and post sanction surveillance,
etc.
The credit approval process should aim at efficiency, responsiveness
and accurate measurement of the risk. This will be achieved through a
comprehensive analysis of the borrower's ability to repay, clear and
consistent assessment systems, a process which ensures that renewal
requests are analyzed as carefully and stringently as new loans and constant
reinforcement of the credit culture by the top management team.

Another variant of credit risk is counterparty risk. The counterparty

risk arises from non-performance of the trading partners. The non-
performance may arise from counterparty’s refusal/inability to perform
due to adverse price movements or from external constraints that were
not anticipated by the principal. The counterparty risk is generally
viewed as a transient financial risk associated with trading rather than
standard credit risk.

Credit risk may take various forms, such as:

• in the case of direct lending, that funds will not be repaid;

• in the case of guarantees or letters of credit, that funds will not be
forthcoming from the customer upon crystallization of the liability
under the contract;
• in the case of treasury products, that the payment or series of
payments due from the counterparty under the respective contracts is
not forthcoming or ceases;

9
 RISK MANAGEMENT IN BANKS

• in the case of securities trading businesses, that settlement will not be

effected;
• In the case of cross-border exposure, that the availability and free
transfer of currency is restricted or ceases.

Strategy and Policy

It is essential that each bank develops its own credit risk strategy or
enunciates a plan that defines the objectives for the credit-granting function.
This strategy should spell out clearly the organisation's credit appetite and
the acceptable level of risk - reward trade-off at both the macro and the
micro levels.

The strategy would therefore, include a statement of the bank's

willingness to grant loans based on the type of economic activity,
geographical location, currency, market, maturity and anticipated
profitability. This would necessarily translate into the identification of target
markets and business sectors, preferred levels of diversification and
concentration, the cost of capital in granting credit and the cost of bad debts.

The policy document should cover issues such as organizational

responsibilities, risk measurement and aggregation techniques, prudential
requirements, risk assessment and review, reporting requirements, risk
grading, product guidelines, documentation, legal issues and management of
problem loans. Loan policies apart from ensuring consistency in credit
practices, should also provide a vital link to the other functions of the bank.

10
 RISK MANAGEMENT IN BANKS

The management of credit risk should receive the top management’s

attention and the process should encompass:

Measurement of risk through credit rating/scoring:-

(a) Quantifying the risk through estimating expected loan losses i.e. the
amount of loan losses that bank would experience over a chosen time
horizon (through tracking portfolio behavior over 5 or more years)
and unexpected loss (through standard deviation of losses or the
difference between expected loan losses and some selected target
credit loss quantile);
(b) Risk pricing on a scientific basis; and
(c) Controlling the risk through effective Loan Review Mechanism and
portfolio management.

The credit risk management process should be articulated in the

bank’s Loan Policy, duly approved by the Board. Each bank should
constitute a high level Credit Policy Committee, also called Credit Risk
Management Committee or Credit Control Committee etc. to deal with
issues relating to credit policy and procedures and to analyze, manage and
control credit risk on a bank wide basis.

The Committee should be headed by the Chairman/CEO/ED, and

should comprise heads of Credit Department, Treasury, Credit Risk
Management Department (CRMD) and the Chief Economist.

11
 RISK MANAGEMENT IN BANKS

The Committee should, inter alia, formulate clear policies on

standards for presentation of credit proposals, financial covenants, rating
standards and benchmarks, delegation of credit approving powers,
prudential limits on large credit exposures, asset concentrations, standards
for loan collateral, portfolio management, loan review mechanism, risk
concentrations, risk monitoring and evaluation, pricing of loans,
provisioning, regulatory/legal compliance, etc.

Concurrently, each bank should also set up Credit Risk Management

Department (CRMD), independent of the Credit Administration
Department.

The CRMD should enforce and monitor compliance of the risk

parameters and prudential limits set by the CPC.

The CRMD should also lay down risk assessment systems, monitor
quality of loan portfolio, identify problems and correct deficiencies, develop
MIS and undertake loan review/audit.

Large banks may consider separate set up for loan review/audit. The
CRMD should also be made accountable for protecting the quality of the
entire loan portfolio. The Department should undertake portfolio evaluations
and conduct comprehensive studies on the environment to test the resilience
of the loan portfolio.

CREDIT RISK may be defined as the risk of default on the part of

the borrower. The lender always faces the risk of the counter party not

12
 RISK MANAGEMENT IN BANKS

repaying the loan or not making the due payment in time. This uncertainty
of repayment by the borrower is also known as default risk.

Some of the commonly used methods to measure credit risk

are:

a. Ratio of non performing advances to total advances;

b. Ratio of loan losses to bad debt reserves;
c. Ratio of loan losses to capital and reserves;
d. Ratio of loan loss provisions to impaired credit;
e. Ratio of bad debt provision to total income; etc.

Managing credit risk has been a problem for the banks for centuries.
As had been observed by JOHN MEDLIN, 1985 issue of US banker.

“Balancing the risk equation is one of the most difficult aspects of

banking. If you lend too liberally, you get into trouble. If you don’t lend
liberally you get criticized”.

Over the tears, bankers have developed various methods for

containing credit risk. The credit policy of the banks generally prescribes the
criteria on which the bank extends credit and, inter alia, provides for
standards.

13
 RISK MANAGEMENT IN BANKS

TOOLS OF CREDIT RISK MANAGEMENT.

The instruments and tools, through which credit risk management are
carried out, are detailed below:
1. Portfolio management.
2. Loan review mechanism.

1. PORTFOLIO MANAGEMENT.

Stipulate quantitative ceiling on aggregate exposure on specific rating

Categories, distribution of borrowers in various industries, business group
rapid portfolio reviews. The existing framework of tracking the non-
performing loans around the balance sheet date does not signal the quality of
the entire loan book. There should be a proper and regular on-going system
for identification of credit weakness well in advance. Initiative steps to
preserve the desired the portfolio quality and integrate portfolio reviews
with credit decision making process.

Credit portfolio management emanated from the potential adverse

impact of concentration of exposures and the necessity to optimize the
benefit associated with diversification.
Concentration risk is a banking term denoting the overall spread of a
bank's outstanding accounts over the number or variety of debtors to whom the
bank has lent money. This risk is calculated using a "concentration ratio" which
explains what percentage of the outstanding accounts each bank loan
represents.

14
 RISK MANAGEMENT IN BANKS

[II] MARKET RISK:-

Traditionally, credit risk management was the primary challenge for

banks. With progressive deregulation, market risk arising adverse changes in
market variables, such as interest rate, foreign exchange rate, equity price
and commodity price has become relatively more important. Even a small
change in market variables causes substantial changes in income and
economic value of banks.

MARKET RISK may be defined as the possibility of loss to a bank

caused by the changes in the market variables. It is the risk that the value of
on/off-balance sheet positions will be adversely affected by movements in
equity and interest rate markets, currency exchange rates and commodity
prices.

Market risk is the risk to the bank’s earnings and capital due to
changes in the market level of interest rates or prices of securities, foreign
exchange and equities, as well as the volatilities of those prices. Market Risk
management provides a comprehensive and dynamic framework for
measuring, monitoring and managing liquidity, interest rate, foreign
exchange and equity as well as commodity price risk of a bank that needs to
be closely integrated with the banks business strategy.

15
 RISK MANAGEMENT IN BANKS

Scenario analysis and stress testing is yet another tool used to asses
areas of potential problems in a given portfolio. Identification of future
changes in economic conditions like-
 ECONOMIC / INDUSTRY OVERTURNS.
 MARKET RISK EVENTS.
 LIQUIDITY CONDITIONS.

That could have unfavorable effect on banks portfolio is a condition

precedent for carrying out stress testing. As the underlying assumption
keeps changing from time to time, out-put of the test should be reviewed
periodically.

Market risk arises out of the dynamics of market forces, which, for
the banking industry, may include interest rate fluctuations, maturity
mismatches, exchange rate fluctuations, market competition in terms of
services and products, changing customer preferences and requirements
resulting in product obsolescene, coupled with changes national and
international politico-economic scenario. These risks are like perils of the
sea, which can be caused by any change-taking place anywhere in the
national and international arena.

Market risks affect banks in two ways:

i. The customer requirements are changing because of the
changing economics scenario. Hence banks have to fine-tune/modify their
products to make them customer friendly, otherwise the obsolescence of

16
 RISK MANAGEMENT IN BANKS

products will divert the customers to other banks thereby reducing the
business and profits of the bank concerned.
ii. The macro-economic changes in the national and
international politico-economic scenario affect the risk element in different
business activities differently. This aspect has assumed greater importance
in the modern age, because of the increasing integration of global markets.

Since both these aspects are dynamic in nature, with change being the
only constant factor, market risks need to be monitored on a continuous
basis and appropriate strategies evolved to keep these risks within
manageable limits. Again, given that one can manage only what one can
measure, measurement of risks on a continuous basis deserves immediate
attention.

Market risk can be defined as the risk of losses in on and off

balance sheet positions arising from adverse movement of market
variables.

Market Risk Management

Management of market risk should be the major concern of top

management of banks. The Boards should clearly articulate market risk
management policies, procedures, prudential risk limits, review mechanisms
and reporting and auditing systems. The policies should address the bank’s
exposure on a consolidated basis and clearly articulate the risk measurement
systems that capture all material sources of market risk and assess the

17
 RISK MANAGEMENT IN BANKS

effects on the bank. The operating prudential limits and the accountability of
the line management should also be clearly defined. The Asset-Liability
Management Committee (ALCO) should function as the top operational unit
for managing the balance sheet within the performance/risk parameters laid
down by the Board. The banks should also set up an independent Middle
Office to track the magnitude of market risk on a real time basis. The
Middle Office should comprise of experts in market risk management,
economists, statisticians and general bankers and may be functionally placed
directly under the ALCO. The Middle Office should also be separated from
Treasury Department and should not be involved in the day to day
management / ALCO / Treasury about adherence to prudential / risk
parameters and also aggregrate the total market risk exposures assumed by
the bank at any point of time.

MARKET RISK TAKES THE FORM OF:-

1) Liquidity Risk
2) Interest Rate Risk
3) Commodity Price Risk and
4) Equity Price Risk

A concise definition of each of the above Market Risk factors and how
they are managed is described below:

LIQUIDITY RISK/MATURITY GAP RISK:-

18
 RISK MANAGEMENT IN BANKS

Liquidity Planning is an important facet of risk management

framework in banks. Liquidity is the ability to efficiently accommodate
deposit and other liability decreases, as well as, fund loan portfolio growth
and the possible funding of off-balance sheet claims. A bank has adequate
liquidity when sufficient funds can be raised, either by increasing liabilities
or converting assets, promptly and at a reasonable cost. It encompass the
potential sale of liquid assets and borrowings from money, capital and forex
markets. Thus, liquidity should be considered as a defence mechanism from
losses on fire sale of assets.

Liquidity risk is the potential inability of a bank to meet its payment

obligations in a timely and cost effective manner. It arises when the bank is
unable to generate cash to cope with a decline in deposits/liabilities or
increase in assets.
The cash flows are placed in different time buckets based on future
behavior of assets, liabilities and 0ff-balance sheet items.

LIQUIDITY may be defined as the ability to meet commitments

and/or undertake new transactions. The most obvious form of liquidity risk
is the inability to honour desired withdrawals and commitments, that is, the
risk of cash shortages when it is needed which arises due to maturity
mismatch.
Therefore, they generally have a mismatched balance sheet in so far as their
short-term liabilities are greater than short-term assets and long-term assets
are greater than long term liabilities.

19
 RISK MANAGEMENT IN BANKS

i. Liquidity risk is measured by preparing a maturity profile of

assets and liabilities, which enables the management to form a
judgment on liquidity mismatch. As the basic problem for a bank
is to ascertain whether it will be able to meet maturing obligations
on the date they fall due, it must prepare a projected cash-flow
statement and estimate the probability of facing any liquidity
crisis.

Liquidity measurement is quite a difficult task and can be measured

through stock or cash flow approaches. The key ratios, adopted across the
banking system are the other methods of measuring liquidity risk are: _

 To manage liquidity risk, banks should keep the maturity

profile of liabilities compatible with those of assets.
 The behavioral maturity profile of various components of
on/off balance sheet items is being analysed and variance
analysis is been undertaken regularly.
 Efforts are also being made by some banks to track the impact
of repayment of loans and premature closure of deposits to
estimate realistically the cash flow profile.
 Banks are closely monitoring the mismatches in the category of
1-14 days and 15-28 days time bands and tolerance levels on
mismatches are being fixed for various maturities, depending
on asset-liability profile, stand deposit base nature of cash
flows, etc.

20
 RISK MANAGEMENT IN BANKS

Liquidity Risk means, the bank is not in a position to make its

repayments, withdrawal, and other commitments in time. For
EXAMPLE two Canadian banks, Northland Bank and Continental Bank of
Canada suffered a run on deposits because of a credit crisis at Canadian
commercial bank.

Liquidity risk consists of FUNDING RISK, TIME RISK, and

CALL RISK.

The liquidity risk in banks manifest in different dimensions:

 Funding Risk – It is the need to replace net outflows due to

unanticipated withdrawals/non-renewal of deposits (wholesale
and retail)

 Time Risk – It is the need to compensate for non-receipt of

expected inflows of funds, i.e. performing assets turning into
non-performing assets; and

 Call Risk – It happens due to crystallization of contingent liabilities and

unable to undertake profitable business opportunities when desirable.

The Asset Liability Management (ALM) is a part of the overall risk

management system in the banks. It implies examination of all the assets
and liabilities simultaneously on a continuous basis with a view to ensuring
a proper balance between funds mobilization and their deployment with

21
 RISK MANAGEMENT IN BANKS

respect to their maturity: (a) profiles, (b) cost, (c) yield (d) risk exposures,
etc. It includes product pricing for deposits as well as advances, and the
desired maturity profile of assets and liabilities.

Tolerance levels on mismatches should be fixed for various

maturities depending upon the asset liability profile, deposit mix, nature of
cash flow etc. Bank should track the impact of pre-payment of loans and
premature closure of deposits so as to realistically estimate the cash flow
profile.

The first step towards liquidity management is to put in place an

effective liquidity management policy, which, inter alia, should spell out the
funding strategies, liquidity planning under alternative scenarios, prudential
limits, liquidity reporting/reviewing, etc.

While the liquidity ratios are the ideal indicator of liquidity of banks
operating in developed financial markets, the ratios do not reveal the
intrinsic liquidity profile of Indian banks which are operating generally in an
illiquid market. Experiences show that assets commonly considered as
liquid like Government securities, other money market instruments, etc.
have limited liquidity as the market and players are unidirectional. Thus,
analysis of liquidity involves tracking of cash flow mismatches. For
measuring and managing net funding requirements, the use of maturity
ladder and calculation of cumulative surplus or deficit at selected maturity
dates is recommended as a standard tool.

22
 RISK MANAGEMENT IN BANKS

The format prescribed by RBI in this regard under ALM System

should be adopted for measuring cash flow mismatches at different time
bands. The cash flows should be placed in different time bands based on
future behavior of assets, liabilities and off-balance sheet items.

In other words, banks should have to analyze the behavioural

maturity profile of various components of on / off- balance sheet items on
the basis of assumptions and trend analysis supported by time series
analysis. Banks should also undertake variance analysis, at least, once in six
months to validate the assumptions. The assumptions should be fine-tuned
over a period which facilitates near reality predictions about future
behaviour of on/off-balance sheet items.

Thus, cash outflows can be ranked by the date on which liabilities

fall due, the earliest date a liability holder could exercise an early repayment
option or the earliest date contingencies could be crystallized.

The difference between cash inflows and outflows in each time

period, the excess or deficit of funds becomes a staring point for a measure
of a bank’s future liquidity surplus or deficit, at a series of points of time.

 The banks should also consider putting in place certain

prudential limits to avoid liquidity crisis:

1. Cap on inter-bank borrowings, especially call borrowings;

2. Purchased funds vis-à-vis liquid assets;
3. Core deposits vis-à-vis Core Assets i.e. Cash Reserve Ratio,

23
 RISK MANAGEMENT IN BANKS

Liquidity reserve Ratio and Loans;

4. Duration of liabilities and investment portfolio;
5. Maximum Cumulative outflows. Banks should fix
cumulative mismatches across all time bands;

6. Commitment Ratio – track the total commitments given to

corporate/banks and other financial institutions to limit the
off-balance sheet exposures;
7. Swapped Funds Ratio, i.e. extent of Indian Rupees raised out
of foreign currency sources.

Banks should also evolve a system for monitoring high value

deposits (other than inter-bank deposits) say Rs.1 crore or more to track the
volatile liabilities. Further the cash flows arising out of contingent liabilities
in normal situation and the scope for a n increase in cash flows during
periods of stress should also e estimated. It is quite possible that market
crisis can trigger substantial increase in the amount of draw from cash
credit/overdraft accounts, contingent liabilities like letters of credit, etc.

ALTERNATIVE SCENARIOS

The liquidity profile of banks depends on the market conditions,

which influence the cash flow behaviour. Thus, banks should evaluate
liquidity profile under different conditions, viz. normal situation, bank
specific crisis and market crisis scenario. The banks should establish

24
 RISK MANAGEMENT IN BANKS

benchmark for normal situation; cash flow profile of on / off balance sheet
items and manages net funding requirements.

Estimating liquidity under bank specific crisis should provide a

worst-case benchmark. It should be assumed that the purchased funds could
not be easily rolled over; some of the core deposits could be prematurely
closed; a substantial share of assets have turned into non-performing and
thus become totally illiquid. These developments
would lead to rating down grades and high cost of liquidity. The banks
should evolve contingency plans to overcome such situations.

The market crisis scenario analyses cases of extreme tightening of

liquidity conditions arising out of monetary policy stance of Reserve Bank,
general perception about risk profile of the banking system, severe market
disruptions, failure of one or more of major players in the market, financial
crisis, contagion, etc. Under this scenario, the rollover of high value
customer deposits and purchased funds could extremely be difficult besides
flight of volatile deposits / liabilities. The banks could also sell their
investment with huge discounts, entailing severe capital loss.

INTEREST RATE RISK (IRR)

The management of Interest Rate Risk should be one of the critical

components of market risk management in banks. The regulatory
restrictions in the past had greatly reduced many of the risks in the banking
system. Deregulation of interest rates has, however, exposed them to the
adverse impacts of interest rate risk.

25
 RISK MANAGEMENT IN BANKS

Interest Rate Risk is the potential negative impact on the Net Interest
Income and it refers to the vulnerability of an institutions financial condition
to the movement in interest rates. Changes in interest rate affect earnings,
value of assets, liability, off-balance sheet items and cash flow. Hence, the
objective of interest rate risk management is to maintain earnings, improve
the capability, ability to absorb potential loss and to ensure the adequacy of
the compensation received for the risk taken and effect risk return trade-off.

Management of interest rate risk aims at capturing the risks arising

from the maturity and re-pricing mismatches and is measured both from the
earnings and economic value perspective.

The Net Interest Income (NII) or Net Interest Margin (NIM) of

banks is dependent on the movements of interest rates. Any mismatches
in the cash flows (fixed assets or liabilities) or repricing dates (floating
assets or liabilities), expose bank’s NII or NIM to variations. The earning of
assets and the cost of liabilities are now closely related to market interest
rate volatility.

26
 RISK MANAGEMENT IN BANKS

Interest Rate Risk is the potential negative impact on the Net

Interest Income and it refers to the vulnerability of an institution’s
financial condition to the movement in interest rates. Changes in interest
rate affect earnings, value of assets, liabilities, off-balance sheet items and
cash flow. Hence, the objective of interest rate risk management is to
maintain earnings, improve the capability, ability to absorb potential loss
and to ensure the adequacy of the compensation received for the risk taken
and affect risk return trade-off.

Management of interest rate risk aims at capturing the risks arising

from the maturity and re-pricing mismatches and is measured both from the
earnings and economic value perspective.

Earnings perspective involves analyzing the impact of changes in

interest rates on accrual or reported earnings in the near term. This is
measured by measuring the changes in the NET INTEREST INCOME (NII)
equivalent to the difference between total interest income and total interest
expense.

Economic Value perspective involves analyzing the expected cash

inflows on assets minus expected cash outflows on liabilities plus the net
cash flows or off-balance sheet items. The economic value perspective
identifies risk arising from long-term interest rate gaps.

In detail Interest Rate Risk is the risk due to changes in market

interest rates, which might adversely affect the bank’s financial
condition. The immediate impact of change in interest rates is on the bank’s

27
 RISK MANAGEMENT IN BANKS

earnings through fall in Net Interest Income (NII). Ultimately the impact of
the potential long-term effects of changes in interest rates is on the
underlying economic value of bank’s assets, liabilities and off-balance sheet
positions. The interest rate risk when viewed from these two perspective is
called as “Earning’s Perspective” and Economic Value Perspective”,
respectively.

In simple terms, high proportion of fixed income assets would mean

that any increase in interest rate will not result in higher interest income (due
to fixed nature of interest rate) and likewise reduction interest rate will not
decrease interest income. Low proportion of fixed assets will have the
opposite effect.

Banks have laid down policies with regard to VOLUME,

MINIMUM MATURITY, HOLDING PERIOD, DURATION, STOP
LOSS, RATING STANDARDS, etc., for classifying securities in the
trading book. The statement of interest rate sensitivity is being prepared by
banks. Prudential limits on gaps with a bearing on total assets, earning assets
or equity have been set up.

Interest rate will be explained with the help of examples:-

For instances, a bank has accepted long-term deposits @ 13% and

deployed in cash credit @ 17%. If the market interest rate falls by 1%, it
will have to reduce interest rate on cash credit by 1% as cash credit is

28
 RISK MANAGEMENT IN BANKS

repriced quarterly. However, it will not be able to reduce interest on term

deposits. Thus, the net interest income of the bank will go down by 1%.

Or suppose a bank has 90 days deposit @ 9% deployed in one year

bond @ 12%. If the market interest rate arises by 1%, the bank will have to
renew the deposits after 90 days at a higher rate. However it will continue to
get interest rate at the old rate from the bond. In this case too, the net interest
income will go down by 1%.

The various types of interest rate risks are identified as follows:-

Price Risk:-

Price risk occurs when assets are sold before their stated maturities. In
the financial market, bond prices and yields are inversely related. The price
risk is closely associated with the trading book, which is created for making
profit out of short-term movements in interest rates. Banks which have an
active trading book should, therefore, formulate policies to limit the
portfolio size, holding period, duration, defeasance period, stop loss limits,
marking to market, etc.

Reinvestment Risk:-

Uncertainty with regard to interest rate at which the future cash

flows could be reinvested is called reinvestment risk. Any mismatches in

29
 RISK MANAGEMENT IN BANKS

cash flows would expose the banks to variations in NII as the market interest
rates move in different directions.

MATURITY GAP ANALYSIS

The simplest analytical techniques for calculation of IRR exposure

begins with maturity Gap analysis that distributes interest rate sensitive
assets, liabilities and off-balance sheet positions into a certain number of
pre-defined time-bands according to their maturity (fixed rate) or time
remaining for their next repricing (floating rate). Those assets and liabilities
lacking definite repricing intervals (savings bank, cash credit, overdraft,
loans, export finance, refinance from RBI etc.) or actual maturities vary
from contractual maturities (embedded option in bonds with put/call
options, loans, cash credit/overdraft, time deposits, etc.) are assigned time-
bands according to the judgement, empirical studies and past experience of
banks.

A number of time bands can be used while constructing a gap report.

Generally, most of the banks focus their attention on near-term periods, viz.
monthly, quarterly, half-yearly or one year. It is very difficult to take a view
on interest rate movements beyond a year. Banks with large exposures in the
short-term should test the sensitivity of their assets and liabilities even at
shorter intervals like overnight, 1-7 days, 8-1 4 days etc.

30
 RISK MANAGEMENT IN BANKS

In order to evaluate the earnings exposure, interest Rate Sensitive

Assets (RSAs) in each time band are netted with the interest Rate Sensitive
Liabilities (RSLs) to produce a repricing ‘Gap’ for that time band.

The positive Gap indicates that banks have more RSAs than RSLs. A
positive or assets sensitive Gap means that an increase in market interest
rates could cause an increase in NII.

Conversely, a negative or liability sensitive Gap implies that the

banks NII could decline as a result of increase in market interest rates. The
negative gap indicates that banks have more RSLs than RSAs. Gap is the
difference between a bank’s assets and liabilities maturing or subject to
repricing over a designated period of time.

The Gap is used as a measure of interest rate sensitivity. The Positive

or Negative Gap is multiplied by the assumed interest rate changes to derive
the Earnings at Risk (EaR). The EaR method facilitates to estimate how
much the earnings might be impacted by an adverse movement in interest
rates. The changes in interest could be estimated on the basis of past trends,
forecasting of interest rates, etc. the banks should fix EaR which could be
based on last/current year’s income and a trigger point at which the line
management should adopt on-or off-balance sheet hedging strategies may be
clearly defined.

The Gap calculations can be augmented by information on the

average coupon on assets and liabilities in each time band and the same

31
 RISK MANAGEMENT IN BANKS

could be used to calculate estimates of the level of NII from positions

maturing or due for repricing within a given time-band, which would then
provide a scale to assess the changes in income implied by the gap analysis.

In case banks could realistically estimate the magnitude of changes in

market interest rates of various assets and liabilities (basic risk) and their
past behavioural pattern (embedded option risk), they could standardize the
gap by multiplying the individual assets and liabilities by how much they
will change for a given change in interest rate. Thus, one or several
assumptions of standardized gap seem more consistent with real world than
the simple gap method. With the Adjusted Gap, banks could realistically
estimate the EaR.

DURATION GAP ANALYSIS

Duration is a measure of change in the value of the portfolio due to

change in interest rates. Duration of an asset or a liability is computed by
calculating the weighted average value of all the cash-flows that it will
produce with each cash-flow weighted by the time at which it occurs. It is
expressed in time periods. Duration of high coupon bond is always shorter
than duration of low coupon bonds because of larger cash inflow from
higher interest payments. With zero coupon bonds, the duration would be
equal to maturity. By calculating the duration of the entire asset and liability
portfolio, the duration gap can be calculated, that is, the mismatch in asset
and liability duration and, if necessary, corrective action may be taken to
create a duration match.

32
 RISK MANAGEMENT IN BANKS

Measuring the duration Gap is more complex than the simple gap
model. The attraction of duration analysis is that it provides a
comprehensive measure of IRR for the total portfolio. The duration analysis
also recognizes the time value of money. Duration measure is addictive so
that banks can match total assets and liabilities rather than matching
individual accounts. However, Duration Gap analysis assumes parallel shifts
in yield curve. For this reason, it fails to recognize basis risk.

EQUITY PRICE RISK:-

Equity Price Risk is the risk of loss in value of the bank’s equity
investments and/or equity derivative instruments arising out of change in
equity prices.

COMMODITY PRICE RISK:-

The risk of loss in value of commodity held / traded by the bank, arising out
of changes in prices, basis mismatch, forward price etc.

33
 RISK MANAGEMENT IN BANKS

[III] OPERATIONAL RISK:-

“Operational Risk is defined as the risk of direct or indirect loss

resulting from inadequate or failed internal processes, people and
system or from external events.”

Generally, operational risk is defined as any risk, which is not

categorized as market or credit risk, or the risk of loss arising from
various types of human or technical error. It is also synonymous with
settlement or payments risk and business interruption, administrative and
legal risks. Operational risk has some form of link between credit and
market risks. An operational problem with a business transaction could
trigger a credit or market risk.

Indeed, so significant has operational risk become that the bank for
International Settlement (BIS) has proposed that, as of 2006, banks should
be made to carry a Capital cushion against losses from this risk.

Managing operational risk is becoming an important feature of sound

risk management practices in modern financial markets in the wake of

34
 RISK MANAGEMENT IN BANKS

phenomenal increase in the volume of transactions, high degree of structural

changes and complex support systems.

The most important type of operational risk involves breakdowns

in internal controls and corporate governance.
Such breakdowns can lead to financial loss through error, fraud, or
failure to perform in a timely manner or cause the interest of the bank to be
compromised.
The objectives of Operational Risk Management is to reduce the
expected operational losses that focuses on systematic removal of
operational risk sources and uses a set of key risk indicators to measure
and control risk on continuous basis. The ultimate objective of
operational risk management is to enhance the shareholder’s value by
being ready for risk based capital allocation.

There is no uniformity of approach in measurement of Operational Risk in

the banking system at present

The bank’s operational risks can be classified into following six exposure
classes :-
• People
• Process
• Management
• System
• Business and
• External

35
 RISK MANAGEMENT IN BANKS

Bank has also identified 5 business lines viz…..

• Corporate finance
• Retail banking
• Commercial banking
• Payment and Settlement and
• Trading and Sales (Treasury operations) also

To each of this exposure classes within each business line are attached
certain risk categories under which the bank can incur losses or potential
losses.

Bank collected information at first instance for a 5 year period and is

being updated on a six monthly basis June and December. These date help
in qualifying the overall potential / actual loss on account of Operational
Risk and initiate measure for plugging these risk areas.

Bank may suitably at a latter date move to appropriate models for

measuring and managing Operational Risk also after receipt of RBIs
Guidance Note.

MEASUREMENT

There is no uniformity of approach in measurement of operational risk

in the banking system. Besides, the existing methods are relatively simple
and experimental, although some of the international banks have made

36
 RISK MANAGEMENT IN BANKS

considerable progress in developing more advanced techniques for

allocating capital with regard to operational risk.

Measuring operational risk requires both estimating the probability of

an operational loss event and the potential size of the loss. It relies on risk
factor that provides some indication of the likelihood of an operational loss
event occurring. The process of operational risk assessment needs to address
the likelihood (or frequency) of a particular operational risk occurring, the
magnitude (or severity) of the effect of the operational risk on business
objectives and the options available to manage and initiate actions to
reduce/mitigate operational risk. The set of risk factors that measure risk in
each business unit such as audit ratings, operational data such as volume,
turnover and complexity and data on quality of operations such as error rate
or measure of business risks such as revenue volatility, could be related to
historical loss experience. Banks can also use different analytical or
judgmental techniques to arrive at an overall operational risk level. Some of
the international banks have already developed operational risk rating
matrix, similar to bond credit rating. The operational risk assessment should
be bank-wide basis and it should be reviewed at regular intervals. Banks,
over a period, should develop internal systems to evaluate the risk profile
and assign economic capital within the RAROC framework.

Indian Banks have so far not evolved any scientific methods for
quantifying operational risk. In the absence any sophisticated models, banks
could evolve simple benchmark based on an aggregate measure of business
activity such as gross revenue, fee income, operating costs, managed assets

37
 RISK MANAGEMENT IN BANKS

or total assets adjusted for off-balance sheet exposures or a combination of

these variables.

At present, scientific measurement of operational risk has not been

evolved. Hence, 20% charge on the Capital Funds is earmarked for
operational risk.
RISK MANAGEMENT STRUCTURE

A major issue in establishing an appropriate risk management

organization structure is choosing between a centralized and decentralized
structure. The global trend is towards centralizing risk management with
integrated treasury management function to benefit from information on
aggregate exposure, natural netting of exposures, economies of scale and
easier reporting to top management.

The primary responsibility of understanding the risks run by the bank

and ensuring that the risks are appropriately managed should clearly be
vested with the Board of Directors. The Board should set risk limits by
assessing the bank’s risk and risk-bearing capacity.

At organizational level, overall risk management should be assigned

to an independent Risk Management Committee or Executive Committee of
the top Executives that reports directly to the Board of Directors. The
purpose of this top level committee is to empower one group with full
responsibility of evaluating overall risks faced by the bank and determining
the level of risks which will be in the best interest of the bank.

38
 RISK MANAGEMENT IN BANKS

The function of Risk Management Committee should essentially

be to identify, monitor and measure the risk profile of the bank. The
Committee should also develop policies and procedures, verify the models
that are used for pricing complex products, review the risk models a
development takes place in the markets and also identify new risks.

Internationally, the trend is towards assigning risk limits in terms of

portfolio standards or Credit at Risk (credit risk) and Earnings at Risk
and Value at Risk (market risk).

A prerequisite for establishment of an effective risk management

system is the existence of a robust MIS, consistent in quality. The existing
MIS, however, requires substantial up gradation and strengthening of the
data collection machinery to ensure the integrity and reliability of data.

The risk management is a complex function and it requires

specialized skills and expertise. Banks have been moving towards the use of
sophisticated models for measuring and managing risks. Large banks and
those operating in international markets should develop internal risk
management models to be able to compete effectively with their
competitors.

As the domestic market integrates with the international markets, the

banks should have necessary expertise and skill in managing various types
of risks in a scientific manner. At a more sophisticated level, the core staff at

39
 RISK MANAGEMENT IN BANKS

Head Offices should be trained in risk modeling and analytical tools. It

should, therefore, be the endeavor of all banks to upgrade the skills of staffs.

Given the diversity of balance sheet profile, it is difficult to adopt a

uniform framework for management of risks in India. The design of risk
management functions should be bank specific, dictated by the size,
complexity of functions, the level of technical expertise and the quality of
MIS. The proposed guidelines only provide broad parameters and each bank
may evolve their own systems compatible to their risk management
architecture and expertise.

Internationally, a committee approach to risk management is being

adopted. While the Asset-Liability Management Committee (ALCO)
deals with different types of market risk, the Credit Policy Committee
(CPC) oversees the credit/counterparty risk and country risk.

Banks could also set up a single Committee for integrated

management of credit and market risks. Generally, the policies and
procedures for market risk are articulated in the ALM policies and credit
risk is addressed in Loan Policies and procedures.

Currently, while market variables are held constant for qualifying

credit risk, credit variables are held constant in estimating market risk. The
economic crises in some of the countries have revealed a strong correlation
between unhedged market risk and credit. Forex exposures, assumed by
corporate whi have no natural hedges, will increase the credit risk which
banks run vis-à-vis their counterparties. The volatility in the prices of

40
 RISK MANAGEMENT IN BANKS

collateral also significantly affects the quality of the loan book. Thus, there
is a need for integration of the activities of both the ALCO and the CPC and
consultation process be established to evaluate the impact of market and
credit risks on the financial strength of banks. Banks may also consider
integrating market risk elements into their credit risk assessment process.

RISK IS A SERIOUS BUSINESS

Why do organizations take risks? The apt answer would be-to make
some handsome gains. Banks, the world over, generally, it is said that “NO
RISK-NO GAIN”, but sometimes, taking risk becomes disastrous for the
organizations.

It is evident from above that if risk are not managed properly, even
the survival of the bank may become under threat, risk management has,
therefore, become an important area, which needs to be looked into with
great concern and care.

REGULATORY ISSUES AND CAPITAL ADEQUACY

Individual banks risks create Systematic risk, i.e., the risk that the
whole banking system fails. Systematic risk results from the high
interrelations between banks through mutual lending and borrowing
commitments. The failure of single institution generates a risk of failure for

41
 RISK MANAGEMENT IN BANKS

all banks that have ongoing commitments with the defaulting bank.
Systematic Risk is a major challenge for the regulator.

A number of rules, aimed at limiting risks in a simple manner, have

been in force for a long time. For instance, certain ratios are subject to
minimum values, say Capital Adequacy Ratio, certain caps are placed viz.,
Single Borrowers etc., so as to limit the risks.

The main enforcement of such regulations is Capital Adequacy. That

is by enforcing a capital level in a level in a line with risks, regulators focus
on pre-emptive (in-anticipation) actions limiting the risk of failure.
Guidelines are defined by a group of regulators in Basel at the bank for
International Settlements (BIS), Switzerland (hence the name Basel
Accord). The process attempts to reach a consensus on the feasibility of
implementing new guidelines by interacting with the industry. Basel
guidelines are subject to some implementation variations from one country
to another according to the view of local supervisors (RBI in case of our
country).

However, Capital Adequacy requirements are primarily to meet the

following objectives:-
• To ensure survival of the institution to protect it against the risk of
insolvency.
• To absorb unanticipated losses with enough margin to inspire
stakeholders confidence and enable the institution to continue as a
going concern.

42
 RISK MANAGEMENT IN BANKS

• To protect depositors, bondholders, creditors in the event of

insolvency and lquidation.

The first Accord (1998) known as Basel I, focused on Credit Risk,

with the famous Cookie Ratio. The Cookie Ratio sets up the minimum
required capital as a fixed percentage of assets weighted according to their
nature. The scope of regulations extended progressively later. The extension
to market risk was in 1996 by way of an amendment. The proposed New
Basel Accord to be known as Basel II considerably enhances the previous
credit risk regulations. The New Accord is under finalization.

The major strength of cookie ratio is its simplicity, while of its major
drawbacks are :-
• There is no differentiation between the different risks in lending
activity. An 8% ratio applied for “AAA” rated large corporate exposure
and also for a small business with a lesser rating. That is, it was not risk
sensitive.
• In the CRAR computation, the capital charges are added. But,
summing arithmetically the capital charges of all transactions does not
capture diversification effects. By diversification we mean, that the
entire portfolio may not move unidirectional, but may compensate and
adjust in view of different co-relation among assets within the
exposure/portfolio. That is to say, there is an embedded diversification
in the 8% (CRAR), but the same ratio applies to all portfolios,
whatever their degree of diversification.

43
 RISK MANAGEMENT IN BANKS

The proposed New Basel Accord is the of consultative documents that

describe recommended rules for enhancing credit risk measures, extending
the scope of capital requirements to operational risk, providing various
enhancements to the existing accord and detailing the supervision and
market discipline.

The new accord comprises of 3 pillars:-

1. Pillar 1 – Minimum Capital Requirements.
2. Pillar 2 – Supervisory Review Process.
3. Pillar 3 – Market Discipline.

The New Basel Accord appears to be a major step forward. On the

quantitative side of risk measurements, the accord offers a choice between
the Standardised, the Foundation and Advanced approaches and provides
remedies for several critical issues/draw backs of the existing system. The
new sets of ratios are called the Mc Donough Ratios. Weighs are based on
credit risk components allowing a much improved differentiate of risks. The
accord is likely to also extend the scope of capital requirements to
Operational Risk.
As New Basel Capital Accord is based around three complementary
elements viz… (i) to reinforce minimum capital standards, (ii) to have the
supervisory review process, and (iii) to promote safety and soundness in
banks and financial systems. Market Discipline imposes strong incentives to
banks to conduct their business in safe, sound and efficient manner,
including an incentive to maintain a strong capital base as a cushion against
potential future losses arising from risk exposures. The Basel Committee is
already working on the scope of application of the Accord, capital and

44
 RISK MANAGEMENT IN BANKS

capital adequacy, and risk exposure and assessment. The Risk Management
has come at the central stage in the new Basel Capital Accord.

BASEL’S NEW CAPITAL ACCORD.

Banker’s for International Settlement (BIS) meet at Basel situated at

Switzerland to address the common issues concerning bankers all over the
world. The Basel Committee on Banking Supervision (popularly known as
BCBS) is a committee of banking supervisory authorities of G-10 countries
and has been developing standards and establishment of a framework for
bank supervision towards strengthening financial stability throughout the
world. In consultation with the supervisory authorities of a few non G-10
countries including India, core principles for effective banking supervision
in the form of minimum requirements to strengthen current supervisory
regime, were mooted.

45
 RISK MANAGEMENT IN BANKS

The 1998 Capital Accord essentially provided only one option

measuring the appropriate capital in relation to the risk-weighted assets of
the financial institution. It focused on the total amount of bank capital so as
to reduce the risk of bank solvency at the potential cost of bank’s failure for
the depositors.

As an improvement on the above, the New Capital Accord was

published in 2001, to be implemented by the financial year 2003-04. it
provides spectrum of approaches for the measurement of credit, market and
operational risks to determine the capital required.

The main differences between the existing accord and the new one are
summarized below:-

Existing Accord New Accord

1. Focus on single measure. 1. More emphasis on bank’s own
Internal methodology, supervisory
Review and market discipline.
2. One size fits all 2. Flexibility, menu of approaches,
Incentive for better risk
Management.
3. Broad brush structure. 3. More risk sensitivity

The structure of the New Accord – II consist of three pillar approach as

given below:-

46
 RISK MANAGEMENT IN BANKS

PILLAR FOCUS AREA

First Pillar Minimum Capital Requirements
Second Pillar Supervisory Review Process
Third Pillar Market Discipline

BASEL’S NEW CAPITAL ACCORD.

Pillar 1: Minimum Pillar 2: Superviory Pillar 3: Market

Capital Requirements. Review of Capital Discipline.
Adequacy.

Sets minimum Banks must Improved

Acceptable assess solvency disclosure of
Capital level. Vs. risk profile. capital
structure.

Enhanced Supervisory Improved

Approach for review of banks disclosure of
Credit risk. Calculation & risk profile
Capital strategies.

47
 RISK MANAGEMENT IN BANKS

1. Public ratings Improved

2. Internal ratings Bank should disclosure of
3. Mitigation hold in excess capital
of minimum adequacy.
Explicit level of capital.
Treatment of Improved
Operational risk. disclosure of
Regulators will risk
Market risk intervene at an measurement
Framework, early stage if &
Ratios are capital levels management
Unchanged. detediorate. practices.

NEW PRODUCTS AND RISK.

With the introduction of new products like plastic cards (credit, debit,
smart cards etc.) the risk of frauds have increased manifold. According to
estimation, in an active issuing Bank, card fraud is likely to claim the lion’s
share of fraud being experienced in general, and could well dominate
average operating losses as a whole. Worldwide, frauds occurred due to loss
or steal of plastic cards that cause the greatest losses. The second largest
source and fastest growing source of loss is use of counterfeit cards.
Emerging areas of E-commerce and internet banking are also a matter of
concern.

WHAT TO DO ABOUT RISK?

48
 RISK MANAGEMENT IN BANKS

Once the risks have been identified, the million dollar question is –
What to do about the Risks? The suitable answer to this question would be
to manage the risks in an efficient and effective manner so that the
organization incurs minimum loss.

The resource available to banks could be:-

• If the risk is at prospective stage, try to avoid it.

• If the risk is likely to occur, and it is unavoidable, accept the risk
and retain it on an economically justifiable basis.
• Try to execute some effective actions as to reduce or eliminate the
loss likely to be incurred due to happening of the particular risky
incident.
• Try to diversify within a portfolio of risks with a view to
shortening the loss.
• For risky business areas, introduction of prudent exposure norms,
in advances, may help in minimizing the loss.
• Sound risks management procedures and information systems, if
put in place in the right perspective, will help in taking timely
decisions for avoidance of risks.
• If suitable, hedge the risk artificially i.e. counterbalance and
neutralize the risk to a certain degree, by use of derivative
instruments. This, in itself, is a very risky option.
• Monitor various categories of risks on continuous basis and report
to appropriate authority so that risks can be overcome in future.
• Liquidate the risk by transfer without resources to other party.

49
 RISK MANAGEMENT IN BANKS

• Put in place the comprehensive internal control and audit systems

with a view to controlling risks.

The effective Risk Management Process in Bank’s which does not

result in getting rid of risks, will help in minimizing the losses.

State Bank of India, London, United Kingdom

Case study

The Client

STATE BANK OF INDIA (SBI) is the largest bank in India with over 180
years of banking experience. Today, State Bank of India ranks among the
top 25 commercial banks in Asia with assets exceeding US$60 billion. SBI
operates worldwide through an extensive network of over 9000 offices
including 50 overseas offices in 48 countries. The Bank has won the
Technology Award 2005, from the ‘Banker’, London. Until recently, SBI

50
 RISK MANAGEMENT IN BANKS

UK operation has been using the Misys-Equation banking application for its
operations. This application runs on the IBM AS400 platform. Since 2001,
IIL Risk Management has provided various IT related services to the Bank.

The Problem

SBI, UK’s Treasury operations use the Reuters 3000 dealing system.
Dealers negotiate and confirm various deals every day involving money
market and forex trades. These deals were posted manually into the banking
application. Manual posting carried with it the risk of error prone entries,
missed out deals, lack of suitable and timely checks & verification and
inability to ascertain accurately counter party dealing limits. The Bank
required ‘straight through processing’ from Reuters dealing server to the
Misys-Equation platform to minimise operational risk. With an eye on
future proofing the investment in the system it also desired that the solution
be platform independent and therefore be based on ‘java’ programming and
be integrated with the Meridian middleware provided by Misys. In addition,
they required counter party limits and exposures to be displayed back to the
dealer on a separate screen by intelligently using the information from
dealer initiated Reuter conversations with the counter party. Investigation of
available products in the market place found that they contained many
functionalities already catered for by the Reuter system and were not cost
effective and used obsolete technologies.

The Solution

51
 RISK MANAGEMENT IN BANKS

IIL Risk Management (IIL) developed for the bank a unique and cost
effective solution to automate the entire process from capturing deals from
Reuter dealing 3000 server to posting into the core banking application.

The solution integrates various technologies such as Microsoft Windows

2000 server, Access database, IBM MQ series, Misys Meridian middleware
and IBM AS/400.

The process can be categorised as follows:

• Electronic capture of deals via Reuter Ticket Output Feed (TOF).

• Deal data processing with data validation and writing to database.
• Deal data mapping, formatting and posting to Misys Equation using
Meridian Middleware/IBM MQ Series.
• Secure and user-friendly interface to monitor flow of deal data, correct any
exceptions and review status of posting into Misys Equation.
• Intelligent use of Reuters Current Interest Feed (CIF) to retrieve counter-
party dealing limits and actual exposures from the Equation banking system
and displaying the same back to the dealers.

All the above modules work closely with each other in terms of
connectivity, request and response along with reliable audit trails.

The Benefits

The implemented solution reduced SBI, UK Treasury Department’s

52
 RISK MANAGEMENT IN BANKS

workload considerably virtually eliminating the need for human

intervention. Operational efficiency was greatly improved. Timely display
of counter party dealing limits at both Group and Individual level and actual
exposures enabled the dealers to know the exact ‘position’ at any given
time. This was an important technology based support for the Bank’s efforts
to minimize operational risk from manual interventions.

NPA management is a matter of concern to the entire banking industry.

What one has to see is the background of an NPA and its origination. A lot
of NPAs result from lack of proper monitoring and control. There are NPAs
which occur due to factors beyond t he control of the borrower. Sometimes,
NPAs occur due to diversion of funds by the borrower. But ultimately,
effective monitoring and control will definitely restrict the NPAs. Instead of
getting into action after the accounts have turned into NPAs, what we are
planning to do is take a standard account and closely monitor it to see that
slippages do not occur.

Canara Bank adopts new initiatives in NPA management

CANARA Bank, one of the oldest public sector banks, has been improving
its performance under various parameters such as global deposits, advances,

53
 RISK MANAGEMENT IN BANKS

foreign business turnover, productivity, owned funds, operating profits and

NPAs.

The bank has taken up a series of initiatives in the last couple of years
especially to improve the quality of its assets and also to contain fresh
accruals of non-performing assets (NPAs). These measures include inter-
face meetings with C ircle Offices and setting of targets, recovery meets for
compromise settlements and recovery camps at branches. All these
measures have resulted in a significant decline in the net NPA ratio from
7.52 per cent on March 31, 1998 to 7.09 per cent by the end of last fiscal
year.

With a progressive decline in the net NPAs ratio, the bank has aimed at
containing the level of net NPAs to below four per cent in the next few
years. Towards this, it has been embarking upon more and more innovative
measures, which would help it right f rom the stage of making credit
decisions to regularly monitoring them on an ongoing basis to effectively
avoid slippages.

Asset Quality, Risk Management and Basel II Compliance

Unrelenting focus on assets quality, stringent credit review and monitoring
mechanism brought about a reduction in the Bank’s NPA in absolute terms.
The gross NPA level declined during the year and stood at Rs.1416 crore.
With a gross NPA ratio of 1.31%, the Bank continues to be the lowest
among the peers. Net NPA also declined to Rs.899 crore from Rs.927 crore
a year ago. Cash recovery during the year aggregated to Rs.975 crore, well
exceeding the internal target of Rs.850 crore.

54
 RISK MANAGEMENT IN BANKS

Adhering to the Reserve Bank of India's stipulated timeline, the Bank

successfully migrated to the new capital adequacy framework under Basel II
and put in place a robust Risk Management Architecture. Capital to Risk
Weighted Assets Ratio (CRAR) worked out to 13.25%, well above the
regulatory minimum of 9%. The Bank has adopted Standardized Approach
for credit risk, Modified Duration Approach for market risk and Basic
Indicator approach for operational risk.

The Bank consciously desisted from participating in the exotic derivatives

market. Consequently, neither the Bank nor the Bank's clients suffered any
losses on this score.
Smooth Transition to the Basle II Capital Adequacy Framework Risk
Management Initiatives the Bank has put in place unified risk management
architecture to move towards global best practices for effective
implementation of risk management initiatives in conformity with the Basle
II framework and RBI guidelines. The Board of Directors drive the Risk
Management initiatives in the Bank. The Risk Management Committee of
the Board is constituted and operational. Top Executive
Committees for Credit Risk, Operational Risk and Market Risk
management supervise and monitor the respective risk management
processes and procedures. Asset Liability Committee (ALCO) meets
periodically for effective and pro-active AL.M in the Bank.
Credit risk
An exclusive Risk Management Wing at the Head office is functioning as a
nodal point for overall implementation of various risk management
initiatives across the Bank. Integrated Mid Office of both domestic as well
as forex treasury is functioning under Risk Management Wing for effective

55
 RISK MANAGEMENT IN BANKS

and independent supervision and monitoring of market risk in investment

and forex functions. Risk Management Sections are functioning in all the 30
Circle Offices of the Bank as extended arms of the Risk Management Wing
at the Corporate Office.
The Bank has adopted Standardized Approach to arrive at credit Risk
Weighted Assets (RWA) for computing Capital to Risk Weighted Assets
Ratio (CRAR). The data for arriving at RWA is being collected from the
branches manually, which is validated by internal/external auditors.

Operational Risk Management

The Bank has computed capital charge for operational risk by adopting
Basic Indicator Approach as stipulated by RBI. The Bank has initiated steps
for strengthening internal operational loss data base through incident
reporting system by all branches/offices to capture loss/near miss
operational loss incidents. Risk Profile of the Bank is compiled on a
quarterly basis based on the risk templates provided by RBI, to analyze the
level and direction of various risks across the Bank.

Proper organizational structure is in place as a first step to implement

compliance of Regulatory/Statutory and internal guidelines across the Bank.
As an initiative to move towards Advanced Approaches for operational risk
management, the Bank has put in place Business Line Policy, Outsourcing
Policy, Legal Risk Management Policy and Policy on Insurance.

Market Risk Management:

56
 RISK MANAGEMENT IN BANKS

The Bank has computed capital charge for market risk on Available for
Sale (AFS) and Held for Trading (HFT) portfolios under Investments, by
adopting Standardized Modified Duration Approach. Integrated Mid
Office at Risk Management Wing monitors market risk through on line
connectivity with the domestic and forex treasury. Exposure limits, such as
stop loss limits on trading books, Dealer wise limits, limits on money
market operations, M-duration limits for AFS category,
Aggregate gap limit, Intra day and overnight limit for various currency
positions are fixed to act as risk mitigates and on line monitoring is being
done by Risk Management Wing. Various risk reports formats are
customized for effective market risk management.

Canara Bank, London, United Kingdom

Nostro A/c A banking term to describe an account one bank holds with a
bank in a foreign country, usually in the Currency of that foreign country.
Nostro Account is an Account Maintained by One bank with another
corresponding foreign bank in its Local Currency.
The Client

CANARA BANK is the 3r largest public sector bank in India by deposit

base and the fourth largest in asset size. The London branch has been in
operation since 1983. The Bank offers a range of products and services from
retail deposits, corporate loans, trade finance, foreign exchange, money
transmission service, and NRI Services. The Bank uses Misys-Equation as
its banking application. IIL Risk Management has been providing various IT
services to Canara Bank, London from its inception.

The Problem

57
 RISK MANAGEMENT IN BANKS

The traditional way of sending 'Nostro' account statements of the Bank's

Indian branches back to them was time consuming. Also it's select
customers desired online access to their account status/balance information.
With the increased adoption of the Internet as an information and delivery
channel the bank needed a secure and cost effective means for providing
their customers, including the Indian and other overseas branches, to access
their account balances and statements.

The Solution

IIL Risk Management provided a web based banking solution using the
customer's PC, a web server, a database server, a data transformer and a data
retriever using proven methodologies and protocols. The solution integrates
IBM AS/400, Microsoft web server, Microsoft SQL server, and the Internet
and Firewall technologies.

An intelligent data retriever extracts customer and accounting information

from the core banking system. The data transformer translates the extracted
information and stores it in net banking hosting server. Both the data
retriever and data transformer are scheduled in such a way that information
is kept up to date in near real time. Web enabled programs supported by the
web server provide the customer a secure 'front-end access' coupled with
data encryption.

Eg. Credit Risk Management of ICICI

Credit risk, the most significant risk faced by ICICI Bank, is managed by the
Credit Risk Compliance & Audit Department (CRC & AD) which
evaluates risk at the transaction level as well as in the portfolio context. The
industry analysts of the department monitor all major sectors and evolve a
sectoral outlook, which is an important input to the portfolio planning
process. The department has done detailed studies on default patterns of

58
 RISK MANAGEMENT IN BANKS

loans and prediction of defaults in the Indian context. Risk-based pricing of

loans has been introduced.

The functions of this department include:

 Review of Credit Origination & Monitoring

 Credit rating of companies/structures
 Default risk & loan pricing
 Review of industry sectors
 Review of large exposures in industries/ corporate groups/ companies
 Ensure Monitoring and follow-up by building appropriate systems
such as CAS
 Design appropriate credit processes, operating policies & procedures
 Portfolio monitoring
 Methodology to measure portfolio risk
 Credit Risk Information System (CRIS)
 Focussed attention to structured financing deals
 Pricing, New Product Approval Policy, Monitoring
 Monitor adherence to credit policies of RBI

During the year, the department has been instrumental in reorienting the
credit processes, including delegation of powers and creation of suitable
control points in the credit delivery process with the objective of improving
customer response time and enhancing the effectiveness of the asset creation
and monitoring activities.

59
 RISK MANAGEMENT IN BANKS

Availability of information on a real time basis is an important requisite for

sound risk management. To aid its interaction with the strategic business
units, and provide real time information on credit risk, the CRC & AD has
implemented a sophisticated information system, namely the Credit Risk
Information System. In addition, the CRC & AD has designed a web-based
system to render information on various aspects of the credit portfolio of
ICICI Bank.

Operational Risk Management of ICICI

ICICI Bank, like all large banks, is exposed to many types of operational
risks. These include potential losses caused by events such as breakdown in
information, communication, transaction processing and settlement systems/
procedures.

The Audit Department, an integral part of the Risk Compliance & Audit
Group, focusses on the operational risks within the organisation. In recent
times, there has been a shift in the audit focus from transactions to
controls. Some examples of this paradigm shift are:

 Adherence to internal policies, procedures and documented processes

 Risk Based Audit Plan
 Widening of Treasury operations audit coverage
 Use of Computer Assisted Audit Techniques (CAATs)
 Information Systems Audit

60
 RISK MANAGEMENT IN BANKS

 Plans to develop/ buy software to capture the workflow of the Audit

Department

The Audit Department conceptualized and put into operation a Risk Based
Audit Plan during the year 1998-99. The Risk Based Audit Plan envisages
allocation of audit resources in accordance with the risk constituents of
ICICI Bank’s business.

CONCLUSION

The objective of risk management is not to prohibit or prevent

risk taking, but to ensure that the risks are consciously taken with full
knowledge, clear purpose and understanding so that it can be measured
and mitigated. The purpose of managing risk is to prevent an institution
from suffering unacceptable loss causing an institution to fail or materially
damage its competitive position.
Functions of risk management should actually be bank specific
dictated by the size and quality of balance sheet, complexity of functions,

61
 RISK MANAGEMENT IN BANKS

technical/professional manpower and the status of MIS in place in that bank.

There may not be one-size-fits-all risk management module for all the banks
to be made applicable uniformity.
As in the international practice, a committee approach may be
adopted to manage various risks. Risk Management Committee, Credit
Policy Committee, Asset Liability Management Committee, etc., are such
committee that handles the risk management aspects.
The effectiveness of risk management depends on efficient
Management Information System, computerization and net working of the
branch activities. An objective and reliable data base has to be built up for
which bank has to analyse its own past performance data relating to loan
defaults, trading losses, operational losses, etc., and come out with bench
,marks so as to prepare themselves for the future risk management activities.
A large project involves certain risks, and that is true of banking
projects. The Risk Management is an emerging area that aims to address the
problem of identifying and managing the risks associated with the banking
industry. The Risk Management helps banks in preventing problems even
before they occur. In managing the risks, the Board of Directors and Senior
Management will have to play an effective role by formulating clear and
comprehensive policies.

The Risk Management System, which integrates:-

• Prudent risk limits,
• Sound risk management procedures and information systems,

62
 RISK MANAGEMENT IN BANKS

• Continuous risk monitoring and frequent reporting is said to be

efficient one. The keen interest taken by the Reserve Bank of India in
this context needs to be appreciated and supported at all levels.

Most of the risks arise as a result of mismatch of assets and liabilities.

If the Assets of a bank exactly matched its liabilities of identical maturity,
interest rate conditions, and currency, then liquidity risk, interest rate risk,
and currency risk could have been avoided. However, in practice it is near
impossible to have such a perfectly matched balance sheet. A banker
therefore has, to keep different types of risk within acceptable limits. It
requires the ability to forecast future changes in the environment and
formulate suitable action plans to protect the net worth of the organization
from the impact of these risks.
It is by no means an easy task. If he is proved wrong in his judgment,
the process of risk management may go haywire. Few would disagree with
the statement that “being a banker is like being a country hound dog. If you
stand still, you get kicked. If you run, they throw rocks at you”.

63