THE EFFECTIVENESS OF RISK

MANAGEMENT SYSTEMS IN BANKS

– SCOPE & ANAYSIS

UNDER THE GUIDANCE OF:

PRESENTED BY:
Prof. CKT.Chandrashekara
Ramya L
Head of Department MBA FINANCE
CHRIST UNIVERSITY INSTITUTE
INSTITU
CHRIST UNIVERSITY INSTITUTE OF MANAGEMENT
OF MANAGEMENT
 CHAPTER 1:

INTRODUCTION
Risk is inherent in any walk of life in general and in financial sectors in particular. Till
recently, due to regulate environment, banks could not afford to take risks. But of late, banks
are exposed to same competition and hence are compelled to encounter various types of
financial and non-financial risks. Risks and uncertainties form an integral part of banking
which by nature entails taking risks. There are three main categories of risks; Credit Risk,
Market Risk & Operational Risk. Author has discussed. Main features of these risks as well
as some other categories of risks such as Regulatory Risk and Environmental Risk. Various
tools and techniques to manage Credit Risk, Market Risk and Operational Risk and its
various components, are also discussed in detail. Also mentioned relevant points of Basel’s
New Capital Accord’ and role of capital adequacy, Risk Aggregation & Capital Allocation
and Risk Based Supervision (RBS), in managing risks in banking sector.

The face of banking in India is changing rapidly. The enhanced role of the banking sector in
the Indian economy, the increasing levels of deregulation along with the increasing levels of
competition have facilitated globalisation of the India banking system and placed numerous
demands on banks. Operating in this demanding environment has exposed banks to various
challenges and risks.

TRADITIONAL RISK MANAGEMENT SYSTEMS

Commercial banks are in the risk business. In the process of providing financial services, they
assume various kinds of financial risks. So we need to determine an approach to examine
large-scale risk management systems. The management of the banking firm relies on a
sequence of steps to implement a risk management system. These can be seen as containing
the following four parts:
• Standards and reports
• Position limits or rules
• Investment guidelines or strategies
• Incentive contracts and compensation

2
In general, these tools are established to measure exposure, define procedures to manage
these exposures, limit individual positions to acceptable levels, and encourage decision
makers to manage risk in a manner that is consistent with the firm's goals and objectives.

TYPES OF RISK

The banking industry has long viewed the problem of risk management as the need to control
four of the above risks which make up most, if not all, of their risk exposure, viz., credit,
interest rate, foreign exchange and liquidity risk. While they recognize counterparty and legal
risks, they view them as less central to their concerns.

1. CREDIT RISK
Credit Risk is the potential that a bank borrower/counter party fails to meet the obligations on
agreed terms. There is always scope for the borrower to default from his commitments for
one or the other reason resulting in crystallisation of credit risk to the bank. These losses
could take the form outright default or alternatively, losses from changes in portfolio value
arising from actual or perceived deterioration in credit quality that is short of default. Credit
risk is inherent to the business of lending funds to the operations linked closely to market risk
variables. The objective of credit risk management is to minimize the risk and maximize
bank’s risk adjusted rate of return by assuming and maintaining credit exposure within the
acceptable parameters. Credit risk consists of primarily two components, viz Quantity of risk,
which is nothing but the outstanding loan balance as on the date of default and the quality of
risk, viz, the severity of loss defined by both Probability of Default as reduced by the
recoveries that could be made in the event of default. Thus credit risk is a combined outcome
of Default Risk and Exposure Risk.

2. MARKET RISK
Market Risk may be defined as the possibility of loss to bank caused by the changes in the
market variables. It is the risk that the value of on-/off-balance sheet positions will be
adversely affected by movements in equity and interest rate markets, currency exchange rates
and commodity prices. Market risk is the risk to the bank’s earnings and capital due to
changes in the market level of interest rates or prices of securities, foreign exchange and
equities, as well as the volatilities, of those prices.

3
3. OPERATIONAL RISK
Operational risk, though defined as any risk that is not categorized as market or credit risk, is
the risk of loss arising from inadequate or failed internal processes, people and systems or
from external events. In order to mitigate this, internal control and internal audit systems are
used as the primary means.

VALUE BASED RISK MANAGEMENT SYSTEMS

Value-at-risk (VaR)

Value-at-risk (VaR) is a measure of the worst expected loss over a given time interval under
normal market conditions at a given confidence level. Value-at-risk is widely used by banks,
securities firms and other trading organizations. Such firms could track their portfolios'
market risk by using historical volatility as a risk metric.

Use of Derivatives

There has been a significant increase in the use of derivatives in the risk management.

Credit Default Swaps - Credit derivatives are being used by almost all the banks now. Out
of a total of $250 trillion of derivative contracts traded round the world, more than 50% are in
form of credit derivatives. Then banks are using swaps for match their asset - liability
mismatch.

Interest Rate Swaps - A bank having a fixed income and floating outflow can go in for a
swap to get fixed outflow. Similarly, swaps can be arranged to hedge currency risks.
Universal banking system is now spreading fast. This is diversifying the bank's operational
risk.

Stress Testing
It is a modern risk management practice which has found wide acceptability in Indian
Banking System. Determining the required buffer size of capital is an important risk

4
management issue for banks, which the Basel Committee (2002) suggests should be
approached via stress testing.
Stress testing permits a forward-looking analysis and a uniform approach to identifying
potential risks to the banking system as a whole. Stress tests done on German banks found
that, "it is not only the capital and reserves base which is crucial for the long-term stability of
the banks, however. The institutions also have to make further progress in their efforts to
achieve a sustained improvement in their profitability and in limiting their credit and market
risks." All these dynamics are well captured by Stress Testing models.

RBI says that, "Banks should identify their major sources of risk and carry out stress tests
appropriate to them. Some of these tests may be run daily or weekly, some others may be run
at monthly or quarterly intervals. This stress testing would also form a part of Pillar 2 of the
Basel II framework."

Basel Committee

Basel I
In July 1988, the Basel Committee came out with a set of recommendations aimed at
introducing minimum levels of capital for internationally active banks. These norms required
the banks to maintain capital of at least 8 per cent of their risk-weighted loan exposures.
Different risk weights were specified by the committee for different categories of exposure.
For instance, government bonds carried risk-weight of 0 per cent, while the corporate loans
had a risk-weight of 100 per cent.

Basel II
To set right these aspects, the Basel Committee came up with a new set of guidelines in June
2004, popularly known as the Basel II norms. These new norms are far more complex and
comprehensive compared to the Basel I norms. Also, the Basel II norms are more risk-
sensitive and they rely heavily on data analysis for risk measurement and management. They
have given three pillars which act as guideline for implementation of Basel II.

1. Pillar 1
Basel II norms provide banks with guidelines to measure the various types of risks they face -
credit, market and operational risks and the capital required to cover these risks.

5
Market risk - Unchanged from existing Basel I Accord
Credit risk
• Significant change from existing Basel Accord
• Three different approaches to the calculation of minimum capital requirements
• Capital incentives to move to more sophisticated credit risk management approaches
based on internal ratings
• Sophisticated approaches have systems / controls and data collection requirements
Operational risk
• Not covered in Basel I Accord
• Three different approaches to the calculation of minimum capital requirements
• Adoption of each approach subject to compliance with defined ‘qualifying criteria’

2. Pillar II (Supervisory Reviews)

It ensures that not only do the banks have adequate capital to cover their risks, but also that
they employ better risk management practices so as to minimise the risks.
Capital cannot be regarded as a substitute for inadequate risk management practices. This
pillar requires that if the banks use asset securitisation and credit derivatives and wish to
minimise their capital charge they need to comply with various standards and controls.
As a part of the supervisory process, the supervisors need to ensure that the regulations are
adhered to and the internal measurement systems are standardised and validated.

3. Pillar III (Market Discipline)

This market discipline is brought through greater transparency by asking banks to make
adequate disclosures. The potential audiences of these disclosures are supervisors, bank's
customers, rating agencies, depositors and investors. Market discipline has two important
components:

• Market signaling in form of change in bank's share prices or change in bank's

borrowing rates
• Responsiveness of the bank or the supervisor to market signals

6
 CHAPTER 2:

RESEARCH DESIGN
TITLE OF THE PROJECT

The effectiveness of Risk management in Banks – scope and analysis.

STATEMENT OF PROBLEM

The world of finance has always had an intuitive understanding of risk. The risks that emerge
from the increased variety and complexities of banking business, as well as from the various
new drivers of growth has pushed the contours of risk management in banks much beyond
what would probably have existed in the more traditional forms of banking activity of
accepting deposits and lending in relatively stable environments.

Thus it’s very important for banks to understand the nature and context of risk management
and also develop appropriate tools and mechanism to manage and mitigate risks.

SCOPE OF THE STUDY

This project intends to study the scope of risk management in banks and also the tools and
mechanism to manage and mitigate risks. Further the study also evaluates the soundness of
banks in the area of risk management.

OBJECTIVES OF THE STUDY

• To study the various risks to which banks are exposed.

• To study the risk management tools and techniques in banks.

• To determine the effectiveness of Credit, Market, operational and liquidity

management in banks.

7
 • To compare the soundness of the banks in respect of risk management.

METHODOLOGY

This study is done in parts: First a theoretical study about risk management mechanism used
in banks. Secondly a questionnaire analysis of the actual implementation and effectiveness of
risk Management. Finally a comparative study on the soundness of banks based on risk
mechanisms adopted and implemented.

Ø Type of research

An analytical and descriptive method is adopted to carry out the research. The project is an
in-depth study. The research is carried out in the form of a case study where the bank
employees in risk Management department were interviewed to understand the mechanism
and effectiveness of risk management.

Ø Data collection method

The procedure of data collection started with an in depth study of the Risk management
mechanism. This was facilitated by reading journals, articles, e-journals and Bank reports.
This was the first and the quintessential step taken before proceeding with the project work.

The next step dealt was through questionnaire analysis, which was filled by bank officials.
This was aided by the discussions with the Bank officials as well as articles and online
publications. This step also involved gaining knowledge about Risk management tools and
techniques and its importance in decision making and risk mitigation.

Ø Sampling details

The analysis of the primary data has been done on the basis of responses received in the
questionnaire. Sample size: 40. The sample whose responses have been tabulated consists of
the following Banks.

8
• Allahabad Bank - 2 Kempe Gowda Road Bangalore 560009 Phone 22262064 /
22253402
• Bank of Baroda - 72 Mahatma Gandhi Road Bangalore 560001 Phone 25587909
• Bank of India - 49 St. Marks Road Bangalore 560001 Phone 22212795
• Canara Bank - 112 J C Road Bangalore 560002 Phone 22221581
• Central Bank of India - Kempe Gowda Road Bangalore 560009 Phone 22873096
• Corporation Bank - 114 M.G.Road Bangalore 560001 Phone 25587940 / 25588435
• State Bank of India - Local Head Office, 48, Church Street, Bangalore 560 025 Ph:
25587098
• ING Vysya Bank - 72 St Marks Road Bangalore 560001 Phone 22212021

Ø Tools for analysis

SPSS

EXCEL

9
 CHAPTER 3:

EVOLUTION OF RISK MANAGEMENT

IN BANKS

It was in October 1999, that the Reserve Bank issued guidelines on Risk Management in
banks setting out its expectations from banks; the guidelines adopted an integrated approach
to risk management. Even earlier, in February 1999, banks were advised to set up an asset
liability management framework to manage liquidity and interest rate risk. In this context, the
following observations were made:

• The need to accelerate the speed at which banks have been moving towards
establishment of risk management systems .
• The need to achieve convergence with regulatory and supervisory
expectations/requirements while deciding on the sophistication of methods to
be adopted.
• Developing appropriate risk management architecture, MIS and skill
enhancement
• The need to integrate risk management process with capital planning strategies

The current business environment, with its pointed emphasis on corporate governance, is
making it critical for banks to explain their risk profiles publicly with greater clarity and
detail than ever before. Risk is still a complex and technical subject, so achieving
transparency will not be easy. Internal constituents, analysts, ratings agencies, investors, and
regulators all have varying levels of understanding of advanced risk measurement techniques.
All will require continuing education before the market as a whole reaches a common
understanding of risk. In particulars, direct stakeholders in any transaction need to be aware
of the risks involved. For the third pillar of Basle II (Market Discipline) to be efficacious, it is
important that the stakeholders are aware of the risks involved in the banks’ transactions and
the systems in place to manage the risks. In this context, the importance of an appropriateness
policy for banks offering various products to the corporate clients can't be over-emphasised.

10
The risk management systems developed by banks would include a lot of attention of top
management to the suitability of IT structure including issues of connectivity, designing an
MIS format that is risk focused, setting up an organization to manage risk that ensures
segregation of risk assessment from operations, frequent review of risk management systems
to ensure there is no slippage and last but not the least, to develop appropriate skills within
the organization. In this context, it must be kept in view that risk management is not the sole
concern of the risk management department but rather a culture that pervades the whole
organization with specific support from the top management.

RECENT INITIATIVES IN RISK MANAGEMENT

In India, over the years various steps have been taken to strengthen the Risk Management
Architecture, both at the bank specific level as well as a broader systemic level.

ALM Guidelines: Most banks have put in place an ALM framework. However there is lot to
be done to internalize this framework as a part of the overall risk perceptions of the bank and
the capital planning strategy of the bank. Issues in data infirmity still remain to some extent.
In many cases, the ALCO’s role remains confined to deciding on interest rates of the bank.
This is partly due to lack of decision support system available to the ALCO. Availability of
impact and scenario analysis of changes in yield structures would be a significant enabling
factor.

The Reserve Bank has recently issued draft guidelines to banks with the objective of
graduating from the current maturity ladder approach prevalent in most banks to a duration
gap approach. The later approach makes it possible for banks to calculate the modified
duration of assets and liabilities, the duration gap and duration of equity. The concept of
duration of equity gives banks, subject to certain limitations, a single number indicating the
impact of a one per cent change of interest rate on its capital, captures the interest rate risk
and thereby helps move a step forward towards assessment of risk based capital/economic
capital.

11
Credit risk: Another important issue is that bank resources and supervisory resources have
concentrated on credit risk modeling of commercial and industrial portfolios, with relatively
fewer resources devoted to risk quantification in the retail credit area. The possible reasons
could be

(i) from a systemic perspective, it makes economic sense to devote more resources to
evaluating the risk factors of larger loans

(ii) there is a long history of ratings agency evaluations for publicly traded firms which ,
along with the extensive data available for publicly traded firms, provided an extremely
useful benchmark for the development of quantification methods for commercial portfolios.

However, despite this commercial side emphasis, retail credit is a substantial part of the risk
borne by the banking industry, and can not be ignored. Recognizing this, over the last decade
or so, the industry and academia have devoted significant resources to developing more
sophisticated credit-scoring models for measuring this risk. Like their counterparts on the
commercial side, these models also rely heavily on quantitative analysis.

Derivatives: There has been a spurt of derivatives exposures in the off balance sheet
exposures. The composition of derivatives portfolio of the banking system has also
undergone a significant transformation. Forward foreign exchange contracts which accounted
for around 80% of total derivatives, declined steadily and stood at almost 43%. while the
share of interest rate contracts went up from 19% to 54% during the same period. Foreign
currency options have recorded noticeable increase during the last year.

The risks arising on account of OBS activities of banks are controlled through a combination
of both banks’ internal risk management and control policies and risk mitigation mechanism
imposed by the regulators. The board approved internal control policies covering various
aspects of management of risks arising both on and off balance sheet exposures constitute the
first line of defence to the bank. Holding of minimum defined regulatory capital for all OBS
exposures, collection of periodic supervisory data and incorporating transparency and
disclosure requirements in bank balance sheet are some of the major regulatory initiatives
undertaken to control and monitor OBS exposures of the banking system.

12
The rapid proliferation of derivatives exposures inevitably poses a challenge on account of
the downside risks associated with them, if not managed properly. There are issues relating to
use of structured products, valuation, counterparty related issues, risk management and
reporting issues and last but not the least, training and skill development. While derivatives
facilitate risk hedging and risk transfer to institutions more willing to bear the risks, the
tendency of participants to use derivatives to assume excessive leverage, and lack of
prudential accounting guidelines are matters of concern.

RBI has been stressing on the need to carry out due diligence regarding customer
appropriateness and suitability of products before offering derivative products to their
customers. There is need to use risk mitigation techniques such as collaterals and netting to
reduce systemic risks and evolve appropriate accounting guidelines.

Stress Testing: The need for banks to have robust stress testing process for assessment of
capital adequacy given various possible events like economic downturns, industrial
downturns, market risk events and sudden shifts in liquidity conditions. Similarly exposures
to sensitive sectors and high risk category of assets would have to be subjected to more
frequent stress tests based. Stress tests would enable banks to assess the risk more accurately
and, thereby, facilitate planning for appropriate capital requirements.

Subsequently RBI has issued guidelines on stress testing. Banks are required to identify an
appropriate range of realistic adverse circumstances and events in which the identified risk
crystallizes and estimate the financial resources needed by it under each of the circumstances
to : a) meet the risk as it arises and for mitigating the impact of manifestation of that risk; b)
meet the liabilities as they fall due; and c) meet the minimum CRAR requirements. It may be
pertinent to note that the banks have been advised to apply stress tests at varying frequencies
dictated by their respective business requirements, relevance and cost.

Financial Conglomerates: The rapid expansion of financial services, both in terms of

volumes and variety have, as it is, posed a challenge for financial stability. This is made all
the more difficult by the organizational dimension which perhaps provides scope for
regulatory arbitrage. While this could appear beneficial to the organisation in the short run, it
only heightens systemic risk that in turn exposes the institution to externalities which have a

13
cost. There has been entry of some banks into other financial segments like merchant
banking, insurance and several new players have emerged who have a diversified presence
across major segments of financial sector. Some of the non-banking institutions in the
financial sector can acquire proportions large enough to have a systemic impact. It has,
therefore, become necessary not only for the supervisor to have a "conglomerate" approach to
regulation and supervision but also for banks themselves to put in place risk management
systems at global levels i.e for the whole organizational as a whole, rather than only the bank
level. The risks associated with conglomeration may include:

1. The moral hazard associated with the ‘Too-Big-To-Fail’ position of many financial
conglomerates;

2. Contagion or reputation effects on account of the 'holding out' phenomenon;

3. Concerns about regulatory arbitrage, non-arm’s length dealings, etc. arising out of Intra-
group Transactions and Exposures (ITEs) both financial and non-financial

It is in this context that the issue of integrated risk management, at the enterprise wide as well
as group wide level, acquires significance. RBI has put in place a framework for oversight of
financial conglomerates, along with SEBI and IRDA. Half-yearly discussions have also been
initiated with the Chief Executive Officers of the designated entities of the conglomerates to
address outstanding issues/ supervisory concerns.

14
 CHAPTER 4:

FRAMEWORK OF RISK AND RISK

MANAGEMENT
DEFINING RISK:
Financial risk in a banking organization is possibility that the outcome of an action or event
could bring up adverse impacts. Such outcomes could either result in a direct loss of earnings
/ capital or may result in imposition of constraints on bank’s ability to meet its business
objectives. Such constraints pose a risk as these could hinder a bank's ability to conduct its
ongoing business or to take benefit of opportunities to enhance its business.

Regardless of the sophistication of the measures, banks often distinguish between expected
and unexpected losses. Expected losses are those that the bank knows with reasonable
certainty will occur (e.g., the expected default rate of corporate loan portfolio or credit card
portfolio) and are typically reserved for in some manner. Unexpected losses are those
associated with unforeseen events (e.g. losses experienced by banks in the aftermath of
nuclear tests, Losses due to a sudden down turn in economy or falling interest rates). Banks
rely on their capital as a buffer to absorb such losses.

Risks are usually defined by the adverse impact on profitability of several distinct sources of
uncertainty. While the types and degree of risks an organization may be exposed to depend
upon a number of factors such as its size, complexity business activities, volume etc, it is
believed that generally the banks face Credit, Market, Liquidity, Operational, Compliance /
legal /regulatory and reputation risks. Before overarching these risk categories, given below
are some basics about risk Management and some guiding principles to manage risks in
banking organization.

RISK MANAGEMENT
Risk Management is a discipline at the core of every financial institution and encompasses all
the activities that affect its risk profile. It involves identification, measurement, monitoring
and controlling risks to ensure that

15
a) The individuals who take or manage risks clearly understand it.
b) The organization’s Risk exposure is within the limits established by Board of Directors.
c) Risk taking Decisions are in line with the business strategy and objectives set by BOD.
d) The expected payoffs compensate for the risks taken
e) Risk taking decisions are explicit and clear.
f) Sufficient capital as a buffer is available to take risk

The acceptance and management of financial risk is inherent to the business of banking and
banks’ roles as financial intermediaries. Risk management as commonly perceived does not
mean minimizing risk; rather the goal of risk management is to optimize risk-reward trade -
off. Notwithstanding the fact that banks are in the business of taking risk, it should be
recognized that an institution need not engage in business in a manner that unnecessarily
imposes risk upon it: nor it should absorb risk that can be transferred to other participants.
Rather it should accept those risks that are uniquely part of the array of bank’s services.

RISK MANAGEMENT AT DIFFERENT LEVELS:

In every financial institution, risk management activities broadly take place simultaneously at
following different hierarchy levels.

A) Strategic level: It encompasses risk management functions performed by senior

management and BOD. For instance definition of risks, ascertaining institutions risk appetite,
formulating strategy and policies for managing risks and establish adequate systems and
controls to ensure that overall risk remain within acceptable level and the reward compensate
for the risk taken.

B) Macro Level: It encompasses risk management within a business area or across business
lines. Generally the risk management activities performed by middle management or units
devoted to risk reviews fall into this category.

C) Micro Level: It involves ‘On-the-line’ risk management where risks are actually created.
This is the risk management activities performed by individuals who take risk on
organization’s behalf such as front office and loan origination functions. The risk

16
management in those areas is confined to following operational procedures and guidelines set
by management.

Expanding business arenas, deregulation and globalization of financial activities emergence

of new financial products and increased level of competition has necessitated a need for an
effective and structured risk management in financial institutions. A bank’s ability to
measure, monitor, and steer risks comprehensively is becoming a decisive parameter for its
strategic positioning. The risk management framework and sophistication of the process, and
internal controls, used to manage risks, depends on the nature, size and complexity of
institutions activities. Nevertheless, there are some basic principles that apply to all financial
institutions irrespective of their size and complexity of business and are reflective of the
strength of an individual bank's risk management practices.

RISK MANAGEMENT FRAMEWORK

A risk management framework encompasses the scope of risks to be managed, the

process/systems and procedures to manage risk and the roles and responsibilities of
individuals involved in risk management. The framework should be comprehensive enough
to capture all risks a bank is exposed to and have flexibility to accommodate any change in
business activities. An effective risk management framework includes

a) Clearly defined risk management policies and procedures covering risk identification,
acceptance, measurement, monitoring, reporting and control.

b) A well constituted organizational structure defining clearly roles and responsibilities of

individuals involved in risk taking as well as managing it. Banks, in addition to risk
management functions for various risk categories may institute a setup that supervises overall
risk management at the bank. Such a setup could be in the form of a separate department or
bank’s Risk Management Committee (RMC) could perform such function (A recent concept
in this regard is Enterprise Risk Management (ERM). The structure should be such that
ensures effective monitoring and control over risks being taken. The individuals responsible
for review function (Risk review, internal audit, compliance etc) should be independent from
risk taking units and report directly to board or senior management who are also not involved

17
in risk taking.

c) There should be an effective management information system that ensures flow of

information from operational level to top management and a system to address any
exceptions observed. There should be an explicit procedure regarding measures to be taken to
address such deviations.

d) The framework should have a mechanism to ensure an ongoing review of systems, policies
and procedures for risk management and procedure to adopt changes.

INTEGRATION OF RISK MANAGEMENT

Risks must not be viewed and assessed in isolation, not only because a single transaction
might have a number of risks but also one type of risk can trigger other risks. Since
interaction of various risks could result in diminution or increase in risk, the risk management
process should recognize and reflect risk interactions in all business activities as appropriate.
While assessing and managing risk the management should have an overall view of risks the
institution is exposed to. This requires having a structure in place to look at risk
interrelationships across the organization.

BUSINESS LINE ACCOUNTABILITY.

In every banking organization there are people who are dedicated to risk management
activities, such as risk review, internal audit etc. It must not be construed that risk
management is something to be performed by a few individuals or a department. Business
lines are equally responsible for the risks they are taking. Because line personnel, more than
anyone else, understand the risks of the business, such a lack of accountability can lead to
problems.

RISK EVALUATION/MEASUREMENT.
Until and unless risks are not assessed and measured it will not be possible to control risks.
Further a true assessment of risk gives management a clear view of institution’s standing and
helps in deciding future action plan. To adequately capture institutions risk exposure, risk

18
measurement should represent aggregate exposure of institution both risk type and business
line and encompass short run as well as long run impact on institution. To the maximum
possible extent institutions should establish systems / models that quantify their risk profile,
however, in some risk categories such as operational risk, quantification is quite difficult and
complex. Wherever it is not possible to quantify risks, qualitative measures should be
adopted to capture those risks. Whilst quantitative measurement systems support effective
decision-making, better measurement does not obviate the need for well-informed, qualitative
judgment. Consequently the importance of staff having relevant knowledge and expertise
cannot be undermined. Finally any risk measurement framework, especially those which
employ quantitative techniques/model, is only as good as its underlying assumptions, the
rigor and robustness of its analytical methodologies, the controls surrounding data inputs and
its appropriate application.

INDEPENDENT REVIEW.
One of the most important aspects in risk management philosophy is to make sure that those
who take or accept risk on behalf of the institution are not the ones who measure, monitor and
evaluate the risks. Again the managerial structure and hierarchy of risk review function may
vary across banks depending upon their size and nature of the business, the key is
independence. To be effective the review functions should have sufficient authority, expertise
and corporate stature so that the identification and reporting of their findings could be
accomplished without any hindrance. The findings of their reviews should be reported to
business units, Senior Management and, where appropriate, the Board.

CONTINGENCY PLANNING.
Institutions should have a mechanism to identify stress situations ahead of time and plans to
deal with such unusual situations in a timely and effective manner. Stress situations to which
this principle applies include all risks of all types. For instance contingency planning
activities include disaster recovery planning, public relations damage control, litigation
strategy, responding to regulatory criticism etc. Contingency plans should be reviewed
regularly to ensure they encompass reasonably probable events that could impact the
organization. Plans should be tested as to the appropriateness of responses, escalation and
communication channels and the impact on other parts of the institution.

19
 CHAPTER 5 :

MANAGING CREDIT RISK

Credit risk arises from the potential that an obligor is either unwilling to perform on an
obligation or its ability to perform such obligation is impaired resulting in economic loss to
the bank.

In a bank’s portfolio, losses stem from outright default due to inability or unwillingness of a
customer or counter party to meet commitments in relation to lending, trading, settlement and
other financial transactions. Alternatively losses may result from reduction in portfolio value
due to actual or perceived deterioration in credit quality. Credit risk emanates from a bank’s
dealing with individuals, corporate, financial institutions or a sovereign. For most banks,
loans are the largest and most obvious source of credit risk; however, credit risk could stem
from activities both on and off balance sheet. In addition to direct accounting loss, credit risk
should be viewed in the context of economic exposures. This encompasses opportunity costs,
transaction costs and expenses associated with a non-performing asset over and above the
accounting loss.

Credit risk can be further sub-categorized on the basis of reasons of default. For instance the
default could be due to country in which there is exposure or problems in settlement of a
transaction. Credit risk not necessarily occurs in isolation. The same source that endangers
credit risk for the institution may also expose it to other risk. For instance a bad portfolio may
attract liquidity problem.

COMPONENTS OF CREDIT RISK MANAGEMENT

A typical Credit risk management framework in a financial institution may be broadly
categorized into following main components.
a) Board and senior Management’s Oversight
b) Organizational structure
c) Systems and procedures for identification, acceptance, measurement, monitoring and
control risks.

20
A) Board and Senior Management’s Oversight
It is the overall responsibility of bank’s Board to approve bank’s credit risk strategy and
significant policies relating to credit risk and its management which should be based on the
bank’s overall business strategy. To keep it current, the overall strategy has to be reviewed by
the board, preferably annually. The responsibilities of the Board with regard to credit risk
management should include :
a) Delineate bank’s overall risk tolerance in relation to credit risk.
b) Ensure that bank’s overall credit risk exposure is maintained at prudent levels and
consistent with the available capital
c) Ensure that top management as well as individuals responsible for credit risk management
possess sound expertise and knowledge to accomplish the risk management function
d) Ensure that the bank implements sound fundamental principles that facilitate the
identification, measurement, monitoring and control of credit risk.
e) Ensure that appropriate plans and procedures for credit risk management are in place.

The very first purpose of bank’s credit strategy is to determine the risk appetite of the bank.
Once it is determined the bank could develop a plan to optimize return while keeping credit
risk within predetermined limits. The bank’s credit risk strategy thus should spell out
a) The institution’s plan to grant credit based on various client segments and products,
economic sectors, geographical location, currency and maturity
b) Target market within each lending segment, preferred level of diversification/
concentration.
c) Pricing strategy.

It is essential that banks give due consideration to their target market while devising credit
risk strategy. The credit procedures should aim to obtain an in-depth understanding of the
bank’s clients, their credentials & their businesses in order to fully know their customers.

The strategy should provide continuity in approach and take into account cyclic aspect of
country’s economy and the resulting shifts in composition and quality of overall credit
portfolio. While the strategy would be reviewed periodically and amended, as deemed
necessary, it should be viable in long term and through various economic cycles.

21
The senior management of the bank should develop and establish credit policies and credit
administration procedures as a part of overall credit risk management framework and get
those approved from board. Such policies and procedures shall provide guidance to the staff
on various types of lending including corporate, SME, consumer, agriculture, etc. At
minimum the policy should include
• Detailed and formalized credit evaluation/ appraisal process.
• Credit approval authority at various hierarchy levels including authority for approving
exceptions.
• Risk identification, measurement, monitoring and control
• Risk acceptance criteria
• Credit origination and credit administration and loan documentation procedures
• Roles and responsibilities of units/staff involved in origination and management of
credit.
• Guidelines on management of problem loans.

In order to be effective these policies must be clear and communicated down the line. Further
any significant deviation/exception to these policies must be communicated to the top
management/board and corrective measures should be taken. It is the responsibility of senior
management to ensure effective implementation of these policies.

B) Organizational Structure.
To maintain bank’s overall credit risk exposure within the parameters set by the board of
directors, the importance of a sound risk management structure is second to none. While the
banks may choose different structures, it is important that such structure should be
commensurate with institution’s size, complexity and diversification of its activities. It must
facilitate effective management oversight and proper execution of credit risk management
and control processes.

Each bank, depending upon its size, should constitute a Credit Risk Management Committee
(CRMC), ideally comprising of head of credit risk management Department, credit
department and treasury. This committee reporting to bank’s risk management committee
should be empowered to oversee credit risk taking activities and overall credit risk
management function.

22
The CRMC should be mainly responsible for
• The implementation of the credit risk policy / strategy approved by the Board.
• Monitor credit risk on a bank-wide basis and ensure compliance with limits approved
by the Board.
• Recommend to the Board, for its approval, clear policies on standards for presentation
of credit proposals, financial covenants, rating standards and benchmarks.
• Decide delegation of credit approving powers, prudential limits on large credit
exposures, standards for loan collateral, portfolio management, loan review
mechanism, risk concentrations, risk monitoring and evaluation, pricing of loans,
provisioning, regulatory/legal compliance, etc.

Further, to maintain credit discipline and to enunciate credit risk management and control
process there should be a separate function independent of loan origination function. Credit
policy formulation, credit limit setting, monitoring of credit exceptions / exposures and
review /monitoring of documentation are functions that should be performed independently
of the loan origination function. For small banks where it might not be feasible to establish
such structural hierarchy, there should be adequate compensating measures to maintain credit
discipline introduce adequate checks and balances and standards to address potential conflicts
of interest. Ideally, the banks should institute a Credit Risk Management Department
(CRMD). Typical functions of CRMD include:
a) To follow a holistic approach in management of risks inherent in banks portfolio and
ensure the risks remain within the boundaries established by the Board or Credit Risk
Management Committee.
b) The department also ensures that business lines comply with risk parameters and
prudential limits established by the Board or CRMC.
c) Establish systems and procedures relating to risk identification, Management Information
System, monitoring of loan / investment portfolio quality and early warning. The department
would work out remedial measure when deficiencies/problems are identified.
d) The Department should undertake portfolio evaluations and conduct comprehensive
studies on the environment to test the resilience of the loan portfolio.

23
C) Systems and Procedures

Credit Origination.
Banks must operate within a sound and well-defined criteria for new credits as well as the
expansion of existing credits. Credits should be extended within the target markets and
lending strategy of the institution.
Before allowing a credit facility, the bank must make an assessment of risk profile of the
customer/transaction. This may include
a) Credit assessment of the borrower’s industry, and macro economic factors.
b) The purpose of credit and source of repayment.
c) The track record / repayment history of borrower.
d) Assess/evaluate the repayment capacity of the borrower.
e) The Proposed terms and conditions and covenants.
f) Adequacy and enforceability of collaterals.
g) Approval from appropriate authority

In case of new relationships consideration should be given to the integrity and repute of the
borrowers or counter party as well as its legal capacity to assume the liability. Prior to
entering into any new credit relationship the banks must become familiar with the borrower
or counter party and be confident that they are dealing with individual or organization of
sound repute and credit worthiness. However, a bank must not grant credit simply on the
basis of the fact that the borrower is perceived to be highly reputable i.e. name lending should
be discouraged. While structuring credit facilities institutions should appraise the amount and
timing of the cash flows as well as the financial position of the borrower and intended
purpose of the funds. It is utmost important that due consideration should be given to the risk
reward trade –off in granting a credit facility and credit should be priced to cover all
embedded costs. Relevant terms and conditions should be laid down to protect the
institution’s interest.
Institutions have to make sure that the credit is used for the purpose it was borrowed. Where
the obligor has utilized funds for purposes not shown in the original proposal, institutions
should take steps to determine the implications on creditworthiness. In case of corporate
loans where borrower own group of companies such diligence becomes more important.
Institutions should classify such connected companies and conduct credit assessment on
consolidated/group basis.

24
In loan syndication, generally most of the credit assessment and analysis is done by the lead
institution. While such information is important, institutions should not over rely on that. All
syndicate participants should perform their own independent analysis and review of syndicate
terms. Institution should not over rely on collaterals / covenant. Although the importance of
collaterals held against loan is beyond any doubt, yet these should be considered as a buffer
providing protection in case of default, primary focus should be on obligor’s debt servicing
ability and reputation in the market.

Limit setting
An important element of credit risk management is to establish exposure limits for single
obligors and group of connected obligors. Institutions are expected to develop their own limit
structure while remaining within the exposure limits set by RBI. The size of the limits should
be based on the credit strength of the obligor, genuine requirement of credit, economic
conditions and the institution’s risk tolerance. Appropriate limits should be set for respective
products and activities. Institutions may establish limits for a specific industry, economic
sector or geographic regions to avoid concentration risk.
Sometimes, the obligor may want to share its facility limits with its related companies.
Institutions should review such arrangements and impose necessary limits if the transactions
are frequent and significant
Credit limits should be reviewed regularly at least annually or more frequently if obligor’s
credit quality deteriorates. All requests of increase in credit limits should be substantiated.

Credit Administration.
Ongoing administration of the credit portfolio is an essential part of the credit process. Credit
administration function is basically a back office activity that support and control extension
and maintenance of credit. A typical credit administration unit performs following functions:

a. Documentation. It is the responsibility of credit administration to ensure completeness of

documentation (loan agreements, guarantees, transfer of title of collaterals etc) in accordance
with approved terms and conditions. Outstanding documents should be tracked and followed
up to ensure execution and receipt.

b. Credit Disbursement. The credit administration function should ensure that the loan
application has proper approval before entering facility limits into computer systems.

25
Disbursement should be effected only after completion of covenants, and receipt of collateral
holdings. In case of exceptions necessary approval should be obtained from competent
authorities.

c. Credit monitoring. After the loan is approved and draw down allowed, the loan should be
continuously watched over. These include keeping track of borrowers’ compliance with
credit terms, identifying early signs of irregularity, conducting periodic valuation of collateral
and monitoring timely repayments.

d. Loan Repayment. The obligors should be communicated ahead of time as and when the
principal/mark up instalment becomes due. Any exceptions such as non-payment or late
payment should be tagged and communicated to the management. Proper records and updates
should also be made after receipt.

e. Maintenance of Credit Files. Institutions should devise procedural guidelines and

standards for maintenance of credit files. The credit files not only include all correspondence
with the borrower but should also contain sufficient information necessary to assess financial
health of the borrower and its repayment performance. It need not mention that information
should be filed in organized way so that external / internal auditors review it easily.

f. Collateral and Security Documents. Institutions should ensure that all security documents
are kept in a fireproof safe under dual control. Registers for documents should be maintained
to keep track of their movement. Procedures should also be established to track and review
relevant insurance coverage for certain facilities/collateral. Physical checks on security
documents should be conducted on a regular basis.

MEASURING CREDIT RISK.

The measurement of credit risk is of vital importance in credit risk management. A number of
qualitative and quantitative techniques to measure risk inherent in credit portfolio are
evolving. To start with, banks should establish a credit risk rating framework across all type
of credit activities. Among other things, the rating framework may, incorporate:
Business Risk
o Industry Characteristics

26
o Competitive Position (e.g. marketing/technological edge)
o Management

Financial Risk
o Financial condition
o Profitability
o Capital Structure
o Present and future Cash flows

Internal Risk Rating.

Credit risk rating is summary indicator of a bank’s individual credit exposure. An internal
rating system categorizes all credits into various classes on the basis of underlying credit
quality. A well-structured credit rating framework is an important tool for monitoring and
controlling risk inherent in individual credits as well as in credit portfolios of a bank or a
business line. The importance of internal credit rating framework becomes more eminent due
to the fact that historically major losses to banks stemmed from default in loan portfolios.
While a number of banks already have a system for rating individual credits in addition to the
risk categories prescribed by RBI, all banks are encouraged to devise an internal rating
framework. An internal rating framework would facilitate banks in a number of ways such as
a) Credit selection
b) Amount of exposure
c) Tenure and price of facility
d) Frequency or intensity of monitoring
e) Analysis of migration of deteriorating credits and more accurate computation of future
loan loss provision
f) Deciding the level of Approving authority of loan.

CREDIT RISK MONITORING & CONTROL

Credit risk monitoring refers to incessant monitoring of individual credits inclusive of Off-
Balance sheet exposures to obligors as well as overall credit portfolio of the bank. Banks
need to enunciate a system that enables them to monitor quality of the credit portfolio on day-

27
to-day basis and take remedial measures as and when any deterioration occurs. Such a system
would enable a bank to ascertain whether loans are being serviced as per facility terms, the
adequacy of provisions, the overall risk profile is within limits established by management
and compliance of regulatory limits. Establishing an efficient and effective credit monitoring
system would help senior management to monitor the overall quality of the total credit
portfolio and its trends. Consequently the management could fine tune or reassess its credit
strategy /policy accordingly before encountering any major setback. The banks credit policy
should explicitly provide procedural guideline relating to credit risk monitoring. At the
minimum it should lay down procedure relating to
• The roles and responsibilities of individuals responsible for credit risk monitoring
• The assessment procedures and analysis techniques (for individual loans & overall
portfolio)
• The frequency of monitoring
• The periodic examination of collaterals and loan covenants
• The frequency of site visits
• The identification of any deterioration in any loan
Given below are some key indicators that depict the credit quality of a loan:

a. Financial Position and Business Conditions. The most important aspect about an obligor
is its financial health, as it would determine its repayment capacity. Consequently institutions
need carefully watch financial standing of obligor. The Key financial performance indicators
on profitability, equity, leverage and liquidity should be analyzed. While making such
analysis due consideration should be given to business/industry risk, borrowers position
within the industry and external factors such as economic condition, government policies,
regulations. For companies whose financial position is dependent on key management
personnel and/or shareholders, for example, in small and medium enterprises, institutions
would need to pay particular attention to the assessment of the capability and capacity of the
Management/shareholder.

b. Conduct of Accounts. In case of existing obligor the operation in the account would give
a fair idea about the quality of credit facility. Institutions should monitor the obligor’s
account activity, repayment history and instances of excesses over credit limits. For trade

28
financing, institutions should monitor cases of repeat extensions of due dates for trust receipts
and bills.

c. Loan Covenants. The obligor’s ability to adhere to negative pledges and financial
covenants stated in the loan agreement should be assessed, and any breach detected should be
addressed promptly.

d. Collateral valuation. Since the value of collateral could deteriorate resulting in unsecured
lending, banks need to reassess value of collaterals on periodic basis. The frequency of such
valuation is very subjective and depends upon nature of collaterals. For instance loan granted
against shares need revaluation on almost daily basis whereas if there is mortgage of a
residential property the revaluation may not be necessary as frequently. In case of credit
facilities secured against inventory or goods at the obligor’s premises, appropriate inspection
should be conducted to verify the existence and valuation of the collateral.

RISK REVIEW
The institutions must establish a mechanism of independent, ongoing assessment of credit
risk management process. All facilities except those managed on a portfolio basis should be
subjected to individual risk review at least once in a year. The results of such review should
be properly documented and reported directly to board, or its subcommittee or senior
management without lending authority. The purpose of such reviews is to assess the credit
administration process, the accuracy of credit rating and overall quality of loan portfolio
independent of relationship with the obligor.
Institutions should conduct credit review with updated information on the obligor’s financial
and business conditions, as well as conduct of account. Exceptions noted in the credit
monitoring process should also be evaluated for impact on the obligor’s creditworthiness.
Credit review should also be conducted on a consolidated group basis to factor in the
business connections among entities in a borrowing group.

29
DELEGATION OF AUTHORITY.
Banks are required to establish responsibility for credit sanctions and delegate authority to
approve credits or changes in credit terms. It is the responsibility of banks board to approve
the overall lending authority structure, and explicitly delegate credit sanctioning authority to
senior management and the credit committee.. It would be better if institutions develop risk-
based authority structure where lending power is tied to the risk ratings of the obligor.

MANAGING PROBLEM CREDITS

A bank’s credit risk policies should clearly set out how the bank will manage problem credits.
Banks differ on the methods and organization they use to manage problem credits.
Responsibility for such credits may be assigned to the originating business function, a
specialized workout section, or a combination of the two, depending upon the size and nature
of the credit and the reason for its problems. A problem loan management process encompass
following basic elements.
a. Negotiation and follow-up.
b. Workout remedial strategies
c. Review of collateral and security document
d. Status Report and Review

30
 CHAPTER 6:

MANAGING MARKET RISK

Market risk is the risk that the value of on and off-balance sheet positions of a financial
institution which will be adversely affected by movements in market rates or prices such as
interest rates, foreign exchange rates, equity prices, credit spreads and/or commodity prices
resulting in a loss to earnings and capital.

Financial institutions may be exposed to Market Risk in variety of ways. Market risk
exposure may be explicit in portfolios of securities / equities and instruments that are actively
traded. Conversely it may be implicit such as interest rate risk due to mismatch of loans and
deposits. Besides, market risk may also arise from activities categorized as off-balance sheet
item. Therefore market risk is potential for loss resulting from adverse movement in market
risk factors such as interest rates, forex rates, equity and commodity prices.

INTEREST RATE RISK:

Interest rate risk arises when there is a mismatch between positions, which are subject to
interest rate adjustment within a specified period. The bank’s lending, funding and
investment activities give rise to interest rate risk. The immediate impact of variation in
interest rate is on bank’s net interest income, while a long term impact is on bank’s net worth
since the economic value of bank’s assets, liabilities and off-balance sheet exposures are
affected. Consequently there are two common perspectives for the assessment of interest rate
risk

a) Earning perspective: In earning perspective, the focus of analysis is the impact of

variation in interest rates on accrual or reported earnings. This is a traditional approach to
interest rate risk assessment and obtained by measuring the changes in the Net Interest
Income (NII) or Net Interest Margin (NIM) i.e. the difference between the total interest
income and the total interest expense.

31
b) Economic Value perspective: It reflects the impact of fluctuation in the interest rates on
economic value of a financial institution. Economic value of the bank can be viewed as the
present value of future cash flows. In this respect economic value is affected both by changes
in future cash flows and discount rate used for determining present value. Economic value
perspective considers the potential longer-term impact of interest rates on an institution.

Sources of interest rate risks:

Interest rate risk occurs due to (1) differences between the timing of rate changes and the
timing of cash flows (re-pricing risk); (2) changing rate relationships among different yield
curves effecting bank activities (basis risk); (3) changing rate relationships across the range
of maturities (yield curve risk); and (4) interest-related options embedded in bank products
(options risk).

FOREIGN EXCHANGE RISK:

It is the current or prospective risk to earnings and capital arising from adverse movements
in currency exchange rates. It refers to the impact of adverse movement in currency exchange
rates on the value of open foreign currency position. The banks are also exposed to interest
rate risk, which arises from the maturity mismatching of foreign currency positions. Even in
cases where spot and forward positions in individual currencies are balanced, the maturity

Pattern of forward transactions may produce mismatches. As a result, banks may suffer losses
due to changes in discounts of the currencies concerned. In the foreign exchange business,
banks also face the risk of default of the counter parties or settlement risk. While such type of
risk crystallization does not cause principal loss, banks may have to undertake fresh
transactions in the cash/spot market for replacing the failed transactions. Thus, banks may
incur replacement cost, which depends upon the currency rate movements. Banks also face

Another risk called time-zone risk, which arises out of time lags in settlement of one currency
in one center and the settlement of another currency in another time zone

EQUITY PRICE RISK:

It is risk to earnings or capital that results from adverse changes in the value of equity related
portfolios of a financial institution. Price risk associated with equities could be systematic or

32
unsystematic. The former refers to sensitivity of portfolio’s value to changes in overall level
of equity prices, while the later is associated with price volatility that is determined by firm
specific characteristics.

ELEMENTS OF MARKET RISK MANAGEMENT

Board and senior Management Oversight.

Likewise other risks, the concern for management of Market risk must start from the top
management. Effective board and senior management oversight of the bank’s overall market
risk exposure is cornerstone of risk management process. For its part, the board of directors
has following responsibilities.
• Delineate banks overall risk tolerance in relation to market risk.
• Ensure that bank’s overall market risk exposure is maintained at prudent levels and
consistent with the available capital.
• Ensure that top management as well as individuals responsible for market risk
management possess sound expertise and knowledge to accomplish the risk
management function.
• Ensure that the bank implements sound fundamental principles that facilitate the
identification, measurement, monitoring and control of market risk.
• Ensure that adequate resources (technical as well as human) are devoted to market
risk management.

The first element of risk strategy is to determine the level of market risk the institution is
prepared to assume. The risk appetite in relation to market risk should be assessed keeping in
view the capital of the institution as well as exposure to other risks. Once the market risk
appetite is determined, the institution should develop a strategy for market risk-taking in
order to maximize returns while keeping exposure to market risk at or below the pre-
determined level. While articulating market risk strategy the board needs to consider
economic and market conditions, and the resulting effects on market risk; expertise available
to profit in specific markets and their ability to identify, monitor and control the market risk
in those markets; the institution’s portfolio mix and diversification.

Finally the market risk strategy should be periodically reviewed and effectively
communicated to the relevant staff. There should be a process to identify any shifts from the

33
approved market risk strategy and target markets, and to evaluate the resulting impact. The
Board of Directors should periodically review the financial results of the institution and,
based on these results, determine if changes need to be made to the strategy.

While the board gives a strategic direction and goals, it is the responsibility of top
management to transform those directions into procedural guidelines and policy document
and ensure proper implementation of those policies. Accordingly, senior management is
responsible to:
• Develop and implement procedures that translate business policy and strategic
direction set by BOD into operating standards that are well understood by bank’s
personnel.
• Ensure adherence to the lines of authority and responsibility that board has established
for measuring, managing, and reporting market risk.
• Oversee the implementation and maintenance of Management Information System
that identify, measure, monitor, and control bank’s market risk.
• Establish effective internal controls to monitor and control market risk.

The institutions should formulate market risk management polices which are approved by
board. The policy should clearly delineate the lines of authority and the responsibilities of the
Board of Directors, senior management and other personnel responsible for managing market
risk; set out the risk management structure and scope of activities; and identify risk
management issues, such as market risk control limits, delegation of approving authority for
market risk control limit setting and limit Excesses.

ORGANIZATIONAL STRUCTURE.
The organizational structure used to manage market risk vary depending upon the nature size
and scope of business activities of the institution, however, any structure does not absolve the
directors of their fiduciary responsibilities of ensuring safety and soundness of institution.
While the structure varies depending upon the size, scope and complexity of business, at a
minimum it should take into account following aspect.
a) The structure should conform to the overall strategy and risk policy set by the BOD.
b) Those who take risk (front office) must know the organization’s risk profile, products that
they are allowed to trade, and the approved limits.

34
c) The risk management function should be independent, reporting directly to senior
management or BOD.
d) The structure should be reinforced by a strong MIS for controlling, monitoring and
reporting market risk, including transactions between an institution and its affiliates.
Besides the role of Board as discussed earlier a typical organization set up for Market Risk
Management should include: -
• The Risk Management Committee
• The Asset-Liability Management Committee (ALCO)
• The Middle Office.

RISK MANAGEMENT COMMITTEE:

It is generally a board level subcommittee constituted to supervise overall risk management
functions of the bank. The structure of the committee may vary in banks depending upon the
size and volume of the business. Generally it could include heads of Credit, Market and
operational risk Management Committees. It will decide the policy and strategy for integrated
risk management containing various risk exposures of the bank including the market risk. The
responsibilities of Risk Management Committee with regard to market risk management
aspects include:
• Devise policies and guidelines for identification, measurement, monitoring and
control for all major risk categories.
• The committee also ensures that resources allocated for risk management are adequate
given the size nature and volume of the business and the managers and staff that take,
monitor and control risk possess sufficient knowledge and expertise.
• The bank has clear, comprehensive and well-documented policies and procedural
guidelines relating to risk management and the relevant staff fully understands those
policies.
• Reviewing and approving market risk limits, including triggers or stop losses for
traded and accrual portfolios.
• Ensuring robustness of financial models, and the effectiveness of all systems used to
calculate market risk.
• The bank has robust Management information system relating to risk reporting.

35
ASSET-LIABILITY COMMITTEE
Popularly known as ALCO, is senior management level committee responsible for
supervision / management of Market Risk (mainly interest rate and Liquidity risks). The
committee generally comprises of senior managers from treasury, Chief Financial Officer,
business heads generating and using the funds of the bank, credit, and individuals from the
departments having direct link with interest rate and liquidity risks. The CEO or some senior
person nominated by CEO should be head of the committee. The size as well as composition
of ALCO could depend on the size of each institution, business mix and organizational
complexity. To be effective ALCO should have members from each area of the bank that
significantly influences liquidity risk. In addition, the head of the Information system
Department (if any) may be an invitee for building up of MIS and related computerization.
Major responsibilities of the committee include:
• To keep an eye on the structure /composition of bank’s assets and liabilities and
decide about product pricing for deposits and advances.
• Decide on required maturity profile and mix of incremental assets and liabilities.
• Articulate interest rate view of the bank and deciding on the future business strategy.
• Review and articulate funding policy.
• Decide the transfer pricing policy of the bank.
• Evaluate market risk involved in launching of new products.

ALCO should ensure that risk management is not confined to collection of data. Rather, it
will ensure that detailed analysis of assets and liabilities is carried out so as to assess the
overall balance sheet structure and risk profile of the bank. The ALCO should cover the
entire balance sheet/business of the bank while carrying out the periodic analysis.

MIDDLE OFFICE.
The risk management functions relating to treasury operations are mainly performed by
middle office. The concept of middle office has recently been introduced so as to
independently monitor, measure and analyze risks inherent in treasury operations of banks.
Besides the unit also prepares reports for the information of senior management as well as
bank’s ALCO. Basically the middle office performs risk review function of day-to-day
activities. Being a highly specialized function, it should be staffed by people who have
relevant expertise and knowledge. The methodology of analysis and reporting may vary from

36
bank to bank depending on their degree of sophistication and exposure to market risks. These
same criteria will govern the reporting requirements demanded of the Middle Office, which
may vary from simple gap analysis to computerized VaR modeling. Middle Office staff may
prepare forecasts (simulations) showing the effects of various possible changes in market
conditions related to risk exposures. Banks using VaR or modeling methodologies should
ensure that its ALCO is aware of and understand the nature of the output, how it is derived,
assumptions and variables used in generating the outcome and any shortcomings of the
methodology employed. Segregation of duties should be evident in the middle office, which
must report to ALCO independently of the treasury function. In respect of banks without a
formal Middle Office, it should be ensured that risk control and analysis should rest with a
department with clear reporting independence from Treasury or risk taking units, until normal
Middle Office framework is established.

RISK MEASUREMENT
Accurate and timely measurement of market risk is necessary for proper risk management
and control. Market risk factors that affect the value of traded portfolios and the income
stream or value of non-traded portfolio and other business activities should be identified and
quantified using data that can be directly observed in markets or implied from observation or
history. While there is a wide range of risk measurement techniques ranging from static
measurement techniques (Gap analysis) to highly sophisticated dynamic modeling (Monte
Carlo Simulation), the banks may employ any technique depending upon the nature size and
complexity of the business and most important the availability and integrity of data. Banks
may adopt multiple risk measurement methodologies to capture market risk in various
business activities; however management should have an integrated view of overall market
risk across products and business lines. The measurement system ideally should
a) Assess all material risk factors associated with a bank's assets, liabilities, and Off Balance
sheet positions.
b) Utilize generally accepted financial concepts and risk measurement techniques.
c) Have well documented assumptions and parameters. It is important that the assumptions
underlying the system are clearly understood by risk managers and top management.

REPRICING GAP MODELS.

At the most basic level banks may use repricing gap schedules to measure their interest rate
risk. A gap report is a static model wherein interest sensitive assets (ISA), Interest Sensitive

37
liabilities (ISL) and off-balance sheet items are stratified into various time bands according to
their maturity (if fixed rate) or time remaining to their next re-pricing (if floating rate). The
size of the gap for a given time band - that is, assets minus liabilities plus OBS exposures that
re-price or mature within that time band gives an indication of the bank's re-pricing risk
exposure. If ISA of a bank exceed ISL in a certain time band, the bank is said to have a
positive GAP for that particular period and vice versa. An interest sensitive gap ratio is also a
good indicator of bank’s interest rate risk exposure.
Relative IS GAP = IS GAP /Bank’s Total Asset
Also an ISA to ISL ratio of bank for particular time band could be a useful estimation of a
bank’s position.
Interest Sensitive Ratio = ISA/ISL
Measuring Risk to Net Interest Income (NII)
Gap schedules can provide an estimate of changes in bank’s net interest income given
changes in interest rates. The gap for particular time band could be multiplied by a
hypothetical change in interest rate to obtain an approximate change in net interest income.
The formula to translate gaps into the amount of net interest income at risk, measuring
exposure over several periods, is: (Periodic gap) x (change in rate) x (time over which the
periodic gap is in effect) = change in NII

While such GAP measurement apparently seem perfect, practically there are some problems
such as interest paid on liabilities of a bank which are generally short term tend to move
quickly compared with that being earned on assets many of which are relatively longer term.
This problem can be minimized by assigning weights to various ISA and ISL that take into
account the tendency of the bank interest rates to vary in speed and magnitude relative to
each other and with the up and down business cycle.

MEASURE OF RISK TO ECONOMIC VALUE

The stratification of Assets and liabilities into various time bands in a gap analyses can also
be extended to measure change in economic value of bank’s assets due to change in interest
rates. This can be accomplished by applying sensitivity weights to each time band. Typically,
such weights are based on estimates of the duration* of the assets and liabilities that fall into
each timeband, where duration is a measure of the percent change in the economic value
of a position that will occur given a small change in the level of interest rates. Duration-based
weights can be used in combination with a maturity/ re-pricing schedule to provide a rough

38
approximation of the change in a bank's economic value that could occur given a particular
set of changes in market interest rates. Earnings at Risk and Economic Value of Equity
Models.

Many bank, especially those using complex financial instruments or otherwise having
complex risk profiles, employ more sophisticated interest rate risk measurement systems than
those used on simple maturity/re-pricing schedules. These simulation techniques attempt to
overcome the limitation of static gap schedules and typically involve detailed assessments of
the potential effects of changes in interest rates on earnings or economic value by simulating
the future path of interest rates and their impact on cash flows. In static simulations, the cash
flows arising solely from the bank's current on- and off balance sheet positions are assessed.
In a dynamic simulation approach, the simulation builds in more detailed assumptions about
the future course of interest rates and expected changes in a bank's business activity over that
time. These more sophisticated techniques allow for dynamic interaction of payments streams
and interest rates, and better capture the effect of embedded or explicit options.

Banks may use present value scenario analysis to have a longer-term view of interest rate
risk. Economic Value of Equity models show how the interest rate risk profile of the bank
may impact its capital adequacy.

Regardless of the measurement system, the usefulness of each technique depends on the
validity of the underlying assumptions and the accuracy of the basic methodologies used to
model risk exposure. Further the integrity and timeliness of data relating to current positions
is key element of risk measurement system.

While measuring risk in traded portfolios banks should use a valuation approach. They
should develop risk measurement models that relate market risk factors to the value of the
traded portfolios or the estimated value of non-traded portfolios. The underlying liquidity of
markets for traded portfolios and the potential impact of changes in market liquidity should
be specifically addressed by market risk measures. There should be separate risk factors
corresponding to each of the equity markets in which the institution has positions. The
institutions measurement of equities risk should include both price movements in the overall
equity market (e.g. a market index) and specific sectors of the equity market (for instance,
industry sectors or cyclical and non-cyclical sectors), and individual equity issues.

39
In designing interest rate risk measurement systems, banks should ensure that the degree of
detail about the nature of their interest-sensitive positions commensurate with the complexity
and risk inherent in those positions. For instance, using gap analysis, the precision of interest
rate risk measurement depends in part on the number of time bands into which positions are
aggregated. Clearly, aggregation of positions/cash flows into broad time bands implies some
loss of precision. In practice, the bank must assess the significance of the potential loss of
precision in determining the extent of aggregation and simplification to be built into the
measurement approach

When measuring interest rate risk exposure, two further aspects call for more specific
comment: the treatment of those positions where behavioural maturity differs from
contractual maturity and the treatment of positions denominated in different currencies.
Positions such as savings and sight deposits may have contractual maturities or may be open-
ended, but in either case, depositors generally have the option to make withdrawals at any
time. In addition, banks often choose not to move rates paid on these deposits in line with
changes in market rates. These factors complicate the measurement of interest rate risk
exposure, since not only the value of the positions but also the timing of their cash flows can
change when interest rates vary. With respect to banks' assets, prepayment features of loans
also introduce uncertainty about the timing of cash flows on these positions.

VALUE AT RISK
Value at Risk (VAR) is generally accepted and widely used tool for measuring market risk
inherent in trading portfolios. It follows the concept that reasonable expectation of loss can be
deduced by evaluating market rates, prices observed volatility and correlation. VAR
summarizes the predicted maximum loss (or worst loss) over a target horizon within a given
confidence level. The well-known proprietary models that use VAR approaches are JP
Morgan’s Risk metrics, Banker’s trust Risk Adjusted Return on Capital, and Chase’s Value at
risk. Generally there are three ways of computing VAR
• Parametric method or Variance covariance approach
• Historical Simulation
• Monte Carlo method

40
Banks are encouraged to calculate their risk profile using VAR models. At the minimum
banks are expected to adopt relatively simple risk measurement methodologies such as
maturity mismatches, sensitivity analysis etc.

RISK MONITORING.
Risk monitoring processes are established to evaluate the performance of bank’s risk
strategies/policies and procedures in achieving overall goals. Whether the monitoring
function is performed by middle-office or it is a part of banks internal audit it is important
that the monitoring function should be independent of units taking risk and report directly to
the top management/board.

Banks should have an information system that is accurate, informative and timely to ensure
dissemination of information to management to support compliance with board policy.
Reporting of risk measures should be regular and should clearly compare current exposures
to policy limits. Further past forecast or risk estimates should be compared with actual results
to identify any shortcomings in risk measurement techniques. The board on regular basis
should review these reports. While the types of reports for board and senior management
could vary depending upon overall market risk profile of the bank, at a minimum following
reports should be prepared.
• Summaries of bank’s aggregate market risk exposure
• Reports demonstrating bank’s compliance with policies and limits
• Summaries of finding of risk reviews of market risk policies, procedures and the
adequacy of risk measurement system including any findings of internal/external
auditors or consultants

RISK CONTROL.
Bank’s internal control structure ensures the effectiveness of process relating to market risk
management. Establishing and maintaining an effective system of controls including the
enforcement of official lines of authority and appropriate segregation of duties, is one of the
management’s most important responsibilities. Persons responsible for risk monitoring and
control procedures should be independent of the functions they review. Key elements of
internal control process include internal audit and review and an effective risk limit structure.

41
Audit
Banks need to review and validate each step of market risk measurement process. This
review function can be performed by a number of units in the organization including internal
audit/control department or ALCO support staff. In small banks, external auditors or
consultants can perform the function. The audit or review should take into account.
a) The appropriateness of bank’s risk measurement system given the nature, scope and
complexity of bank’s activities
b) The accuracy or integrity of data being used in risk models.
c) The reasonableness of scenarios and assumptions
d) The validity of risk measurement calculations.

Risk limits
As stated earlier it is the board that has to determine bank’s overall risk appetite and exposure
limit in relation to its market risk strategy. Based on these tolerances the senior management
should establish appropriate risk limits. Risk limits for business units, should be compatible
with the institution’s strategies, risk management systems and risk tolerance. The limits
should be approved and periodically reviewed by the Board of Directors and/or senior
management, with changes in market Conditions or resources prompting a reassessment of
limits. Institutions need to ensure consistency between the different types of limits.

a) Gap Limits: The gap limits expressed in terms of interest sensitive ratio for a given time
band aims at managing potential exposure to a bank’s earnings / capital due to changes in
interest rates. Setting such limits is useful way to limit the volume of a bank’s repricing
exposures and is an adequate and effective method of communicating the risk profile of the
bank to senior management. Such gap limits can be set on a net notional basis (net of asset /
liability amounts for both on and off balance sheet items) or a duration-weighted basis, in
each time band. (Duration is the weighted average term to maturity of a security’s cash flow.
For instance a Rs 100 5 year 8% (semi Annual) coupon bond having yield of 8% will have a
duration of 4.217 years as already explained in the footnotes).

b) Factor Sensitivity Limits: The factor sensitivity of interest rate position is calculated by
discounting the position using current market interest rate and then using the current market
interest rate increase or decrease by one basis point. The difference in the two values known
as factor sensitivity is the potential for loss given one basis point change in interest rate.

42
Banks may introduce such limits for each time band as well as total exposure across all time
bands. The factor sensitivity limit or PV01 limit measures the change in portfolio present
value given one basis point fluctuation in underlying interest rate.

Banks also need to set limits, including operational limits, for the different trading desks
and/or traders which may trade different products, instruments and in different markets, such
as different industries and regions. Limits need to be clearly understood, and any changes
clearly communicated to all relevant parties. Risk Taking Units must have procedures that
monitor activity to ensure that they remain within approved limits at all times.

Limit breaches or exceptions should be made known to appropriate senior management

without delay. There should be explicit policy as to how such breaches are to be reported to
top management and the actions to be taken.

43
 CHAPTER 7:

MANAGING LIQUIDITY RISK

Liquidity risk is the potential for loss to an institution arising from either its inability to meet
its obligations or to fund increases in assets as they fall due without incurring unacceptable
cost or losses.

Liquidity risk is considered a major risk for banks. It arises when the cushion provided by the
liquid assets are not sufficient enough to meet its obligation. In such a situation banks often
meet their liquidity requirements from market. However conditions of funding through
market depend upon liquidity in the market and borrowing institution’s liquidity. Accordingly
an institution short of liquidity may have to undertake transaction at heavy cost resulting in a
loss of earning or in worst case scenario the liquidity risk could result in bankruptcy of
the institution if it is unable to undertake transaction even at current market prices.

Banks with large off-balance sheet exposures or the banks, which rely heavily on large
corporate deposit, have relatively high level of liquidity risk. Further the banks experiencing
a rapid growth in assets should have major concern for liquidity. Liquidity risk may not be
seen in isolation, because financial risk are not mutually exclusive and liquidity risk often
triggered by consequence of these other financial risks such as credit risk, market risk etc. For
instance, a bank increasing its credit risk through asset concentration etc may be increasing
its liquidity risk as well. Similarly a large loan default or changes in interest rate can
adversely impact a bank’s liquidity position. Further if management misjudges the impact on
liquidity of entering into a new business or product line, the bank’s strategic risk would
increase.

EARLY WARNING INDICATORS OF LIQUIDITY RISK.

An incipient liquidity problem may initially reveal in the bank's financial monitoring system
as a downward trend with potential long-term consequences for earnings or capital. Given
below are some early warning indicators that not necessarily always lead to liquidity problem

44
for a bank; however these have potential to ignite such a problem. Consequently management
needs to watch carefully such indicators and exercise further scrutiny/analysis wherever it
seems appropriate.

Examples of such internal indicators are:

a) A negative trend or significantly increased risk in any area or product line.

b) Concentrations in either assets or liabilities.

c) Deterioration in quality of credit portfolio.

A liquidity risk management involves not only analyzing banks on and off-balance sheet
positions to forecast future cash flows but also how the funding requirement would be met.
The later involves identifying the funding market the bank has access, understanding the
nature of those markets, evaluating banks current and future use of the market and monitor
signs of confidence erosion.

The formality and sophistication of risk management processes established to manage

liquidity risk should reflect the nature, size and complexity of an institution’s activities.
Sound liquidity risk management employed in measuring, monitoring and controlling
liquidity risk is critical to the viability of any institution. Institutions should have a thorough
understanding of the factors that could give rise to liquidity risk and put in place mitigating
controls.

Board and Senior Management Oversight

The prerequisites of an effective liquidity risk management include an informed board,

capable management, and staff having relevant expertise and efficient systems and
procedures. It is primarily the duty of board of directors to understand the liquidity risk
profile of the bank and the tools used to manage liquidity risk. The board has to ensure that
the bank has necessary liquidity risk management framework and bank is capable of
confronting uneven liquidity scenarios. Generally speaking the board of a bank is
responsible:

a) To position bank’s strategic direction and tolerance level for liquidity risk.

45
b) To appoint senior managers who have ability to manage liquidity risk and delegate them
the required authority to accomplish the job.

c) To continuously monitors the bank's performance and overall liquidity risk profile.

d) To ensure that liquidity risk is identified, measured, monitored, and controlled.

Senior management is responsible for the implementation of sound policies and procedures
keeping in view the strategic direction and risk appetite specified by board. To effectively
oversee the daily and long-term management of liquidity risk senior managers should:

• Develop and implement procedures and practices that translate the board's goals,
objectives, and risk tolerances into operating standards that are well understood by
bank personnel and consistent with the board's intent.
• Adhere to the lines of authority and responsibility that the board has established for
managing liquidity risk.
• Oversee the implementation and maintenance of management information and other
systems that identify, measure, monitor, and control the bank's liquidity risk.
• Establish effective internal controls over the liquidity risk management process.

LIQUIDITY RISK STRATEGY:

The liquidity risk strategy defined by board should enunciate specific policies on particular
aspects of liquidity risk management, such as:

a. Composition of Assets and Liabilities. The strategy should outline the mix of assets and
liabilities to maintain liquidity. Liquidity risk management and asset/liability management
should be integrated to avoid steep costs associated with having to rapidly reconfigure the
asset liability profile from maximum profitability to increased liquidity.

b. Diversification and Stability of Liabilities. A funding concentration exists when a single

decision or a single factor has the potential to result in a significant and sudden withdrawal of

46
funds. Since such a situation could lead to an increased risk, the Board of Directors and
senior management should specify guidance relating to funding sources and ensure that the
bank have a diversified sources of funding day-to-day liquidity requirements. An institution
would be more resilient to tight market liquidity conditions if its liabilities were derived from
more stable sources.
To comprehensively analyze the stability of liabilities/funding sources the bank need to
identify:

• Liabilities that would stay with the institution under any circumstances;
• Liabilities that run-off gradually if problems arise; and
• That run-off immediately at the first sign of problems.

c. Access to Inter-bank Market. The inter-bank market can be important source of liquidity.
However, the strategies should take into account the fact that in crisis situations access to
interbank market could be difficult as well as costly.

The liquidity strategy must be documented in a liquidity policy, and communicated

throughout the institution. The strategy should be evaluated periodically to ensure that it
remains valid.

The institutions should formulate liquidity policies, which are recommended by senior
management/ALCO and approved by the Board of Directors (or head office). While specific
details vary across institutions according to the nature of their business, the key elements of
any liquidity policy include:

• General liquidity strategy (short- and long-term), specific goals and objectives in
relation to liquidity risk management, process for strategy formulation and the level
within the institution it is approved;
• Roles and responsibilities of individuals performing liquidity risk management
functions, including structural balance sheet management, pricing, marketing,
contingency planning, management reporting, lines of authority and responsibility for
liquidity decisions;
• Liquidity risk management structure for monitoring, reporting and reviewing
liquidity;

47
 • Liquidity risk management tools for identifying, measuring, monitoring and
controlling liquidity risk (including the types of liquidity limits and ratios in place and
rationale for establishing limits and ratios);
• Contingency plan for handling liquidity crises.

To be effective the liquidity policy must be communicated down the line throughout in the
organization. It is important that the Board and senior management/ALCO review these
policies at least annually and when there are any material changes in the institution’s current
and prospective liquidity risk profile. Such changes could stem from internal circumstances
(e.g. changes in business focus) or external circumstances (e.g. changes in economic
conditions). Reviews provide the opportunity to fine tune the institution’s liquidity policies in
light of the institution’s liquidity management experience and development of its business.
Any significant or frequent exception to the policy is an important barometer to gauge its
effectiveness and any potential impact on banks liquidity risk profile.

Institutions should establish appropriate procedures and processes to implement their

liquidity policies. The procedural manual should explicitly narrate the necessary operational
steps and processes to execute the relevant liquidity risk controls. The manual should be
periodically reviewed and updated to take into account new activities, changes in risk
management approaches and systems.

ALCO/INVESTMENT COMMITTEE

The responsibility for managing the overall liquidity of the bank should be delegated to a
specific, identified group within the bank. This might be in the form of an Asset Liability
Committee (ALCO) comprised of senior management, the treasury function or the risk
management department. However, usually the liquidity risk management is performed by an
ALCO. Ideally, the ALCO should comprise of senior management from each key area of the
institution that assumes and/or manages liquidity risk. It is important that these members have
clear authority over the units responsible for executing liquidity-related transactions so that
ALCO directives reach these line units unimpeded. The ALCO should meet monthly, if not
on a more frequent basis. Generally responsibilities of ALCO include developing and

48
maintaining appropriate risk management policies and procedures, MIS reporting, limits, and
oversight programs. ALCO usually delegates day-to-day operating responsibilities to the
bank's treasury department. However, ALCO should establish specific procedures and limits
governing treasury operations before making such delegation. Since liquidity risk
management is a technical job requiring specialized knowledge and expertise, it is important
that senior management/ALCO not only have relevant expertise but also have a good
understanding of the nature and level of liquidity risk assumed by the institution and the
means to manage that risk.

To ensure that ALCO can control the liquidity risk arising from new products and future
business activities, the committee members should interact regularly with the bank's risk
managers and strategic planners.

LIQUIDITY RISK MANAGEMENT PROCESS

Besides the organizational structure discussed earlier, an effective liquidity risk management
include systems to identify, measure, monitor and control its liquidity exposures.
Management should be able to accurately identify and quantify the primary sources of a
bank's liquidity risk in a timely manner. To properly identify the sources, management should
understand both existing as well as future risk that the institution can be exposed to.
Management should always be alert for new sources of liquidity risk at both the transaction
and portfolio levels.

Key elements of an effective risk management process include an efficient MIS, systems to
measure, monitor and control existing as well as future liquidity risks and reporting them to
senior management.

Management Information System.

An effective management information system (MIS) is essential for sound liquidity

management decisions. Information should be readily available for day to-day liquidity
management and risk control, as well as during times of stress. Data should be appropriately
consolidated, comprehensive yet succinct, focused, and available in a timely manner. Ideally,
the regular reports a bank generates will enable it to monitor liquidity during a crisis;

49
managers would simply have to prepare the reports more frequently. Managers should keep
crisis monitoring in mind when developing liquidity MIS. There is usually a trade -off
between accuracy and timeliness. Liquidity problems can arise very quickly, and effective
liquidity management may require daily internal reporting. Since bank liquidity is primarily
affected by large, aggregate principal cash flows, detailed information on every transaction
may not improve analysis.

Management should develop systems that can capture significant information. The content
and format of reports depend on a bank's liquidity management practices, risks, and other
characteristics. However, certain information can be effectively presented through standard
reports such as "Funds Flow Analysis," and "Contingency Funding Plan Summary". These
reports should be tailored to the bank's needs. Other routine reports may include a list of large
funds providers, a cash flow or funding gap report, a funding maturity schedule, and a limit
monitoring and exception report. Day-to-day management may require more detailed
information, depending on the complexity of the bank and the risks it undertakes.
Management should regularly consider how best to summarize complex or detailed issues for
senior management or the board. Beside s other types of information important for managing
day-to-day activities and for understanding the bank's inherent liquidity risk profile include:

a) Asset quality and its trends.

b) Earnings projections.

c) The bank's general reputation in the market and the condition of the market itself.

d) The type and composition of the overall balance sheet structure.

e) The type of new deposits being obtained, as well as its source, maturity, and price.

As far as information system is concerned, various units related to treasury activities, the
dealing, the treasury operation & risk management cell/department should be integrated.
Furthermore, management should ensure proper and timely flow of information among front
office, back office and middle office in an integrated manner; however, their reporting lines
should be kept separate to ensure independence of these functions.

50
Liquidity Risk Measurement and Monitoring

An effective measurement and monitoring system is essential for adequate management of

liquidity risk. Consequently banks should institute systems that enable them to capture
liquidity risk ahead of time, so that appropriate remedial measures could be prompted to
avoid any significant losses. It needs not mention that banks vary in relation to their liquidity
risk (depending upon their size and complexity of business) and require liquidity risk
measurement techniques accordingly. For instance banks having large networks may have
access to low cost stable deposit, while small banks have significant reliance on large size
institution deposits. However, abundant liquidity does not obviate the need for a mechanism
to measure and monitor liquidity profile of the bank. An effective liquidity risk measurement
and monitoring system not only helps in managing liquidity in times of crisis but also
optimize return through efficient utilization of available funds. Discussed below are some
(but not all) commonly used liquidity measurement and monitoring techniques that may be
adopted by the banks.

Contingency Funding Plans

In order to develop a comprehensive liquidity risk management framework, institutions

should have way out plans for stress scenarios. Such a plan commonly known as Contingency
Funding Plan (CFP) is a set of policies and procedures that serves as a blue print for a bank to
meet its funding needs in a timely manner and at a reasonable cost. A CFP is a projection of
future cash flows and funding sources of a bank under market scenarios including aggressive
asset growth or rapid liability erosion. To be effective it is important that a CFP should
represent management’s best estimate of balance sheet changes that may result from a
liquidity or credit event. A CFP can provide a useful framework for managing liquidity risk
both short term and in the long term. Further it helps ensure that a financial institution can
prudently and efficiently manage routine and extraordinary fluctuations in liquidity. The
scope of the CFP is discussed in more detail below.

Use of CFP for Routine Liquidity Management

For day-to-day liquidity risk management integration of liquidity scenario will ensure that the
bank is best prepared to respond to an unexpected problem. In this sense, a CFP is an
extension of ongoing liquidity management and formalizes the objectives of liquidity
management by ensuring:

51
a) A reasonable amount of liquid assets are maintained.

b) Measurement and projection of funding requirements during various scenarios.

c) Management of access to funding sources.

Use of CFP for Emergency and Distress Environments

Not necessarily a liquidity crisis shows up gradually. In case of a sudden liquidity stress it is
important for a bank to seem organized, candid, and efficient to meet its obligations to the
stakeholders. Since such a situation requires a spontaneous action, banks that already have
plans to deal with such situation could address the liquidity problem more efficiently and
effectively. A CFP can help ensure that bank management and key staffs are ready to respond
to such situations. Bank liquidity is very sensitive to negative trends in credit, capital, or
reputation. Deterioration in the company's financial condition (reflected in items such as asset
quality indicators, earnings, or capital), management composition, or other relevant issues
may result in reduced access to funding.

Scope of CFP

The sophistication of a CFP depends upon the size, nature, complexity of business, risk
exposure, and organizational structure. To begin, the CFP should anticipate all of the bank's
funding and liquidity needs by:

a) Analyzing and making quantitative projections of all significant on- and off balance- sheet
funds flows and their related effects.

b) Matching potential cash flow sources and uses of funds.

c) Establishing indicators that alert management to a predetermined level of potential risks.

The CFP should project the bank's funding position during both temporary and long-term
liquidity changes, including those caused by liability erosion. The CFP should explicitly
identify, quantify, and rank all sources of funding by preference, such as:

• Reducing assets.
• Modification or increasing liability structure.
• Using other alternatives for controlling balance sheet changes.

52
The CFP should include asset side as well as liability side strategies to deal with liquidity
crises. The asset side strategy may include; whether to liquidate surplus money market assets,
when to sell liquid or longer-term assets etc. While liability side strategies specify policies
such as pricing policy for funding, the dealer who could assist at the time of liquidity crisis,
policy for early redemption request by retail customers, use of SBP discount window etc.

A CFP should also chalk out roles and responsibilities of various individuals at the time of
liquidity crises and the management information system between management, ALCO,
traders, and others. This outline of the scope of a good CFP is by no means exhaustive. Banks
should devote significant time and consideration to scenarios that are most likely given their
activities.

Cash Flow Projections at the basic level banks may utilize flow measures to determine their
cash position. A cash flow projection estimates a bank’s inflows and outflows and thus net
deficit or surplus (GAP) over a time horizon. The contingency funding plan discussed
previously is one example of a cash flow projection. Not to be confused with the re-pricing
gap report that measures interest rate risk, a behavioral gap report takes into account bank’s
funding requirement arising out of distinct sources on different time frames. A maturity
ladder is a useful device to compare cash inflows and outflows both on a day-to-day basis and
over a series of specified time periods. The number of time frames in such maturity ladder is
of significant importance and up to some extent depends upon nature of bank’s liability or
sources of funds. Banks, which rely on short term funding, will concentrate primarily on
managing liquidity on very short term. Whereas, other banks might actively manage their net
funding requirement over a slightly longer period.

In the short term, bank’s flow of funds could be estimated more accurately and also such
estimates are of more importance as these provide an indication of actions to be taken
immediately. Further, such an analysis for distant periods will maximize the opportunity for
the bank to manage the GAP well in advance before it crystallizes. Consequently banks
should use short time frames to measure near term exposures and longer time frames
thereafter. It is suggested that banks calculate daily GAP for next one or two weeks, monthly

53
Gap for next six month or a year and quarterly thereafter. While making an estimate of cash
flows, following aspect needs attention

a) The funding requirement arising out of off- Balance sheet commitments also need to be
accounted for.

b) Many cash flows associated with various products are influenced by interest rates or
customer behavior. Banks need to take into account behavioral aspects instead of contractual
maturity. In this respect past experiences could give important guidance to make any
assumption.

c) Some cash flows may be seasonal or cyclical.

d) Management should also consider increases or decreases in liquidity that typically occur
during various phases of an economic cycle.

While the banks should have liquidity sufficient enough to meet fluctuations in loans and
deposits, as a safety measure banks should maintain a margin of excess liquidity. To ensure
that this level of liquidity is maintained, management should estimate liquidity needs in a
variety of scenarios.

LIQUIDITY RATIOS AND LIMITS

Banks may use a variety of ratios to quantify liquidity. These ratios can also be used to create
limits for liquidity management. However, such ratios would be meaningless unless used
regularly and interpreted taking into account qualitative factors. Ratios should always be used
in conjunction with more qualitative information about borrowing capacity, such as the
likelihood of increased requests for early withdrawals, decreases in credit lines, decreases in
transaction size, or shortening of term funds available to the bank. To the extent that any
asset-liability management decisions are based on financial ratios, a bank's asset-liability
managers should understand how a ratio is constructed, the range of alternative information
that can be placed in the numerator or denominator, and the scope of conclusions that can be
drawn from ratios. Because ratio components as calculated by banks are sometimes
inconsistent, ratio-based comparisons of institutions or even comparisons of periods at a
single institution can be misleading.

54
i. Cash Flow Ratios and Limits. One of the most serious sources of liquidity risk comes
from a bank's failure to "roll over" a maturing liability. Cash flow ratios and limits attempt to
measure and control the volume of liabilities maturing during a specified period of time.

ii. Liability Concentration Ratios and Limits. Liability concentration ratios and limits help
to prevent a bank from relying on too few providers or funding sources. Limits are usually
expressed as either a percentage of liquid assets or an absolute amount. Sometimes they are
more indirectly expressed as a percentage of deposits, purchased funds, or total liabilities.

iii. Other Balance Sheet Ratios. Total loans/total deposits, total loans/total equity capital,
borrowed funds/total assets etc are examples of common ratios used by financial institutions
to monitor current and potential funding levels.

In addition to the statutory limits of liquid assets requirement and cash reserve requirement,
the board and senior management should establish limits on the nature and amount of
liquidity risk they are willing to assume. The limits should be periodically reviewed and
adjusted when conditions or risk tolerances change. When limiting risk exposure, senior
management should consider the nature of the bank's strategies and activities, it’s past
performance, the level of earnings, capital available to absorb potential losses, and the board's
tolerance for risk. Balance sheet complexity will determine how much and what types of
limits a bank should establish over daily and long-term horizons. While limits will not
prevent a liquidity crisis, limit exceptions can be early indicators of excessive risk or
inadequate liquidity risk management.

INTERNAL CONTROLS
In order to have effective implementation of policies and procedures, banks should institute
review process that should ensure the compliance of various procedures and limits prescribed
by senior management. Persons independent of the funding areas should perform such
reviews regularly. T he bigger and more complex the bank, the more thorough should be the
review. Reviewers should verify the level of liquidity risk and management’s compliance
with limits and operating procedures. Any exception to that should be reported immediately
to senior management / board and necessary actions should be taken .

55
MONITORING AND REPORTING RISK EXPOSURES

Senior management and the board, or a committee thereof, should receive reports on the level
and trend of the bank's liquidity risk at least quarterly. A recent trend in liquidity monitoring
is incremental reporting, which monitors liquidity through a series of basic liquidity reports
during stable funding periods but ratchets up both the frequency and detail included in the
reports produced during periods of liquidity stress. From these reports, senior management
and the board should learn how much liquidity risk the bank is assuming, whether
management is complying with risk limits, and whether management’s strategies are
consistent with the board's expressed risk tolerance. The sophistication or detail of the reports
should be commensurate with the complexity of the bank.

56
 CHAPTER 8:

MANAGING OPERATIONAL RISK

Operational risk is the risk of loss resulting from inadequate or failed internal processes,
people and system or from external events.

Operational risk is associated with human error, system failures and inadequate procedures
and controls. It is the risk of loss arising from the potential that inadequate information
system; technology failures, breaches in internal controls, fraud, unforeseen catastrophes, or
other operational problems may result in unexpected losses or reputation problems.
Operational risk exists in all products and business activities.

Operational risk event types that have the potential to result in substantial losses includes
Internal fraud, External fraud, employment practices and workplace safety, clients, products
and business practices, business disruption and system failures, damage to physical assets,
and finally execution, delivery and process management.

The objective of operational risk management is the same as for credit, market and liquidity
risks that is to find out the extent of the financial institution’s operational risk exposure; to
understand what drives it, to allocate capital against it and identify trends internally and
externally that would help predicting it. The management of specific operational risks is not a
new practice; it has always been important for banks to try to prevent fraud, maintain the
integrity of internal controls, and reduce errors in transactions processing, and so on.

However, what is relatively new is the view of operational risk management as a

comprehensive practice comparable to the management of credit and market risks in
principles. Failure to understand and manage operational risk, which is present in virtually all
banking transactions and activities, may greatly increase the likelihood that some risks will
go unrecognized and uncontrolled.

57
OPERATIONAL RISK MANAGEMENT PRINCIPLES.
There are 6 fundamental principles that all institutions, regardless of their size or complexity,
should address in their approach to operational risk management.

a) Ultimate accountability for operational risk management rests with the board, and the level
of risk that the organization accepts, together with the basis for managing those risks, is
driven from the top down by those charged with overall responsibility for running the
business.

b) The board and executive management should ensure that there is an effective, integrated
operational risk management framework. This should incorporate a clearly defined
organizational structure, with defined roles and responsibilities for all aspects of operational
risk management/monitoring and appropriate tools that support the identification, assessment,
control and reporting of key risks.

c) Board and executive management should recognize, understand and have defined all
categories of operational risk applicable to the institution. Furthermore, they should ensure
that their operational risk management framework adequately covers all of these categories of
operational risk, including those that do not readily lend themselves to measurement.

d) Operational risk policies and procedures that clearly define the way in which all aspects of
operational risk are managed should be documented and communicated. These operational
risk management policies and procedures should be aligned to the overall business strategy
and should support the continuous improvement of risk management.

e) All business and support functions should be an integral part of the overall operational risk
management framework in order to enable the institution to manage effectively the key
operational risks facing the institution.

f) Line management should establish processes for the identification, assessment, mitigation,
monitoring and reporting of operational risks that are appropriate to the needs of the
institution, easy to implement, operate consistently over time and support an organizational
view of operational risks and material failures.

58
Board and senior management’s oversight

Likewise other risks, the ultimate responsibility of operational risk management rests with the
board of directors. Both the board and senior management should establish an organizational
culture that places a high priority on effective operational risk management and adherence to
sound operating controls. The board should establish tolerance level and set strategic
direction in relation to operational risk. Such a strategy should be based on the requirements
and obligation to the stakeholders of the institution.

Senior management should transform the strategic direction given by the board through
operational risk management policy. Although the Board may delegate the management of
this process, it must ensure that its requirements are being executed. The policy should
include:

a) The strategy given by the board of the bank.

b) The systems and procedures to institute effective operational risk management framework.

c) The structure of operational risk management function and the roles and responsibilities of
individuals involved.

The policy should establish a process to ensure that any new or changed activity, such as new
products or systems conversions, will be evaluated for operational risk prior to going online.
It should be approved by the board and documented. The management should ensure that it is
communicated and understood throughout in the institution. The management also needs to
place proper monitoring and control processes in order to have effective implementation of
the policy. The policy should be regularly reviewed and updated, to ensure it continue to
reflect the environment within which the institution operates.

Operational Risk Function

A separate function independent of internal audit should be established for effective

management of operational risks in the bank. Such a functional set up would assist
management to understand and effectively manage operational risk. The function would
assess, monitor and report operational risks as a whole and ensure that the management of
operational risk in the bank is carried out as per strategy and policy.

59
To accomplish the task the function would help establish policies and standards and
coordinate various risk management activities. Besides, it should also provide guidance
relating to various risk management tools, monitors and handle incidents and prepare reports
for management and BOD.

Risk Assessment and Quantification

Banks should identify and assess the operational risk inherent in all material products,
activities, processes and systems and its vulnerability to these risks. Banks should also ensure
that before new products, activities, processes and systems are introduced or undertaken, the
operational risk inherent in them is subject to adequate assessment procedures. While a
number of techniques are evolving, operating risk remains the most difficult risk category to
quantify. It would not be feasible at the moment to expect banks to develop such measures.
However the banks could systematically track and record frequency, severity and other
information on individual loss events. Such a data could provide a meaningful information
for assessing the bank’s exposure to operational risk and developing a policy to mitigate /
control that risk.

Risk Management and Mitigation of Risks

Management need to evaluate the adequacy of countermeasures, both in terms of their
effectiveness in reducing the probability of a given operational risk, and of their effectiveness
in reducing the impact should it occur. Where necessary, steps should be taken to design and
implement cost-effective solutions to reduce the operational risk to an acceptable level. It is
essential that ownership for these actions be assigned to ensure that they are initiated. Risk
management and internal control procedures should be established by the business units,
though guidance from the risk function may be required, to address operational risks. While
the extent and nature of the controls adopted by each institution will be different, very often
such measures encompass areas such as Code of Conduct, Delegation of authority,
Segregation of duties, audit coverage, compliance, succession planning, mandatory leave,
staff compensation, recruitment and training, dealing with customers, complaint handling,
record keeping, MIS, physical controls, etc

Risk Monitoring.
An effective monitoring process is essential for adequately managing operational risk.
Regular monitoring activities can offer the advantage of quickly detecting and correcting

60
deficiencies in the policies, processes and procedures for managing operational risk.
Promptly detecting and addressing these deficiencies can substantially reduce the potential
frequency and/or severity of a loss. There should be regular reporting of pertinent information
to senior management and the board of directors that supports the proactive management of
operational risk. Senior Management should establish a programme to:
a) Monitor assessment of the exposure to all types of operational risk faced by the institution;
b) Assess the quality and appropriateness of mitigating actions, including the extent to which
identifiable risks can be transferred outside the institution; and
c) Ensure that adequate controls and systems are in place to identify and address problems
before they become major concerns.
It is essential that:
i) Responsibility for the monitoring and controlling of operational risk should follow the
same type of organizational structure that has been adopted for other risks, including market
and credit risk;
ii) Senior Management ensure that an agreed definition of operational risk together with a
mechanism for monitoring, assessing and reporting it is designed and implemented; and This
mechanism should be appropriate to the scale of risk and activity undertaken.

Operational risk metrics or “Key Risk Indicators” (KRIs) should be established for
operational risks to ensure the escalation of significant risk issues to appropriate management
levels. KRIs are most easily established during the risk assessment phase. Regular reviews
should be carried out by internal audit, or other qualified parties, to analyze the control
environment and test the effectiveness of implemented controls, thereby ensuring business
operations are conducted in a controlled manner.

Risk Reporting
Management should ensure that information is received by the appropriate people, on a
timely basis, in a form and format that will aid in the monitoring and control of the business.
The reporting process should include information such as:
• The critical operational risks facing, or potentially facing, the institution;
• Risk events and issues together with intended remedial actions;
• The effectiveness of actions taken;
• Details of plans formulated to address any exposures where appropriate;

61
 • Areas of stress where crystallization of operational risks is imminent; and
• The status of steps taken to address operational risk.

Establishing Control Mechanism.

Although a framework of formal, written policies and procedures is critical, it needs to be
reinforced through a strong control culture that promotes sound risk management practices.
Banks should have policies, processes and procedures to control or mitigate material
operational risks. Banks should assess the feasibility of alternative risk limitation and control
strategies and should adjust their operational risk profile using appropriate strategies, in light
of their overall risk appetite and profile. To be effective, control activities should be an
integral part of the regular activities of a bank.

Contingency planning
Banks should have in place contingency and business continuity plans to ensure their ability
to operate as going concerns and minimize losses in the event of severe business disruption.

62
 CHAPTER 9:

ANAYSIS OF PRIMARY DATA

COLLECTION

The analysis of the primary data has been done on the basis of responses received in the
questionnaire.

Sample size: 40

The sample whose responses have been tabulated consists of the following Banks:

• Allahabad Bank - 2 Kempe Gowda Road Bangalore 560009 Phone 22262064 /

22253402

• Bank of Baroda - 72 Mahatma Gandhi Road Bangalore 560001 Phone 25587909

• Bank of India - 49 St. Marks Road Bangalore 560001 Phone 22212795

• Canara Bank - 112 J C Road Bangalore 560002 Phone 22221581

• Central Bank of India - Kempe Gowda Road Bangalore 560009 Phone 22873096

• Corporation Bank - 114 M.G.Road Bangalore 560001 Phone 25587940 / 25588435

• State Bank of India - Local Head Office, 48, Church Street, Bangalore 560 025 Ph:

25587098

• ING Vysya Bank - 72 St Marks Road Bangalore 560001 Phone 22212021

63
1. What has changed the nature of risk management in banks?

35

30

25

20

15
Responses of Banks
10

0
Advancements in Increasing volumes Quantitative Complex
technology of transactions in approaches to risk structured
derivatives management products

From the responses received from the sample, we find that the evolution of complex
structured products have been the main factor that has changed the nature of risk management
in banks followed by advancement in technology and increasing volumes in derivatives.

One of the features of in the Indian derivative market relates to concentration risk in respect
of both the market makers (banks) and the corporates. The combined share of top 15 banks
has steadily grown from around 74% in March 2008 to 82% of total OBS exposures of the
banking system in March 2009, of which 62% is accounted for by foreign banks.
Concentration of knowledge is another risk which results in the concentration of derivative
activity among few players.

64
2. Stress testing is important in order to assess the impact of

35
30
25
20
15
10
Responses of
5
Banks
0
ExtremeTo
events
test the
in banking
probability
Detect Extreme
sector
of occurrence
operational
Engaging
of events
the attention
extreme
such as
events
ofrogue
risk management
trading or accounting
personnel,Fraud
Academicians and bankers

One of the key roles of the risk management process is to manage extreme events, such as
those associated with the tails of statistical distributions and could have probability of
occurrence as low as one percent. These are low probability but high loss instances associated
with extreme operational events such as rogue trading or accounting fraud. The importance of
stress testing to assess the impact of not only these events but also the impact of various
scenarios is engaging the attention of risk management personnel, academicians and bankers
alike.

Stress tests would enable banks to assess the risk more accurately and, thereby, facilitate
planning for appropriate capital requirements.

65
3. The Asset-liability management approach has been useful in risk management of banks
by?

40
35
30
25
20
15
10 Responses of Banks
5
0
Making it possible for With a view to measure Measure of liquidity
banks to calculate the the liquidity and interest management, banks are
duration of assets and rate risk required to Monitor
Liabilities their cumulative
mismatches across all
time buckets

The concept of duration of equity gives banks, a single number indicating the impact of a
change of interest rate on its capital, captures the interest rate risk and thereby helps move a
step forward towards assessment of risk based capital/economic capital.

Thus from the responses received from sample we find that the ALM has been most effective
to measure the liquidity and also find out the matches and mismatches across all time
buckets.

66
4. Does the diversification of banks activities help banks to reduce the risk and increase
gain....?

The responses of sample were Yes and the reasons given are as below:

35

30

25

20

15
Responses of Banks
10

0
Opportunity to Sustain Maintain long diversification
gain non-interest profitability term relationships may expose banks
income with clients to various new
risks

From the responses we observe that diversification of the banks activities into various areas
has helped the banks to diversify their risks also it acts as a major opportunity to gain non-
interest income. They further help in sustaining the profitability and also expose the banks to
a new set of risks. Apart from this it also help in providing its customers a wide array of
products and services facilitating long term customer relationship.

67
5. Is RBI guidelines on operational risk sufficient for the banks administration or requires
help from other organizations?

50
45
40
35
30
25
Responses of Banks
20
15
10
5
0
help of external Board participation Below the board
agencies/consultants structure to control
for policy formulation risk.

RBI has set up the basic guidelines for operational risk management of banks; almost all
banks have to adhere to these guidelines as they are mandatory for banks. But it also requires
active involvement from the Board and top management for it to be effective and it must be
implemented at all levels in the organisation structure.

68
6. How do banks handle environmental risk?

50

45

40
35

30

25

20 Responses of Banks

15

10

5
0
By improving their reach innovate their products
delivery channels customers/enhance
customer touch points

Due to technological advancement, expectations of the customers change and enlarge. With
the economic liberalization and globalization, more national and international players are
operating the financial markets, particularly in the banking field. This provides the platform
for environmental change and exposes the bank to the environmental risk. Thus, unless the
banks improve their delivery channels, reach customers, innovate their products that are
service oriented; they are exposed to the environmental risk resulting in loss in business share
with consequential profit.

69
7. What are the ways of risk based supervision?

35

30

25

20

15 Responses of
Banks
10

0
Balance sheet Analysis of Loan portfolio NPA Management
analysis Operations analysis

The Reserve Bank of India presently has its supervisory mechanism by way of on-site
inspection and off-site monitoring on the basis of the audited balance sheet of a bank.
Risk based supervision approach is an attempt to overcome the deficiencies in the traditional
point-in-time, transaction- validation and value based supervisory system. It is forward
looking enabling the supervisors to differentiate between banks to focus attention on those
having high-risk profile.

The response of sample shows that NPA management is one of the main areas of concern for
the banks.

70
8. Has the supervisory mechanism in banks improved?

80

70

60

50

40 Response of
banks
30

20

10

0
Pre BASEL Post BASEL

The implementation of Basel norms has forced banks in India to adhere themselves to better
supervisory mechanism through both internal and external rating methods and systems. It
focused on the total amount of bank capital so as to reduce the risk of bank solvency at the
potential cost of bank’s failure for the depositors.

71
9. The effectiveness of risk measurement in banks depends on

40
35
30
25
20
15 Response of Banks
10
5
0
efficient Computerisation net working of Accountability and
Management of branches branch activities transparency of
information information
system

The risk management systems developed by banks would require a lot of attention of top
management to the suitability of IT structure including issues of connectivity, designing an
MIS format that is risk focused, setting up an organization to manage risk that ensures
segregation of risk assessment from operations, frequent review of risk management systems
to ensure there is no slippage and last but not the least, to develop appropriate skills within
the organization.

The response of sample shows that efficient risk management information system is most
important for the effectiveness of risk measurement in banks.

72
10. Has the capital adequacy norms been fulfilled by banks and what arrangements have been
done to meet the requirements?

40

35

30

25

20
Response of
15 Banks

10

0
Govt Provisions Bonds IPO

As per Basel II norms all banks have to compulsorily meet the capital adequacy norms, where
they have to maintain a capital adequacy of 8% of risk weighted assets. Basel standards
currently require banks to have a capital adequacy ratio of 8% with Tier I not less than 4%,
RBI has mandated the banks to maintain CAR of 9%. The maintenance of capital adequacy is
like aiming at a moving target as the composition of risk-weighted assets gets changed every
minute on account of fluctuation in the risk profile of a bank. Tier I capital is known as the
core capital providing permanent and readily available support to the bank to meet the
unexpected losses.

The banks make the required arrangements through Government provisions, Bonds and IPOs.

73
11. Whether banks have a clear organizational set-up for operational risk?

60

50

40

30
Responses of Banks

20

10

0
Yes No

The responses of sample show that all banks have a clear organizational set up for operational
risk management. As RBI has laid down certain mandatory guidelines, it further helps banks
to identify and mitigate risk in an effective way. Each level has its own specified set off
guidelines for functioning.

74
12. The establishment of sound corporate governance is crucial for the improvement of banks
risk management capacity?

90

80

70

60

50

40 Response of Banks

30

20

10

0
Yes No

Operational risk involves breakdown in internal controls and corporate governance leading to
error, fraud, performance failure, compromise on the interest of the bank resulting in financial
loss. Putting in place proper corporate governance practices by itself would serve as an
effective risk management tool.
Thus the responses of the banks shows that establishment of corporate governance is very
crucial and important to banks.

75
13. To what extent has the setting up of ALCO it been effective in risk management?

80

70

60

50

40 Responses of Banks

30

20

10

0
Yes No

Most banks have put in place an ALM framework. However there is lot to be done to
internalize this framework as a part of the overall risk perceptions of the bank and the capital
planning strategy of the bank. Issues in data infirmity still remain to some extent. In many
cases, the ALCO’s role remains confined to deciding on interest rates of the bank. This is
partly due to lack of decision support system available to the ALCO. Availability of impact
and scenario analysis of changes in yield structures would be a significant enabling factor.

The Asset Liability Committee (ALCO) of a bank uses the information contained in the
duration gap analysis to guide and frame strategies. By reducing the size of the duration gap,
banks can minimize the interest rate risk. Economic Value perspective involves analyzing the
expected cash inflows on assets minus expected cash outflows on liabilities plus the net cash
flows on off-balance sheet items. The economic value perspective identifies risk arising from
long-term interest rate gaps.

76
14. Has the diversification of banks into various financial services impacted the financial
stability of the banks?

60

50

40

30
Responses of Banks

20

10

0
Yes No

The response of sample shows that banks have a mixed view regarding diversification of
banks activities. Most of banks feel that too much diversification leads to diversion from
main business. Also diversification leads or exposes the banks to greater and newer risks.

77
15. Has the significant developments in the area of quantification of risk, shifted the focus to
statistical aspects of risk management?

70

60

50

40
Response of Banks
30

20

10

0
Yes No

Significant developments in the area of quantification of risk, has shifted focus to statistical
aspects of risk management, especially to risk modeling and other computational techniques
of risk measurement. During the last decade there has been a proliferation of academic
research on the use of VaR for market risk assessment. Such models have to be used with
some care and serious examination of the data used, especially the use of historical data for
forecasting future scenarios, the assumptions behind the models, estimation errors etc.

78
 CHAPTER 10:

CAMELS
In 1994, the RBI established the Board of Financial Supervision (BFS), which operates as a
unit of the RBI. The entire supervisory mechanism was realigned to suit the changing needs
of a strong and stable financial system. The supervisory jurisdiction of the BFS was slowly
extended to the entire financial system barring the capital market institutions and the
insurance sector. Its mandate is to strengthen supervision of the financial system by
integrating oversight of the activities of financial services firms. The BFS has also established
a sub-committee to routinely examine auditing practices, quality, and coverage.

In addition to the normal on-site inspections, Reserve Bank of India also conducts off-site
surveillance which particularly focuses on the risk profile of the supervised entity. The Off-
site Monitoring and Surveillance System (OSMOS) was introduced in 1995 as an additional
tool for supervision of commercial banks. It was introduced with the aim to supplement the
on-site inspections. Under off-site system, 12 returns (called DSB returns) are called from the
financial institutions, which focus on supervisory concerns such as capital adequacy, asset
quality, large credits and concentrations, connected lending, earnings and risk exposures (viz.
currency, liquidity and interest rate risks).

In 1995, RBI had set up a working group under the chairmanship of Shri S. Padmanabhan to
review the banking supervision system. The Committee certain recommendations and based
on such suggestions a rating system for domestic and foreign banks based on the international
CAMELS model combining financial management and systems and control elements was
introduced for the inspection cycle commencing from July 1998. It recommended that the
banks should be rated on a five point scale (A to E) based on the lines of international
CAMELS rating model. CAMELS evaluate banks on the following six parameters:-

• Capital Adequacy: Capital adequacy is measured by the ratio of capital to risk-

weighted assets (CRAR). A sound capital base strengthens confidence of depositors
• Asset Quality: One of the indicators for asset quality is the ratio of non-performing
loans to total loans (GNPA). The gross non-performing loans to gross advances ratio

79
 is more indicative of the quality of credit decisions made by bankers. Higher GNPA is
indicative of poor credit decision-making.
• Management: The ratio of non-interest expenditures to total assets (MGNT) can be
one of the measures to assess the working of the management. . This variable, which
includes a variety of expenses, such as payroll, workers compensation and training
investment, reflects the management policy stance.
• Earnings: It can be measured as the the return on asset ratio.
• Liquidity: Cash maintained by the banks and balances with central bank, to total
asset ratio (LQD) is an indicator of bank's liquidity. In general, banks with a larger
volume of liquid assets are perceived safe, since these assets would allow banks to
meet unexpected withdrawals.
• Systems and Control - sensitivity to market risk

Each of the above six parameters are weighted on a scale of 1 to 100 and contains
number of sub-parameters with individual weightages.

Rating
Rating symbol indicates
Symbol

A Bank is sound in every respect

B Bank is fundamentally sound but with moderate weaknesses

Financial, operational or compliance weaknesses that give cause for supervisory

C
concern.

serious or immoderate finance, operational and managerial weaknesses that

D
could impair future viability

Critical financial weaknesses and there is high possibility of failure in the near
E
future.

As a result of effective risk management and operational management, the various banks
have been rated on different CAMEL parameters. The top 5 public and private sectors banks
have been shown in the following tables indicating the effectiveness of their overall business.

80
1. CAPITAL ADEQUACY:

PUBLIC SECTOR BANKS PRIVATE SECTOR BANKS

State Bank of Bikaner and jaipur Karur Vysya Bank

State Bank of Travancore City Union Bank

Andhra Bank Dhana Lakshmi Bank

State Bank of Indore Federal Bank

Punjab National Bank Kotak Mahindra Bank

MAJOR THREE BANKS IN INDIA:

Particulars 2005 2006 2007 2008 2009

ICICI Bank 10.36 11.78 13.35 11.69 13.97

HDFC Bank 11.66 12.16 11.04 13.08 13.73

AXIS Bank 11.21 12.66 11.08 11.57 13.99

The banks must have adequate capital as a cushion as a cover to the extent of risk weighted
assets. Thus capital adequacy is very important and all banks have to maintain a capital
adequacy of 8% of risk weighted assets and in India its 9% of risk weighted assets as per
Basel II norms.

2. ASSET QUALITY:

PUBLIC SECTOR BANKS PRIVATE SECTOR BANKS

Punjab National Bank Karur Vysya Bank

Bank of Baroda Development Credit Bank

Indian Bank Federal Bank

Bank of India Axis Bank

State Bank of India Lakshmi Vilas Bank

81
MAJOR THREE BANKS IN INDIA:

Particulars 2005 2006 2007 2008 2009

ICICI Bank 1.89 1.72 1.45 1.4 1.43

HDFC Bank 4.69 2.87 1.14 1.95 3.01

AXIS Bank 2.93 1.99 1.69 1.14 0.83

Asset quality refers to the financial strength of and risk inherent in loans/advances and
investment made by the bank. Asset quality of a bank can be gauged mainly through ratios
such as Net NPA (NNPA) to Total assets, NNPA to Net advances, change in the level of Net
NPAs and Total Investment to Total Assets.

3. MANAGEMENT EFFICIENCY:

PUBLIC SECTOR BANKS PRIVATE SECTOR BANKS

Bank of India Yes Bank

Bank of Baroda ICICI Bank

IDBI Bank Axis Bank

State Bank of Travancore Karur Vysya Bank

Punjab National Bank Fedral Bank

MAJOR THREE BANKS IN INDIA:

Particulars 2005 2006 2007 2008 2009

ICICI Bank 2.26 2.14 2.94 4.52 5.61

HDFC Bank 2.8 2.89 3.5 4.33 5.18

AXIS Bank 3.56 3.01 4 4.97 6.32

Management efficiency is another component of Camel Model, its measured in terms of

business per employee (BPE) and Total assets/Total Deposits.

82
4. EARNINGS QUALITY:

PUBLIC SECTOR BANKS PRIVATE SECTOR BANKS

Indian Bank City union Bank

Punjab & Sind Bank Federal Bank

Punjab National Bank HDFC Bank

Union Bank of India Kotak Mahindra Bank

State Bank of Travancore Yes Bank

MAJOR THREE BANKS IN INDIA

ROA -Return on assets

Particulars 2005 2006 2007 2008 2009
ICICI Bank 1.32 1.17 1.05 0.78 0.71
HDFC Bank 1.4 1.42 1.41 1.4 1.42
AXIS Bank 1.27 1.08 1.11 1.06 1.16

A Banks earnings quality reflects its profitability and sustainability of the same, there are sub
parameters under this, first operating profit to AWF (Average working fund) this reflects
management’s efficiency in productive deployment of its average working fund, second Net
interest margin (NIM) – a keenly watched parameter by bankers and analysts, which reflects
the ability of a bank to manage its cost of deposits,

5. LIQUIDITY

PUBLIC SECTOR BANKS PRIVATE SECTOR BANKS

State Bank of Patiala Development Credit Bank

State Bank of India Dhana Lakshmi Bank

State bank of Hyderabad Yes bank

Vijaya bank Bank of Rajasthan

Bank of Baroda Lakshmi vilas Bank

83
MAJOR THREE BANKS IN INDIA:

Credit Deposit Ratio

Particulars 2005 2006 2007 2008 2009

ICICI Bank 97.38 89.17 87.59 83.83 84.99

HDFC Bank 55.89 64.87 65.79 66.08 65.28

AXIS Bank 43.63 47.4 52.79 59.85 65.94

For a Bank, Liquidity is a crucial aspect which represents its ability to meet its financial
obligations. It’s of utmost importance to a Bank to maintain correct levels of liquidity, which
will otherwise lead to declined earnings. A high liquidity ratio indicates a banks comfort level
vis-à-vis its ability to manage its obligation, both short term and long term. However a bank
needs to take care in hedging liquidity risk to ensure its own liquidity under all rational
conditions. Liquidity of a bank can be measured using metrics such as Liquid assets to Total
deposits and liquid assets to Total assets, G-sec to Total assets etc.

84
 CONCLUSION

Risk management underscores the fact that the survival of an organization depends heavily
on its capabilities to anticipate and prepare for the change rather than just waiting for the
change and react to it.

The objective of risk management is not to prohibit or prevent risk taking activity, but to
ensure that the risks are consciously taken with full knowledge, clear purpose and
understanding so that it can be measured and mitigated. It also prevents an institution from
suffering unacceptable loss causing an institution to fail or materially damage its competitive
position. Functions of risk management should actually be bank specific dictated by the size
and quality of balance sheet, complexity of functions, technical/ professional manpower and
the status of MIS in place in that bank. There may not be one-size-fits-all risk management
module for all the banks to be made applicable uniformly.

Balancing risk and return is not an easy task as risk is subjective and not quantifiable
whereas return is objective and measurable. If there exist a way of converting the subjectivity
of the risk into a number then the balancing exercise would be meaningful and much easier.

Banking is nothing but financial inter-mediation between the financial savers on the one hand
and the funds seeking business entrepreneurs on the other hand. As such, in the process of
providing financial services, commercial banks assume various kinds of risks both financial
and non-financial. Therefore, banking practices, which continue to be deep routed in the
philosophy of securities, based lending and investment policies, need to change the approach
and mindset, rather radically, to manage and mitigate the perceived risks, so as to ultimately
improve the quality of the asset portfolio. As in the international practice, a committee
approach may be adopted to manage various risks. Risk Management Committee, Credit
Policy Committee, Asset Liability Committee, etc are such committees that handle the risk
management aspects. While a centralized department may be made responsible for
monitoring risk, risk control should actually take place at the functional departments as it is
generally fragmented across Credit, Funds, Investment and Operational areas. Integration of
systems that includes both transactions processing as well as risk systems is critical for

85
implementation. In a scenario where majority of profits are derived from trade in the market,
one can no longer afford to avoid measuring risk and managing its implications thereof.

Crossing the chasm will involve systematic changes coupled with the characteristic
uncertainty and also the pain it brings and it may be worth the effort. The engine of the
change is obviously the evolution of the market economy abetted by unimaginable advances
in technology, communication, transmission of related uncontainable flow of information,
capital and commerce throughout the world. Like a powerful river, the market economy is
widening and breaking down barriers. Government’s role is not to block that flow, but to
accommodate it and yet keep it sufficiently under control so that it does not overflow its
banks and drown us with the associated risks and undesirable side effects. To the extent the
bank can take risk more consciously, anticipates adverse changes and hedges accordingly, it
becomes a source of competitive advantage, as it can offer its products at a better price than
its competitors. What can be measured can mitigation is more important than capital
allocation against inadequate risk management system.

Basel proposal provides proper starting point for forward-looking banks to start building
process and systems attuned to risk management practice. Given the data-intensive nature
of risk management process, Indian Banks have a long way to go before they comprehend
and implement Basel II norms.

The effectiveness of risk measurement in banks depends on efficient Management

Information System, computerization and net working of the branch activities. The data
warehousing solution should effectively interface with the transaction systems like core
banking solution and risk systems to collate data. An objective and reliable data base has to
be built up for which bank has to analyze its own past performance data relating to loan
defaults, trading losses, operational losses etc., and come out with bench marks so as to
prepare themselves for the future risk management activities.

Any risk management model is as good as the data input. With the onslaught of globalization
and liberalization from the last decade of the 20th Century in the Indian financial sectors in
general and banking in particular, managing Transformation would be the biggest challenge,
as transformation and change are the only certainties of the future.

86
 BIBILIOGRAPHY

1. The Indian Banking Sector - On the Road to Progress: By G. H. Deolalkar

2. Risk management and Indian Banking: Opportunities and Challenges: By Susan Thomas

http://www.igidr.ac.in/˜susant

3. Special Address by Smt. Shyamala Gopinath, Deputy Governor at the FICCI-IBA

Conference on "Global Banking: Paradigm Shift, Mumbai.

87