Risk Management in Bank


Loading.... (view fulltext now)





Full text




Page 2


























Page 3



Peter L Bernstein in his celebrated book, Against the Gods- the Remarkable Story of Risk” stated that “in the Dark Age risk was always associated with God” as the mankind progressed and business and markets grew the art of risk management grew from primitive stages to modern day rocket science.

Risk is an inherent component of our life, be it in business or our personal life. The one who is able to manage it properly emerge the winner.

In simple terms, risk can be defined as any uncertainty about a future event that threatens the organization‟s ability to accomplish its mission. Business is a trade off between risk and return. The word risk may have different meanings to different users. To a lay man, it has connotations that one invariably associates with the games of gambling or reckless behaviors in life. In contrast, to an information age company however, taking risk is one of the most important critical success factors as it encourages innovation. Innovation demand trying of new things, and trying something new again calls for uncertainty where one dose not know whether one will succeed or fall. Therefore, it is said to be taking a risk. To some others risk or risk-based functioning is a favorite hobby. Those who fall in this category are termed as speculators. Thus, though risk in an inherent feature to take it. Having briefly discussed the overview of what risk is all about, let us now turn our focus towards the definition of risk.


Recalling our earlier statements we can say that risk means different things to different people. For some, it is “financial” (exchange rate, interest-call money rates) and for others, “an event or commitment which has the potential to generate commercial liability or damage to the brand image”. Since risk is accepted in business as a trade off between reward and threat, it does mean that taking risk brings froth benefits or well. In other words, it is necessary to accept risk, if the desire is to reap the anticipated benefits. Risk in its pragmatic definition of risk is very pertinent today as the current business environment offers both challenges and opportunity to organization, which have to mange them to their competitive advantage.



Risk management is a discipline that deals with the possibility that some future event will cause them. The proper management of risk provides strategies, techniques, and an approach to recognize and confront any threat faced by an organization that seeks to fulfills it‟s mission. It is to be always borne in mind that the process of risk management does not aim at risk elimination, out enable the organization to bring its risk to manageable proportions while not severely affecting their income. This balancing act between the risk level and the level of profits earned, needs to be well-planned. Apart from bringing the risk to manageable extent, it is also to be ensured that in risk dose not get transformed in to any other undesirable risk. This transformation takes place „due to the inter-linkage present among the various risks. The focal point in managing any risk is to understand the nature of the transaction so as to unbundle the risks that it is exposed to.

It sharp contract to our country, the discipline of risk management is a more popular subject in the western world. This is largely a result of the lesson from major cooperate failures, a telling and visible example being the baring collapse. In additions, there has been the introduction of regulatory requirements that expect organizations to have effective risk management practices. In India, whilst risk management is still in its infancy, there has been considerable debate on the need to introduce comprehensive risk management practices.


Indian banking industry is going through a transformation process in it‟s transformational journey from the era of protected economy to the though world of market economy. Banks are expanding their operations, entering new market and trading in new assets types. The change in financial system product and structures has created new opportunity along with new risk. Risk management has become internal part of financial activity of bank and other market participates. There risk can‟t be ignored and either has to be managed by market participates as part of assets-liability management or hedge. Under their circumstances, creating an environment that promotes risk management assumes critical importance. This requires addressing certain policy and institutional issues in developing in India.


Page 5 First and foremost a well developed market, repo market constitutes an important prerequisite for the promotion of risk management practice among market participants. Regulatory gaps and overlaps in debt markets need to be sorted out quickly to facilities the repeal of the 1669 notification which will go a long way in aiding the process of ALM for banks. Indian conditions are suitable for introduction of credit default swap in India. It offers advantages of hedging credit risk without impairing the relationship with the borrowers. Forward, rate agreements and interest rate swaps enables user to lock into spreads. Then RBI has already permitted interest rates swaps. A major reason for lack of term money market is the obscene of the practice of ALM system among bank for identifying mismatches in carols time periods. The recent RBI guidelines to lend on a term and also offer two way quotes in the market. The advisory group on banking supervision constituted by RBI recommended greater orientation of banks management OECD principal of corporate governed recognizes the risk management as area of increasing importance for board which is related to corporate strategy.


Page 6



While discussing the basic objectives of a risk management function, one comes across two schools of thoughts. One speaks about managing risks, maximizing profitability and creating opportunity out of risks and the other concerns with minimizing risks or the loss associated with the business operations and thus protecting corporate assets. The management of an organization needs to consciously decide whether or not it wants to pursue risk management function to „mange‟ or „reduce‟ risks. Managing risks essentially is about striking the right balance between risks and controls and taking informed management decisions on opportunities and threats facing an organization. Bothe theses situations, i.e. over or under controlling risk are not desirable as the former means higher costs and the latter means possible exposure to risk.

The process of mitigating or minimizing risks, on the other hand, means mitigating or minimizing all risks even if may also mean that the opportunities are not adequately exploited. In the context of the risk management function, identification and management of risk is more prominent in the financial services sector and less so in the consumer products industry.


Page 7



After the different types of risks are identified, the next step involves identifying the alternate approaches available for managing/ reducing the risks. The various approaches are described below:

Avoidance: The concept of risk is relevant if the bank is holding an asset/liability which

is exposed to risk. Avoidance refers to not holding such an asset/liability as a means of avoiding the risk. Exchange risk can be avoided by not holding assets/liabilities denominated in foreign currencies. Business risk is avoided by not doing the business itself. This method can be adopted more as an exception than as a rule since any business activity necessitates holding of assets and liabilities.

This approach has application when a bank is planning to decide exposure limits. For example, a bank may decide to avoid a particular industry say, Aquaculture or Poultry, while extending credit or it many decide not to lend to certain type of bank in the money market.

Loss control: Loss control measure is used in case of the risks which are not avoided. These risks might have been assumed either voluntary or because they cannot be avoided. The objective of these measures either to prevent a loss or to reduce the probability of loss. Insurance, for example, is a loss control measure. Introduction of system and procedures, internal or external audit help in controlling the losses arising out of personnel. Raising funds through floating rate interest bearing instruments can reduce the losses due to interest rate risk.

Separation: the scope for loss by concentrating an asset as a single location can be reduced by distributing it to different locations, assets which are needed for routine consumption can be placed at multiple locations so that loss in case of any accident can be minimized. However, does simultaneously increase the number of risk centers. Consider tow banks, one which has a wide network across the country and another which is confined to one state. An adverse economic scenario of the set latter more than the


Page 8 former. This is more conspectuses when one compares a cooperative bank with a commercial bank.

Combination: This reflects the old adage of not putting all the eggs in one basket. The

risk of default is less when the financial assets are distributed over a number of issuer intend of locking them with a single issuer. It pays to have multiple supplier of raw material intend of relying on a sole supplier. A well-diversified company has a lower risk of experiencing a recession.

Transfer: Risk reduction can be achieved by transfer. The transfer can be of three types.

In the first type, the risk can be transferred by transferring the asset/liability itself. For instance, the risk emanating by holding a property or a foreign currency security can be eliminated by transferring the same to another. The second type of transfer involves by transferring the risk without transferring the asset/liability. The exchange risk involved in holing a foreign currency asset/liability can be transferred to another by entering into a forward contract/currency swap. Similarly, the interest rate risk can be involves making a third party pay for the losses without actually transferring the risk. An insurance policy covering the third party risk is an example.

When a bank takes a policy to cover the losses incurred on account of misuse of lost credit cards, it is in effect finding someone to finance the losses while it still has the obligation to pay the Merchant Establishment.

Except for the approach of avoidance, the bank can effectively adopt other since by avoiding risk the bank will not be making any profits. From the above discussion on risk, it is now evident that banks can neither do without profits nor risk. However, mere acceptances of risk to remain profitable dose not an ultimate danger that the bank itself may fail. The question that arises at this point is what should the bank do in order to take risk for greater returns and at the same time not end up in losses? Risk management is the solution to such a situation.


Page 9



As per the RESERVE BANK OF INDIA guidelines issued in October 1999, there are three major types of risks encountered by the banks and these CREDIT RISK, MARKET RISK AND OPERATIONAL RISK. In the article, we will see what the components of these three major risks are. In August 2001, a discussion paper on move towards Risk based Supervision was published. Further, in September 2001 a guidance note on Credit Risk Management was sent to all the banks. Recently in March 2002, a guidance note on Market Risk Management was also circulated to all the banks and this was followed by a discussion paper on Country Risk released in May 2002.

Risk is the potentiality that both the expected and unexpected events may have as adverse impact on the bank‟s capital or earnings. The expected loss is to be borne by the borrower and hence is taken care of by adequately pricing the products through risk premium and reserves created out of the earnings. It is the amount expected to be lost due to changes in credit quality resulting in default.

Whereas, the unexpected loss on account of the individual exposure and the whole portfolio in entirety is to be borne by the bank itself and hence is to be taken care of by the capital.

Thus, the expected losses are covered by reserves and provisions and the unexpected losses require capital allocation. Hence, the need for sufficient Capital Adequacy Ratio is felt. Each type of risk is measured to determine both the expected and unexpected losses using VaR (Value at Risk) or worst-case type analytical model.


Page 10 Types of Financial Risks

Financial Risks

Market Risk Credit Risk Operational Risk


Credit risk or default risk may be defined as the potential that a bank borrower or counterparty will fail no meet its obligations in accordance with the agreed terms. Sources of credit risk exist throughout the activities of the bank, these are:

1. Loans, which are the largest and most important sources of credit risk. Loans and advances constitute nearly 65% of the total assets of the scheduled commercial banks in India at the end of any normal financial year.

2. Investment (in non-SLR instruments), including certificate of deposits, commercial paper, equity shares of PSUs and private corporate sector, brands / debentures / preference shares issued by PSUs and private corporate sector etc. The exposure to such investments in respect of the scheduled commercial banks of India may be 7-9% of the total assets as at the end of March of any normal financial year.

3 Off balance sheet activities / items. These item are not booked on the balance sheets and are of a contingent nature, and hence carry a definite element of risk although they generate a fee income for the banks, Indian banks are presently exposed to the off-balance sheet item such as foreign exchange contracts, guarantees, acceptance etc. These, put together, constitute 6-7% of the total assets in respect of the scheduled commercial bank in India at the end of the March of any normal year. With further liberalization, banks are taking up new types of off-balance sheet exposures such as future, swaps, options, etc.


Page 11 4. The remaining 25 to 30% of demand and time liabilities of the banks in locked up by way of cash. Reserve Ratio (CRR) or Statutory Liquidity Ratio (SLR). Credit risk is generally made up of transaction risk or default risk and portfolio risk. Transaction risk arises from individual credit transactions of the bank at a micro-level and is evaluated through technical, financial and economic analyses of individual borrowers‟ Project. Whereas, portfolio risk arises out of the total credit exposures of the bank at a micro-level. Portfolio risk may be intrinsic, e.g. a particular group or type of customers or industry may have a higher risk profile as compared to the other group or types. Portfolio risk may also arise out of undue concentration to credits to single borrowers or counterparties, a group of connected borrowers or counterparties, particular industries / sectors, borrowers in a particular geographic location, etc. In the event that a particular group or industry experiences downturn, the entire portfolio may turn into non-performing assets, at least at that pointed time.

The Bank considers rating of a borrower account as an important tool to manage the credit risk associated with any borrower and accordingly a ‟two dimensional credit rating system‟ was introduced in the Bank. Software driven rating / scoring models for different segments have been customized to suit the Bank‟s requirements.

 Credit Rating 1. Obligor Rating  Financial Parameters  Managerial Parameters  Industrial Parameters  Operational Parameters 2. Facility Rating (Collateral Securities)

 AAA Lowest Risk


Page 12

 A Low Risk

 BBB Moderate risk – Entry Level

 BB High risk

 B Higher risk

 C Highest risk

 D Absolute risk

 E Caution risk


Bank in emerging markets like India, face intense challenges in managing Credit Risk, These may be determined by factors external to the bank, such as:

 Delay in production schedules/production difficulties of borrowers

 Frequent instability in the business environment

 Wide swings in commodity/equity prices, foreign exchange rates and interest rates

 Legal framework less conductive to debt recovery, hence time consuming

 Financial restrictions

 Government policies and controls

 Economic sanctions

 Natural disasters, etc.

These may be further aggravated by internal factor/deficiencies in the management of Credit risk within the bank like

Deficiencies in loan policies / administration  Lack of portfolio concentration limits

 Excessive centralization or decentralization of lending authority

 Deficiencies in appraisal of financial position of the borrowers/borrowed units

 Poor industry analysis


Page 13

 Inadequate post-sanction surveillance

 Lack of articulated loan review mechanism

 Failure to improve collateral position as credit portfolio deteriorates

 Absence of stringent asset classification and loan loss provisioning standards

 Inadequate checks and balances in the credit management process, and

 Failure to control and audit the credit process effectively

These deficiencies may lead to weaknesses in the loan portfolio of the Bank, like over

Concentration of loans in one industry or sector, large portfolios of non-performing loans and credit losses. These may, in turn, lead to cash crunch and ultimately insolvency. The fact that the bank operating in an economic environment that poses formidable challenges for good credit management gives all the more reason to them to strengthen their credit risk management practices and sharpen their credit management skills, both pre-sanction and post-sanction.


A fundamental prerequisite for credit risk management is establishment of an appropriate credit risk environment. Banks should have a clear cut perspective on credit risk strategy and evolve suitable policies and procedures to implement it. These should be effectively discussed across various levels and then communicated throughout the organization for implementation. All relevant personnel should clearly understand the bank‟s approach to granting credit and should comply with the established policies, practices and procedures, relating to pre-sanction appraisal and post-sanction follow-up.

Internationally, the responsibility for designing and implementing credit risk management system (viz, identifying, measuring, monitoring and controlling credit risk), is vested with the top management of the banks. The Basel committee document has recommended that:

 The board of directors should have the responsibility for approving and periodically

reviewing the credit risk strategy and significant credit risk policies of the bank, The strategy should reflect the bank‟s tolerance for risk and the level of profitability the bank expect to


Page 14 achieve by creating a loan assets mix the carries various credit risk, within the tolerance level fixed by the board.

 Senior management should have the responsibility for implementing the credit risk strategy

approved by the board and developing the policies and procedures for identifying, measuring, monitoring and controlling credit risk, such policies and procedures should address credit risk in all the bank‟s activities and at both individual credit and portfolio levels.

 Bank should identify and manage credit risk inherent in all products and actives. New Products and activities should be subject to close watch and adequate procedures and Controls should be in place before they are introduced or launched.


A credit risk strategy or plan established the objectives for guiding the bank‟s credit-granting Activities and its credit risk management functions. The strategies or directives:

 Typically provide general parameters for the types of credits that the bank will offer and the

types of customers that the bank will serve, as dictated by current strategic decision. In a particular year, the bank may like to concentrate on infrastructure finance, or may like to expand in the retail finance segment. These strategies should be formulated by the credit policy and credit administration Division, and faithfully implemented after getting approval form the board of the Bank, Similarly loan-concentration levels in particular industries or market segments should carefully be regulated and kept under constant watch.

 Due attention should be given to the goals of credit quality, earnings and growth.

 Ensure continuity in approach. These will need to take into account the cyclical patterns of

the industry and economy and the resultant shifts in the overall composition and quality of the credit portfolio. These strategies should be viable in the long-run, and these, in turn; Should be effectively communicated throughout the organization and feedback obtained to ensure that the massage and concepts have correctly registered at levels down the line


Page 15 Credit Risk Management of ICICI

Credit risk, the most significant risk faced by ICICI Bank, is managed by the Credit Risk Compliance & Audit Department (CRC & AD) which evaluates risk at the transaction level as well as in the portfolio context. The industry analysts of the department monitor all major sectors and evolve a sectoral outlook, which is an important input to the portfolio planning process. The department has done detailed studies on default patterns of loans and prediction of defaults in the Indian context. Risk-based pricing of loans has been introduced.

The functions of this department include:

 Review of Credit Origination & Monitoring  Credit rating of companies/structures  Default risk & loan pricing

 Review of industry sectors

 Review of large exposures in industries/ corporate groups/ companies

 Ensure Monitoring and follow-up by building appropriate systems such as CAS  Design appropriate credit processes, operating policies & procedures

 Portfolio monitoring

 Methodology to measure portfolio risk  Credit Risk Information System (CRIS)  Focused attention to structured financing deals  Pricing, New Product Approval Policy, Monitoring  Monitor adherence to credit policies of RBI

During the year, the department has been instrumental in reorienting the credit processes, including delegation of powers and creation of suitable control points in the credit delivery process with the objective of improving customer response time and enhancing the effectiveness of the asset creation and monitoring activities.

Availability of information on a real time basis is an important requisite for sound risk management. To aid its interaction with the strategic business units, and provide real time information on credit risk, the CRC & AD has implemented a sophisticated information system,


Page 16 namely the Credit Risk Information System. In addition, the CRC & AD has designed a web-based system to render information on various aspects of the credit portfolio of ICICI Bank.


Traditionally, credit risk management was the primary challenge for banks. With progressive deregulation, market risk arising adverse changes in market variables, such as interest rate, foreign exchange rate, equity price and commodity price has become relatively more important. Even a small change in market variables causes substantial changes in income and economic value of banks.

MARKET RISK may be defined as the possibility of loss to a bank caused by the changes in the market variables. It is the risk that the value of on/off-balance sheet positions will be adversely affected by movements in equity and interest rate markets, currency exchange rates and commodity prices.

Market risk is the risk to the bank‟s earnings and capital due to changes in the market level of interest rates or prices of securities, foreign exchange and equities, as well as the volatilities of those prices. Market Risk management provides a comprehensive and dynamic framework for measuring, monitoring and managing liquidity, interest rate, foreign exchange and equity as well as commodity price risk of a bank that needs to be closely integrated with the banks business strategy.

Scenario analysis and stress testing is yet another tool used to asses areas of potential problems in a given portfolio. Identification of future changes in economic conditions like- ECONOMIC / INDUSTRY OVERTURNS.



Page 17 That could have unfavorable effect on banks portfolio is a condition precedent for carrying out stress testing. As the underlying assumption keeps changing from time to time, out-put of the test should be reviewed periodically.

Market risk arises out of the dynamics of market forces, which, for the banking industry, may include interest rate fluctuations, maturity mismatches, exchange rate fluctuations, market competition in terms of services and products, changing customer preferences and requirements resulting in product obsolescene, coupled with changes national and international politico-economic scenario. These risks are like perils of the sea, which can be caused by any change-taking place anywhere in the national and international arena.

Market risks affect banks in two ways:

i. The customer requirements are changing because of the changing economics scenario. Hence banks have to fine-tune/modify their products to make them customer friendly, otherwise the obsolescence of products will divert the customers to other banks thereby reducing the business and profits of the bank concerned.

ii. The macro-economic changes in the national and international politico-economic

scenario affect the risk element in different business activities differently. This aspect has assumed greater importance in the modern age, because of the increasing integration of global markets.

Since both these aspects are dynamic in nature, with change being the only constant factor, market risks need to be monitored on a continuous basis and appropriate strategies evolved to keep these risks within manageable limits. Again, given that one can manage only what one can measure, measurement of risks on a continuous basis deserves immediate attention.

Market risk can be defined as the risk of losses in on and off balance sheet positions arising from adverse movement of market variables.


Page 18 Market Risk Management

Management of market risk should be the major concern of top management of banks. The Boards should clearly articulate market risk management policies, procedures, prudential risk limits, review mechanisms and reporting and auditing systems. The policies should address the bank‟s exposure on a consolidated basis and clearly articulate the risk measurement systems that capture all material sources of market risk and assess the effects on the bank. The operating prudential limits and the accountability of the line management should also be clearly defined. The Asset-Liability Management Committee (ALCO) should function as the top operational unit for managing the balance sheet within the performance/risk parameters laid down by the Board. The banks should also set up an independent Middle Office to track the magnitude of market risk on a real time basis. The Middle Office should comprise of experts in market risk management, economists, statisticians and general bankers and may be functionally placed directly under the ALCO. The Middle Office should also be separated from Treasury Department and should not be involved in the day to day management / ALCO / Treasury about adherence to prudential / risk parameters and also aggregrate the total market risk exposures assumed by the bank at any point of time.


1) Liquidity Risk

2) Commodity Price Risk and 3) Equity Price Risk

A concise definition of each of the above Market Risk factors and how they are managed is described below:


Liquidity Planning is an important facet of risk management framework in banks. Liquidity is the ability to efficiently accommodate deposit and other liability decreases, as well as, fund loan portfolio growth and the possible funding of off-balance sheet claims. A bank has


Page 19 adequate liquidity when sufficient funds can be raised, either by increasing liabilities or converting assets, promptly and at a reasonable cost. It encompass the potential sale of liquid assets and borrowings from money, capital and forex markets. Thus, liquidity should be considered as a defence mechanism from losses on fire sale of assets.

Liquidity risk is the potential inability of a bank to meet its payment obligations in a timely and cost effective manner. It arises when the bank is unable to generate cash to cope with a decline in deposits/liabilities or increase in assets.

The cash flows are placed in different time buckets based on future behavior of assets, liabilities and 0ff-balance sheet items.

LIQUIDITY may be defined as the ability to meet commitments and/or undertake new transactions. The most obvious form of liquidity risk is the inability to honor desired withdrawals and commitments, that is, the risk of cash shortages when it is needed which arises due to maturity mismatch.

BANKING can also be described as a business of maturity transformation. Usually banks, lend for a longer period than for which they borrow.

Therefore, they generally have a mismatched balance sheet in so far as their short-term liabilities are greater than short-term assets and long-term assets are greater than long term liabilities.

i. Liquidity risk is measured by preparing a maturity profile of assets and liabilities, which enables the management to form a judgment on liquidity mismatch. As the basic problem for a bank is to ascertain whether it will be able to meet maturing obligations on the date they fall due, it must prepare a projected cash-flow statement and estimate the probability of facing any liquidity crisis.

Liquidity measurement is quite a difficult task and can be measured through stock or cash flow approaches. The key ratios, adopted across the banking system are: the other methods of measuring liquidity risk are:_


Page 20  To manage liquidity risk, banks should keep the maturity profile of liabilities

compatible with those of assets.

 The behavioral maturity profile of various components of on/off balance sheet items is being analyzed and variance analysis is been undertaken regularly.

 Efforts are also being made by some banks to track the impact of repayment of loans and premature closure of deposits to estimate realistically the cash flow profile.

 Banks are closely monitoring the mismatches in the category of 1-14 days and 15-28 days time bands and tolerance levels on mismatches are being fixed for various maturities, depending on asset-liability profile, stand deposit base nature of cash flows, etc.

Liquidity Risk means, the bank is not in a position to make its repayments, withdrawal, and other commitments in time. For EXAMPLE two Canadian banks, Northland Bank and Continental Bank of Canada suffered a run on deposits because of a credit crisis at Canadian commercial bank.

Liquidity risk consists of FUNDING RISK, TIME RISK, and CALL RISK. The liquidity risk in banks manifest in different dimensions:

Funding Risk – It is the need to replace net outflows due to unanticipated withdrawals/non-renewal of deposits (wholesale and retail)

Time Risk – It is the need to compensate for non-receipt of expected inflows of funds, i.e. performing assets turning into non-performing assets; and

Call Risk – It happens due to crystallization of contingent liabilities and unable to undertake profitable business opportunities when desirable.


Equity Price Risk is the risk of loss in value of the bank‟s equity investments and/or equity derivative instruments arising out of change in equity prices.



The risk of loss in value of commodity held/traded by the bank, arising out of changes in prices, basis mismatch, forward price etc.


“Operational Risk is defined as the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and system or from external events.”

Generally, operational risk is defined as any risk, which is not categorized as market or credit risk, or the risk of loss arising from various types of human or technical error. It is also synonymous with settlement or payments risk and business interruption, administrative and legal risks. Operational risk has some form of link between credit and market risks. An operational problem with a business transaction could trigger a credit or market risk.

Indeed, so significant has operational risk become that the bank for International Settlement (BIS) has proposed that, as of 2006, banks should be made to carry a Capital cushion against losses from this risk.

Managing operational risk is becoming an important feature of sound risk management practices in modern financial markets in the wake of phenomenal increase in the volume of transactions, high degree of structural changes and complex support systems.

The most important type of operational risk involves breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial loss through error, fraud, or failure to perform in a timely manner or cause the interest of the bank to be compromised.

The objectives of Operational Risk Management is to reduce the expected operational losses that focuses on systematic removal of operational risk sources and uses a set of key risk indicators to measure and control risk on continuous basis. The ultimate objective of operational risk management is to enhance the shareholder‟s value by being ready for risk based capital allocation.


Page 22 There is no uniformity of approach in measurement of Operational Risk in the banking system at present

The bank‟s operational risks can be classified into following six exposure classes

 People  Process  Management  System  Business and  External

Bank has also identified 5 business lines viz…..

 Corporate finance

 Retail banking

 Commercial banking

 Payment and Settlement and

 Trading and Sales (Treasury operations) also

To each of this exposure classes within each business line are attached certain risk categories under which the bank can incur losses or potential losses.

Bank collected information at first instance for a 5 year period and is being updated on a six monthly basis June and December. These date help in qualifying the overall potential / actual loss on account of Operational Risk and initiate measure for plugging these risk areas.

Bank may suitably at a latter date move to appropriate models for measuring and managing Operational Risk also after receipt of RBIs Guidance Note.


There is no uniformity of approach in measurement of operational risk in the banking system. Besides, the existing methods are relatively simple and experimental, although some of the international banks have made considerable progress in developing more advanced techniques for allocating capital with regard to operational risk.


Page 23 Measuring operational risk requires both estimating the probability of an operational loss event and the potential size of the loss. It relies on risk factor that provides some indication of the likelihood of an operational loss event occurring. The process of operational risk assessment needs to address the likelihood (or frequency) of a particular operational risk occurring, the magnitude (or severity) of the effect of the operational risk on business objectives and the options available to manage and initiate actions to reduce/mitigate operational risk. The set of risk factors that measure risk in each business unit such as audit ratings, operational data such as volume, turnover and complexity and data on quality of operations such as error rate or measure of business risks such as revenue volatility, could be related to historical loss experience. Banks can also use different analytical or judgmental techniques to arrive at an overall operational risk level. Some of the international banks have already developed operational risk rating matrix, similar to bond credit rating. The operational risk assessment should be bank-wide basis and it should be reviewed at regular intervals. Banks, over a period, should develop internal systems to evaluate the risk profile and assign economic capital within the RAROC framework…..

Indian Banks have so far not evolved any scientific methods for quantifying operational risk. In the absence any sophisticated models, banks could evolve simple benchmark based on an aggregate measure of business activity such as gross revenue, fee income, operating costs, managed assets or total assets adjusted for off-balance sheet exposures or a combination of these variables.

At present, scientific measurement of operational risk has not been evolved. Hence, 20% charge on the Capital Funds is earmarked for operational risk.

Operational Risk Management of ICICI

ICICI Bank, like all large banks, is exposed to many types of operational risks. These include potential losses caused by events such as breakdown in information, communication, transaction processing and settlement systems/ procedures.

The Audit Department, an integral part of the Risk Compliance & Audit Group, focuses on the operational risks within the organization. In recent times, there has been a shift in the audit focus from transactions to controls. Some examples of this paradigm shift are:


Page 24  Adherence to internal policies, procedures and documented processes

 Risk Based Audit Plan

 Widening of Treasury operations audit coverage  Use of Computer Assisted Audit Techniques (CAATs)  Information Systems Audit

 Plans to develop/ buy software to capture the workflow of the Audit Department

The Audit Department conceptualized and put into operation a Risk Based Audit Plan during the year 1998-99. The Risk Based Audit Plan envisages allocation of audit resources in accordance with the risk constituents of ICICI Bank‟s business.


Page 25 CHAPTER: - 5


At the outset it is to be noted that risk management does not aim at risk reduction. Risk management enables the banks to bring their risk level to manageable proportions while not severely reducing their income. Thus, risk management enables the bank to take required level of exposures in order to meet its profit targets. This balancing act between the risk levels and profits need to be well-planned. Risk management basically is a five-step process which involves: (Draw a diagram)

A. IDENTIFICATION OF RISK: Risk can be anything that can hinder the from meeting its targeted results. Each risk must be defined precisely in order to facilitate the identification of the same by the banking organizations. This will also enable the banks to have a fundamental understanding of the activities from which risks originate. This understanding will be essential to evaluate aspects related to the magnitude of the risks, the tenor and the implications they have on the accounting aspects. Unless the bank identifies and understand the nature of exposures involved in a transaction, it will not be able to manage them. Further, such unbundling also helps to bank in deciding which risk it will have to manage and which it would prefer to eliminate. The process of unbundling also helps a bank in pricing the risk.

B. QUANTIFICATIN OF RISKS: by measuring the risk, the bank is indirectly quantifying the consequences of the decision taken. If risks are not quantified, the bank will neither be aware of the consequences of its decision nor will it be in a position to manage the risks. Thus, all risks to which the bank is exposed need to be quantified. Quantification of risks is a crucial task and accurate measurement of the same depends extensively on the information available. The quality of information coming from various branches, however, depends on the reporting system. The information provided needs to be further evaluated to ensure that there is an effective and ongoing flow of information. Technology and MIS pay a crucial role here.

C. POLICY FORMATION: The next step will be developing a policy that gives the standard level of exposures that the bank will have to maintain in order to protect cash


Page 26 flows. Policy is a long-term framework to tackle risk and hence the frequency of changes taking place in it is very low. Setting policies for risk management will depend on the bank‟s objectives and its risk tolerance levels. The risk levels set by the bank neither should neither be too high that goes beyond the bank‟s capacity to manage it nor should it be too low that the profitability is affected. The bank should decide on a particular risk exposure level only if it aids in achieving the bank‟s objectives and also if it believe s that it has the capacity to manage the risk for a gain. If either of the conditions is not met, the bank will have to try and eliminate/minimize the risk.

D. STRATEGY FORMULATION: A strategy is that which is developed to implement a policy. Clearly, a strategy will then be relatively for a shorter period. Given the exposure and volatilities, a strategy helps in managing these risks. Firstly, the possible options and the risks attached to them are examined in order to known the affect on each option on the cash flows and the earnings. With this information, a strategy will be developed to identify the sources of losses/gains and how efficiently the risks can be shifted to enhance profits while reducing the exposure. Strategy differ widely depending on the nature of exposure , the type of transaction, etc. and will also state the instruments that are to be used to manage exposure, tenors and counterparties.

E. MONITERING RISK: laying down strategy will not less to risk management since risk profile cannot be static. Volatile circumstance may change the risk level of the investment and hence require the banks to restore the same to the set targets levels. For instance, the bank takes a long position on a loan of US $1mn. At an exchange rate so Rs.43.50, the risk which the bank is ready to take is up to Rs.0.10 variation. In absolute terms this will be Rs. 1 lakh. However, the exchange rate goes down by Rs. 0.15 due to which the loss to the bank is Rs. 1.5 lakh. This is beyond the target set by the bank. In such circumstances, the bank can take a long position in US $ if it believes that the rate will move up. And in case the rates are expected to go down further, it can either enter into a forward contract or exit from the long position taking up the loss. In either case the bank needs to have a view about the market regarding its future behavior.

While this is the general process for managing any type of risk, by any business firm, for a bank, the risk management process primarily involves Asset-Liability Management (ALM). ALM is discussed elaborately in subsequent chapters.


Page 27



An independent Risk Management department is functioning for effective risk management enterprise wide. Risk is managed through following three Apex committees viz.,

(i) Credit Risk Management Committee (CRMC)

(ii) Asset and Liability Management Committee (ALMC) and (iii) Operational Risk Management Committee (ORMC)

These committees work within the overall guidelines and policies approved by the Risk Management Committee of the Board.

The Bank has put in place various policies to manage the risk. To analyze the risk enterprise wide and with the objective of integrating all the risks of the Bank Integrated Risk Management Policy has also been put in place. The important risk policies comprise of Credit Risk Policy, Asset and Liability Management Policy, Operational Risk, Management Policy, Business Continuity Planning, Whistle Blower Policy and Policy on Corporate Governance.

The risk management systems are in place to identify and analyze the risks at the early stage, set and maintain prudential limits and manage them to face the changing risk environment. Software driven rating mechanism is in place to confirm the rating to ensure credit quality. An entry level scoring system is also put in place. Loan Review Management Committee reviews the Loan Review Mechanism and Credit Audit functions periodically. In addition, Standard Assets Monitoring Committee reviews the Special Mention Accounts to initiate timely action to prevent slippage of standard assets to non-performing assets. The liquidity risk is managed through studying structural liquidity on a daily basis, which is being discussed in the Funds and Investments Committee and reviewed every month by ALMC .The interest rate risk is managed through monthly interest rate sensitivity statements monitored by ALMC. The mid offi ce, directly reporting to Risk Management Department, monitors treasury transactions independently.


Page 28 Operational risk is managed by integrating the operational risk management systems into day to day management processes and adopting various risk mitigating strategies. The risk perception in various products / procedures is critically analyzed. Stress tests are conducted periodically for the credit risk, liquidity risk and interest rate/exchange rate risk.

Policy on Internal Capital Adequacy Assessment Process (ICAAP) is put in place whereby the Bank identifies/measures and allocates Capital for various residual risks identified under Pillar II on quarterly basis and is reviewed by the Board half yearly. The CRAR position of the Bank is reviewed by the Board on a half yearly basis and assessment for the next three years is also provided based on projected business position.

In compliance with the Reserve Bank of India guidelines on Basel II – Pillar 3 – Market Discipline, the Bank has put in place a Disclosure Policy duly approved by the Board and

the disclosures on Quarterly / Half-yearly / Annual basis as per the policy are made in the Bank‟s Website / Annual Report.


Page 29



Asset-liability management (ALM) is concerned with strategic b balance sheet management involving risks caused by changes in the interest rates, exchange rates and the liquidity position of the bank. While managing these risks forms the crux of ALM, credit risk and contingency risk also form a part of the ALM. The significance of ALM to the financial sector is further highlighted due to the dramatic changes that have occurred in recent years in the assets (use of funds) and liabilities (sources of funds) of banks.

In India, the post-liberalization witnessed a rapid industrial growth, which has further stimulated the growth in the fund rising activates. With the rise in the demand for funds there has also been a remarkable shift in the futures of the sources and uses of funds of banks. Traditionally administrated rates were used to price the assets and liabilities of banks. However in the deregulated rates were used to price the assets and liabilities of banks. This led to discriminate pricing policy, and also highlighted the need to match the maturities of the assets and liabilities. The changes in the profile of the sources and uses of funds are reflected in the borrowers‟ profile, in the interest rate structure for deposits and advance etc. the developments that took places since liberalization led to a remarkable transition in the risk profile of the financial intermediaries led. The main reasons for the growing significance of ALM are:

 Volatility

 Products innovations

 Regulatory environment

 Management recognition

VOLATILITY: An increasing number of free economics are being witnessed in recent

times with more and more nation globalizing their operations. Closely regulated markets are paving way of market-driven economics. Such deregulation has changed the dynamics of the financial markets. The vagaries of such free economic environment are reflected in the market, the exchanged rates and price levels. For a business which involves trading in money, rate fluctuations invariably affect the market value yields/costs of the assets/liabilities which further affect the market value of bank and it‟s


Page 30 Net Interest Income (NIL). Tacking this situation would have been a very easy task, in a set-up where the interest rate movements are known with accuracy and where the volatility in the exchange rates is considerably lower.

PRODUCT INNOVATION: The second reason for the growing importance of ALM is

the rapid innovations taking place in the financial product of the bank. While some innovations came as passing fads, other has received tremendous response. In several cases, the same product has been repackaged with certain differences and offered by various banks. Whatever maybe the features of the products, most of them have an impact on the risk profile of the banks thereby enhancing the near for ALM. Consider the flexi-deposit facility banks are now offering for their term deposits. Earlier, if a depositor, who has a term deposit of Rs.1 Lake, was in need of funds, say rs.25, 000, before the date of maturity of the term deposit, then the depositor would go for a premature withdrawal of the term deposit of raise a loan. In order to discourage this, banks charge a penalty on the entire amount for premature withdrawal. This served as a disincentive for premature withdrawals and also reduced the risk for the bank. This enables the investor to withdraw the required amount before maturity since the burden of penalty is limited. However it will also enhance the risk of the bank. With a reduction in the penalty amount, the depositor would make a demand for the premature withdrawal at any time. To reduce the impact of the assets-liability mismatch that arise due to this early withdrawal of funds, the bank will have to raise a liability risk when there is sudden outflow of funds as well s interest rate risk since it may have to raise a liability at a higher cost.

REGULATORY ENVIRONMENT: In order to enable the banks to cope with the

changing environment that has resulted due to the integration of the domestic markets with the international markets, the regulatory bodies of various financial markets have initiated a number of measures. These measures were taken with an objective to prevent major losses that may arise due to market vagaries one step in this direction was the increased focus on the management of the bank assets and liability. The RBI is also following this direction and has recently issued a framework for banks to develop ALM


Page 31 policies. In addition to this, there are various guidelines issued by the regular on the risk based capital to be maintained by the banks in order to tackle the credit risk.

MANAGEMENT RECOGNITION: All the above mentioned aspect forced the

managements of the banks to give a serious thought about the management of the asset and liability. Managements have realized that it is just not sufficient to have very good retail deposits base. In addition to these, the banks should be in a position to relate and link the asset side with liability side. And this calls for efficient asset-liability management.

There is increasing awareness in the top management that banking is now a afferent game altogether because all the rules of the game have since been changed.


This enhanced level of importance to the ALM has led to a change in the nature of its functions. It is no longer a stand-alone analytical function. While there are macro- and micro-level objectives of ALM, it is however the micro-micro-level objectives that hold the key for attaining the macro-level objectives. At the macro-level, ALM leads to the formulation of critical business policies. Efficient allocation of the capital and designing of product with appropriate pricing strategies. And at the macro-level, the objective function of the ALM is two-fold. They aim at profitability through price-matching whole ensuring liquidity by means of maturity matching. Price-matching basically aims to maintain speeds by ensuring that the deployment of liabilities will be at the rate higher than the cost. Similarly, liquidity is ensured by groping the assets/liabilities based on their maturing profiles. The gap is then assessed to identify the future financing requirement. This ensures liquidity. However, maintaining profitability by matching prices and ensuring liquidity by matching the maturity levels is not an easy task. `


Management of risks should be at two levels: level and micro-level. The macro-level risk management will involve providing a risk management framework for the bank and hence the decision makers will clearly comprise the bank‟s board and the top management. On the other hand, at the micro-level business decision taken by the business managers, but within


Page 32 the board framework laid at the macro-level. Consider the following illustration that distinguishes between the macro- and micro-level decisions for ALM:

 Term loan for an aqua firm;

 Investment in 10-year government paper;

 Investment in the commercial paper issue of a company;

 Acceptance of FCNR (B) deposit

At the macro-level the bank will have to decide on-

 Whether or not to land to the aquaculture industry and in case it decides to lend, then

exposure level for lending;

 Whether or not invest in a government paper/other securities having maturity, of say

over 5 years and the limit that can be set for such investment;

 Whether or not to invest in the CPs issued by a company having a rating of less than

P1+; and

 Lastly whether to accept FCNR (B) deposits and the limit for such acceptance.

Thus at the macro-level, broad guidelines will be given in order to enable day-to-day decision to be taken relating to individual proposals for investment and borrowing without the involvement of the top management. The board should clearly communicate to the business managers the acceptable level of risks in terms of parameters chosen. This macro-level management of risk will be conducted by the Asset-Liability management committee (ALCO). ALSO shall not consider individual cases for decision –making.

In the above instances, if the ALSO decides that the bank shall not extend any loan facility to aqua projects, shall not invest in securities having maturity greater than 5 years and in CPs of firms having a credit rating of less than P1+and shall not accept any FCNR (B) deposits, then the business managers should take decisions within this framework.

Interest rate views of the bank and base its decision for future business strategy on this view. In respect of the funding policy, for instance, its responsibility would be to decide on source and mix of liability or sale of assets. Towards this end, it will have to develop a view on further direction of interest rate movements vs. retail deposits‟, money market vs. capital


Page 33 market funding, domestic vs. foreign currency funding etc. individual banks will have to decide the frequency for holding their ALSO meetings


Page 34



Effective risk management strategies can be implemented by integrating effective bank level management, operational supervision and market discipline. It is also imperative for financial institutions to update their risk management practices in accordance with prevalent legislation and regulatory environment. With these aspects in mind, the Basel committee on Banking Supervision published the Capital Adequacy Accord, also known as the Basel Accord, in 1988. The Basel Accord defined the parameters of risk management and capital adequacy for Financial Service Providers (FSPs). With the growth in financial service sector, the committee felt the need to update the Accord in line with new developments. As a result, it proposed the New Basel Capital Accord, also known as Basel II, in June 1999. With its new risk-sensitive framework, Basel II aims to fill the gap left by the p[pervious Accord. Basel II was devised to improve the soundness of the financial system by aligning regulatory capital requirement to the underlying risks of the banking industry. It encourages banks to conduct better risk management and enhance market discipline. According to the committee, financial institutions should integrate Basel II in their operations by the year-end 2006. Efficient risk management, as outlined by Basel II, can be ensured by leveraging information technology.

A Basel II implementation allows banker to adequately emphasize their own internal risk management methodologies. Bankers can also provide more incentive and options for risk management, thereby increasing flexibility of their systems. In addition to this, Basel II provides a variety of benefits to the banking system. These include enhanced risk management, efficient operations, and higher revenues to the banking community.

Along with the increased benefits, Basel II has also laid down some control on the international banking system. This is primarily in the form of a higher capital requirement to underwrite management of risk and lace of infrastructural controls in many economies. The global acceptance for Basel II is not far and most banks across the world will soon come under the preview of this Accord


Page 35

Existing Accord New Accord

1. Focus on single risk. 1. More emphasis on banks measure own internal

methodology, supervisory review and market


2. One size fits all. 2. Flexibility, menu of approaches, incentive for better

risk management.

3. Board brush structure. 3. More risk sensitivity.

After a series of revisions, Basel II has been finalized. A major part of it will be applicable by the end of 2006. During this intervening period, bank and supervisors must develop the necessary systems and processes to comply with the standards laid down by Basel II. For instance, financial institutions have to maintain a history of vital data sets built prior to the implementation date of Basel II. This will help them seamlessly “migrate” to Basel II. In addition, many countries have already started work on draft rules that would integrate Basel capital standards with their national capital regimes. The Basel II Accord aims to ensure effective risk management and security systems in the financial sector. It has undergone rigorous revisions before its framework has been finally frozen for implementation.


Basel II intends to provide more risk-sensitive approaches while maintaining the overall level of regulatory capital within the financial system. This can be achieved through its meticulously designed framework that consists of three mutually reinforcing pillars as summarized in below figure .1

Figure 1: The Three Pillar Architecture as defined by Basel II


First Pillar Minimum Capital Requirements

Second Pillar Supervisory Review Process


Page 36 PILLAR 1


The first pillar is designed to help cover risks within a financial institution. It aims to set minimum capital requirements and defines the current amount of capital. The pillar also stress on defining the capital amount by qualifying risks such as Credit Risk, Operation Risk and Market Risk.


Credit Risk defines the minimum capital required to cover exposure to customers and counter parties. The Basel II framework provides a menu of approaches in respect of credit risk. They are:

I. Standard approach,

II. Internal rating based(IRB) approach

a. Foundation b. Advanced

I. STANDARDIZED APPROACH: In this approach, the bank allocates a risk- weight to each of its assets and off-balance sheet positions. It then calculates a sum of risk-weighted asset values. A risk weight of 100% indicates that an exposure is included in calculation of assets at full value. The capital charge is equal to 8% of the assets value this approach, while remaining essentially the same as in the earlier Accord, however, includes a higher sensitivity to risk. As per the earlier Accord, individual risk weight was dependent on the category of borrowers such as sovereign nations or banks. In Basel II however, these weight can be defined by referring to a rating provided by an external credit assessment agency


Page 37 II. INTERNAL RATING BASED APPROACH (IRB): In this approach, bank use their internal evaluation systems to assess a borrower‟s credit risk. The results, attained by this process, are translated into estimates of a potential future loss, thereby defining the basis of minimum capital requirements. The IRB approach supports the following methodologies for cooperate, sovereign and bank exposures:

FOUNDATION- Using this methodology, bank can estimate the risk of default or the Probability of Default (PD) associated with each borrowers. Additional risk factor such as Loss Given Default (LGD) and Exposure at Defaults (EAD) are standardized by supervisory rules that are laid down and monitored by regularizing authorities.

ADVANCED- This mythology allows banks with sufficient internal capital to assess additional risk factors. These factors include Exposure as Default

(EAD), Loss given Default (LGD) and Maturity (M). It also allows bank to provide guarantees and credit derivatives on the risk of exposure. The ranges of risk in both these methodologies are more diverse than in standardized approach, resulting in greater risk sensitivity.


In Basel II, the operational risk can be measured using the following three approaches:

1. BASIC INDICATOR APPROACH- This is a traditional approach, which links the capital charge for operational risk to a single operational parameters, such as percentage of this parameter, defined as the „Alpha Factor‟.

2. STANDARDIZED APPROACH- This approach is a variant of the Basic Indicator Approach. Here, the activities of a bank are divided into


Page 38 standard industry business lines, such as corporate banking, trade finance and many more. These business lines are then mapped by bank into their internal framework. A percentage of capital charge, knows as the „Beta Factor‟, is defined for each business line. The bank can calculate its capital charge for a business line by applying the Beta Factor to the indicator value for the business line. The total capital charge for the bank is calculated as the sum total of all capital charges for individual business lines.

3. INTERNAL MEASUREMENT APPROACH(IM)- this is the most sophisticated of all the approaches. Here, risk is measured using the bank‟s internal loss data. Typically, a bank collects data inputs for a specified set of business lines and risk types. These inputs include an operational risk indictor, data indicating the probability of a loss event, and the losses in case these events take place.


Market Risk determines the capital required to cover exposure to changes in market conditions- such as flections in interest rates, foreign exchange rates, equity prices, and commodity prices. The approaches to determine market risk are the same as those defined in earlier Accord


The first pillar aims to refine the measurement the framework set out in the1988 Accord by effectively reducing risk across the banking system. Different reporting system, which comply with objectives set by this pillar, will help track and report risk as they occur, thus eliminating them at the outset. It will be allow banks to set-up independent audit functions to scrutinize the possibilities of risks. The minimum capital requirement is expected to be reducing considerably for bank and other financial institutions. Furthermore, bank will support a complete alignment of regulatory, book and economic capital.


Page 39 PILLAR 2


The second pillar of Basel II intends to ensure the presence of sound processes at each bank. This pillar would also provided framework to assess the adequacy of the bank‟s capital, based on a thorough evaluation of its risks. The Basel II framework emphasizes the development of an internal capital assessment process by the bank management. Additionally, management should set targets for capital corresponding with the bank‟ risk profile and control environment. Regulatory and supervisory bodies (either the Central Bank or bodies set by the Central Bank or government, for regulation and control) will review the internal process. This is done so that an assessment of the bank‟s capital adequacy in reaction to its risk can be made. A point to note is that compliance with internal measurement methodologies, mitigation policies of credit risk, and securitization policies for minimum qualifying standards are subject to supervisory control. The supervisory authority will also be responsible for reviewing operations and processes in trading, Internet banking and security processing.


The implementation of the second pillar demand increased interaction between bank mangers and supervisory bodies. This increased level of interaction enhances the level of transparency within the organization. The second pillar helps achieve a higher level of security within the organization. A level of standardization and conformity is established across the enterprise. This in turn would help achieve higher returns with lower risk.



The third pillar of the new framework attempt to boost market discipline through enhanced disclosure by bank. Basel II identifies the disclosure requirement and provides recommendation both on the defining method of calculating capital adequacy, and risk management strategies. Effective disclosures by bank help market participants understand the bank‟s risk profile and adequacy of its capital position, thereby facilitating market discipline. This strategy plays an important role in maintaining the confidence in a financial institution.



Related subjects :