Risk Management In Banking

Published Date: 02 Nov 2017

A strong and healthy banking system is the foundation for sustainable economic progress, as banks are at the core of the credit intermediation route between savers and investors. Moreover, banks provide critical services to consumers, small and medium-sized enterprises, large corporate firms and governments who rely on banks to conduct their daily business, both at domestic and international level.

Risk is inherent in any walk of life in general and in financial sectors in particular. Till recently, due to regulate environment, banks could not afford to take risks. But of late, banks are exposed to same competition and hence are compelled to encounter various types of financial and non-financial risks. Risks and uncertainties form an integral part of banking which by nature entails taking risks.

Risk Analysis and Risk Management has got much importance in the Indian Economy during the liberalization period. The foremost among the challenges faced by the banking sector today is the challenge of understanding and managing the risk. The very nature of the banking business is having the threat of risk imbibed in it. Banks' main role is intermediation between those having resources and those requiring resources.

There are three main categories of risks

Credit Risk

Market Risk

Operational Risk

Various tools and techniques to manage Credit Risk, Market Risk and Operational Risk and its various component, are also discussed in detail. Another has also mentioned relevant points of Basel’s New Capital Accord’ and role of capital adequacy, Risk Aggregation & Capital Allocation and Risk Based Supervision (RBS), in managing risks in banking sector.

The etymology of the word "Risk" can be traced to the Latin word "Rescum" meaning Risk at Sea or that which cuts. Risk is associated with uncertainty and reflected by way of charge on the fundamental basic i.e. in the case of business it is the Capital, which is the cushion that protects the liability holders of an institution. These risks are inter-dependent and events affecting one area of risk can have ramifications and penetrations for a range of other categories of risks.

Foremost thing is to understand the risks run by the bank and to ensure that the risks are properly confronted, effectively controlled and rightly managed. Each transaction that the bank undertakes changes the risk profile of the bank. The extent of calculations that need to be performed to understand the impact of each such risk on the transactions of the bank makes it nearly impossible to continuously update the risk calculations. Hence, providing real time risk information is one of the key challenges of risk management exercise. Till recently all the activities of banks were regulated and hence operational environment was not conducive to risk taking. Better insight, sharp intuition and longer experience were adequate to manage the limited risks. Business is the art of extracting money from other’s pocket, sans resorting to violence. But profiting in business without exposing to risk is like trying to live without being born. Everyone knows that risk taking is failure prone as otherwise it would be treated assure taking. Hence risk is inherent in any walk of life in general and in financial sectors in particular. Of late, banks have grown from being a financial intermediary into a risk intermediary at present. In the process of financial intermediation, the gap of which becomes thinner and thinner, banks are exposed to severe competition and hence are compelled to encounter various types of financial and non-financial risks. Risks and uncertainties form an integral part of banking which by nature entails taking risks. Business grows mainly by taking risk. Greater the risk, higher the profit and hence the business unit must strike a trade-off between the two. The essential functions of risk management are to identify measure and more importantly monitor the profile of the bank. While Non-Performing Assets are the legacy of the past in the present, Risk Management system is the pro-active action in the present for the future. Managing risk is nothing but managing the change before the risk manages. While new avenues for the bank has opened up they have brought with them new risks as well, which the banks will have to handle and overcome.

Need for risk Management

Taking risk is an integral part of the banking business, hence banks have been practicing risk management ever since there have been banks - the industry could not have survived without it. The only real change is the degree of sophistication now required to reflect the more complex and fast-paced environment.

Globalization has resulted in pressure on margins. The lower the margin, the greater is the need for risk management. As a result, risk management has become a key area of focus. Additionally, due to the failure of many banks/ financial institutions in recent past, it has attracted the attention of regulators also.

The challenges of the modern corporation is to ensure wealth maximization for their shareholders, i.e., consistent with the risk preference. On the other hand risk has to be managed effectively and on the other hand, adequate returns have to be ensured. The role played by banks and financial institutions is to take a critical view of risk. An impact on one institution can have fallout for other institutions in the market. Hence, risk needs to be understood and dealt with carefully

Institutions structured as limited liability corporations comprise the separation of ownership and management. The management consists of Executive Directors and other functional managers who work on behalf of the stakeholders. In a financial institute it is essential to integrate core business and risk.

Why risk matters for the banks

The Asian financial crisis of 1997 demonstrated that ignoring basic risk management can also contribute to economy-wide complications. The long period of remarkable economic growth and prosperity in Asia camouflaged weaknesses in risk management at many financial institutions. Many Asian banks did not assess risk or conduct a cash flow analysis before extending a loan, but rather lent on the basis of their rapport with the borrower and the availability of collateral - in spite of the fact that collateral was often difficult to seize in the event of non-payment. The result was that loans - including loans by foreign banks - expanded more rapidly than the capability of the borrowers to repay. Additionally, because many banks did not have or did not abide by limits on concentrations of loaning to individual firms or business sectors, loans to overreached borrowers were often large comparative to bank capital, so that when economic conditions deteriorated, these banks were weakened the most.

The Asian crisis also clarifies the potential advantage of more sophisticated risk management practices. Many Asian banks did not sufficiently assess their exposures to exchange rate risk. Though some banks matched their foreign currency liabilities with foreign currency assets, but this resulted in transforming exchange rate risk into credit risk, because their foreign currency borrowers did not have guaranteed sources of foreign currency revenues. Likewise, foreign banks miscalculated country risk in Asia. Institutions had assumed that stability would continue in the region and failed to contemplate what might happen if that was not the case. A greater inclination and capacity of banks to subject their exposures to stress testing could have highlighted the risks and accentuated the importance of key assumptions. Conducting stress tests would have led some lenders to have realized how exposed they were to changes in exchange rates or to a disruption of steady economic growth. Although escaping failure is a crucial reason for managing risk, global financial institutions also have the wider objective of capitalizing on their risk-adjusted rate of return on capital, or RAROC. This means not just evading unwarranted risk exposures, but measuring and managing risks comparative to returns and to capital. By focusing on risk-adjusted yields on capital, global institutions avoid putting too much importance on investments and activities that have high expected returns but equally high or higher risk. This has led to superior management decisions and more effective allocation of capital and other resources. Undeniably, bank creditors and shareholders expect to obtain an appropriate risk-adjusted rate of return, with the result that banks that do not focus on risk-adjusted returns will not be compensated by the market.

Risk management is expensive in both resources and in institutional disruption. The cost of deferring or avoiding appropriate risk management can lead to the failure of a bank and probably failure of a banking system. By focusing on risk-adjusted returns, risk management also contributes to the strength and competence of the economy. It does so by providing a mechanism that is designed to apportion resources - primarily financial resources and eventually real resources – to their most efficient use. Projects with the highest risk-adjusted probable profitability are the most likely to be financed and to succeed. The result is more speedy economic growth. The eventual gain from risk management is advanced economic growth. Without rigorous risk management, no economy can develop to its potential.

Stability and superior economic growth lead to better private saving, better retention of that saving, enhanced capital imports and more real investment. Otherwise not only is there opportunity loss, but also incurrence of the substantial expenses of bank disruptions and catastrophes that follow from unanticipated, undesired and unmanaged risk-taking.

Identification of Risks

When the term "Risk" is used, it refers to financial risk or uncertainty of financial loss. If risk is considered in terms of possibility of occurrence or frequency, risk is measured on a scale, with certainty of occurrence at one end and certainty of non-occurrence at the other end. Risk is the greatest where the probability of occurrence or non-occurrence is equal. As per the Reserve Bank of India guidelines, there are three major types of risks encountered by the banks and these are Credit Risk, Market Risk & Operational Risk. We will see what the components of these three major risks are.

After collecting opinions of banks on the draft guidance note on Credit Risk Management and market risk management, the RBI has issued the final guidelines and advised some of the large PSU banks to implement so as to measure the impact. Risk is the probability that both the expected and unexpected events may have an undesired impact on the Bank’s capital or revenues. The expected loss is to be borne by the debtor and hence is taken care of by sufficiently pricing the products through risk premium and reserves formed out of the earnings. It is the amount that is expected to be lost due to deviations in credit quality resulting in non-payment. The unexpected loss on account of the individual exposure and the entire portfolio in completely is to be borne by the bank itself and hence is to be taken care of by the capital. The expected losses are covered by reserves or provisions and the unexpected losses necessitate capital allocation. Hence the need for appropriate Capital Adequacy Ratio is felt. Each category of risks is measured to regulate both the expected and unexpected losses using VaR (Value at Risk).

Credit risk Management

Credit Risk is the potential that a bank borrower/counter party fails to meet the obligations on agreed terms. There is always scope for the borrower to default from his commitments for one or the other reason resulting in crystallization of credit risk to the bank. These losses could take the form outright default or alternatively, losses from changes in portfolio value arising from actual or perceived deterioration in credit quality that is short of default. Credit risk is inherent to the business of lending funds to the operations linked closely to market risk variables.

Types of Credit Risk

Downgrade Risk (Migration Risk):

If a borrower does not default, there is still risk due to worsening in credit quality. This results in the possible widening of the credit spread. This is credit spread risk. Usually this is reflected through rating downgrade. It is normally firm specific.

Default Risk

Default risk is driven by the potential failure of borrower to make promised payment, either partly or wholly. In the event of default, fraction of the obligation will normally be paid.

Systematic Risk

Portfolio risk is reduced due to diversification. If a portfolio is fully diversified, i.e., diversified across geography, industries, borrowers, market, etc. equitably then the portfolio risk is reduced to minimum level. This minimum level corresponds to risk in the economy in which it is operating.

Concentration Risk

If the portfolio is not diversified, i.e., to say that it has higher weight in respect of a borrower or geography or an industry etc., the portfolio gets concentration risk.

The objective of credit risk management is to minimize the risk and maximize bank’s risk adjusted rate of return by assuming and maintaining credit exposure within the acceptable parameters. Credit risk consists of primarily two components, Quantity of risk, which is nothing but the outstanding loan balance as on the date of default and the quality of risk, viz, the severity of loss defined by both probability of Default as reduced by the recoveries that could be made in the event of default. Thus credit risk is a combined outcome of Default Risk and Exposure Risk. The elements of Credit Risk are Portfolio risk comprising Concentration Risk as well as Intrinsic Risk and Transaction Risk comprising migration/down gradation risk as well as Default Risk. At the transaction level, credit ratings are useful measures of evaluating credit risk that is prevalent across the entire organization where treasury and credit functions are handled. Portfolio analysis help in identifying concentration of credit risk, default/migration statistics, recovery data, etc. In general, Default is not an abrupt process to happen suddenly and past experience dictates that, more often than not, borrower’s credit worthiness and asset quality declines gradually, which is otherwise known as migration. Default is an extreme event of credit migration. Off balance sheet exposures such as foreign exchange forward contracts swaps options etc are classified in to three broad categories such as full Risk, Medium Risk and Low risk and then translated into risk weighted assets through a conversion factor and summed up.

The management of credit risk includes

Measurement through credit rating/ scoring

Quantification through estimate of expected loan losses

Pricing on a scientific basis and

Controlling through effective Loan Review Mechanism and Portfolio Management.

Tools of Credit Risk Management

The instruments and tools, through which credit risk management is carried out, are detailed below:

Exposure Ceilings: Prudential Limit is linked to Capital Funds – say 15% for individual borrower entity, 40% for a group with additional 10% for infrastructure projects undertaken by the group, Threshold limit is fixed at a level lower than Prudential Exposure; Substantial Exposure, which is the sum total of the exposures beyond threshold limit should not exceed 600% to 800% of the Capital Funds of the bank (i.e. six to eight times)

Review/Renewal: Multi-tier Credit Approving Authority, constitution wise delegation of powers, Higher delegated powers for better-rated customers; discriminatory time schedule for review/renewal, Hurdle rates and Bench marks for fresh exposures and periodicity for renewal based on risk rating, etc. are formulated.

Risk Rating Model: Set up comprehensive risk scoring system on a six to nine point scale. Clearly define rating thresholds and review the ratings periodically preferably at half yearly intervals. Rating migration is to be mapped to estimate the expected loss.

Risk based scientific pricing: Link loan pricing to expected loss. High-risk category borrowers are to be priced high. Build historical data on default losses. Allocate capital to absorb the unexpected loss. Adopt the RAROC framework.

Portfolio Management The need for credit portfolio management emanates from the necessity to optimize the benefits associated with diversification and to reduce the potential adverse impact of concentration of exposures to a particular borrower, sector or industry. Stipulate quantitative ceiling on aggregate exposure on specific rating categories, distribution of borrowers in various industry, business group and conduct rapid portfolio reviews. The existing framework of tracking the non-performing loans around the balance sheet date does not signal the quality of the entire loan book. There should be a proper & regular on-going system for identification of credit weaknesses well in advance. Initiate steps to preserve the desired portfolio quality and integrate portfolio reviews with credit decision-making process.

Loan Review Mechanism This should be done independent of credit operations. It is also referred as Credit Audit covering review of sanction process, compliance status, review of risk rating, pick up of warning signals and recommendation of corrective action with the objective of improving credit quality. It should target all loans above certain cut-off limit ensuring that at least 30% to 40% of the portfolio is subjected to LRM in a year so as to ensure that all major credit risks embedded in the balance sheet have been tracked. This is done to bring about qualitative improvement in credit administration. Identify loans with credit weakness. Determine adequacy of loan loss provisions. Ensure adherence to lending policies and procedures. The focus of the credit audit needs to be broadened from account level to overall portfolio level. Regular, proper & prompt reporting to Top Management should be ensured. Credit Audit is conducted on site, i.e. at the branch that has appraised the advance and where the main operative limits are made available. However, it is not required to visit borrower’s factory/office premises.

Risk Rating Model

Credit Audit is conducted on site, i.e. at the branch that has appraised the advance and where the main operative limits are made available. However, it is not required to risk borrowers’ factory/office premises. As observed by RBI, Credit Risk is the major component of risk management system and this should receive special attention of the Top Management of the bank. The process of credit risk management needs analysis of uncertainty and analysis of the risks inherent in a credit proposal. The predictable risk should be contained through proper strategy and the unpredictable ones have to be faced and overcome. Therefore any lending decision should always be preceded by detailed analysis of risks and the outcome of analysis should be taken as a guide for the credit decision. As there is a significant co-relation between credit ratings and default frequencies, any derivation of probability from such historical data can be relied upon. The model may consist of minimum of six grades for performing and two grades for non-performing assets. The distribution of rating of assets should be such that not more than 30% of the advances are grouped under one rating.

The need for the adoption of the credit risk-rating model is on account of the following aspects.

Disciplined way of looking at Credit Risk.

Reasonable estimation of the overall health status of an account captured under Portfolio approach as contrasted to stand-alone or asset based credit management.

Impact of a new loan asset on the portfolio can be assessed. Taking a fresh exposure to the sector in which there already exists sizable exposure may simply increase the portfolio risk although specific unit level risk is negligible /minimal.

The co-relation or co-variance between different sectors of portfolio measures the inter relationship between assets. The benefits of diversification will be available so long as there is no perfect positive correlation between the assets, otherwise impact on one would affect the other.

Concentration risks are measured in terms of additional portfolio risk arising on account of increased exposure to a borrower/group or co-related borrowers.

Need for Relationship Manager to capture, monitor and control the overall exposure to high value customers on real time basis to focus attention on vital few so that trivial many do not take much of valuable time and efforts.

Instead of passive approach of originating the loan and holding it till maturity, active approach of credit portfolio management is adopted through securitization/credit derivatives.

Pricing of credit risk on a scientific basis linking the loan price to the risk involved therein.

Rating can be used for the anticipatory provisioning.

Given the past experience and assumptions about the future, the credit risk model seeks to determine the present value of a given loan or fixed income security. It also seeks to determine the quantifiable risk that the promised cash flows will not be forthcoming. Thus, credit risk models are intended to aid banks in quantifying, aggregating and managing risk across geographical and product lines. Credit models are used to flag potential problems in the portfolio to facilitate early corrective action. The risk-rating model should capture various types of risks such as Industry/Business Risk, Financial Risk and Management Risk, associated with credit. Industry/Business risk consists of both systematic and unsystematic risks which are market driven. The systematic risk emanates from General political environment, changes in economic policies, fiscal policies of the government, infrastructural changes etc. The unsystematic risk arises out of internal factors such as machinery breakdown, labour strike, new competitors who are quite specific to the activities in which the borrower is engaged.

Assessment of financial risks involves appraisal of the financial strength of a unit based on its performance and financial indicators like liquidity, profitability, gearing, leverage, coverage, turnover etc. It is necessary to study the movement of these indicators over a period of time as also its comparison with industry averages wherever possible. A study carried out in the western corporate world reveals that 45% of the projects failed to take off simply because the personnel entrusted with the test were found to be highly wanting in qualitatively managing the project. The key ingredient of credit risk is the risk of default that is measured by the probability that default occurs during a given period. Probabilities are estimates of future happenings that are uncertain. We can narrow the margin of uncertainty of a forecast if we have a fair understanding of the nature and level of uncertainty regarding the variable in question and availability of quality information at the time of assessment. The expected loss/unexpected loss methodology forces banks to adopt new Internal Ratings Based approach to credit risk management as proposed in the Capital Accord II. Some of the risk rating methodologies used widely are briefed below:

Altman’s Z score Model involves forecasting the probability of a company entering bankruptcy. It separates defaulting borrower from non-defaulting borrower on the basis of certain financial ratios converted into simple index.

Credit Metrics focuses on estimating the volatility of asset values caused by variation in the quality of assets. The model tracks rating migration which is the probability that a borrower migrates from one risk rating to another risk rating.

Credit Risk +, a statistical method based on the insurance industry, is for measuring credit risk. The model is based on acturial rates and unexpected losses from defaults. It is based on insurance industry model of event risk.

KMV, through its Expected Default Frequency (EDF) methodology derives the actual probability of default for each obligor based on functions of capital structure, the volatility of asset returns and the current asset value. It calculates the asset value of a firm from the market value of its equity using an option pricing based approach that recognizes equity as a call option on the underlying asset of the firm. It tries to estimate the asset value path of the firm over a time horizon. The default risk is the probability of the estimated asset value falling below a pre-specified default point.

Mckinsey’s credit portfolio view is a multi-factor model which is used to stimulate the distribution of default probabilities, as well as migration probabilities conditioned on the value of macroeconomic factors like the unemployment rate, GDP growth, forex rates, etc. In to-days parlance, default arises when a scheduled payment obligation is not met within 180 days from the due date and this cut-off period may undergo downward change. Exposure risk is the loss of amount outstanding at the time of default as reduced by the recoverable amount. The loss in case of default is

Loss = D* X * (I-R)

Where,

D is Default percentage

X is the Exposure Value

R is the recovery rate.

Credit Risk is measured through Probability of Default (POD) and Loss Given Default (LGD). Bank should estimate the probability of default associated with borrowers in each of the rating grades. How much the bank would lose once such event occurs is what is known as Loss Given Default. This loss is also dependent upon bank’s exposure to the borrower at the time of default commonly known as Exposure at Default (EaD).The extent of provisioning required could be estimated from the expected Loss Given Default (which is the product of Probability of Default, Loss Given Default & Exposure & Default). That is ELGD is equal to PODX LGD X EaD.

Credit Metrics mechanism advocates that the amount of portfolio value should be viewed not just in terms of likelihood of default, but also in terms of credit quality over time of which default is just a specific case. Credit Metrics can be worked out at corporate level, at least on an annual basis to measure risk- migration and resultant deterioration in credit portfolio. The ideal credit risk management system should throw a single number as to how much a bank stands to lose on credit portfolio and therefore how much capital they ought to hold.

Methods of measuring Credit Risk

Standardized

Foundation IRB

Advanced IRB

Standardized Approach

The term standardized approach (or standardized approach) refers to a set of credit risk measurement techniques proposed under Basel II capital adequacy rules for banking institutions. Under this approach the banks are required to use ratings from External Credit Rating Agencies to quantify required capital for credit risk. In many countries this is the only approach the regulators are planning to approve in the initial phase of Basel II Implementation. The Basel Accord proposes to permit banks a choice between two broad methodologies for calculating their capital requirements for credit risk. The other alternative is based on internal ratings.

• Measure credit risk pursuant to fixed risk weights based on external credit assessments (ratings)

• Least sophisticated capital calculations; least differentiation in required capital between safer and riskier credits

• Generally highest capital burdens

IRB Approach

Under the Basel II guidelines, banks are allowed to use their own estimated risk parameters for the purpose of calculating regulatory capital. This is known as the Internal Ratings-Based (IRB) Approach to capital requirements for credit risk. Only banks meeting certain minimum conditions, disclosure requirements and approval from their national supervisor are allowed to use this approach in estimating capital for various exposures.

There are 3 parameters for the measurement of a single credit facility

Probability of default (PD)

Exposure at default (EAD)

Loss given default (LGD)

Probability of default (PD)

It is the likelihood of the counter-party to default on its obligation either over the life of the obligation or over some specified time horizon.

Exposure at default (EAD)

EAD for loan commitment measures the amount of the facility that is likely to be drawn in the event of the default.

Loss given default (LGD)

LGD measures the proportion of the exposure that will be lost if default occurs.

Expected loss is covered through the pricing of the banks products and services. Unexpected loss is the variability about this mean loss, which should be covered through adequate capital allocation or provisioning.

Expected loss = PD X EAD X LGD

Foundation IRB

• Measure credit risk using sophisticated formulas using internally determined inputs of probability of default (PD) and inputs fixed by regulators of loss given default (LGD), exposure at default (EAD) and maturity (M)

• More risk sensitive capital requirements; more differentiation in required capital between safer and riskier credits

Advanced IRB

• Measure credit risk using sophisticated formulas and internally determined inputs of PD, LGD, EAD and M

• Most risk-sensitive (although not always lowest) capital requirements; most differentiation in required capital between safer and riskier credits

• Transition to Advanced IRB status only with robust internal risk management systems and data.

Credit Risk Management

Banks have comprehensive credit risk management architecture. The board of directors of the Bank sanctions the credit risk approach and approves the credit risk strategies of the Bank. While doing this the Bank’s risk appetite is taken into consideration, which in turn is derived from perceived risks in the business, balanced by the targeted profitability level for the risks taken up. The board supervises the credit risk management functions of the Bank.

The Bank expects to achieve its earnings objectives and to satisfy its customers’ needs while maintaining a sound portfolio. Credit exposures are managed through target market identification, appropriate credit approval processes, post-disbursement monitoring and remedial management procedures.

There are two different credit management models within which the credit process operates - the retail credit model and the wholesale credit model.

The retail credit model is geared towards high volume, small transaction size businesses where credit appraisals of fresh exposures are guided by statistical models, and are managed on the basis of aggregate product portfolios. The wholesale credit model on the other hand, is relevant to lower volume, larger transaction size, customised products and relies on a judgemental process for the origination, approval and maintenance of credit exposures.

The credit models have two alternatives for managing the credit process - product programs and credit transactions.

In product programs, the Bank approves maximum levels of credit exposure to a set of customers with similar characteristics, profiles and / or product needs, under clearly defined standard terms and conditions. This is a cost-effective approach to managing credit where credit risks and expected returns lend themselves to a template approach or predictable portfolio behaviour in terms of yield, delinquency and write-off. Given the high volume environment, automated tracking and reporting mechanisms are important here to identify trends in portfolio behaviour early and to initiate timely adjustments. In the case of credit transactions, the risk process focuses on individual customers or borrower relationships. The approval process in such cases is based on detailed analysis and the individual judgement of credit officials, often involving complex products or risks, multiple facilities / structures and types of securities.

The Bank’s credit policies & procedures manual and credit programs, where applicable, form the core to controlling credit risk in various activities and products. These articulate the credit risk strategy of the Bank and thereby the approach for credit origination, approval and maintenance. These policies define the Bank’s overall credit granting criteria, including the general terms and conditions. The policies / programs generally address such areas as target markets / customer segmentation, qualitative-quantitative assessment parameters, portfolio mix, prudential exposure ceilings, concentration limits, price and non-price terms, structure of limits, approval authorities, exception reporting system, prudential accounting and provisioning norms, etc. They take cognisance of prudent and prevalent banking practices, relevant regulatory requirements, nature and complexity of the Bank’s activities, market dynamics etc.

Credit concentration risk arises mainly on account of concentration of exposures under various categories including industry, products, geography, underlying collateral nature and single / group borrower exposures. To ensure adequate diversification of risk, concentration ceilings have been set up by the Bank on different risk dimensions, in terms of :

Borrower / business group

Industry

Risk grading

Market risk

Market Risk may be defined as the possibility of loss to bank caused by the changes in the market variables. It is the risk that the value of on-/off-balance sheet positions will be adversely affected by movements in equity and interest rate markets, currency exchange rates and commodity prices. Market risk is the risk to the bank’s earnings and capital due to changes in the market level of interest rates or prices of securities, foreign exchange and equities, as well as the volatilities, of those prices. Market Risk Management provides a comprehensive and dynamic frame work for measuring, monitoring and managing liquidity, interest rate, foreign exchange and equity as well as commodity price risk of a bank that needs to be closely integrated with the bank’s business strategy Scenario analysis and stress testing is yet another tool used to assess areas of potential problems in a given portfolio. Identification of future changes in economic conditions like – economic/industry overturns, market risk events, liquidity conditions etc that could have unfavorable effect on bank’s portfolio is a condition precedent for carrying out stress testing. As the underlying assumption keep changing from time to time, output of the test should be reviewed periodically as market risk management system should be responsive and sensitive to the happenings in the market.

Some market risks include:

Equity risk the risk that stock or stock indexes prices and/or their implied volatility will change.

Interest rate risk, the risk that interest rates and/or their implied volatility will change.

Currency risk, the risk that foreign exchange rates and/or their implied volatility will change.

Commodity risk, the risk that commodity prices and/or their implied volatility will change.

Liquidity risk is the risk that a given security or asset cannot be traded quickly enough in the market to prevent a loss (or make the required profit).

Liquidity Risk:

Bank Deposits generally have a much shorter contractual maturity than loans and liquidity management needs to provide a cushion to cover anticipated deposit withdrawals. Liquidity is the ability to efficiently accommodate deposit as also reduction in liabilities and to fund the loan growth and possible funding of the off-balance sheet claims. The cash flows are placed in different time buckets based on future likely behaviour of assets, liabilities and off-balance sheet items. Liquidity risk consists of Funding Risk, Time Risk & Call Risk.

Funding Risk: It is the need to replace net out flows due to unanticipated withdrawal/nonrenewal of deposit

Time risk: It is the need to compensate for no receipt, of expected inflows of funds, i.e. performing assets turning into nonperforming assets.

Call risk: It happens on account of crystallisation of contingent liabilities and inability to undertake profitable business opportunities when desired.

The Asset Liability Management (ALM) is a part of the overall risk management system in the banks. It implies examination of all the assets and liabilities simultaneously on a continuous basis with a view to ensuring a proper balance between funds mobilization and their deployment with respect to their a) maturity profiles, b) cost, c) yield, d) risk exposure, etc. It includes product pricing for deposits as well as advances, and the desired maturity profile of assets and liabilities.

Interest Rate Risk

Interest Rate Risk is the potential negative impact on the Net Interest Income and it refers to the vulnerability of an institution’s financial condition to the movement in interest rates. Changes in interest rate affect earnings, value of assets, liability off-balance sheet items and cash flow. Hence, the objective of interest rate risk management is to maintain earnings, improve the capability, ability to absorb potential loss and to ensure the adequacy of the compensation received for the risk taken and affect risk return trade-off.

The objective of interest rate risk management is to maintain earnings, improve the capability, ability to absorb potential loss and to ensure the adequacy of the compensation received for the risk taken and effect risk return trade-off. Management of interest rate risk aims at capturing the risks arising from the maturity and re-pricing mismatches and is measured both from the earnings and economic value perspective.

Earnings perspective involves analysing the impact of changes in interest rates on accrual or reported earnings in the near term. This is measured by measuring the changes in the Net Interest Income (NII) equivalent to the difference between total interest income and total interest expense.

Types of Interest Rate Risk

Embedded option Risk: Option of pre-payment of loan and Fore- closure of deposits before their stated maturities constitute embedded option risk

Yield curve risk: Movement in yield curve and the impact of that on portfolio values and income.

Re-price risk: When assets are sold before maturities.

Reinvestment risk: Uncertainty with regard to interest rate at which the future cash flows could be reinvested.

Net interest position risk: When banks have more earning assets than paying liabilities, net interest position risk arises

There are different techniques such as a) the traditional Maturity Gap Analysis to measure the interest rate sensitivity, b) Duration Gap Analysis to measure interest rate sensitivity of capital, c) simulation and d) Value at Risk for measurement of interest rate risk. The approach towards measurement and hedging interest rate risk varies with segmentation of bank’s balance sheet. Banks broadly bifurcate the asset into

Trading Book: Trading book comprises of assets held primarily for generating profits on short term differences in prices/yields

Banking Book: Banking book consists of assets and liabilities contracted basically on account of relationship or for steady income and statutory obligations and are generally held till maturity/payment by counter party

Value at Risk (VaR) is a method of assessing the market risk using standard statistical techniques. It is a statistical measure of risk exposure and measures the worst expected loss over a given time interval under normal market conditions at a given confidence level of say 95% or 99%. Thus VaR is simply a distribution of probable outcome of future losses that may occur on a portfolio. The actual result will not be known until the event takes place. Till then it is a random variable whose outcome has been estimated.

To calculate the interest rate risk, Duration Gap model is used. In this method, the assets and liabilities are segregated according to the maturity. The duration of assets and liabilities is calculated, which in used to calculate the duration gap, which in turn is used to find the probable impact of interest rate change on the assets of the banks. The table below shows the various maturity buckets under which the assets and liabilities are classified. The Duration gap is calculated as –

DUR gap = DUR a – (L*DUR l)/ A

DUR a = average duration of assets

DUR l = average duration of liabilities

L = market value of liabilities

A = market value of assets

Forex Risk

Foreign exchange risk is the risk that a bank may suffer loss as a result of adverse exchange rate movement during a period in which it has an open position, either spot or forward or both in same foreign currency. Even in case where spot or forward positions in individual currencies are balanced the maturity pattern of forward transactions may produce mismatches.

There is also a settlement risk arising out of default of the counter party and out of time lag in settlement of one currency in one centre and the settlement of another currency in another time zone. Banks are also exposed to interest rate risk, which arises from the maturity mismatch of foreign currency position.

Currency Risk is the possibility that exchange rate changes will alter the expected amount of principal and return of the lending or investment. At times, banks may try to cope with this specific risk on the lending side by shifting the risk associated with exchange rate fluctuations to the borrowers. However the risk does not get extinguished, but only gets converted in to credit risk.

Country Risk

This is the risk that arises due to cross border transactions that are growing dramatically in the recent years owing to economic liberalization and globalization. It is the possibility that a country will be unable to service or repay debts to foreign lenders in time.

It comprises of Transfer Risk arising on account of possibility of losses due to restrictions on external remittances; Sovereign Risk associated with lending to government of a sovereign nation or taking government guarantees; Political Risk when political environment or legislative process of country leads to government taking over the assets of the financial entity (like nationalization, etc.) and preventing discharge of liabilities in a manner that had been agreed to earlier; Cross border risk arising on account of the borrower being a resident of a country other than the country where the cross border asset is booked; Currency Risk, a possibility that exchange rate change, will alter the expected amount of principal and return on the lending or investment.

Operational Risk

Operational Risk

Operational risk presents the risk of losses from failed systems, process, people and from events beyond the control of organization. Some firms define operational risk as ‘all risk that is not a credit risk or a market risk’. Operational risk is not clearly defined as every industry has its own particular view of operational risk based on experience and context of that industry. Operational can be defined in the following:

Financial risk that is not caused by market risk or a credit risk ( i.e., increased financing cost associated with the firm’s inability to transact quickly to cover a foreign currency exposure).

Any risk developing from breakdown an d normal operation (ex: system failure or processing mistake).

Any risk from internal source (ex: internal fraud), excluding the impact of regulatory action or a natural disaster.

Direct or indirect losses that result from ineffective or insufficient system, personnel or an external event (ex: natural disaster or political events), excluding business risk.

Types of Operational Risk:

Process risk

People risk

Technological/ system risk

Legal risk

Always banks live with the risks arising out of human error, financial fraud and natural disasters. The recent happenings such as WTC tragedy, Barings debacle etc. has highlighted the potential losses on account of operational risk. Exponential growth in the use of technology and increase in global financial inter-linkages are the two primary changes that contributed to such risks. Operational risk, though defined as any risk that is not categorized as market or credit risk, is the risk of loss arising from inadequate or failed internal processes, people and systems or from external events. In order to mitigate this, internal control and internal audit systems are used as the primary means. Risk education for familiarizing the complex operations at all levels of staff can also reduce operational risk. Insurance cover is one of the important mitigators of operational risk. Operational risk events are associated with weak links in internal control procedures. The key to management of operational risk lies in the bank’s ability to assess its process for vulnerability and establish controls as well as safeguards while providing for unanticipated worst-case scenarios. Operational risk involves breakdown in internal controls and corporate governance leading to error, fraud, performance failure, compromise on the interest of the bank resulting in financial loss. Putting in place proper corporate governance practices by itself would serve as an effective\risk management tool. Bank should strive to promote a shared understanding of operational risk within the organization, especially since operational risk is often intertwined with market or credit risk and it is difficult to isolate. Over a period of time, management of credit and market risks has evolved a more sophisticated fashion than operational risk, as the former can be more easily measured, monitored and analyzed. And yet the root causes of all the financial scams and losses are the result of operational risk caused by breakdowns in internal control mechanism and staff lapses. So far, scientific measurement of operational risk has not been evolved. Hence 20% charge on the Capital Funds is earmarked for operational risk and based on subsequent data/feedback, it was reduced to 12%. While measurement of operational risk and computing capital charges as envisaged in the Basel proposals are to be the ultimate goals, what is to be done at present is start implementing the Basel proposal in a phased manner and carefully plan in that direction. The incentive for banks to move the measurement chain is not just to reduce regulatory capital but more importantly to provide assurance to the top management that the bank holds the required capital.

Event Based Classification of Operations

Internal fraud

External fraud

Client

Employee

Damage of assets

System risk

Execution or delivery

Process of Operational Risk Management:

Risk identification

Risk measurement

Risk assessment

Risk mitigation

Risk Mitigation:

Basic indicator approach

The standardised risk

Advanced measurement approach (AMA)

BASEL ACCORD

Bankers’ for International Settlement (BIS) meet at Basel situated at Switzerland to address the common issues concerning bankers all over the world. The Basel Committee on Banking Supervision (BCBS) is a committee of banking supervisory authorities of G-10 countries and has been developing standards and establishment of a framework for bank supervision towards strengthening financial stability throughout the world. In consultation with the supervisory authorities of a few non-G-10 countries including India, core principles for effective banking supervision in the form of minimum requirements to strengthen current supervisory regime, were mooted. The 1988 Capital Accord essentially provided only one option for measuring the appropriate capital in relation to the risk-weighted assets of the financial institution. It focused on the total amount of bank capital so as to reduce the risk of bank solvency at the potential cost of bank’s failure for the depositors.

As an improvement on the above, the New Capital Accord was published in 2001, to be implemented by the financial year 2003-04. It provides spectrum of approaches for the measurement of credit, market and operational risks to determine the capital required. The spread and nature of the ownership structure is important as it impinges on the propensity to induct additional capital. While getting support from a large body of shareholders is a difficult proposition when the bank’s performance is adverse, a smaller shareholder base constrains the ability of the bank to garner funds. Tier I capital is not owed to anyone and is available to cover possible unexpected losses. It has no maturity or repayment requirement, and is expected to remain a permanent component of the core capital of the counter party. While Basel standards currently require banks to have a capital adequacy ratio of 8% with Tier I not less than 4%, RBI has mandated the banks to maintain CAR of 9%. The maintenance of capital adequacy is like aiming at a moving target as the composition of risk-weighted assets gets changed every minute on account of fluctuation in the risk profile of a bank. Tier I capital is known as the core capital providing permanent and readily available support to the bank to meet the unexpected losses In the recent past, owner of PSU banks, the government provided capital in good measure mainly to weaker banks.

CAPITAL ADEQUACY

Subsequent to nationalization of banks, capitalization in banks was not given due importance as it was felt necessary for the reason that the ownership of the banks rested with the government, creating the required confidence in the mind of the public. Combined forces of globalization and liberalization compelled the public sector banks, hitherto shielded from the vagaries of market forces, to come to terms with the market realities where certain minimum capital adequacy has to be maintained in the face of stiff norms in respect of income recognition, asset classification and provisioning. It is clear that multi-pronged approach would be required to meet the challenges of maintaining capital at adequate levels in the face of mounting risks in the banking sector. In banks asset creation is an event happening subsequent to the capital formation and deposit mobilization. Therefore, the preposition should be for a given capital how much asset can be created? Hence, in ideal situation and taking a radical view, stipulation of Asset Creation Multiple (ACM), in lieu of capital adequacy ratio, would be more appropriate and rational. That is to say, instead of Minimum Capital Adequacy Ratio of 8 % (implying holding of Rs 8 by way of capital for every Rs 100 risk weighted assets), stipulation of Maximum Asset Creation Multiple of 12.5 times (implying for maximum Asset Creation Multiple of 12.5 times for the given capital of Rs8would be more meaningful. However as the assets have been already created when the norms were introduced, capital adequacy ratio is adopted instead of asset creation multiple. Asset Creation Multiple (ACM) may be thought of for strict implementation.

The structure of the New Accord – II consists of three pillars approach as given below. Pillar Focus area

I Pillar - Minimum Capital Requirement

II Pillar - Supervisory review process

III Pillar - Market Discipline

i) Minimum Capital Requirement

The capital Adequacy Ratio is the percentage of bank’s Capital Funds in relation to the Risk Weighted Assets of the bank. In the New Capital Accord, while the definition of Capital Fund remains the same, the method of calculation of Risk Weighted Assets has been modified to factor market risk and operational risk, in addition to the Credit Risk that alone was reckoned in the 1988 Capital Accord. Banks may adopt any of the approach suitable to them for arriving at the total risk weighted assets. Various approaches, to be chosen from under each of the risk are detailed below:

Credit Risk:

1) Standardized Approach: The bank allocates a risk weight to each assets as well as off balance sheet items and produces a sum of R W A values (RW of 100% may entail capital charge of 8% and RW of 20% may entail capital charge of 1.6%.) The risk weights are to be refined by reference to a rating provided by an external credit assessment institution that meets certain strict standards.

2) Foundation Internal Rating Based Approach: Under this, bank rates the borrower and results are translated into estimates of a potential future loss amount which forms the basis of minimum capital requirement.

3) Advanced Internal Rating Based Approach: In Advanced IRB approach, the range of risk weights will be well diverse.

Market Risk:

1) Standardized Approach

2) Internal Models Approach

Operational Risk:

1) Basic Indicator Approach (Alpha)-Hence, one indicator for operational risk is identified such as interest income, Risk Weighted Asset etc.

2) Standardized Approach (Beta)-This approach specifies different indicators for different lines/units of business and the summation of different business lines such as Corporate Finance, Retail Banking Asset Management, etc. to be done.

3) Internal Measurement Approach (Gamma) - Based on the past internal loss data estimation, for each combination of business line, bank is required to calculate an expected loss value to ascertain the required capital to be allocated/assigned.

Emerging trends in Risk Management: Basel III

The paradigm shift from Basel I to Basel II was that while Basel I had a ‘one-size-fits-all’ approach, Basel II introduced risk sensitive capital regulation. The main charge against Basel II is that it is this risk sensitivity that made it blatantly pro-cyclical. In good times, when banks are doing well, and the market is willing to invest capital in them, Basel II does not impose significant additional capital requirement on banks. On the other hand, in stressed times, when banks require additional capital and market are wary of supplying that capital, Basel II requires banks to bring in more of it. It was the failure to bring in capital when under pressure that forced major banks into a vicious cycle of deleveraging, thereby hurting global financial markets into seizure and economies around the world into recession.

BASEL II meet capital regulation more risk sensitive, but it did not bring in corresponding changes in the definition and composition of regulatory capital to reflect the changing market dynamics. The market risk models failed, in particular, to factor in the risk from complex derivative products that were coming on to the market in a big way. These models demanded less capital against trading book exposures on the premise that trading book exposure readily sold and positions rapidly unwound. These gave a perverse incentive for banks to park banking book exposures in trading book to optimise capital. Much of the toxic acids & their securitised derivatives which were the epicentre of the crisis were parked in the trading book. Hence, though BASEL II was supposedly risk sensitive it fails to promote modelling frameworks for accurate measurement of risk and to demand sufficient loss absorbing capital to mitigate that risk.

Also, BASEL II did not have any explicit regulation governing leverage. It assumed that its risk based capital requirement would automatically mitigate the risk of excessive leverage. This assumption, as it turned out, was flawed as excessive leverage of banks was one of the prime causes of the crisis. Similarly, BASEL II did not explicitly cover liquidity risk. Since liquidity risk, if left unaddressed, could cascade in to a solvency risk, this prove to be undoing of virtually every bank that came under stress in the depth of the crisis

Finally, BASEL II focused exclusively on individual financial institutions, ignoring systemic risk arising from interconnectedness across institution which finally resulted in to the ferocious spreading of the crisis across financial markets.

BASEL III represents and efforts to fix the gaps and lacunae in BASEL II that came to light during the crisis as also to reflect other lessons of the crisis. BASEL III is not a negation but and enhancement of BASEL II. The enhancements of BASEL III over BASEL II come primarily in four areas:

Augmentation in the level and quality of capital

Introduction of liquidity standards

Modification in Provisioning norms

Better and more comprehensive disclosures