Risk Management Indian Banking Report

8/6/2019 Risk Management Indian Banking Report

1/58

INTRODUCTION TO BASEL - I AND BASEL II

GUIDELINES FOR BANKS

2.4.1 Basel Committee:

The failure of the Bankhaus Herstatt, which affected mostly the G-10

countries, signalled a need to coordinate supervisory efforts across

countries and lay down minimum banking standards. The committee's

efforts over the last three decades have made Basel synonymous with

the best practices and standards in banking regulation and

supervision. Perhaps the most far-reaching of these initiatives was the

laying down of minimum capital standards in 1988, known as the Basel

Capital Accord, to ensure a level playing field in terms of capital

required to be maintained by internationally active banks. Though the

Basel Committee has only 13 members, the fact that its capitalstandards were implemented by more than 100 countries points to

their near universal acceptance. The Basel Committee does not

possess any formal supranational supervisory authority and its

conclusions do not have any legal or binding force. It merely

formulates broad-based supervisory principles or strategies. However,

it recommends statements of best practice, keeping in mind that

individual authorities will undertake steps to implement them through

detailed arrangements in a way that suits them best.

Basel I:

In July 1988, the Basel Committee came out with a set of

recommendations aimed at introducing minimum levels of capital for

internationally active banks. These norms required the banks to

maintain capital of at least 8 per cent of their risk-weighted loan

exposures. Different risk weights were specified by the committee for

different categories of exposure. For instance, government bonds

carried risk-weight of 0 per cent, while the corporate loans had a risk-

weight of 100 per cent. The original accord, was quite simple and

adopted a straight-forward `one size fits all approach' that does notdistinguish between the differing risk profiles and risk management

standards across banks.

Basel II:


2/58

To set right these aspects, the Basel Committee came up with a new

set of guidelines in June 2004, popularly known as the Basel II norms.

These new norms are far more complex and comprehensive compared

to the Basel I norms. Also, the Basel II norms are more risk-sensitive

and they rely heavily on data analysis for risk measurement and

management. They have given three pillars which act as guideline for

implementation of Basel II.

Figure 1: Pillars of Basel II

Pillar I: Basel II norms provide banks with guidelines to measure thevarious types of risks they face - credit, market and operational risksand the capital required to cover these risks.

Pillar II (Supervisory Reviews): Ensures that not only do the banks haveadequate capital to cover their risks, but also that they employ betterrisk management practices so as to minimise the risks. Capital cannotbe regarded as a substitute for inadequate risk management practices.This pillar requires that if the banks use asset securitisation and creditderivatives and wish to minimise their capital charge they need tocomply with various standards and controls. As a part of thesupervisory process, the supervisors need to ensure that theregulations are adhered to and the internal measurement systems arestandardised and validated.

Pillar III (Market Discipline): This market discipline is brought throughgreater transparency by asking banks to make adequate disclosures.The potential audiences of these disclosures are supervisors, bank's


3/58

customers, rating agencies, depositors and investors. Market disciplinehas two important components:

Market signalling in form of change in bank's share prices orchange in bank's borrowing rates

Responsiveness of the bank or the supervisor to market signals

2.4.2 Basel I and Basel II - Relative Comparison:

BASEL I NEW CAPITAL ACCORD-BASEL-IIFocus on single risk measure More emphasis on bank's own internal risk management

methodologies, supervisory review, and market disciplineOne size fits all Flexibility; menu of approaches; capital incentives for better

risk management; granularity in the valuation of assets andtype of businesses and in the risk profiles of their systemsand operations

Broad brush structure More risk sensitivity by business class and asset class; multi-dimensional; focus on all operational components of a bank

Simplistic approach towardscredit risk, does not distinguish between collateralised/noncollateralised

Factors differential risk factors in loans made to differenttypes of business, entities, markets, geographies etc.

Table 2 showing comparison of Basel-I and Basel-II

Basel I concentrated on credit risk alone being the biggest risk a bankassumes and arising out of its lending/investment operations. Itprescribed risk weights for different loan assets essentially on the basisof security available. Basel I did not draw a distinction for the purpose

of capital allocation between loan assets based on the intrinsic risk inlending to individual counterparties. The higher probability of default inrespect of a loan to, say, and a proprietorship compared to the largeprofessionally managed corporate did not get reflected in the capitalrequirement.

Basel II addresses this issue by factoring in the differential risk factor inloans made to different types of businesses, entities, markets,geographies, and so on, and allowing banks to have different levels ofminimum capital taking into account intrinsic riskiness of the exposure.Assets are to be risk weighted based on a rational approach cleared in

advance by the regulator and then aggregated to arrive at theminimum capital requirement. Higher the risk, higher the weightage,and more the capital allocation required. In addition to credit risk,Basel II recognizes the operational risks arising out of the day-to-dayrunning of banks in the form of service quality shortcomings, non-adherence to policy and procedures, staff malfeasances, and so on, thecapital charge for which is linked to operational income through amultiplier to be given by the regulator based on its assessment of the


4/58

quality of banks operational instructions, style of functioning, control oftop management and audit quality.

2.4.3 Critical Analysis of Basel I guidelines:

2.4.3.1 Problems with the 1988 Accord

In January 1996, an amendment was made to the Accord toincorporate market risks. For the first time, the banks were allowed touse their own systems to measure their market risks. Due totechnological developments and innovations in the financial markets,the Committee decided that more fundamental changes were requiredin the Accord. Therefore, in June 1999, it released a proposal toreplace the 1988 Accord with a more risk-sensitive framework. Thisproposal was known as the First Consultative Package on the NewAccord. More than 200 comments were received on it. Reflecting those

comments, the Second Consultative Package was published in January2001. The new framework intends to improve safety and soundness inthe financial system by placing more emphasis on banks own internalcontrol and management, the supervisory review process and marketdiscipline.

Despite its advantages, the 1988 Accord has been criticized for certainfeatures. They are follows:


5/58

Figure 3: Problems with Basel-I

2.4.3.2 Progress of banks towards Basel-II in differentcountries and the Indian factor

It has been found that European banks are further ahead than their USand Asian counterparts. Most banks expect significant organizationaland corporate governance changes to result from a combination ofBasel II and other initiatives (e.g. Sarbanes-Oxley). Basel II is expectedto significantly affect the competitive landscape, with increased

competition in retail lending, and shake-outs in corporate lending,specialized lending and emerging markets. Banks see substantialbenefit from more economically rational allocation of capital and morerobust risk-based pricing as a result of Basel II. The Basel Irecommendations on minimum capital requirement were accepted bymost countries for adoption by the banks operating within theirboundaries. Today, banks in India take pride in indicating in theirbalance sheets the extent to which they exceed the minimum Capital


6/58

Adequacy Requirement (CAR). Banks in India also adopted the assetclassification and provisioning norms prescribed by the BaselCommittee and as directed by the Reserve Bank of India. The generalbelief now is that the commercial banks' balance sheets arecomparable with most of the banks in the developing world and many

in the developed world too. Some of the opportunities at Indian handsare:

Figure 4: Opportunities for India

Even Basel I was originally meant for internationally active banks in theG-10 countries but it was soon accepted universally as a benchmarkmeasure of a bank's solvency and was, subsequently, adopted in someform by more than 100 countries. Introduction of Basel I coincided withthe initiation of financial reforms in India in the early 1990s. Theprudential norms set out by Basel I came as a timely solution to the illsaffecting the Indian banks, particularly the public sector banks (PSBs)after two decades of nationalization. That these banks despite thedifferences in their strengths and weaknesses could switch over to the

international standards without much hiccups has surprised many acritic. There was so much talk of weak banks, merger of banks, andclosure of overseas branches and so on when the reforms began. Butthe same banks in question are now posting impressive profits yearafter year, opening new overseas branches and are even looking forbanks to take over. Evidently, it is this successful switchover that hasmade the country eager to adopt the Basel II framework as well.


7/58

The deadline for implementing Basel II, originally set for March 31,2007, was extended. Foreign banks in India and Indian banks operatingabroad had to meet those norms by March 31, 2008, while all otherscheduled commercial banks were supposed to adhere to theguidelines by March 31, 2009. But the decision to implement the

guidelines remains unchanged. This is true even though theinternational exposure of even the major Indian banks is still limited.Whereas some of the large banks say that they are Basel II compliantwith the presence of all the requirements, which Basel II recommends.Basel II allows national regulators to specify risk weights different fromthe internationally recommended ones for retail exposures. The RBIhad, therefore, announced an indicative set of weights for domesticcorporate long-term loans and bonds subject to different ratings byinternational rating agencies such as Moody's Investor Services, whichare slightly different from that specified by the Basel Committee.

2.4.3.3 Advantages of Basel-II

It is believed that such an international standard can help protect theinternational financial system from the types of problems that mightarise should a major bank or a series of banks collapse. In practice,Basel II attempts to accomplish this by setting up rigorous risk andcapital management requirements designed to ensure that a bankholds capital reserves appropriate to the risk the bank exposes itself tothrough its lending and investment practices. Possible advantages ofBasel-II and their impact have been mentioned below:

Figure 5: Advantages of Basel-II


8/58

2.4.3.4 BASEL II Effects

Basel II effect can be realised on 3 grounds: internal operations,banking industry and operations.

Basel II effects on internal operations: Once implemented, the BASEL IInorms would greatly influence the internal operations of a bank theeffects of which would be clearly visible in 2015. In this section, weanalyze the extent of change brought about by the norms.


9/58


10/58

Figure 6: Effects on internal operations

BASEL II Effects on Banking Industry:The banking sector in will continue onthe growth trajectory and would further integrate into the globalfinancial system.

Figure 7: Effects on banking industry


11/58

BASEL II Effects on Economy:The Indian households have not shown greatfaith in the countrys financial systems, this is shown by the enormousgold consumption that the country has. Indians possess around $200Billion of gold, equal to nearly half of the countrys bank deposits. TheIndian government reckons that approximately $150 Billion is required

over the next ten years to upgrade the countrys infrastructure. Thegovernment has proposed to use its foreign-exchange reserves tofinance these investments, but this would add only $3-$5 billionannually. Domestic savings are the only plausible source of extrafunding.

Figure 8: Effects on economy

Expected banking scenario: The following points provide further insight onthe expected banking scenario. Although, not direct consequences ofthe BASEL norms these structural changes will be a fall-out of thereforms in the banking sector.


12/58

Figure 9: Expected banking scenario

3. TYPES OF RISKS FACED BY A BANK

Banks in the process of financial intermediation are confronted withvarious kinds of financial and non-financial risks viz., credit, interestrate, foreign exchange rate, liquidity, equity price, commodity price,

legal, regulatory, reputation, operational, etc. These risks are highlyinterdependent and events that affect one area of risk can haveramifications for a range of other risk categories. Thus, topmanagement of banks should attach considerable importance toimprove the ability to identify measure, monitor and control the overalllevel of risks undertaken.

The various risks that a bank is bound to confront is divided into twocategories namely business risks and control risks. Business riskinvolves the risks arising out of the operations of the bank, thebusiness it is into and the way it conducts its operations. Control risk

measures the risk arising out of any lapses in the control mechanismsuch as the organizational structure and the management and theinternal controls that exist in the bank.


13/58

Figure 10: Types of risks measured in the risk profiling templates

3.1 Business risk

Business risk measures eight risks as indicated in the figure above.Each of them is explained below:

3.1.1 Capital Risk

The Risk Profiling Template (RPT) measures the quantity and quality ofcapital available with a bank and rates the risk associated with itaccordingly. A banks ability to gain access to further capital throughsay further issue of equity in the capital market enhances the capitalbase of the bank. Hence the shareholders perception of the bank andthe support it would be able to gather through such an issue are ratedin the RPT.


14/58

Objective: The objective of RPT is to determine whether the bankscapital position is adequate to support the level of current andanticipated business activities and associated risks. In order to achievethe above objective, the RPT will assess the following:

Composition and quality of capital Adequacy of capital Access to capital Shareholder Assessment Economic capital

All banks in India are expected to maintain a CRAR of 9%. CRAR standsfor the Capital Funds to Risk Weighted Assets Ratio. The assets areassigned their respective risk weights as per the RBI regulations andthe total capital funds to risk weighted assets ratio is found. As ameasure to align our banking system towards international standards

banks are currently moving over to the assessment of economic capitalrather than regulatory capital. Economic capital is the amount ofcapital that the firm has put at risk to cover potential losses underextreme market conditions. Banks in India are now moving towards anew framework of assessing and pricing the risks involved in theiroperations by measuring what is known as the Risk Adjusted Return onCapital (RAROC). Under the RAROC approach decisions are made usingthe firms weighted-average cost of capital as the hurdle rate forinvestment decisions. RAROC controls for differences in risk acrossprojects/investments thorough a decision rule that allocates capital toprojects/ investments according to their risk.

Also rated in the RPT is the banks ability to raise more capital, theperception of the banks shareholders and its future plans to raisecapital. Capital is basically not a risk associated with the bank. Itindicates the quality and quantity of available with a bank to mitigatethe various risks.

3.1.2 Credit Risk

Credit risk involves inability or unwillingness of a customer orcounterparty to meet commitments in relation to lending, trading,

hedging, settlement and other financial transactions. The Credit Risk isgenerally made up of transaction risk or default risk and portfolio risk.The portfolio risk in turn comprises intrinsic and concentration risk.Credit risk may take various forms, such as, in the case of loans,repayment may not be forthcoming from the customer, in the case ofletters of credit or guarantees the parties may not keep up theircommitments resulting into crystallization of the liability under thecontract payable to the beneficiary; in the case of treasury products,


15/58

the payment or series of payments due from the counter party underthe respective contracts may not come; in the case of securitiestrading businesses, settlement may not be effected; in the case ofcross-border exposures, the availability and free transfer of currencymay be restricted or ceased. Thus credit risk may be carried in the

banking book or the trading book or in the off-balance sheet items.

Lending also involves a number of risks. In addition to the risks relatedto credit worthiness of the counterparty, the banks are also exposed tointerest rate, forex and country risks. The credit risk of a bank'sportfolio depends on both external and internal factors. The externalfactors are the state of the economy, wide swings in commodity/equityprices, foreign exchange rates and interest rates, trade restrictions,economic sanctions, Government policies, etc.

Figure 11: Risks in lending

The internal factors may be due to business failure or commercialrisk, financial management risk, corporate governance risk, projectmanagement risk, pre-settlement risk which arises in the case offorward or derivative transactions since there is an inherent risk ofcounterparty default prior to the settlement date resulting in a loss tothe bank and settlement risk which arises due to the possibility that

Interest Rate

Risk

Forex RiskCounterpart

y Risk

Country

Risk

Default Risk Portfolio Risk

Intrinsic RiskConcentration

Risk

Risks in Lending

Credit

Risk


16/58

settlement may not take place as per the terms of the contract due tovarious reasons. Country risk and Counterparty risk are other forms ofcredit risk.

3.1.2.1 Country Risk

It is the possibility that a country is unable to service or repay its debtsto foreign lenders in time. In banking, the risk arises on account ofcross-border lending and investment. The risk manifests itself either inthe inability or unwillingness of the obligor in meeting the liability.Country risk comprises of the following risks:

Figure 12: Types of country risk

3.1.2.2 Counterparty Risk

Another variant of credit risk is counterparty risk. The counterparty riskarises from non-performance of the trading partners. The non-


17/58

performance may arise from counterparty's refusal/inability to performdue to adverse price movements or from external constraints thatwere not anticipated by the principal. The counterparty risk isgenerally viewed as a transient financial risk associated with tradingrather than standard credit risk.

Objective: The credit risk rating of a bank in the RPT is used todetermine the quality of assets (both on- and off-balance sheet). Inorder to achieve the above objective, the RPT looks into the threeimportant aspects of credit namely:

Composition Concentrations Provisioning

The RPT looks into the concentration of loans issued by the bank either

location-wise or industry-wise or product-wise etc, which is one form ofcredit risk. It also looks into the fact whether the bank has distributedits advances across the various sectors as per the RBI guidelines. TheRPT does not stop with the transaction testing but also looks into otheraspects such as the rating of the borrowers and the migration analysisof the borrowers. The trend of NPAs and making adequate provisionsfor anticipated losses is also monitored to rate the banks performancein credit supervision and recovery in the case of NPAs.

Off- balance sheet items are also measured along with the riskassociated with them. Banks should evolve adequate framework for

managing their exposure in off-balance sheet products like forexforward contracts, swaps, options, etc. as a part of overall credit toindividual customer relationship and subject to the same creditappraisal, limits and monitoring procedures. Banks are expected toclassify their off-balance sheet exposures into three broad categories -full risk (credit substitutes) - standby letters of credit, moneyguarantees, etc, medium risk (not direct credit substitutes, which donot support existing financial obligations) - bid bonds, letters of credit,indemnities and warranties and low risk reverse repos, currencyswaps, options, futures, etc.

3.1.3 Market Risk

Traditionally, credit risk management was the primary challenge forbanks. With progressive deregulation, market risk arising from adversechanges in market variables, such as interest rate, foreign exchangerate, equity price and commodity price has become relatively moreimportant. Even a small change in market variables causes substantial


18/58

changes in income and economic value of banks. Market risk takes anyone of the forms as shown in the figure:

Figure 13: Types of market risks

Objective:The objective of RPT is to determine the amount of market riskin the trading and banking book. Hence the following parameters ofthe bank are rated: Composition of investment portfolio Market risk in the trading book Interest rate risk in the banking book Foreign exchange risk

Equity & Commodity Price Risk

Market risk exists in both the trading bookand the banking book.Within the trading book, market risk is measured as changes in thevalue of financial instruments or currencies. Within the banking book,market risk is measured in terms of exposure to interest rate riskand/or foreign exchange risk.

3.1.3.1 Liquidity Risk

Liquidity Planning is an important facet of risk management frameworkin banks. Liquidity is the ability to efficiently accommodate deposit andother liability decreases, as well as, fund loan portfolio growth and thepossible funding of off-balance sheet claims. The liquidity risk of banksarises from funding of long-term assets by short-term liabilities,thereby making the liabilities subject to rollover or refinancing risk.Liquidity risk in banks manifest in different dimensions:

Market Risk

Liquidity Risk

Commodity Price RiskEquity Price Risk

Forex RiskInterest Rate

Risk


19/58

Figure 14: Types of Liquidity risks

The first step towards liquidity management is to put in place aneffective liquidity management policy, which, inter alia, should spellout the funding strategies, liquidity planning under alternativescenarios, prudential limits, liquidity reporting/reviewing, etc. Liquiditymeasurement is quite a difficult task and can be measured throughstock or cash flow approaches. The liquidity profile of the banks couldbe analyzed on a static basis, wherein the assets and liabilities and off-balance sheet items are pegged on a particular day and the behavioralpattern and the sensitivity of these items to changes in market interestrates and environment are duly accounted for.

Objective: The RPT estimates the liquidity profile of the bank ismeasured in a dynamic way by giving due importance to: Seasonality pattern of deposits/loans; Stability of the deposit base, Mismatches across various time buckets, means of funding such

mismatches and cost of the funds used, Potential liquidity needs for meeting new loan demands, unavailed

credit limits, loan policy, potential deposit losses, investmentobligations, statutory obligations, etc.

Policies for meeting liquidity crisis.

3.1.3.2 Interest Rate Risk (IRR)

The management of Interest Rate Risk should be one of the criticalcomponents of market risk management in banks. The regulatoryrestrictions in the past had greatly reduced many of the risks in thebanking system. Deregulation of interest rates has, however, exposedthem to the adverse impacts of interest rate risk. The Net InterestIncome (NII) or Net Interest Margin (NIM) of banks is dependent on the


20/58

movements of interest rates. Any mismatches in the cash flows (fixedassets or liabilities) or reprising dates (floating assets or liabilities),expose banks' NII or NIM to variations. The earning of assets and thecost of liabilities are now closely related to market interest ratevolatility. Interest Rate Risk (IRR) refers to potential impact on NII or

NIM or Market Value of Equity (MVE), caused by unexpected changes inmarket interest rates.Types of Interest Rate Risk

The investments of the bank are classified in to three categoriesnamely Available for Sale (AFS), Held For Trading (HFT) and Held ToMaturity (HTM). The securities in the first two categories are held underthe Trading Book while the securities under the last category are heldunder the Banking Book. Trading book is mainly meant for takingadvantage of short-term incentives and making profits. Investments inthe banking book are held up to their maturity period and are mainly


21/58

for the purpose of obtaining a steady income. While the trading book isexposed to price risk, the banking book is exposed to interest rate risk.Interest rate risk is studied from two different perspectives namely theearnings perspective and the economic value perspective. Hence thetwo techniques namely maturity gap analysis and duration gap

analysis.3.1.3.3 Foreign Exchange (Forex) Risk

The risk inherent in running open foreign exchange positions havebeen heightened in recent years by the pronounced volatility in forexrates, thereby adding a new dimension to the risk profile of banks'balance sheets. Forex risk is the risk that a bank may suffer losses as aresult of adverse exchange rate movements during a period in which ithas an open position, either spot or forward, or a combination of thetwo, in an individual foreign currency. The banks are also exposed tointerest rate risk, which arises from the maturity mismatching offoreign currency positions. Even in cases where spot and forwardpositions in individual currencies are balanced, the maturity pattern offorward transactions may produce mismatches. As a result, banks maysuffer losses as a result of changes in the premium/discounts of thecurrencies concerned.

In the forex business, banks also face the risk of default of thecounterparties or settlement risk. While such type of risk crystallizationdoes not cause principal loss, banks may have to undertake freshtransactions in the cash/spot market for replacing the failedtransactions. Thus, banks may incur replacement cost, which dependsupon the currency rate movements. Banks also face another risk calledtime-zone risk or Herstatt risk which arises out of time-lags insettlement of one currency in one center and the settlement of anothercurrency in another time-zone. The forex transactions withcounterparties from another country also trigger sovereign or countryrisk. Banks are supposed to control their forex risk by settingappropriate GAP limits for their positions at the end of each day andadhere to these limits. RBI has issued separate guidelines called theInternal Control Guidelines, which contains the steps to be taken bybanks to limit the risk arising on account of their forex transactions.

3.1.3.4 Equity & Commodity Price Risk

Equity price risk arises from the possibility that equity security priceswill fluctuate, affecting the value of equity securities and otherinstruments that derive their value from a particular stock, a definedbasket of stocks, or a stock index. Commodity price risk results fromthe possibility that the price of the underlying commodity may rise orfall. Cash flows from commodity contracts are based on the difference


22/58

between an agreed-upon fixed price and a price that varies withchanges in a specified commodity price or index. The RPT basicallymeasures the volatility in the price of the equity and commodities heldby the bank and the impact of the price variations on the bank. Thegrowth in todays financial system has led to the creation of novel

derivative instruments such as options, futures. Forwards and swaps tomoderate such risks. It is in the hands of the user to effectively usethese instruments to hedge their risks so that the impact of these riskson their portfolio as well as their earnings would be minimal.

3.1.4 Earnings Risk

Objective: The objective is to determine the profitability and earningsprofile of the bank and evaluate the quality and reliability of banksearnings. In order to achieve the above objective, the RPT will assessthe following: Profitability and earnings performance Profit plan & budget Composition and Stability of the Earnings Analysis of income and expenses

The bank has various sources of earnings such as interest from loansand advances, interest from its investments and the income from itssubsidiaries. The RPT rates these sources on the basis of their qualityand stability. Important ratios such as ROA, ROE, and interest spread;cost income ratio (CIR) and the business and profits made peremployee are calculated and compared with the peer group average inorder to determine the quality of the earnings of the bank. The workingof the subsidiaries and its impact on the profitability of the bank alsohas a role to play. Although a bank might have improved its earningsduring a particular year, it should be able to continue to do so in thefuture also. Hence it is important to study the volatility of the earningsin order to rate the earnings quality of the bank. The provisions that abank might have to make on account of non-performing advances andinvestments are also studied. The RPT also takes into account the costof funds used by the bank as a banks reliance on high cost funds couldimpair its profitability. The budget prepared by the bank and thedeviation of the actual from the budgeted figures is rated. This

parameter basically measures the quality of the banks earnings andits reliability to alleviate the various risks.

3.1.5 Business Strategy and Environmental Risk

Objective:The performance of a bank is influenced by various externaland internal factors. These factors are rated in the RPT and the variousaspects could be classified as under: External environment


23/58

Strategic business initiatives Customer base & competitive differentiation Business profile Other business risks

In todays environment banks are fighting hard to survive against thetough competition. The survival of the fittest depends on the strategythat the bank plans for itself, how it implements it, the goals it sets foritself and the ways and means of achieving them. All activities of thebank starting from its product mix to the compatibility of itsinformation systems to suit its business needs play an important role.External macroeconomic factors such as the economy of its operatingenvironment, developments in its sector of operation and regulatoryand supervisory initiatives taken up by authorities also have a role toplay in the conduct of its business. Such a risk to which the bankstands exposed is covered under this category of business strategy

and environmental risk.3.1.6 Operational Risk

Objective:The objective in measuring operational risk is to evaluate therisks a bank might face on account of its people, processes andtechnology. The various parameters by which it is measured include: People, Process and Technology Risk Legal Risk Reputation Risk

Operational loss as defined by the Basle Committee on BankingSupervision is the risk of loss resulting from inadequate or failedinternal processes, people and systems or from external events.Operational risk includes risks arising from people, processes andtechnology being used. People risk could arise on account of lack ofprofessionalism and competency of the staff in the bank and thequality of work environment they are exposed to. With the introductionof sophisticated techniques such as risk focused internal audits, bankswill have to adopt a forward looking training arrangement throughappropriate course designing and compilation of training materialskeeping in view the best international practices and procedures.

Process risk includes transaction risk arising from not adhering toregulations in executing and recording transactions and also the riskdue to the lack of control of higher authorities over the activities of thestaff. Technology risk shows the inadequacy of the systems being usedby the bank either due to security reasons or absence of proper qualityleading to failures and errors. Legal and Reputation risk faced by abank are also included under operational risk.


24/58

Figure 15: Types of operational risk

3.1.7 Group Risk

Objective: Group risk basically measures the impact of the working of thevarious domestic and overseas subsidiaries of the bank on its

performance. The parameters used to determine the group risk of abank include: Financial performance of subsidiaries Risks on account of the subsidiaries

Normally banks carry on other operations related to their businesssuch as mutual funds, insurance, housing finance etc, through partly orwholly owned subsidiaries either in the domestic or in the overseassector. Risks arising out of such operations are covered under grouprisk. The bank on account of its holdings in the subsidiary might beobligated to rescue it in cases of distress and may also be out of its

obligations to other members in the group. Hence it is absolutelyessential for the bank to keep track of the operations of its subsidiariesand take adequate measures as and when required. The Group riskarising out of a banks subsidiaries involves the capital investmentsthat the bank makes in its subsidiaries, the return it gets, theobligations on account of loss making subsidiaries, the commonality ofcontrols existing between the parent and subsidiary and the financialperformance of the subsidiaries. The parent is also expected to


25/58

measure the risk arising out of the various businesses of the subsidiaryand keep track of it and take steps to alleviate it.

3.2 Control Risk

The control risks of a bank are divided into four important categories

as shown in the figure:

Figure 16: Types of controls risks

3.2.1 Internal Controls Risk

Objective: Internal controls play a very important role in the efficientfunctioning of any organization. Hence rating it would help theregulator to understand the adequacy on controls existing within theorganization and take action accordingly. In order to achieve the aboveobjective, the following parameters are assessed:

Decision making framework Risk management framework Limits and standards Information technology Staff policies Segregation of responsibilities Audit and compliance functions Money laundering controls

Organization Risk

Management Risk

Controls Risk

Internal Controls Risk

Compliance Risk


26/58

The sophistication of internal controls will depend on the size,complexity, and geographic diversity of a bank. Hence the RPT wouldidentify the nature of the business to be controlled before determiningwhether the process controls in place are fit for purpose.

The bank is bound to measure the various risks associated with itsoperations. Internal Controls Risk measures aspects such as whetherthe bank has the required Committees in place for managing risks suchas credit risk, market risk and an overall integrated risk managementpolicy. The bank is also expected to have in place an Asset andLiabilities Management Committee (ALCO) and a stringent ALM policyfor nullifying the impacts of risks such as interest rate risk and liquidityrisks. The RPT rates the banks on the adequacy of the banks policiesand procedures on these fronts and the level of success the bank hadobtained by implementing them. Today banks are confronted withactivities such as money laundering which could have a harmful impact

on the reputation as well as the performance of the bank. So as perfrequent guidelines issued by RBI, the banks are required to takenecessary steps to prevent such frauds from occurring. A new aspectalso being implemented currently in banks is that of risk focusedinternal audit.

3.2.2 Management Risk

Objective:The objective is to determine whether the Board of Directorsand management have the requisite skills, experience and integrity tomanage the business. The following parameters have an important roleto play in the assessment of the management risk:

Four eyes principle Fitness and propriety Board composition Adaptability of management Corporate planning and strategy and governance

Now that corporate governance is assuming significance among peoplefrom all quarter banks are no exceptions to it. It involves the Topmanagement and the Board in setting targets for the lower levels,framing strategies and policies in order to achieve these goals,

monitoring their performance, carrying out the necessary correctiveaction and fixing up accountability. The management should be able toable to study the impact of various risks on the performance of thebank and evolve ways to diminish their effect. Management risk alsoinvolves risks arising out of incompetent staff at the higher rungs ofthe organizational ladder thereby affecting the performance.


27/58

3.2.3 Organizational Risk

Objective: The objective in measuring the organizational risk is tounderstand the organizational structure and determine itseffectiveness. In order to achieve the above objective, the RPTassesses the following:

Legal structure Relationship with other parts of the group Reporting lines

In determining adequacy of the organizational structure, the RPTconsiders whether the documented structure accurately reflects thereal and perceived lines of control and influence within theorganization. An organization is built up of various levels of staff andeach of them should have a clear and well-defined role to playachieving its goals and targets. It is necessary that the competent staff

should exist at all levels and proper control be exercised by the topmanagement on the lower level. The people at the highest level shouldbe able to keep track of the activities of the people at lower levels andhelp them in adapting themselves to the changing environment.

3.2.4 Compliance Risk

Objective: Compliance risk basically measures the extent to which thebank has adhered to the guidelines prescribed by the RBI or any otherregulatory body and the measures taken to correct the deficienciespointed out by the previous inspections. RPT assesses compliance riskunder the following heads:

Regulatory Compliance Statutory Compliance MAP Compliance

The compliance risk measures the risk associated with any non-compliance by the bank. Compliance includes both statutory andRegulatory Compliance. The bank should not expose itself toindividual/group borrowers above a certain limit as it could lead tocredit risk. The management is also expected to conduct periodicreviews and any excesses are supposed to be reported to respective

authorities. All these are rated in the compliance risk rating of a bank.Apart from this the banks should ensure that they abide by all the rulesand regulations including the law of the land. For e.g., the banksshould try to adopt those ways which do not cause any harm toenvironment.


28/58

1

4. RBI GUIDELINES ON RISK MANAGEMENT SYSTEMS

IN BANKS

1.1 Risk Management: Introduction

The face of banking in India is changing rapidly. The enhanced role ofthe banking sector in the Indian economy, the increasing levels of

deregulation along with the increasing levels of competition havefacilitated globalisation of the India banking system and placednumerous demands on banks. Operating in this demandingenvironment has exposed banks to various challenges and risks. TheIndian Financial System is tasting success of a decade of financialsector reforms. The economy is surging and has gathered the criticalmass to convert it into a force to reckon with. The regulatoryframework in India has sparked growth and key structural reformshave improved the asset quality and profitability of banks. Growingintegration of economies and the markets around the world is making

global banking a reality. With all these operations, risk has beenpresent always in the banking business but the discussion onmanaging the same has gained prominence only lately. The viciouscycle of risk can be described as given ahead:

Figure 17: Vicious cycle of risk


29/58

According to the RBI circular issued on risk management by the RBI,the broad parameters of risk management function should encompass:

Organisational structureComprehensive risk measurement approach

Risk management policies approved by the Board which shouldbe consistent with the broader business strategies, capitalstrength, management expertise and overall willingness toassume riskGuidelines and other parameters used to govern risk takingincluding detailed structure of prudential limitsStrong MIS for reporting, monitoring and controlling risksWell laid out procedures, effective control and comprehensiverisk reporting frameworkSeparate risk management framework independent ofoperational Departments and with clear delineation of levels of

responsibility for management of riskPeriodical review and evaluation

Market participants seek the services of banks because of their abilityto provide market knowledge, transaction efficiency and fundingcapability. In performing these roles they generally act as a principal inthe transaction. As such, they use their own balance sheet to facilitatethe transaction and to absorb the risks associated with it. There areactivities performed by banking firms which do not have direct balancesheet implications. Nonetheless, the overwhelming majority of the risks

facing the banking firm are in on-balance-sheet businesses. It is in thisarea that the discussion of risk management and the necessaryprocedures for risk management and control has centred. Accordingly,it is here that our review of risk management procedures willconcentrate.

The banking industry recognizes that an institution need not engage inbusiness in a manner that unnecessarily imposes risk upon it; norshould it absorb risk that can be efficiently transferred to otherparticipants. Rather, it should only manage risks at the firm level thatare more efficiently managed there than by the market itself or bytheir owners in their own portfolios. It has been argued that risks facingall financial institutions can be segmented into three separable types,from a management perspective. These are:

Risks that can betransferred to otherparticipants

Risks that can beeliminated or avoidedby simple businesspractices


30/58

Figure 18: Three separable types of risks

The practice of risk avoidance involves actions to reduce the chancesof idiosyncratic losses from standard banking activity by eliminatingrisks that are superfluous to the institution's business purpose. Thereare also some risks that can be eliminated, or at least substantiallyreduced through the technique of risk transfer. Markets exist for manyof the risks borne by the banking firm. Interest rate risk can betransferred by interest rate products such as swaps or otherderivatives. There are two classes of assets or activities where the risk

inherent in the activity must and should be absorbed at the bank level.In these cases, good reasons exist for using firm resources to managebank level risk. The first of these includes financial assets or activitieswhere the nature of the embedded risk may be complex and difficult tocommunicate to third parties. Communication in such cases may bemore difficult or expensive than hedging the underlying risk. Moreover,revealing information about the customer may give competitors anundue advantage. The second case included proprietary positions thatare accepted because of their risks, and their expected return.

Rationale for active risk management: It seems appropriate for any discussion

of risk management procedures to begin with why these firms managerisk. According to standard economic theory, managers of valuemaximizing firms ought to maximize, expected profit without regard tothe variability around its expected value. There are at least fourdistinct rationales offered for active risk management. Any one ofthese justifies the firms' concern over return variability.

Figure 19: Rationale of active risk management

In light of the above, what are the necessary procedures that must bein place to carry out adequate risk management? In essence, whattechniques are employed to both limit and manage the different types

Cost of financial distress

Risks that must beactively managed at thefirm level

Non linearit of tax structure

Existence of capital market imperfections

Mana erial Self interest


31/58

of risk, and how are they implemented in each area of risk control?After reviewing the procedures employed by leading firms, anapproach emerges from an examination of large-scale riskmanagement systems. The management of the banking firm relies ona sequence of steps to implement a risk management system. These

can be seen as containing the following four parts:

Figure 20: Steps for implementation of risk management systems

The banking industry has long viewed the problem of risk managementas the need to control four of the given risks which make up most, ifnot all, of their risk exposure, viz., credit, interest rate, foreignexchange and liquidity risk. While they recognize counterparty andlegal risks, they view them as less central to their concerns.Accordingly, the study of bank risk management processes isessentially an investigation of how they manage all these risks. In eachcase, the procedure outlined below is adapted to the risk considered soas to standardize, measure, constrain and manage each of these risks.Irrespective of the nature of risk, the best way for banks to protect

themselves is to identify the risks, accurately measure and price it, andmaintain appropriate levels of reserves and capital, in both good andbad times. However, this is often easier said than done, and moreoften than not, developing a holistic approach to assessing andmanaging the many facets of risks remains a challenging task for thefinancial sector. Next section highlights some of these practices.

1.2 Risk Aggregation, Capital Allocation & Stress

Testing

Capital Adequacy in relation to economic risk is a necessarycondition for the long-term soundness of banks. Aggregate riskexposure is estimated through Risk Adjusted Return on Capital(RAROC) and Earnings at Risk (EaR) method. Former is used by bankwith international presence and the RAROC process estimates the costof Economic Capital & expected losses that may prevail in the worst-case scenario and then equates the capital cushion to be provided forthe potential loss. RAROC is the first step towards examining the


32/58

institution's entire balance sheet on a mark to market basis, if only tounderstand the risk return trade off that have been made. As bankscarry on the business on a wide area network basis, it is critical thatthey are able to continuously monitor the exposures across the entireorganization and aggregate the risks so than an integrated view is

taken.The Economic Capital is the amount of the capital (besides theRegulatory Capital) that the firm has to put at risk so as to cover thepotential loss under the extreme market conditions. In other words, itis the difference in mark-to-market value of assets over liabilities thatthe bank should aim at or target. As against this, the regulatory capitalis the actual Capital Funds held by the bank against the Risk WeightedAssets. After measuring the economic capital for the bank as a whole,bank's actual capital has to be allocated to individual business units onthe basis of various types of risks. This process can be continued till

capital is allocated at transaction/customer level.Stress testing:It is another modern risk management practice which has

found wide acceptability in Indian Banking System. Determining the

required buffer size of capital is an important risk management issue

for banks, which the Basle Committee (2002) suggests should be

approached via stress testing. Stress testing permits a forward-looking

analysis and a uniform approach to identifying potential risks to the

banking system as a whole. Stress tests done on German banks found

that, "it is not only the capital and reserves base which is crucial for

the long-term stability of the banks, however. The institutions alsohave to make further progress in their efforts to achieve a sustained

improvement in their profitability and in limiting their credit and

market risks." All these dynamics are well captured by Stress Testing

models. RBI has said that, "Banks should identify their major sources of

risk and carry out stress tests appropriate to them. Some of these tests

may be run daily or weekly, some others may be run at monthly or

quarterly intervals. This stress testing would also form a part of

preparedness for Pillar 2 of the Basel II framework."

1.3 Credit Risk Management

1.3.1 Credit risk

Risk is inherent in all aspects of a commercial operation and coversareas such as customer services, reputation, technology, security,human resources, market price, funding, legal, and regulatory, fraudand strategy. However, for banks and financial institutions, credit risk


33/58

is the most important factor to be managed. Credit risk managementenables banks to identify, assess, manage proactively, and optimisetheir credit risk at an individual level or at an entity level or at the levelof a country. Given the fast changing, dynamic world scenarioexperiencing the pressures of globalisation, liberalization, consolidation

and disintermediation, it is important that banks have a robust creditrisk management policies and procedures which are sensitive andresponsive to these changes. Credit risk should be typically managedas shown in the diagram below:

Figure 21: Typical credit risk management organizational structure

1.3.2 Credit risk models

The credit risk models are intended to aid banks in quantifying,aggregating and managing risk across geographical and product lines.The outputs of these models also play increasingly important roles inbanks' risk management and performance measurement processes,customer profitability analysis, risk-based pricing, active portfoliomanagement and capital structure decisions. Credit risk modelling mayresult in better internal risk management and may have the potential

to be used in the supervisory oversight of banking organizations. In themeasurement of credit risk, models can be classified along threedifferent dimensions: the techniques employed the domain ofapplications in the credit process and the products to which they areapplied.

The following are the more commonly used techniques:


34/58

Econometric Techniques such as linear and multiple discriminantanalysis, multiple regression, logic analysis and probability ofdefault, etc.

Neural networks are computer-based systems that use the samedata employed in the econometric techniques but arrive at the

decision model using alternative implementations of a trial anderror method. Optimization models are mathematical programming techniques

that discover the optimum weights for borrower and loan attributesthat minimize lender error and maximize profits.

Rule-based or expert are characterized by a set of decision rules, aknowledge base consisting of data such as industry financial ratios,and a structured inquiry process to be used by the analyst inobtaining the data on a particular borrower.

Hybrid Systems where simulation are driven in part by a directcausal relationship, the parameters of which are determined

through estimation techniques.

These models are used in a variety of domains:

1. Credit approval - Models are used on a standalone basis or inconjunction with a judgmental override system for approving creditin the consumer lending business.

2. Credit rating determination- Quantitative models are used inderiving 'shadow bond rating' for unrated securities and commercialloans. These ratings in turn influence portfolio limits and otherlending limits used by the institution.

3. Risk pricing- Credit risk models may be used to suggest the riskpremia that should be charged in view of the probability of loss andthe size of the loss given default. Using a mark-to-market model, aninstitution may evaluate the costs and benefits of holding a financialasset. Unexpected losses implied by a credit model may be used toset the capital charge in pricing.

Some Examples of Credit Risk:

Loan Credit Risk In January of 1999, Guangdong International Trust and Investment Corporation defaulted

on the repayment of $4.5 billion, half of which was owed to overseas banks.

In August of 1999, Iridium, the satellite telecom company, defaulted on two syndicatedloans of $1.5 billion that it had borrowed to launch the satellites, but could not repay dueto unexpected low earnings.

Issuer Credit Risk On August 17, 1998, Russia unilaterally rescheduled repayments on $43 billion of bonds

that had been sold to western banks & investors. The investors eventually recovered afraction of the $43 billion.


35/58

In February 2001, PG&E, a Californian electric utility, defaulted on $726 million ofshort-term bonds that it had issued. However. Its default was selective, and it continuedto pay interest on $8 billion of other debt.

Counter party Credit Risk In 1998, Moscow International Currency Exchange and several Russian banks defaulted

on currency derivatives with Credit Suisse First Boston (CSFB). The exchange rate hadmoved such that the banks owed $600 million to CSFB.

Settlement Credit Risk In 1974, a small German bank, Bankhaus Herstatt, had a string of losses in forex

dealings. It went bankrupt at the end of a trading day in Germany. Because, it was the endof the trading day in Germany, it had already received $620 million worth of forexpayments from its US trading counter parties, but because the US markets were still open,Herstatt had not yet been required to deliver $620 million for its side of the trades. At thetime that it went bankrupt, it stopped all payments, and US banks lost virtually all of the$620 million.

Use of credit models can be as:

1. Early warning- Credit models are used to flag potentialproblems in the portfolio to facilitate early corrective action.

2. Common credit language- Credit models may be used toselect assets from a pool to construct a portfolio acceptable toinvestors at the time of asset securitisation or to achieve the

minimum credit quality needed to obtain the desired creditrating. Underwriters may use such models for due diligence onthe portfolio (such as a collateralized pool of commercial loans).

3. Collection strategies- Credit models may be used in decidingon the best collection or workout strategy to pursue. If, forexample, a credit model indicates that a borrower isexperiencing short-term liquidity problems rather than a declinein credit fundamentals, then an appropriate workout may bedevised.

The credit risk models that achieved global acceptance as

benchmarks for measuring stand-alone as well as portfolio creditrisk are given below:

1. Altman's Z-score model,2. KMV model for measuring default risk,3. CreditMetrics,4. CreditRisk+5. Logit and probit models


36/58

The first two models were developed to measure the default riskassociated with an individual borrower. The Z-score model separatesthe 'bad' firms or the firms in financial distress from the set of 'good'firms who are able to service their debt obligations in time. The KMVmodel, on the other hand, estimates the default probability of each

firm. Thus, the output of this model can be used as an input for riskbased pricing mechanism and for allocation of economic capital. Theother two models are the most frequently used portfolio risk models incredit risk literature. The two models are intended to measure thesame risks, but impose different restrictions, make differentdistributional assumptions and use different techniques for calibration.

Z-Score Model

Altman's Z-score model is an application of multivariate discriminantanalysis in credit risk modelling. Financial ratios measuring

profitability, liquidity, and solvency appeared to have significantdiscriminating power to separate the firm that fails to service its debtfrom the firms that do not. These ratios are weighted to produce ameasure (credit risk score) that can be used as a metric to differentiatethe bad firms from the set of good ones. Altman started with twenty-two variables (financial ratios) and finally five of them were found to besignificant. The resulting discriminant function was:

Z = 0.012(X1) + 0.014(X2) + 0.033(X3) + 0.006(X4) + 0.999(X5)

Where, X1=Working Capital / Total Assets,

X2=Retained Earnings / Total Assets,

X3=Earnings before Interest and Taxes / Total Assets,

X4=Market Value of Equity / Book Value of Total Liabilities,

X5=Sales / Total Assets.

Altman found a lower bound value of 1.81 (failing zone) and an upperbound of 2.99 (non-failing zone) to be optimal. Any score in-between

1.81 and 2.99 was treated as being in the zone of ignorance. Thisoriginal Z-score model was revised and modified several times in orderto find the scoring model more specific to a particular class of firms.These resulted in the private firm's Z-score model, non-manufacturers'Z-score model and Emerging Market Scoring (EMS) model.

KMV Model


37/58

KMV Corporation has developed a credit risk model that usesinformation on stock prices and the capital structure of the firm toestimate its default probability. This model is based on Merton's (1973)analytical model of firm value. The starting point of this model is the

proposition that a firm will default only if its asset value falls below acertain level (default point), which is a function of its liability. Itestimates the asset value of the firm and its asset volatility from themarket value of equity and the debt structure in the option theoreticframework. Using these two values, a metric (distance from default orDfD) is constructed that represents the number of standard deviationsthat the firm's asset value is away from the default point. Finally, amapping is done between the DfD values and actual default rate,based on the historical default experience. The resultant probability iscalled Expected Default Frequency (EDF).

Distance from default= (expected market value of assets - defaultpoint)/ {(expected market value of assets) (volatility of assets)}

CreditMetrics

In April 1997, J.P. Morgan released the CreditMetrics Technical

Document that immediately set a new benchmark in the literature of

portfolio risk management. This provides a method for estimating the

distribution of the value of the assets in a portfolio subject to changes

in the credit quality of individual borrower. A portfolio consists of

different stand-alone assets, defined by a stream of future cash flows.

Each asset has a distribution over the possible range of future rating

class. Starting from its initial rating, an asset may end up in any one of

the possible rating categories. Each rating category has a different

credit spread, which will be used to discount the future cash flows. It is

assumed that the asset returns are normally distributed and change in

the asset returns causes the change in the rating category in the

future. Finally, the simulation technique is used to estimate the value

distribution of the assets. A number of scenarios are generated from a

multivariate normal distribution, which is defined by the marginal

rating transition distribution of the individual assets and the correlationvalues among them. Discounting by the appropriate credit spread, the

future value of the asset is estimated. The mean asset value, asset

volatility, percentile level and the marginal risk volume can summarize

the output of this model.

CreditRisk+


38/58

CreditRisk+, introduced by Credit Suisse Financial Products (CSFP), is a

model of default risk. Each asset has only two possible end-of-period

states: default and non-default. In the event of default, the lender

recovers a fixed proportion of the total exposure. The default rate is

considered as a continuous random variable. Here, the default

correlation is assumed to be determined by a set of risk factors.

Conditional on these risk factors, default of each obligor follows a

Bernoulli distribution. To get the unconditional probability generating

function for the number of defaults, it assumes that the risk factors are

independently gamma-distributed random variables. The final step in

CreditRisk+ is to obtain the probability generating function for losses.

Conditional on the number of default events, the losses are entirely

determined by the exposure and the recovery rate. Thus, the

distribution of asset values can be estimated from the following input

data: Exposure of individual asset, Expected default rate, Default ratevolatilities, Recovery rate given default and Risk sectors. The

CreditRisk+ manual provides the recurrence relation used to calculate

the value distribution

Probit and logit model

There are models dedicated to predicting binary events, such as

defaults or non-defaults, or to scaling the probabilities that such events

occur. These models include the linear probability models and the

more adequate logit and probit models. In what follows, individualmeans individual observation, an observation relating to any type of

borrower, consumer or corporate:

'Binary models' assume that individuals belong to either one of two categoriesonly, such as defaulting firms and non-defaulting firms, depending on theircharacteristics.

Multinomial models' accommodate several categories, such as ratings, dependingon their characteristics.

The logit model uses the cumulative logistic probability distribution for the cdf. Themodel fits Y = a + X+ and calculates the probability of Y having a specificcategorical value as:

ln {P(Y) I [l -P(Y)]} = Y = a + X+


39/58

The argument of the logarithmP(Y)/ [1 -P(Y)] is the odds of belonging to one group, orthe ratio of the probability of belonging to that group to the probability of not belongingto that group. The logarithm of the odds ratio is the 'logit'.

The probit model performs similar functions to the logit model, but uses the normal

distribution instead of the logistic distribution. The probit model considers Y as normallydistributed and uses the cumulative distribution of the normal distribution. Y can take anyvalue, negative or positive. There is a one-to-one correspondence between Y, which isunconstrained, and the probabilityP(Y):

P(Y) = cdf(Y) = cdf(Y = a + X+) = (1/2) Yexp (-s2/2) ds

Y = cdf-1(P) = a + X+

Banks can adopt any model depending on their size, complexity, risk bearing capacityand risk appetite, etc. However, the credit risk models followed by banks should, at theleast, achieve the following:

1. Result in differentiating the degree of credit risk in differentcredit exposures of a bank. The system could provide fortransaction-based or borrower-based rating or both. It isrecommended that all exposures are to be rated

2. Identify concentration in the portfolios3. Identify problem credits before they become NPAs4. Identify adequacy/ inadequacy of loan provisions5. Help in pricing of credit6. Recognize variations in macro-economic factors and a possible

impact under alternative scenarios7. Determine the impact on profitability of transactions and

relationship

1.3.3 Credit risk management practices worldwide

Driven by the pending Basel II accord and the level of recent credit

losses, risk management has gained greater prominence among senior

bank management. Greater efforts on the part of banks globally to

organize and revamp data collection and decision-facilitating systems

have been seen. Industry consolidation and an increased regulatoryspotlight on financial institutions also have boosted the necessity for

transparent and well-documented internal risk management systems.

In addition, enhancing the ability to identify, monitor and report on risk

management for decision-making has grown in importance. But the

focus on strengthening risk management stretches beyond Basel II.


40/58

In March 2002, with the sponsorship of the International Association of

Credit Portfolio Managers (IACPM), the International Association of

Swaps and Derivatives Association (ISDA), and the Risk Management

Association (RMA), Rutter Associates surveyed the state of credit

portfolio management practices. Questionnaires were distributed to

the credit portfolio management area of 71 financial institutions.

Responses were received from 41 of the 71 institutions. Among the 41

firms who responded to this survey are: ABN-AMRO Bank, Bank of

America, Bank of New York, Barclays Capital, BNP Paribas, Citicorp,

CSFB, Deutsche Bank, Dresdner Bank, JP Morgan Chase, etc. The

responses for the number of rating grades used by the firms are

summarized in Exhibit below. Note that the results showed no

differentiation by type of counter party large corporate, middle-

market corporate, or banks.

Non defaulted entitiesRange 5-22Median 12Mean 13Defaulted entitiesRange 1-7Median 2Mean 3Figure 22: Number of rating grades

Sixty six percent (66%) of the respondents indicated that they employ

facility ratings that are separate from the obligor rating. Identifying

five borrower grades (using S&P and Moodys ratings) respondents

were asked to calculate the probability of default that the firm was

using for that grade in their credit portfolio modelling. Exhibit below

summarizes the median probabilities of default reported by the

respondents to the survey and compares these probabilities of default

to the EDF that would have been obtained from KMVs Credit Monitor

TM at the same time and actual default rates as reported by S&P in

2001.


41/58

Figure 23: Comparison of survey results with other probability of default measures

1.3.4 Drivers of effective credit risk management

With Basel-II, banks now are forced to provide more detailed

disclosures in their annual reports. These may include information on

their strategies, nature of credit risk in their activities and how credit

risk arises in those activities, as well as information on how they

manage credit risk. A more rigorous assessment of a banks credit risk

appetite, more technical approach toward its counterparties and better

portfolio risk management will be sought. However the impact of BaselII is largely dependent on the environment it is regulated under, as it is

different for each region.

The objective of best practices in credit risk management is to provide

comprehensive guidance to better address credit risk management.

The findings from a survey illustrate that credit risk management

practices differ among banks, as they are dependent upon the nature

and complexity of an individual banks credit activities. Sound

practices should generally address the following areas:

Establishing an appropriate credit risk environment. Operating under a sound credit-granting process. Maintaining an appropriate credit administration, measurement and

monitoring process. Ensuring adequate controls over credit risk.


42/58

The feedback from banks demonstrates that centralization,

standardization, consolidation, timeliness, active portfolio

management and efficient tools for exposures are the key best

practice in credit risk management. Some banks are considering

having more efficient tools for what if analysis and tools to provide

transparency to the business. Many of them are focusing on stress

testing, concentration risk, macro hedges and capital risk market

management. The drivers of CRM are:

1. Effective credit risk management as a value-enhancingactivity: If deployed correctly and effectively, credit riskmanagement can be a value-enhancing activity that goes beyondregulatory compliance and can provide a competitive advantage toinstitutions that execute it appropriately. Some of the examplesdemonstrating the statement above include consolidating credit

lines for customers in order to achieve greater business activity,efficient use of capital risk adjusted return etc.2. Consolidating credit lines: Consolidating credit lines allows one

of the responding banks to manage capital adequacy moreefficiently. For instance, all of the banks global customers, such asFord Motor Company, have consolidated global credit lines acrossmultiple countries, including the UK, Germany and Singapore. Bydeploying global credit lines, total credit is reduced thus allowing formore business activity.

3. Efficient use of economic and regulatory capital: Havingconsistent, comprehensive risk architecture will make it easier for

banks to calculate and manage capital. Banks mainly in the U.S. andEurope use economic capital for the following reasons:o To ensure that the bank has a safe level of capital to

guard against risks and to meet regulatory requirements.o To price loans to earn attractive risk-adjusted profits.o To apply economic capitals trio of core decision

making criteria (risk, capital requirements and returns) instrategic business planning and to measure return on equity(ROE) by line of business, product or customer to ensure thatcapital is effectively allocated among different activities in abank to maximize shareholders value.

4. Once the economic capital is computed across the bank, the banksactual equity capital is allocated to individual business units on thebasis of risks so that shareholders wealth can be maximized.

5. Use of derivatives to reshape credit profile: Credit portfoliomanagement is a value-enhancing activity; some of the interviewedbanks use credit derivatives to reshape their credit profiles. The useof credit derivatives in an American bank has significantly reducedits financial markets credit risk from 70-75 percent to 40-45


43/58

percent. Credit derivatives create new possibilities for risktransformation through innovative structures such as credit defaultswaps, basket swaps and debt obligations. Further derivativestructures may involve the indexing or reinsuring of illiquid middlemarket and the creation of short positions in credit risk.

6. Technology: Along with credit derivatives, technology can alsocontribute to reshaping banks credit profile by allowing banks toknow the type of exposures and price transactions they are dealingwith. These elements are required to hedge exposures.

1.4 Market Risk Management

1.4.1 Market risk and means to manage it

Market risk is defined as the uncertainty in the future values of theGroups on and off balance sheet financial items, resulting from

movements in factors such as interest rates, equity prices, and foreignexchange rates.

Market risk as defined by BIS:The risk that the value of on or off balance

sheet positions will be adversely affected by movements in equity and

interest rate markets, currency exchange rates and commodity prices.

Market risk as defined by RBI:The possibility of loss to a bank caused by

changes in the market variables.

The drivers of market risk are equity and commodities prices, foreign

exchange rates, interest rates, their volatilities and correlations.Market risk can be classified into directional and non-directional risks.

Figure 24: Types of market risk


44/58

Market risk can be measured and managed through the following:

1. Maturity gap analysis2. Duration analysis3. Convexity: Factor sensitivities indicating a fixed income portfolio's

second order (quadratic) sensitivity to the parallel shifts in the spotcure. Convexity measures the change in duration as interest ratechanges.

4. Value-at-Risk (VAR): It is a category of risk measure thatdescribes probabilistically the market risk of a trading portfolio. VARsummarizes the worst loss over a target horizon with a given levelof confidence. It captures the combined effect of underlyingvolatility and exposure to financial risks. The greatest advantage ofVAR is that it summarizes in a single, easy to understand numberthe downside risk of an institution due to financial market variables.

5. Stress Testing: It can be described as the process to identify andmanage situations that could cause extraordinary losses. VARquantifies potential losses under normal market conditions. It failsto identify extreme unusual situations that could cause severelosses. Hence we need to undertake stress testing to supplementVAR.

6. The Greeks: A set of factor sensitivities used for measuring riskexposures related to options or other derivatives. Each measureshow the portfolio's market value should respond to a change insome variablean underlier, implied volatility, interest rate or time.There are five Greeks:

a. Delta measures first order (linear) sensitivity to an underlier;b. Gamma measures second order (quadratic) sensitivity to an

underlier;c. Vega measures first order (linear) sensitivity to the implied

volatility of an underlier;d. Theta measures first order (linear) sensitivity to the passage

of time;e. Rho measures first order (linear) sensitivity to an applicable

interest rate.


45/58

1.4.2 Value-at-risk (VaR)

Value-at-risk (VaR) is a measure of the worst expected loss over a

given time interval under normal market conditions at a given

confidence level. Value-at-risk is widely used by banks, securities firmsand other trading organizations. Such firms could track their portfolios'

market risk by using historical volatility as a risk metric. Formally, VaR

is the loss that would be exceeded with a given probability over a

specified period of time. This definition has three important elements.

They are:

Figure 25: Definition of VaR

VaR is often considered a useful summary measure of market risk for

several reasons. VaR exhibits consistency as a measure of financial

risk. VaR facilitates direct comparison of risk across different portfolios

and distinct financial products. It allows the managers or investors toexamine potential losses over a particular time horizon with which they

are concerned. It is largely tactical neutral. It is calculated by

examining the market risks of the individual instruments in a portfolio,

not using actual historical performance.


46/58

1.4.2.1 VaR Methods

There are three different methods for calculation of VaR as explained

below: -

Figure 26: VaR methods

Each of the above mentioned methods are best adapted to a different

environment.

Philippe Jorion (1997) concludes that: -


47/58

For large portfolios where optionality is not a dominant factor, theDelta Normal method provides a fast and efficient method formeasuring VaR.

For portfolios exposed to few sources of risk and with substantialoption components, Delta-Gamma method provides increased

precision at a low computational cost. However this method tend toperform well only when the Greeks of the options are stable. It doesnot perform well for options, which are near maturity or at themoney.

For portfolios with substantial option components (such asmortgages), a full valuation method such as Monte Carlo simulationis needed.

1.4.3 Asset Liability Management

Asset Liability Management is a tool that enables bank managements

to take business decisions in a more informed framework. ALM is

concerned with strategic balance sheet management involving riskscaused by changes in the interest rates, exchange rates and the

liquidity position of the bank. The ALM function informs the manager

what the current market risk profile of the bank is, and the impact that

various alternate business decisions would have on the future risk

profile. Consider, for example, a situation where the chief of a banks

retail deposit mobilization function wants to know the kind of deposits

that the branches should be told to encourage. To answer this question

correctly he needs to know, among other things, the existing cash flow

profile of the bank. Let us assume that the structure of the existing

assets and liabilities of the bank is such that at the aggregate, the

maturity of assets is longer than the maturity of liabilities. This would

expose the bank to interest rate risk. In order to reduce the risk, the

bank would either have to reduce the average maturity of its assets

(perhaps decreasing the holding of Government Securities), or increase

the average maturities of its liabilities (perhaps by reducing its

dependency on call/money market funds). Thus given the existing risk

profile, the retail deposits chief knows that the bank can reduce its

future risk by marketing its longer term deposits more aggressively, if

necessary, even increasing the rates offered on long term depositsand/or decreasing rates on the short term deposits. ALM is thus a

comprehensive and dynamic framework for measuring, monitoring and

managing the market risks (primarily) of a bank.


48/58

1.4.4 Indian Scenario Why ALM in India?

In recent years in India, most of the interest rates have been

deregulated; government securities are sold in auctions and banks are

also, with a few exceptions free to determine the interest rates on

deposits and advances. Historically, banks in India have not paid much

attention to the topic of management of the interest rate mainly

because all interest rates were regulated by the central bank. With the

changing, scenario, the topic assumes a great deal of importance as

market determined interest rates inevitably lead to volatility and hence

interest rate risk. Again, with a large part of the securities portfolio now

subject to mark to market valuation for compiling accounts, banks

bottom lines are vulnerable to changing interest rates on this score as

well, i.e., over and above the fluctuations in the net interest margin.

Banks dependence on net interest margin for meeting their costs and

earning profits is high as the following data evidences:

Source: Report on trend and progress in banking, 2007-08

Figure 27: Table showing the NIM of scheduled commercial banks

Clearly, protecting/improving the net interest margin in a changing

interest rate scenario through proper asset liability management is

important for banks.

Structure and Composition of Assets and Liabilities: The composition of assetsand liabilities can be categorized into permanent natured assets andliabilities, long cycle time, medium cycle time and short cycle timeassets and liabilities, and contingent assets and liabilities. Thefollowing is an example of such regrouping: -

Components of Assets and Liabilities

Fixed AssetsMachinery

Permanent AssetMismatch

Permanent LongTerm Liability

CapitalFree reserve


49/58

EquipmentAdvance for lease or premisesInvestment in subsidiaries/jointventures

Mismatch ProvisionRecapitalization reserveTier 2 capitalCapital restructuringLoan

Long dated SLR investment

Term loan repayable in 3 years andoverHousing loanCorpus fund to subsidiaries/MFsCore cash credits

Long cycle Time

AssetsMismatch

Liabilities with

Long DurationMaturitiesMismatch

Deposits with maturity of 3

years and aboveCore amount kept insuspense a/c

Medium dated SLR investmentInterest accruedTax paid in advanceStationeryOther assetsMedium term loan repayable in 3years

Medium CycleTime AssetsMismatch

Liabilities withMediumDurationMaturitiesMismatch

Deposits with maturity of 1to 3 yearsCore current a/c depositsCore SB deposits

Short dated SLR investmentsLoans and AdvancesBills purchased and discountedDue from banksSyndicated loansDemand CCs/ODsBalance with banksRBI cash heldCall deposits/CDs

Short Cycle TimeAssetsMismatch

Liabilities withShort DurationMaturitiesMismatch

Short term depositsCall deposits

Non-core depositsA/c deposits

Non-core SB depositsPipeline funds fromoperations through DD, MT,TT, TC, Gift chequesGovernment transactionsMerchant Banking business

LCs

Guarantees

Forward contracts

Options

Swaps

Swaptions

Contingent Assets

Mismatch

ContingentLiabilities

Mismatch

LCs

Guarantees

Forward contracts

Options

Swaps

SwaptionsFigure 28: Table showing the grouping of assets and liabilities

As far as commercial banks are concerned, particularly the larger

Indian public sector banks, the principal source of the mismatch is theirholding of fixed income long dated securities as part of their statutoryliquidity portfolio. The bulk of the liabilities of commercial banks arerelatively short term, while the portfolio of fixed income securities,which forms a significant portion of their total assets, often has a muchlonger duration of maturity. This mismatch can lead to substantiallosses in the fixed income portfolio when interest rates go up. On theliability side, the fixed deposit portfolio is also a source of risk, quite


50/58

apart from the risk of depositors shifting from savings bank account tofixed deposits when the interest rates are high further adding to costs.Banks also face a risk from the options embedded in the fixed depositportfolio through the freedom to the depositors for prematureencashment.

The ALM function is not simply about risk protection. It should also beabout enhancing the net worth of the institution through opportunisticpositioning of the balance sheet. The more leveraged an institution is,the more critical the ALM function within the enterprise. The ALMprocess allows an institution to take on positions, which are otherwisedeemed too large without such a function. Some of the fundamentalobjectives that an Asset and Liability Management function must striveto include:

Figure 28: Objectives of ALM

1.4.5 Techniques of ALM

There are various techniques of risk management to address thedifferent types of risk. ALM primarily aims at managing interest raterisk and liquidity risk. The techniques used are as follows:

Interest Rate Risk Management

The sensitivity to interest rate fluctuations will arise due to the mixedeffect of a host of other risks that comprise the interest rate risk. Thetechniques used are:


51/58


52/58

Techniques of ALM for Liquidity Risk Management are:

Figure 29: Techniques of ALM: Liquidity management

Apart from these techniques various new methods of ALM have

emerged. Some of these are as follows:

Option-Adjusted Spread (OAS) Analysis

Arbitrage-free Interest Rate Scenarios

Integrated Enterprise-Wide Risk Management

Integrated View of Credit Risk and Market Risk

Risk Management Indian Banking Report

Documents

Transcript of Risk Management Indian Banking Report