RISK MANAGEMENT IN BANKS

INTRODUCTION

Banks in the process of financial intermediation are confronted with

various kinds of financial and non-financial risks viz., credit, interest rate,
foreign exchange rate, liquidity, equity price, commodity price, legal,
regulatory, reputational, etc. These risks are highly interdependent and
events that affect one area of risk can have ramifications for a range of other
risk categories. Thus, top management of banks should attach considerable
importance to improve the ability to identify measure, monitor and control
the overall level of risks undertaken.

RISK DEFINED

“Risk is the possibility of loss or damage”.

“Risk is the measure of profitability and severity of adverse effects”.
“Risk is the potential for realization of unwanted negative consequences
of an event”.

In any transaction, when there is a possibility of loss or peril, it may be

termed as a risky transaction.

As discussed above, risk are inherent in financial intermediation and cannot

be eliminated. However, they cannot only be managed and controlled but
even be turned into opportunities.

1
 RISK MANAGEMENT IN BANKS

THE BROAD PARAMETERS OF RISK MANAGEMENT

FUNCTION SHOULD ENCOMPASS

(i) Organizational structure;

(ii) Comprehensive risk measurement approach;
(iii) Risk management policies approved by the Board which should be
consistent with the broader business strategies, capital strength,
management expertise and overall willingness to assume risk;
(iv) Guidelines and other parameters used to govern risk taking
including detailed structure of prudential limits;
(v) Strong MIS for reporting, monitoring and controlling risks;
(vi) Well laid out procedures, effective control and comprehensive risk
reporting framework;
(vii) Separate risk management framework independent of operational
Departments and with clear delineation of levels of responsibilities
for management of risk; and
(viii) Periodical review and evaluation.

2
 RISK MANAGEMENT IN BANKS

THE PROCESS OF RISK MANAGEMENT INVOLVES

THE FOLLOWING

• Recognition and understanding,

• Measurement and
• Monitoring and control.

For effective risk management, a comprehensive risk management policy

has to be formulated incorporating a detailed structure of limits and
guidelines to be followed, and a strong management information system
built up for continuous monitoring and reporting of risk exposures.

Risk management is a process, by which an organization, say a bank,

identifies, measures, monitors and controls its risk exposures. Risk
management is a continuous process and not a one time activity.

Diagrammatically risk management process can be presented as under.

3
 RISK MANAGEMENT IN BANKS

By this process, the bank ensures that:

 There is a common understanding of risks across the

organizations.
 Risks are within the tolerances established by the board of
directors.
 Risk taking decisions are consistent with strategic business
objectives.
 Appropriate processes facilitate explicit and clear risk-taking
decisions.
 Expected return compensates for the risk taken and
 Capital allocation is consistent with risk exposures.

4
 RISK MANAGEMENT IN BANKS

TYPES OF RISKS

As per the RESERVE BANK OF INDIA guidelines issued in October

1999, there are three major types of risks encountered by the banks and
these CREDIT RISK, MARKET RISK AND OPERATIONAL RISK. In the
article, we will see what are the components of these three major risks. In
August 2001, a discussion paper on move towards Risk based Supervision
was published. Further, in September 2001 a guidance note on Credit Risk
Management was sent to all the banks. Recently in March 2002, a guidance
note on Market Risk Management was also circulated to all the banks and
this was followed by a discussion paper on Country Risk released in May
2002.

Risk is the potentiality that both the expected and unexpected events
may have as adverse impact on the bank’s capital or earnings. The expected
loss is to be borne by the borrower and hence is taken care of by adequately
pricing the products through risk premium and reserves created out of the
earnings. It is the amount expected to be lost due to changes in credit quality
resulting in default.

Whereas, the unexpected loss on account of the individual exposure

and the whole portfolio in entirety is to be borne by the bank itself and
hence is to be taken care of by the capital.

5
 RISK MANAGEMENT IN BANKS

Thus, the expected losses are covered by reserves and provisions and the
unexpected losses require capital allocation. Hence, the need for sufficient
Capital Adequacy Ratio is felt. Each type of risk is

measured to determine both the expected and unexpected losses using VaR
(Value at Risk) or worst-case type analytical model.

Types of Financial Risks

Financial Risks

Market Risk Credit Risk Operational

Risk

6
 RISK MANAGEMENT IN BANKS

[I] CREDIT RISKS:-

In course of banks lending involves a number of risks. In addition to

the risks related to creditworthiness of the counterparty, the banks are also
exposed to interest rate, forex and country risks.

Unlike market risks, where the measurement, monitoring, control etc.

are to a great extent centralized. Credit risks management is a decentralized
function or activity. This is to say that credit risk taking activity is spread
across the length and breadth of the network of branches, as lending is a
decentralized function. Proper a sufficient care has to be taken for
appropriate management of credit risk.

Credit risk or default risk involves inability or unwillingness of a

customer or counterparty to meet commitments in relation to lending,
trading, hedging, settlement and other financial transactions. The objective
of credit risk management is to minimize the risk and maximize banks risk
adjusted rate of return by assuming and maintaining credit exposure within
the acceptable parameters.

The Credit Risk is generally made up of transaction risk or default

risk and portfolio risk. The portfolio risk in turn comprises intrinsic and
concentration risk. The credit risk of a banks portfolio depends on both

7
 RISK MANAGEMENT IN BANKS

external and internal factors. The external factors are the state of the
economy, rates and interest rates, trade restrictions, economic sanctions,

wide swings in commodity/equity prices, foreign exchange rates and interest

rates, trade restrictions, economic sanctions, Government policies, etc. The
internal factors are deficiencies in loan policies/administration, absence of
prudential credit concentration limits, inadequately defined lending limits
for Loan Officers/Credit Committees, deficiencies in appraisal of borrowers
financial position, excessive dependence on collaterals and inadequate risk
pricing, absence of loan review mechanism and post sanction surveillance,
etc.
Another variant of credit risk is counterparty risk. The counterparty
risk arises from non-performance of the trading partners. The non-
performance may arise from counterparty’s refusal/inability to perform due
to adverse price movements or from external constraints that were not
anticipated by the principal. The counterparty risk is generally viewed as a
transient financial risk associated with trading rather than standard credit
risk.
The management of credit risk should receive the top management’s
attention and the process should encompass:

Measurement of risk through credit rating/scoring:-

(a) Quantifying the risk through estimating expected loan losses i.e. the
amount of loan losses that bank would experience over a chosen time
horizon (through tracking portfolio behavior over 5 or more years)

8
 RISK MANAGEMENT IN BANKS

and unexpected loss (through standard deviation of losses or the

difference between expected loan losses and some selected target
credit loss quantile);
(b) Risk pricing on a scientific basis; and
(c) Controlling the risk through effective Loan Review Mechanism and
portfolio management.

The credit risk management process should be articulated in the

bank’s Loan Policy, duly approved by the Board. Each bank should
constitute a high level Credit Policy Committee, also called Credit Risk
Management Committee or Credit Control Committee etc. to deal with
issues relating to credit policy and procedures and to analyze, manage and
control credit risk on a bank wide basis.

The Committee should be headed by the Chairman/CEO/ED, and

should comprise heads of Credit Department, Treasury, Credit Risk
Management Department (CRMD) and the Chief Economist.

The Committee should, inter alia, formulate clear policies on

standards for presentation of credit proposals, financial covenants, rating
standards and benchmarks, delegation of credit approving powers,
prudential limits on large credit exposures, asset concentrations, standards
for loan collateral, portfolio management, loan review mechanism, risk
concentrations, risk monitoring and evaluation, pricing of loans,
provisioning, regulatory/legal compliance, etc.

9
 RISK MANAGEMENT IN BANKS

Concurrently, each bank should also set up Credit Risk Management

Department (CRMD), independent of the Credit Administration
Department.

The CRMD should enforce and monitor compliance of the risk

parameters and prudential limits set by the CPC.

The CRMD should also lay down risk assessment systems, monitor
quality of loan portfolio, identify problems and correct deficiencies, develop
MIS and undertake loan review/audit.

Large banks may consider separate set up for loan review/audit. The
CRMD should also be made accountable for protecting the quality of the
entire loan portfolio. The Department should undertake portfolio evaluations
and conduct comprehensive studies on the environment to test the resilience
of the loan portfolio.

CREDIT RISK may be defined as the risk of default on the part of

the borrower. The lender always faces the risk of the counter party not
repaying the loan or not making the due payment in time. This uncertainty
of repayment by the borrower is also known as default risk.

Some of the commonly used methods to measure credit risk

are:

a. Ratio of non performing advances to total advances;

10
 RISK MANAGEMENT IN BANKS

b. Ratio of loan losses to bad debt reserves;

c. Ratio of loan losses to capital and reserves;
d. Ratio of loan loss provisions to impaired credit;
e. Ratio of bad debt provision to total income; etc.

Managing credit risk has been a problem for the banks for centuries.
As had been observed by JOHN MEDLIN, 1985 issue of US banker.

“Balancing the risk equation is one of the most difficult aspects of

banking. If you lend too liberally, you get into trouble. If you don’t lend
liberally you get criticized”.

Over the tears, bankers have developed various methods for

containing credit risk. The credit policy of the banks generally prescribes the
criteria on which the bank extends credit and, inter alia, provides for
standards.

TOOLS OF CREDIT RISK MANAGEMENT.

The instruments and tools, through which credit risk management are
carried out, are detailed below:

1. Portfolio management.
2. Loan review mechanism.

11
 RISK MANAGEMENT IN BANKS

1. PORTFOLIO MANAGEMENT.

Stipulate quantitative ceiling on aggregate exposure on specific

rating Categories, distribution of borrowers in various industries,
business group rapid portfolio reviews. The existing framework of
tracking the non-performing loans around the balance sheet date does
not signal the quality of the entire loan book. There should be a
proper and regular on-going system for identification of credit
weakness well in advance. Initiative steps to preserve the desired the
portfolio quality and integrate portfolio reviews with credit decision
making process.

Credit portfolio management emanated from the potential

adverse impact of concentration of exposures and the necessity to
optimize the benefit associated with diversification.

12
 RISK MANAGEMENT IN BANKS

[II] MARKET RISK:-

Traditionally, credit risk management was the primary challenge for

banks. With progressive deregulation, market risk arising adverse changes in
market variables, such as interest rate, foreign exchange rate, equity price
and commodity price has become relatively more important. Even a small
change in market variables causes substantial changes in income and
economic value of banks.

MARKET RISK may be defined as the possibility of loss to a bank

caused by the changes in the market variables. It is the risk that the value of
on/off-balance sheet positions will be adversely affected by movements in
equity and interest rate markets, currency exchange rates and commodity
prices.

Market risk is the risk to the bank’s earnings and capital due to
changes in the market level of interest rates or prices of securities, foreign
exchange and equities, as well as the volatilities of those prices. Market Risk
management provides a comprehensive and dynamic framework for
measuring, monitoring and managing liquidity, interest rate, foreign

13
 RISK MANAGEMENT IN BANKS

exchange and equity as well as commodity price risk of a bank that needs to
be closely integrated with the banks business strategy.

Scenario analysis and stress testing is yet another tool used to asses
areas of potential problems in a given portfolio. Identification of future
changes in economic conditions like-
ECONOMIC / INDUSTRY OVERTURNS.
MARKET RISK EVENTS.
LIQUIDITY CONDITIONS.

That could have unfavorable effect on banks portfolio is a condition

precedent for carrying out stress testing. As the underlying assumption
keeps changing from time to time, out-put of the test should be reviewed
periodically.

Market risk arises out of the dynamics of market forces, which, for
the banking industry, may include interest rate fluctuations, maturity
mismatches, exchange rate fluctuations, market competition in terms of
services and products, changing customer preferences and requirements
resulting in product obsolescene, coupled with changes national and
international politico-economic scenario. These risks are like perils of the
sea, which can be caused by any change-taking place anywhere in the
national and international arena.

Market risks affect banks in two ways:

14
 RISK MANAGEMENT IN BANKS

i. The customer requirements are changing because of the changing

economics scenario. Hence banks have to fine-tune/modify their
products to make them customer friendly, otherwise the obsolescene
of products will divert the customers to other banks thereby
reducing the business and profits of the bank concerned.
ii. The macro-economic changes in the national and international
polotico-economic scenario affect the risk element in different
business activities differently. This aspect has assumed greater
importance in the modern age, because of the increasing integration
of global markets.

Since both these aspects are dynamic in nature, with change being the
only constant factor, market risks need to be monitored on a continuous
basis and appropriate strategies evolved to keep these risks within
manageable limits. Again, given that one can manage only what one can
measure, measurement of risks on a continuous basis deserves immediate
attention.

Market risk can be defined as the risk of losses in on and off balance
sheet positions arising from adverse movement of market variables.

Market Risk Management

Management of market risk should be the major concern of top

management of banks. The Boards should clearly articulate market risk
management policies, procedures, prudential risk limits, review mechanisms

15
 RISK MANAGEMENT IN BANKS

and reporting and auditing systems. The policies should address the bank’s
exposure on a consolidated basis and clearly articulate the risk measurement
systems that capture all material sources of market risk and assess the
effects on the bank. The operating prudential limits and the accountability of
the line management should also be clearly defined. The Asset-Liability
Management Committee (ALCO) should function as the top operational unit
for managing the balance sheet within the performance/risk parameters laid
down by the Board. The banks should also set up an independent Middle
Office to track the magnitude of market risk on a real time basis. The
Middle Office should comprise of experts in market risk management,
economists, statisticians and general bankers and may be functionally placed
directly under the ALCO. The Middle Office should also be separated from
Treasury Department and should not be involved in the day to day
management / ALCO / Treasury about adherence to prudential / risk
parameters and also aggregrate the total market risk exposures assumed by
the bank at any point of time.

MARKET RISK TAKES THE FORM OF:-

1) Liquidity Risk
2) Interest Rate Risk
3) Commodity Price Risk and
4) Equity Price Risk

A concise definition of each of the above Market Risk factors and how
they are managed is described below:

16
 RISK MANAGEMENT IN BANKS

LIQUIDITY RISK/MATURITY GAP RISK:-

Liquidity Planning is an important facet of risk management

framework in banks. Liquidity is the ability to efficiently accommodate
deposit and other liability decreases, as well as, fund loan portfolio growth
and the possible funding of off-balance sheet claims. A bank has adequate
liquidity when sufficient funds can be raised, either by increasing liabilities
or converting assets, promptly and at a reasonable cost. It encompass the
potential sale of liquid assets and borrowings from money, capital and forex
markets. Thus, liquidity should be considered as a defence mechanism from
losses on fire sale of assets.

Liquidity risk is the potential inability of a bank to meet its payment

obligations in a timely and cost effective manner. It arises when the bank is
unable to generate cash to cope with a decline in deposits/liabilities or
increase in assets.
The cash flows are placed in different time buckets based on future
behavior of assets, liabilities and 0ff-balance sheet items.

LIQUIDITY may be defined as the ability to meet commitments

and/or undertake new transactions. The most obvious form of liquidity risk
is the inability to honour desired withdrawals and commitments, that is, the
risk of cash shortages when it is needed which arises due to maturity
mismatch.

17
 RISK MANAGEMENT IN BANKS

BANKING can also be described as a business of maturity

transformation. Usually banks, lend for a longer period than for which they
borrow.

Therefore, they generally have a mismatched balance sheet in so far

as their short-term liabilities are greater than short-term assets and long-term
assets are greater than long term liabilities.

i. Liquidity risk is measured by preparing a maturity profile of

assets and liabilities, which enables the management to form a
judgement on liquidity mismatch. As the basic problem for a bank
is to ascertain whether it will be able to meet maturing obligations
on the date they fall due, it must prepare a projected cash-flow
statement and estimate the probability of facing any liquidity
crisis.

Liquidity measurement is quite a difficult task and can be measured

through stock or cash flow approaches. The key ratios, adopted across the
banking system are: the other methods of measuring liquidity risk are:_

 To manage liquidity risk, banks should keep the maturity

profile of liabilities compatible with those of assets.
 The behavioral maturity profile of various components of
on/off balance sheet items is being analysed and variance
analysis is been undertaken regularly.

18
 RISK MANAGEMENT IN BANKS

 Efforts are also being made by some banks to track the impact
of repayment of loans and premature closure of deposits to
estimate realistically the cash flow profile.
 Banks are closely monitoring the mismatches in the category of
1-14 days and 15-28 days time bands and tolerance levels on
mismatches are being fixed for various maturities, depending
on asset-liability profile, stand deposit base nature of cash
flows, etc.

Liquidity Risk means, the bank is not in a position to make its

repayments, withdrawal, and other commitments in time. For EXAMPLE
two Canadian banks, Northland Bank and Continental Bank of Canada
suffered a run on deposits because of a credit crisis at Canadian commercial
bank.

Liquidity risk consists of FUNDING RISK, TIME RISK, and

CALL RISK.

The liquidity risk in banks manifest in different dimensions:

 Funding Risk – It is the need to replace net outflows due to

unanticipated withdrawals/non-renewal of deposits (wholesale
and retail)

19
 RISK MANAGEMENT IN BANKS

 Time Risk – It is the need to compensate for non-receipt of

expected inflows of funds, i.e. performing assets turning into
non-performing assets; and

 Call Risk – It happens due to crystallization of contingent liabilities and

unable to undertake profitable business opportunities when desirable.

The Asset Liability Management (ALM) is a part of the overall risk

management system in the banks. It implies examination of all the assets
and liabilities simultaneously on a continuous basis with a view to ensuring
a proper balance between funds mobilization and their deployment with
respect to their maturity: (a) profiles, (b) cost, (c) yield, (d) risk exposures,
etc. It includes product pricing for deposits as well as advances, and the
desired maturity profile of assets and liabilities.

Tolerance levels on mismatches should be fixed for various

maturities depending upon the asset liability profile, deposit mix, nature of
cash flow etc. Bank should track the impact of pre-payment of loans and
premature closure of deposits so as to realistically estimate the cash flow
profile.

The first step towards liquidity management is to put in place an

effective liquidity management policy, which, inter alia, should spell out the
funding strategies, liquidity planning under alternative scenarios, prudential
limits, liquidity reporting/reviewing, etc.

20
 RISK MANAGEMENT IN BANKS

While the liquidity ratios are the ideal indicator of liquidity of banks
operating in developed financial markets, the ratios do not reveal the
intrinsic liquidity profile of Indian banks which are operating generally in an
illiquid market. Experiences show that assets commonly considered as
liquid like Government securities, other money market instruments, etc.
have limited liquidity as the market and players are unidirectional. Thus,
analysis of liquidity involves tracking of cash flow mismatches. For
measuring and managing net funding requirements, the use of maturity
ladder and calculation of cumulative surplus or deficit at selected maturity
dates is recommended as a standard tool.

The format prescribed by RBI in this regard under ALM System

should be adopted for measuring cash flow mismatches at different time
bands. The cash flows should be placed in different time bands based on
future behavior of assets, liabilities and off-balance sheet items.

In other words, banks should have to analyze the behavioural

maturity profile of various components of on / off- balance sheet items on
the basis of assumptions and trend analysis supported by time series
analysis. Banks should also undertake variance analysis, at least, once in six
months to validate the assumptions. The assumptions should be fine-tuned
over a period which facilitates near reality predictions about future
behaviour of on/off-balance sheet items.

Thus, cash outflows can be ranked by the date on which liabilities

fall due, the earliest date a liability holder could exercise an early repayment
option or the earliest date contingencies could be crystallized.

21
 RISK MANAGEMENT IN BANKS

The difference between cash inflows and outflows in each time

period, the excess or deficit of funds becomes a staring point for a measure
of a bank’s future liquidity surplus or deficit, at a series of points of time.
The banks should also consider putting in place certain prudential limits to
avoid liquidity crisis:

1. Cap on inter-bank borrowings, especially call borrowings;

2. Purchased funds vis-à-vis liquid assets;
3. Core deposits vis-à-vis Core Assets i.e. Cash Reserve Ratio,
Liquidity reserve Ratio and Loans;
4. Duration of liabilities and investment portfolio;
5. Maximum Cumulative outflows. Banks should fix
cumulative mismatches across all time bands;
6. Commitment Ratio – track the total commitments given to
corporate/banks and other financial institutions to limit the
off-balance sheet exposures;
7. Swapped Funds Ratio, i.e. extent of Indian Rupees raised out
of foreign currency sources.

Banks should also evolve a system for monitoring high value

deposits (other than inter-bank deposits) say Rs.1 crore or more to track the
volatile liabilities. Further the cash flows arising out of contingent liabilities
in normal situation and the scope for a n increase in cash flows during
periods of stress should also e estimated. It is quite possible that market
crisis can trigger substantial increase in the amount of draw from cash
credit/overdraft accounts, contingent liabilities like letters of credit, etc.

22
 RISK MANAGEMENT IN BANKS

ALTERNATIVE SCENARIOS

The liquidity profile of banks depends on the market conditions,

which influence the cash flow behaviour. Thus, banks should evaluate
liquidity profile under different conditions, viz. normal situation, bank
specific crisis and market crisis scenario. The banks should establish
benchmark for normal situation; cash flow profile of on / off balance sheet
items and manages net funding requirements.

Estimating liquidity under bank specific crisis should provide a

worst-case benchmark. It should be assumed that the purchased funds could
not be easily rolled over; some of the core deposits could be prematurely
closed; a substantial share of assets have turned into non-performing and
thus become totally illiquid. These developments
would lead to rating down grades and high cost of liquidity. The banks
should evolve contingency plans to overcome such situations.

The market crisis scenario analyses cases of extreme tightening of

liquidity conditions arising out of monetary policy stance of Reserve Bank,
general perception about risk profile of the banking system, severe market
disruptions, failure of one or more of major players in the market, financial
crisis, contagion, etc. Under this scenario, the rollover of high value
customer deposits and purchased funds could extremely be difficult besides
flight of volatile deposits / liabilities. The banks could also sell their
investment with huge discounts, entailing severe capital loss.

23
 RISK MANAGEMENT IN BANKS

INTEREST RATE RISK (IRR)

The management of Interest Rate Risk should be one of the critical

components of market risk management in banks. The regulatory
restrictions in the past had greatly reduced many of the risks in the banking
system. Deregulation of interest rates has, however, exposed them to the
adverse impacts of interest rate risk.

Interest Rate Risk is the potential negative impact on the Net Interest
Income and it refers to the vulnerability of an institutions financial condition
to the movement in interest rates. Changes in interest rate affect earnings,
value of assets, liability, off-balance sheet items and cash flow. Hence, the
objective of interest rate risk management is to maintain earnings, improve

24
 RISK MANAGEMENT IN BANKS

the capability, ability to absorb potential loss and to ensure the adequacy of
the compensation received for the risk taken and effect risk return trade-off.

Management of interest rate risk aims at capturing the risks arising

from the maturity and re-pricing mismatches and is measured both from the
earnings and economic value perspective.

The Net Interest Income (NII) or Net Interest Margin (NIM) of banks
is dependent on the movements of interest rates. Any mismatches in the cash
flows (fixed assets or liabilities) or repricing dates (floating assets or
liabilities), expose bank’s NII or NIM to variations. The earning of assets
and the cost of liabilities are now closely related to market interest rate
volatility.

Interest Rate Risk is the potential negative impact on the Net Interest
Income and it refers to the vulnerability of an institutio’s financial condition
to the movement in interest rates. Changes in interest rate affect earnings,
value of assets, liabities, off-balance sheet items and cash flow. Hence, the
objective of interest rate risk management is to maintain earnings, improve
the capability, ability to absorb potential loss and to ensure the adequacy of
the compensation received for the risk taken and effect risk return trade-off.

Management of interest rate risk aims at capturing the risks arising

from the maturity and re-pricing mismatches and is measured both from the
earnings and economic value perspective.

25
 RISK MANAGEMENT IN BANKS

Earnings perspective involves analyzing the impact of changes in

interest rates on accrual or reported earnings in the near term. This is
measured by measuring the changes in the NET INTEREST INCOME (NII)
equivalent to the difference between total interest income and total interest
expense.

Economic Value perspective involves analyzing the expected cash

inflows on assets minus expected cash outflows on liabilities plus the net
cash flows or off-balance sheet items. The economic value perspective
identifies risk arising from long-term inteerst rate gaps.

In detail Interest Rate Risk is the risk due to changes in market

interest rates, which might adversely affect the bank’s financial condition.
The immediate impact of change in interest rates is on the bank’s earnings
through fall in Net Interest Income (NII). Ultimately the impact of the
potential long-term effects of changes in interest rates is on the underlying
economic value of bank’s assets, liabilities and off-balance sheet positions.
The interest rate risk when viewed from these two perspective is called as
“Earning’s Perspective” and Economic Value Perspective”, respectively.

In simple terms, high proportion of fixed income assets would mean

that any increase in interest rate will not result in higher interest income (due
to fixed nature of interest rate) and likewise reduction interest rate will not
decrease interest income. Low proportion of fixed assets will have the
opposite effect.

26
 RISK MANAGEMENT IN BANKS

Banks have laid down policies with regard to VOLUME,

MINIMUM MATURITY, HOLDING PERIOD, DURATION, STOP
LOSS, RATING STANDARDS, etc., for classifying securities in the
trading book. The statement of interest rate sensitivity is being prepared by
banks. Prudential limits on gaps with a bearing on total assets, earning assets
or equity have been set up.

Interest rate will be explained with the help of examples:-

For instances, a bank has accepted long-term deposits @ 13% and

deployed in cash credit @ 17%. If the market interest rate falls by 1%, it
will have to reduce interest rate on cash credit by 1% as cash credit is
repriced quarterly. However, it will not be able to reduce interest on term
deposits. Thus, the net interest income of the bank will go down by 1%.

Or suppose a bank has 90 days deposit @ 9% deployed in one year

bond @ 12%. If the market interest rate arises by 1%, the bank will have to
renew the deposits after 90 days at a higher rate. However it will continue to
get interest rate at the old rate from the bond. In this case too, the net interest
income will go down by 1%.

The various types of interest rate risks are identified as follows:-

Price Risk:-

27
 RISK MANAGEMENT IN BANKS

Price risk occurs when assets are sold before their stated maturities. In
the financial market, bond prices and yields are inversely related. The price
risk is closely associated with the trading book, which is created for making
profit out of short-term movements in interest rates. Banks which have an
active trading book should, therefore, formulate policies to limit the
portfolio size, holding period, duration, defeasance period, stop loss limits,
marking to market, etc.

Reinvestment Risk:-

Uncertainty with regard to interest rate at which the future cash flows
could be reinvested is called reinvestment risk. Any mismatches in cash
flows would expose the banks to variations in NII as the market interest
rates move in different directions.

MATURITY GAP ANALYSIS

The simplest analytical techniques for calculation of IRR exposure

begins with maturity Gap analysis that distributes interest rate sensitive
assets, liabilities and off-balance sheet positions into a certain number of
pre-defined time-bands according to their maturity (fixed rate) or time
remaining for their next repricing (floating rate). Those assets and liabilities
lacking definite repricing intervals (savings bank, cash credit, overdraft,
loans, export finance, refinance from RBI etc.) or actual maturities vary

28
 RISK MANAGEMENT IN BANKS

from contractual maturities (embedded option in bonds with put/call

options, loans, cash credit/overdraft, time deposits, etc.) are assigned time-
bands according to the judgement, empirical studies and past experience of
banks.

A number of time bands can be used while constructing a gap report.

Generally, most of the banks focus their attention on near-term periods, viz.
monthly, quarterly, half-yearly or one year. It is very difficult to take a view
on interest rate movements beyond a year. Banks with large exposures in the
short-term should test the sensitivity of their assets and liabilities even at
shorter intervals like overnight, 1-7 days, 8-1 4 days etc.

In order to evaluate the earnings exposure, interest Rate Sensitive

Assets (RSAs) in each time band are netted with the interest Rate Sensitive
Liabilities (RSLs) to produce a repricing ‘Gap’ for that time band.

The positive Gap indicates that banks have more RSAs than RSLs. A
positive or assets sensitive Gap means that an increase in market interest
rates could cause an increase in NII.

Conversely, a negative or liability sensitive Gap implies that the

banks NII could decline as a result of increase in market interest rates. The
negative gap indicates that banks have more RSLs than RSAs. Gap is the
difference between a bank’s assets and liabilities maturing or subject to
repricing over a designated period of time.

29
 RISK MANAGEMENT IN BANKS

The Gap is used as a measure of interest rate sensitivity. The Positive

or Negative Gap is multiplied by the assumed interest rate changes to derive
the Earnings at Risk (EaR). The EaR method facilitates to estimate how
much the earnings might be impacted by an adverse movement in interest
rates. The changes in interest could be estimated on the basis of past trends,
forecasting of interest rates, etc. the banks should fix EaR which could be

based on last/current year’s income and a trigger point at which the line
management should adopt on-or off-balance sheet hedging strategies may be
clearly defined.

The Gap calculations can be augmented by information on the

average coupon on assets and liabilities in each time band and the same
could be used to calculate estimates of the level of NII from positions
maturing or due for repricing within a given time-band, which would then
provide a scale to assess the changes in income implied by the gap analysis.

In case banks could realistically estimate the magnitude of changes in

market interest rates of various assets and liabilities (basic risk) and their
past behavioural pattern (embedded option risk), they could standardize the
gap by multiplying the individual assets and liabilities by how much they
will change for a given change in interest rate. Thus, one or several
assumptions of standardized gap seem more consistent with real world than
the simple gap method. With the Adjusted Gap, banks could realistically
estimate the EaR.

30
 RISK MANAGEMENT IN BANKS

DURATION GAP ANALYSIS

Duration is a measure of change in the value of the portfolio due to

change in interest rates. Duration of an asset or a liability is computed by
calculating the weighted average value of all the cash-flows that it will
produce with each cash-flow weighted by the time at which it occurs. It is
expressed in time periods. Duration of high coupon bond is always shorter
than duration of low coupon bonds because of larger cash inflow from
higher interest payments. With zero coupon bonds, the duration would be
equal to maturity. By calculating the duration of the entire asset and liability
portfolio, the duration gap can be calculated, that is, the mismatch in asset
and liability duration and, if necessary, corrective action may be taken to
create a duration match.

Measuring the duration Gap is more complex than the simple gap
model. The attraction of duration analysis is that it provides a
comprehensive measure of IRR for the total portfolio. The duration analysis
also recognizes the time value of money. Duration measure is addictive so
that banks can match total assets and liabilities rather than matching
individual accounts. However, Duration Gap analysis assumes parallel shifts
in yield curve. For this reason, it fails to recognize basis risk.

EQUITY PRICE RISK:-

31
 RISK MANAGEMENT IN BANKS

Equity Price Risk is the risk of loss in value of the bank’s equity
investments and/or equity derivative instruments arising out of change in
equity prices.

COMMODITY PRICE RISK:-

The risk of loss in value of commodity held/traded by the bank, arising out
of changes in prices, basis mismatch, forward price etc.

[III] OPERATIONAL RISK:-

“Operational Risk is defined as the risk of direct or indirect loss

resulting from inadequate or failed internal processes, people and system or
from external events.”

Generally, operational risk is defined as any risk, which is not

categorized as market or credit risk, or the risk of loss arising from various
types of human or technical error. It is also synonymous with settlement or
payments risk and business interruption, administrative and legal risks.
Operational risk has some form of link between credit and market risks. An
operational problem with a business transaction could trigger a credit or
market risk.

32
 RISK MANAGEMENT IN BANKS

Indeed, so significant has operational risk become that the bank for
International Settlement (BIS) has proposed that, as of 2006, banks should
be made to carry a Capital cushion against losses from this risk.

Managing operational risk is becoming an important feature of sound

risk management practices in modern financial markets in the wake of
phenomenal increase in the volume of transactions, high degree of structural
changes and complex support systems.

The most important type of operational risk involves breakdowns in

internal controls and corporate governance. Such breakdowns can lead to
financial loss through error, fraud, or failure to perform in a timely manner
or cause the interest of the bank to be compromised.
The objectives of Operational Risk Management is to reduce the
expected operational losses that focuses on systematic removal of
operational risk sources and uses a set of key risk indicators to measure and
control risk on continuous basis. The ultimate objective of operational risk
management is to enhance the shareholder’s value by being ready for risk
based capital allocation.

There is no uniformity of approach in measurement of Operational Risk in

the banking system at present

The bank’s operational risks can be classified into following six exposure
classes
• People

33
 RISK MANAGEMENT IN BANKS

• Process
• Management
• System
• Business and
• External

Bank has also identified 5 business lines viz…..

• Corporate finance
• Retail banking
• Commercial banking
• Payment and Settlement and
• Trading and Sales (Treasury operations) also

To each of this exposure classes within each business line are attached
certain risk categories under which the bank can incur losses or potential
losses.

Bank collected information at first instance for a 5 year period and is

being updated on a six monthly basis June and December. These date help
in qualifying the overall potential / actual loss on account of Operational
Risk and initiate measure for plugging these risk areas.

Bank may suitably at a latter date move to appropriate models for

measuring and managing Operational Risk also after receipt of RBIs
Guidance Note.

34
 RISK MANAGEMENT IN BANKS

MEASUREMENT

There is no uniformity of approach in measurement of operational risk

in the banking system. Besides, the existing methods are relatively simple
and experimental, although some of the international banks have made
considerable progress in developing more advanced techniques for
allocating capital with regard to operational risk.

Measuring operational risk requires both estimating the probability of

an operational loss event and the potential size of the loss. It relies on risk
factor that provides some indication of the likelihood of an operational loss
event occurring. The process of operational risk assessment needs to address
the likelihood (or frequency) of a particular operational risk occurring, the
magnitude (or severity) of the effect of the operational risk on business
objectives and the options available to manage and initiate actions to
reduce/mitigate operational risk. The set of risk factors that measure risk in
each business unit such as audit ratings, operational data such as volume,
turnover and complexity and data on quality of operations such as error rate
or measure of business risks such as revenue volatility, could be related to
historical loss experience. Banks can also use different analytical or
judgmental techniques to arrive at an overall operational risk level. Some of
the international banks have already developed operational risk rating
matrix, similar to bond credit rating. The operational risk assessment should
be bank-wide basis and it should be reviewed at regular intervals. Banks,
over a period, should develop internal systems to evaluate the risk profile
and assign economic capital within the RAROC framnework…..

35
 RISK MANAGEMENT IN BANKS

Indian Banks have so far not evolved any scientific methods for
quantifying operational risk. In the absence any sophisticated models, banks
could evolve simple benchmark based on an aggregate measure of business
activity such as gross revenue, fee income, operating costs, managed assets
or total assets adjusted for off-balance sheet exposures or a combination of
these variables.

At present, scientific measurement of operational risk has not been

evolved. Hence, 20% charge on the Capital Funds is earmarked for
operational risk.

RISK MANAGEMENT IN BANKS

The history of banking is full of major and minor failures. It is now

argued that many of these failures were due to the fact that the risks were
not identified and managed properly. The reserve bank of India has issued
elaborate guidelines on asset liability management and risk management to
banks in India. Banks have been making vigorous in following these
guidelines.

RISK MANAGEMENT STRUCTURE

A major issue in establishing an appropriate risk management

organization structure is choosing between a centralized and decentralized

36
 RISK MANAGEMENT IN BANKS

structure. The global trend is towards centralizing risk management with

integrated treasury management function to benefit from information on
aggregate exposure, natural netting of exposures, economies of scale and
easier reporting to top management.

The primary responsibility of understanding the risks run by the bank

and ensuring that the risks are appropriately managed should clearly be
vested with the Board of Directors. The Board should set risk limits by
assessing the bank’s risk and risk-bearing capacity.

At organizational level, overall risk management should be assigned

to an independent Risk Management Committee or Executive Committee of
the top Executives that reports directly to the Board of Directors. The
purpose of this top level committee is to empower one group with full
responsibility of evaluating overall risks faced by the bank and determining
the level of risks which will be in the best interest of the bank.

The function of Risk Management Committee should essentially be to

identify, monitor and measure the risk profile of the bank. The Committee
should also develop policies and procedures, verify the models that are used
for pricing complex products, review the risk models a development takes
place in the markets and also identify new risks.

Internationally, the trend is towards assigning risk limits in terms of

portfolio standards or Credit at Risk (credit risk) and Earnings at Risk
and Value at Risk (market risk).

37
 RISK MANAGEMENT IN BANKS

A prerequisite for establishment of an effective risk management

system is the existence of a robust MIS, consistent in quality. The existing
MIS, however, requires substantial up gradation and strengthening of the
data collection machinery to ensure the integrity and reliability of data.

The risk management is a complex function and it requires

specialized skills and expertise. Banks have been moving towards the use of
sophisticated models for measuring and managing risks. Large banks and
those operating in international markets should develop internal risk
management models to be able to compete effectively with their
competitors.

As the domestic market integrates with the international markets, the

banks should have necessary expertise and skill in managing various types
of risks in a scientific manner. At a more sophisticated level, the core staff at
Head Offices should be trained in risk modeling and analytical tools. It
should, therefore, be the endeavor of all banks to upgrade the skills of staffs.

Given the diversity of balance sheet profile, it is difficult to adopt a

uniform framework for management of risks in India. The design of risk
management functions should be bank specific, dictated by the size,
complexity of functions, the level of technical expertise and the quality of
MIS. The proposed guidelines only provide broad parameters and each bank
may evolve their own systems compatible to their risk management
architecture and expertise.

38
 RISK MANAGEMENT IN BANKS

Internationally, a committee approach to risk management is being

adopted. While the Asset-Liability Management Committee (ALCO)
deals with different types of market risk, the Credit Policy Committee
(CPC) oversees the credit/counterparty risk and country risk.

Banks could also set up a single Committee for integrated

management of credit and market risks. Generally, the policies and
procedures for market risk are articulated in the ALM policies and credit
risk is addressed in Loan Policies and procedures.

Currently, while market variables are held constant for qualifying

credit risk, credit variables are held constant in estimating market risk. The
economic crises in some of the countries have revealed a strong correlation
between unhedged market risk and credit. Forex exposures, assumed by
corporate whi have no natural hedges, will increase the credit risk which
banks run vis-à-vis their counterparties. The volatility in the prices of
collateral also significantly affects the quality of the loan book. Thus, there
is a need for integration of the activities of both the ALCO and the CPC and
consultation process be established to evaluate the impact of market and
credit risks on the financial strength of banks. Banks may also consider
integrating market risk elements into their credit risk assessment process.

RISK IS A SERIOUS BUSINESS

39
 RISK MANAGEMENT IN BANKS

Why do organizations take risks? The apt answer would be-to make
some handsome gains. Banks, the world over, generally, it is said that “NO
RISK-NO GAIN”, but sometimes, taking risk becomes disastrous for the
organizations.

It is evident from above that if risk are not managed properly, even
the survival of the bank may become under threat, risk management has,
therefore, become an important area, which needs to be looked into with
great concern and care.

REGULATORY ISSUES AND CAPITAL ADEQUACY

Individual banks risks create Systematic risk, i.e., the risk that the
whole banking system fails. Systematic risk results from the high
interrelations between banks through mutual lending and borrowing
commitments. The failure of single institution generates a risk of failure for
all banks that have ongoing commitments with the defaulting bank.
Systematic Risk is a major challenge for the regulator.

A number of rules, aimed at limiting risks in a simple manner, have

been in force for a long time. For instance, certain ratios are subject to

40
 RISK MANAGEMENT IN BANKS

minimum values, say Capital Adequacy Ratio, certain caps are placed viz.,
Single Borrowers etc., so as to limit the risks.

The main enforcement of such regulations is Capital Adequacy. That

is by enforcing a capital level in a level in a line with risks, regulators focus
on pre-emptive (in-anticipation) actions limiting the risk of failure.
Guidelines are defined by a group of regulators in Basel at the bank for
International Settlements (BIS), Switzerland (hence the name Basel
Accord). The process attempts to reach a consensus on the feasibility of
implementing new guidelines by interacting with the industry. Basel
guidelines are subject to some implementation variations from one country
to another according to the view of local supervisors (RBI in case of our
country).

However, Capital Adequacy requirements are primarily to meet the

following objectives:-
• To ensure survival of the institution to protect it against the risk of
insolvency.
• To absorb unanticipated losses with enough margin to inspire
stakeholders confidence and enable the institution to continue as a
going concern.
• To protect depositors, bondholders, creditors in the event of
insolvency and lquidation.

41
 RISK MANAGEMENT IN BANKS

The first Accord (1998) known as Basel I, focused on Credit Risk,

with the famous Cookie Ratio. The Cookie Ratio sets up the minimum
required capital as a fixed percentage of assets weighted according to their
nature. The scope of regulations extended progressively later. The extension
to market risk was in 1996 by way of an amendment. The proposed New
Basel Accord to be known as Basel II considerably enhances the previous
credit risk regulations. The New Accord is under finalization.

The major strength of cookie ratio is its simplicity, while of its major
drawbacks are :-
• There is no differentiation between the different risks in lending
activity. An 8% ratio applied for “AAA” rated large corporate exposure
and also for a small business with a lesser rating. That is, it was not risk
sensitive.
• In the CRAR computation, the capital charges are added. But,
summing arithmetically the capital charges of all transactions does not
capture diversification effects. By diversification we mean, that the
entire portfolio may not move unidirectional, but may compensate and
adjust in view of different co-relation among assets within the
exposure/portfolio. That is to say, there is an embedded diversification
in the 8% (CRAR), but the same ratio applies to all portfolios,
whatever their degree of diversification.

The proposed New Basel Accord is the of consultative documents that

describe recommended rules for enhancing credit risk measures, extending
the scope of capital requirements to operational risk, providing various

42
 RISK MANAGEMENT IN BANKS

enhancements to the existing accord and detailing the supervision and

market discipline.

The new accord comprises of 3 pillars:-

1. Pillar 1 – Minimum Capital Requirements.
2. Pillar 2 – Supervisory Review Process.
3. Pillar 3 – Market Discipline.

The New Basel Accord appears to be a major step forward. On the

quantitative side of risk measurements, the accord offers a choice between
the Standardised, the Foundation and Advanced approaches and provides
remedies for several critical issues/draw backs of the existing system. The
new sets of ratios are called the Mc Donough Ratios. Weighs are based on
credit risk components allowing a much improved differentiate of risks. The
accord is likely to also extend the scope of capital requirements to
Operational Risk.
As New Basel Capital Accord is based around three complementary
elements viz… (i) to reinforce minimum capital standards, (ii) to have the
supervisory review process, and (iii) to promote safety and soundness in
banks and financial systems. Market Discipline imposes strong incentives to
banks to conduct their business in safe, sound and efficient manner,
including an incentive to maintain a strong capital base as a cushion against
potential future losses arising from risk exposures. The Basel Committee is
already working on the scope of application of the Accord, capital and
capital adequacy, and risk exposure and assessment. The Risk Management
has come at the central stage in the new Basel Capital Accord.

43
 RISK MANAGEMENT IN BANKS

BASEL’S NEW CAPITAL ACCORD.

Banker’s for International Settlement (BIS) meet at Basel situated at

Switzerland to address the common issues concerning bankers all over the
world. The Basel Committee on Banking Supervision (popularly known as
BCBS) is a committee of banking supervisory authorities of G-10 countries
and has been developing standards and establishment of a framework for
bank supervision towards strengthening financial stability throughout the
world. In consultation with the supervisory authorities of a few non G-10
countries including India, core principles for effective banking supervision

44
 RISK MANAGEMENT IN BANKS

in the form of minimum requirements to strengthen current supervisory

regime, were mooted.

The 1998 Capital Accord essentially provided only one option

measuring the appropriate capital in relation to the risk-weighted assets of
the financial institution. It focused on the total amount of bank capital so as
to reduce the risk of bank solvency at the potential cost of bank’s failure for
the depositors.

As an improvement on the above, the New Capital Accord was

published in 2001, to be implemented by the financial year 2003-04. it
provides spectrum of approaches for the measurement of credit, market and
operational risks to determine the capital required.

The main differences between the existing accord and the new one are
summarized below:-

Existing Accord New Accord

1. Focus on single measure. 1. More emphasis on bank’s own
Internal methodology, supervisory
Review and market discipline.
2. One size fits all 2. Flexibility, menu of approaches,
Incentive for better risk
Management.

45
 RISK MANAGEMENT IN BANKS

3. Broad brush structure. 3. More risk sensitivity

The structure of the New Accord – II consist of three pillar approach as

given below:-

PILLAR FOCUS AREA

First Pillar Minimum Capital Requirements
Second Pillar Supervisory Review Process
Third Pillar Market Discipline

BASEL’S NEW CAPITAL ACCORD.

Pillar 1: Minimum Pillar 2: Superviory Pillar 3: Market

Capital Requirements. Review of Capital Discipline.
Adequacy.

Sets minimum Banks must Improved

Acceptable assess solvency disclosure of
Capital level. Vs. risk profile. capital
structure.

Enhanced Supervisory Improved

46
 RISK MANAGEMENT IN BANKS

Approach for review of banks disclosure of

Credit risk. Calculation & risk profile
Capital strategies.

1. Public ratings Improved

2. Internal ratings Bank should disclosure of
3. Mitigation hold in excess capital
of minimum adequacy.
Explicit level of capital.
Treatment of Improved
Operational risk. disclosure of
Regulators will risk
Market risk intervene at an measurement
Framework, early stage if &
Ratios are capital levels management
Unchanged. detediorate. practices.

NEW PRODUCTS AND RISK.

With the introduction of new products like plastic cards (credit, debit,
smart cards etc.) the risk of frauds have increased manifold. According to
estimation, in an active issuing Bank, card fraud is likely to claim the lion’s
share of fraud being experienced in general, and could well dominate
average operating losses as a whole. Worldwide, frauds occurred due to loss
or steal of plastic cards that cause the greatest losses. The second largest
source and fastest growing source of loss is use of counterfeit cards.
Emerging areas of E-commerce and internet banking are also a matter of
concern.

47
 RISK MANAGEMENT IN BANKS

WHAT TO DO ABOUT RISK?

Once the risks have been identified, the million dollar question is –
What to do about the Risks? The suitable answer to this question would be
to manage the risks in an efficient and effective manner so that the
organization incurs minimum loss.

The resource available to banks could be:-

• If the risk is at prospective stage, try to avoid it.

• If the risk is likely to occur, and it is unavoidable, accept the risk
and retain it on an economically justifiable basis.
• Try to execute some effective actions as to reduce or eliminate the
loss likely to be incurred due to happening of the particular risky
incident.
• Try to diversify within a portfolio of risks with a view to
shortening the loss.
• For risky business areas, introduction of prudent exposure norms,
in advances, may help in minimizing the loss.
• Sound risks management procedures and information systems, if
put in place in the right perspective, will help in taking timely
decisions for avoidance of risks.
• If suitable, hedge the risk artificially i.e. counterbalance and
neutralize the risk to a certain degree, by use of derivative
instruments. This, in itself, is a very risky option.

48
 RISK MANAGEMENT IN BANKS

• Monitor various categories of risks on continuous basis and report

to appropriate authority so that risks can be overcome in future.
• Liquidate the risk by transfer without resources to other party.
• Put in place the comprehensive internal control and audit systems
with a view to controlling risks.

The effective Risk Management Process in Bank’s. which does not

result in getting rid of risks, will help in minimizing the losses.

State Bank of India, London, United Kingdom

case study

The Client
STATE BANK OF INDIA (SBI) is the largest bank in India with over 180
years of banking experience. Today, State Bank of India ranks among the
top 25 commercial banks in Asia with assets exceeding US$60 billion. SBI
operates worldwide through an extensive network of over 9000 offices
including 50 overseas offices in 48 countries. The Bank has won the
Technology Award 2005, from the ‘Banker’, London. Until recently, SBI

49
 RISK MANAGEMENT IN BANKS

UK operation has been using the Misys-Equation banking application for its
operations. This application runs on the IBM AS400 platform. Since 2001,
IIL Risk Management has provided various IT related services to the Bank.

The Problem
SBI, UK’s Treasury operations use the Reuters 3000 dealing system.
Dealers negotiate and confirm various deals every day involving money
market and forex trades. These deals were posted manually into the banking
application. Manual posting carried with it the risk of error prone entries,
missed out deals, lack of suitable and timely checks & verification and
inability to ascertain accurately counter party dealing limits. The Bank
required ‘straight through processing’ from Reuters dealing server to the
Misys-Equation platform to minimise operational risk. With an eye on
future proofing the investment in the system it also desired that the solution
be platform independent and therefore be based on ‘java’ programming and
be integrated with the Meridian middleware provided by Misys. In addition,
they required counter party limits and exposures to be displayed back to the
dealer on a separate screen by intelligently using the information from
dealer initiated Reuter conversations with the counter party. Investigation of
available products in the market place found that they contained many
functionalities already catered for by the Reuter system and were not cost
effective and used obsolete technologies.

The Solution
IIL Risk Management (IIL) developed for the bank a unique and cost
effective solution to automate the entire process from capturing deals from
Reuter dealing 3000 server to posting into the core banking application.

50
 RISK MANAGEMENT IN BANKS

The solution integrates various technologies such as Microsoft Windows

2000 server, Access database, IBM MQ series, Misys Meridian middleware
and IBM AS/400.

The process can be categorised as follows:

• Electronic capture of deals via Reuter Ticket Output Feed (TOF).

• Deal data processing with data validation and writing to database.
• Deal data mapping, formatting and posting to Misys Equation using
Meridian Middleware/IBM MQ Series.
• Secure and user-friendly interface to monitor flow of deal data, correct any
exceptions and review status of posting into Misys Equation.
• Intelligent use of Reuters Current Interest Feed (CIF) to retrieve counter-
party dealing limits and actual exposures from the Equation banking system
and displaying the same back to the dealers.

All the above modules work closely with each other in terms of
connectivity, request and response along with reliable audit trails.

The Benefits
The implemented solution reduced SBI, UK Treasury Department’s
workload considerably virtually eliminating the need for human
intervention. Operational efficiency was greatly improved. Timely display
of counter party dealing limits at both Group and Individual level and actual
exposures enabled the dealers to know the exact ‘position’ at any given

51
 RISK MANAGEMENT IN BANKS

time. This was an important technology based support for the Bank’s efforts
to minimise operational risk from manual interventions.

Case Study
Bank of Baroda, London, United Kingdom

The Client
BANK OF BARODA has significant International presence with a network
of 57 Offices in 19 countries including 38 branches of the bank and 17
branches of its seven subsidiaries besides 2 representative offices in

52
 RISK MANAGEMENT IN BANKS

Malaysia and China and a network of more than 2700 branches in India. In
the U.K, since the 1990’s the bank has been using the Misys-Equation
core banking application to support its activities at its London Main Office
and other branches. This application runs on the IBM AS400 Operating
platform. IIL Risk Management has been providing various IT related
services to the bank.

The Problem
Bank of Baroda U.K conducts it's clearing through Natwest/Royal Bank of
Scotland. The bank (main office and branches) receives all clearing
information such as cheques, giro credits and direct debits from Natwest on
a daily basis as printed statements along with the related instruments. The
process involves classifying each payment and posting the resultant
transactions into Misys Equation core banking product manually. Checks
have to be made in respect of stopped cheque, blocked account, inactive
account, closed account and incorrect accounts. Moreover, the account
numbers held at Natwest do not exactly match with that in the Misys-
Equation database. Manual entries were error prone requiring additional
verification. This process therefore, called for considerable effort and use of
human resources contributed to operational risk.

The Solution
IIL Risk Management has provided a solution to automate the entire process
end to end with the necessary validations at every level of the data pass
through. The objective being the reduction of manual effort to a minimum
and improvement in the accuracy of posted transactions and operational
efficiency.

53
 RISK MANAGEMENT IN BANKS

The implemented solution integrates with electronic receipt of Agency

Credit Clearing data from Natwest based on APACS (Association of
Payment Clearing Services) standards 27 and 29, which define the
specification of files

exchanged between banks and their customers. Both Microsoft and IBM
technologies are used with suitable data transfer methodology to IBM
AS/400.

An MS Windows based front-end provides a user-friendly interface to

process downloaded data from Natwest, carry out necessary checks to
ensure data integrity and to transfer the data to AS/400.

IBM AS/400 operations menu guides the user to process the transferred
data, categorising the transactions as 'OK' to post and 'Exceptions' based on
established business validation rules and to tally the credit/Debit totals with
those from Natwest. The automatic mapping function enables correction of
incorrect account numbers. All the Branches including the Main Office have
access to menu options to view and correct the exceptions. A specially
written automatic posting program handles the posting of accounting entries
into Misys-Equation.

The Benefits
Implementation of the automated clearing system increased the speed of
processing, drastically reduced manual errors, eliminated delays in posting

54
 RISK MANAGEMENT IN BANKS

customer accounting entries and kept up-to-date individual customer

accounts. The solution is centrally managed from the Head Office and use of
the AS/400 platform on which the banking application runs, allows branches
to handle their part of the data effectively while not worrying about
uploading and managing their branch specific clearing data

Credit Risk Management of ICICI

Credit risk, the most significant risk faced by ICICI Bank, is managed by the
Credit Risk Compliance & Audit Department (CRC & AD) which
evaluates risk at the transaction level as well as in the portfolio context. The
industry analysts of the department monitor all major sectors and evolve a
sectoral outlook, which is an important input to the portfolio planning
process. The department has done detailed studies on default patterns of

55
 RISK MANAGEMENT IN BANKS

loans and prediction of defaults in the Indian context. Risk-based pricing of

loans has been introduced.

The functions of this department include:

 Review of Credit Origination & Monitoring

 Credit rating of companies/structures
 Default risk & loan pricing
 Review of industry sectors
 Review of large exposures in industries/ corporate groups/ companies
 Ensure Monitoring and follow-up by building appropriate systems
such as CAS
 Design appropriate credit processes, operating policies & procedures
 Portfolio monitoring
 Methodology to measure portfolio risk
 Credit Risk Information System (CRIS)
 Focussed attention to structured financing deals
 Pricing, New Product Approval Policy, Monitoring
 Monitor adherence to credit policies of RBI

During the year, the department has been instrumental in reorienting the
credit processes, including delegation of powers and creation of suitable
control points in the credit delivery process with the objective of improving
customer response time and enhancing the effectiveness of the asset creation
and monitoring activities.

56
 RISK MANAGEMENT IN BANKS

Availability of information on a real time basis is an important requisite for

sound risk management. To aid its interaction with the strategic business
units, and provide real time information on credit risk, the CRC & AD has
implemented a sophisticated information system, namely the Credit Risk
Information System. In addition, the CRC & AD has designed a web-based
system to render information on various aspects of the credit portfolio of
ICICI Bank.

Operational Risk Management of ICICI

ICICI Bank, like all large banks, is exposed to many types of operational
risks. These include potential losses caused by events such as breakdown in
information, communication, transaction processing and settlement systems/
procedures.

The Audit Department, an integral part of the Risk Compliance & Audit
Group, focusses on the operational risks within the organisation. In recent
times, there has been a shift in the audit focus from transactions to
controls. Some examples of this paradigm shift are:

 Adherence to internal policies, procedures and documented processes

 Risk Based Audit Plan
 Widening of Treasury operations audit coverage
 Use of Computer Assisted Audit Techniques (CAATs)
 Information Systems Audit

57
 RISK MANAGEMENT IN BANKS

 Plans to develop/ buy software to capture the workflow of the Audit

Department

The Audit Department conceptualised and put into operation a Risk Based
Audit Plan during the year 1998-99. The Risk Based Audit Plan envisages
allocation of audit resources in accordance with the risk constituents of
ICICI Bank’s business.

CONCLUSION

58
 RISK MANAGEMENT IN BANKS

The objective of risk management is not to prohibit or prevent risk

taking, but to ensure that the risks are consciously taken with full
knowledge, clear purpose and understanding so that it can be measured and
mitigated. The purpose of managing risk is to prevent an institution from
suffering unacceptable loss causing an institution to fail or materially
damage its competitive position.
Functions of risk management should actually be bank specific
dictated by the size and quality of balance sheet, complexity of functions,
technical/professional manpower and the status of MIS in place in that bank.
There may not be one-size-fits-all risk management module for all the banks
to be made applicable uniformity.
As in the international practice, a committee approach may be
adopted to manage various risks. Risk Management Committee, Credit
Policy Committee, Asset Liability Management Committee, etc., are such
committee that handles the risk management aspects.
The effectiveness of risk management depends on efficient
Management Information System, computerization and net working of the
branch activities. An objective and reliable data base has to be built up for
which bank has to analyse its own past performance data relating to loan
defaults, trading losses, operational losses, etc., and come out with bench
,marks so as to prepare themselves for the future risk management activities.
A large project involves certain risks, and that is true of banking
projects. The Risk Management is an emerging area that aims to address the
problem of identifying and managing the risks associated with the banking
industry. The Risk Management helps banks in preventing problems even
before they occur. In managing the risks, the Board of Directors and Senior

59
 RISK MANAGEMENT IN BANKS

Management will have to play an effective role by formulating clear and

comprehensive policies.

The Risk Management System, which integrates:-

• Prudent risk limits,
• Sound risk management procedures and information systems,
• Continuous risk monitoring and frequent reporting is said to be
efficient one. The keen interest taken by the Reserve Bank of India in
this context needs to be appreciated and supported at all levels.

Most of the risks arise as a result of mismatch of assets and liabilities.

If the Assets of a bank exactly matched its liabilities of identical maturity,
interest rate conditions, and currency, then liquidity risk, interest rate risk,
and currency risk could have been avoided. However, in practice it is near
impossible to have such a perfectly matched balance sheet. A banker
therefore has, to keep different types of risk within acceptable limits. It
requires the ability to forecast future changes in the environment and
formulate suitable action plans to protect the net worth of the organization
from the impact of these risks.
It is by no means an easy task. If he is proved wrong in his judgment,
the process of risk management may go haywire. Few would disagree with
the statement that “being a banker is like being a country hound dog. If you
stand still, you get kicked. If you run, they throw rocks at you”.

60