Summer Training Project Report


Risk Management in Banking Sector

Summer Training Project Report Submitted for Partial Fulfillment for the Award of the Degree of


Prof. S.P Jain

Varun Sharma 0871913907


Risk Management in Banking Sector (2007-09)



I express my heartiest gratitude to Mrs. ANITA KHANNA (CUSTOMER RELATIONSHIP OFFICER - PNB) for giving me an opportunity to prepare a report on the project assigned to me. I am also thankful to Prof. S.P Jain, faculty, Gitarattan International Business School, Rohini. Under their guidance I undertook this project, for extending the advice and direction that is required to carry on a study of this nature, and for helping me with the intricate details of the project at every step. Without her support and able guidance, it would have been very difficult to finish this work in the way I have done it.

However, I accept the sole responsibility of any possible errors of omission.

Varun Sharma

Gitarattan International Business School


Risk Management in Banking Sector



1. INTRODUCTION • Objectives of the study • Scope of study • Limitations of study

5 6 6

• • • • What is Risk? What is Risk Management? Dose it eliminate Risk? Objectives of Risk Management functions Risk in Banking 12 12 13 14


19 25 36 48 49 54

Gitarattan International Business School


Risk Management in Banking Sector


This project at Punjab National Bank was undertaken during the period of 2 months (JUNE 1st ’08 to JULY 31st ’08) as part of my summer training As part of summer training, I was made to accompany Customer Relationship Officer to observe Client Interaction, gauge the level of satisfaction by listening and solving quarries of existing clients also helped in making new clients. My Summer Training included the following• • An in-depth induction through the Computer Based Training Module Learning the basics of the various Baking Operations such as – procedure of opening new account (Savings, Current), printing and updating of passbook, procedure of opening a F.D, deposits / withdrawals, issuing of ATM cards and internet banking passwords etc. • • • Various Documents Necessary or Required at the Time of Opening of Account Accompanying Customer Relationship Officer to observe client interaction. Client Acquisition.

During the course of my training, I got valuable insights about the workings in a bank branch, internet banking and client interface.

Gitarattan International Business School


Risk Management in Banking Sector



To study broad outline of management of credit, market and operational risks associated with banking sector . Though the risk management area is very wide and elaborated, still the project covers whole subject in concise manner. The study aims at learning the techniques involved to manage the various types of risks, various methodologies undertaken. The application of the techniques involves us to gain an insight into the following aspects: • • • • • An overview of the risks in general. An insight of the various credit, market and operational risks attached to the banking sector The methodology related to the management of operational risk followed at PNB. Tools applied in for measurement and management of various types of risks. Having an insight into the practical aspects of the working of various departments.

Gitarattan International Business School


the various sub-groups The computation of capital charge for market risk will also be taken practically as also the assigning the ratings for individual borrowers. PNB is also under the key process of testing and implementation of Reuters "KONDOR" software for its VaR calculations and other aspects of market risk. 2. an attempt has been made to cover as comprehensively as possible. Due to the ongoing process of globalization and increasing competition. The risks can be broadly classified into three categories: • • • Credit risk Market risk Operational risk Within each of these broad groups.Risk Management in Banking Sector 0871913907 SCOPE OF THE STUDY The report seeks to present a comprehensive picture of the various risks inherent in the bank. LIMITATION OF THE STUDY 1. The major limitation of this study shall be data availability as the data is proprietary and not readily shared for dissemination. no one model or method will suffice over a long period of time and constant up gradation will be Gitarattan International Business School 6 .

Gitarattan International Business School 7 . Each bank.Risk Management in Banking Sector 0871913907 required. Due to ever changing environment . 7. 5. Selection of methods depends on the firms expectations as well as the risk appetite. The concept of risk management implementation is relatively new and risk management tools can prove to be costly. Also risks can only be minimized not completely erased. Out of the various ways in which risks can be managed. may develop its own methods for measuring and managing risk. in conforming to the RBI guidelines. none of the method is perfect and may be very diverse even for the work in a similar situation for the future. As such the project can be considered as an overview of the various risks prevailing in Punjab National Bank and in the Banking Industry. 6. 4. 3. many risks are unexpected and the remedial measures available are based on general experience from the past.

the most important factor shaping the world is globalization. Currently. prudential. such an environment has also meant that a problem in one country can sometimes adversely impact one or more countries instantaneously. as also to effect rapid changes in their processes and operations in order to remain competitive to the globalized environment. regulatory. particularly derivative instruments. Gitarattan International Business School 8 .border flows and entry of new products. There is a growing realisation that the ability of countries to conduct business across national borders and the ability to cope with the possible downside risks would depend. interalia. institutions and products. supervisory. This has consequently meant the adoption of a strong and transparent. Cross. on the soundness of the financial system.Risk Management in Banking Sector 0871913907 INTRODUCTION The significant transformation of the banking industry in India is clearly evident from the changes that have occurred in the financial markets. it has entailed greater competition and consequently greater risks. These developments have facilitated greater choice for consumers. The traditional face of banks as mere financial intermediaries has since altered and risk management has emerged as their defining attribute. While deregulation has opened up new vistas for banks to argument revenues. have impacted significantly on the domestic banking sector forcing banks to adjust the product mix. The benefits of globalization have been well documented and are being increasingly recognized. who have become more discerning and demanding compelling banks to offer a broader range of products through diverse distribution channels. even if they are fundamentally strong. But. Integration of domestic markets with international financial markets has been facilitated by tremendous advancement in information and communications technology.

it needs to be appropriately phased in the least disruptive manner. they can result in a severe economic downturn. growth and the reduction of poverty ’. This process is not a one shot affair. The banking and financial crises in recent years in emerging economies have demonstrated that. From this perspective. All this necessitates a transformation: a transformation in the mindset. through the development of an efficient financial system. ‘ a robust financial system is a precondition for a sound investment climate. The World Bank Annual Report (2002) has observed that the loss of US $1 trillion in banking crisis in the 1980s and 1990s is equal to the total flow of official development assistance to developing countries from 1950s to the present date. The first phase of reforms was guided by the recommendations of Narasimham Committee. Furthermore.Risk Management in Banking Sector 0871913907 technological and institutional framework in the financial sector on par with international best practices. a transformation in knowledge management. Financial sector reform. financial sector reforms are essential in order to avoid such costs. enhancing the effectiveness in the conduct of monetary policy and creating conditions for integration of the domestic financial sector with the global system. As the World Bank Annual Report (2002) observes. the incidence of which is ultimately borne by the taxpayer. The crucial role of sound financial markets in promoting rapid economic growth and ensuring financial stability. banking crises often impose substantial costs on the exchequer. As a consequence. It is. a transformation in the business processes and finally. when things go wrong with the financial system. Financial sector reforms were initiated in India a decade ago with a view to improving efficiency in the process of financial intermediation. is thus perceived as a key element in raising countries out of their 'low level equilibrium trap'. Gitarattan International Business School 9 . not surprising that financial market reform is at the forefront of public policy debate in recent years. therefore. the focus of financial market reform in many emerging economies has been towards increasing efficiency while at the same time ensuring stability in financial markets.

marking the gradual end of financial repression characterized by price and non-price controls in the process of financial intermediation. This volatility is exacerbated by the lack of liquidity in the secondary markets. The purpose of this paper is to highlight the need for the regulator and market participants to recognize the risks in the financial system. and human resources development. there still remains a large extent of segmentation of markets and nonlevel playing field among participants. size transformation. significant changes have been introduced in the Indian financial system. Risk is inherent in the very act of transformation. • The second phase. Further intensive discussions are held on important issues related to corporate governance. risk management technology. prior to reform of 1991-92. focused on strengthening the foundations of the banking system and bringing about structural improvements. These changes have infused an element of competition in the financial system. guided by Narasimham Committee II. which contribute to volatility in asset prices. The financial sector serves the economic function of intermediation by ensuring efficient allocation of resources in the economy. the products available to hedge risks and the instruments. productivity and profitability'. maturity transformation and risk transformation. While financial markets have been fairly developed. among others. Financial intermediation is enabled through a four-pronged transformation mechanism consisting of liability-asset transformation.Risk Management in Banking Sector 0871913907 • The approach was to ensure that ‘the financial services industry operates on the basis of operational flexibility and functional autonomy with a view to enhancing efficiency. banks were not exposed to diverse financial risks mainly because interest rates Gitarattan International Business School 10 . including derivatives that are required to be developed/introduced in the Indian system. reform of the capital structure. (in the context of Basel II norms). Since 1992. However. retail banking.

The deregulation of coupon rate on Government securities. Several structural changes have taken place in the financial sector since 1992. The rapid advancement of technology in the financial system. 6. 4. A gradual trend towards disintermediation in the financial system in the wake of increased access of corporates to capital markets. Gitarattan International Business School 11 . The operating environment has undergone a vast change bringing to fore the critical importance of managing a whole range of financial risks. diversification of ownership of public sector banks. 5.Risk Management in Banking Sector 0871913907 were regulated. The key elements of this transformation process have been 1. Blurring of distinction between activities of financial institutions. 7. 3. and. Substantial liberalization of bank deposit and lending rates. financial asset prices moved within a narrow band and the roles of different categories of intermediaries were clearly defined. 2. Emergence of new private sector banks and other financial institutions. Credit risk was the major risk for which banks adopted certain appraisal standards. Greater integration among the various segments of financial markets and their increased order of globalisation.

This definition of risk is very pertinent today as the current business environment offers both challenges and opportunities to organizations. Risk management may be as uncomplicated as asking and answering three basic questions: 1. In other words it is necessary to accept risks.Does it eliminate risk? Risk management is a discipline for dealing with the possibility that some future event will cause harm. includes both threats that can materialize and opportunities. and an approach to recognizing and confronting any threat faced by an organization in fulfilling its mission. Since risk is accepted in business as a trade off between reward and threat. techniques. and it is up to an organization to manage these to their competitive advantage. therefore. For some it is "financial (exchange rate.Risk Management in Banking Sector 0871913907 DEFINITION OF RISK  What is Risk? "What is risk?" And what is a pragmatic definition of risk? Risk means different things to different people. it does mean that taking risk bring forth benefits as well. What can go wrong? 2.  What is Risk Management . interest-call money rates). What will we do (both to prevent the harm from occurring and in the aftermath of an "incident")? Gitarattan International Business School 12 . It provides strategies. Risk in its pragmatic definition. mergers of competitors globally to form more powerful entities and not leveraging IT optimally" and for someone else "an event or commitment which has the potential to generate commercial liability or damage to the brand image". if the desire is to reap the anticipated benefits. which can be exploited.

maximizing profitability and creating opportunity out of risks And the other which is about minimising risks/loss and protecting corporate assets. In India.Risk Management in Banking Sector 3. Both situations. Apart from bringing the risks to manageable proportions.  Objectives of Risk Management Function Two distinct viewpoints emerge – • One which is about managing risks. which expect organizations to have effective risk management practices. This balancing act between the risk levels and profits needs to be well-planned. i. This is largely a result of lessons from major corporate failures. Gitarattan International Business School 13 . whilst risk management is still in its infancy. Risk Management is a more mature subject in the western world. • Managing risks essentially is about striking the right balance between risks and controls and taking informed management decisions on opportunities and threats facing an organization. there has been considerable debate on the need to introduce comprehensive risk management practices. The management of an organization needs to consciously decide on whether they • want their risk management function to 'manage' or 'mitigate' Risks. most telling and visible being the Barings collapse. but enables the organization to bring their risks to manageable proportions while not severely affecting their income. they should also ensure that one risk does not get transformed into any other undesirable risk.e. If something happens. This transformation takes place due to the inter-linkage present among the various risks. In addition. how will we pay for it? 0871913907 Risk management does not aim at risk elimination. The focal point in managing any risk will be to understand the nature of the transaction in a way to unbundle the risks it is exposed to. over or under controlling risks are highly undesirable as the former means higher costs and the latter means possible exposure to risk. regulatory requirements have been introduced.

The case discusses the various risks that arise due to financial intermediation and by highlighting the need for asset-liability management. What are the primary objectives of your risk management function? When specifically asked in a survey conducted.  Typology of Risk Exposure Based on the origin and their nature. risks are classified into various categories. executed from many locations and by numerous people. 33% of respondents stated that their risk management function is indeed expressly mandated to optimise risk. of banks exposes them to a host of risks. In the context of the risk management function. This intermediation activity. Risks in Banking Risks manifest themselves in many ways and the risks in banking are a result of many diverse activities. as well as the cost of acquiring this information. human factor. The volatility in the operating environment of banks will aggravate the effect of the various risks. Further. As a financial intermediary. identification and management of Risk is more prominent for the financial services sector and less so for consumer products industry. Gitarattan International Business School 14 . banks borrow funds and lend them as a part of their primary activity. and more. it discusses the Gap Model for risk management. means mitigating all risks even if the cost of minimising a risk may be excessive and outweighs the cost-benefit analysis. it may mean that the opportunities are not adequately exploited. existence of frictions such as taxes and transaction cost and limitations on quality and quantity of information.Risk Management in Banking Sector • 0871913907 Mitigating or minimising risks. on the other hand. The most prominent financial risks to which the banks are exposed to taking into consideration practical issues including the limitations of models and theories.


however banks are also exposed to the risk that the counterparty might downgraded by a rating agency. Default. the bank either loses all of the market value of the position or. Market risk for a fund is often measured relative to a benchmark index or portfolio. basis risk. is the extreme case. but also the profile of future exposures up to the termination of the deal. etc. more commonly.. whereby a counterparty is unwilling or unable to fulfill its contractual obligations.” a term used in risk management industry to describe the chance of a breakdown in the relationship between price of a product. and yet become positive at a later point in time after market conditions have changed. the credit exposure induced by the replacement values of derivative instruments are dynamic: they can be negative at one point of time. Therefore the banks must examine not only the current exposure. CREDIT RISK Credit risk is that risk that a change in the credit quality of a counterparty will affect the value of a bank’s position. measured by the current replacement value. volatility risk. on the one hand. Gitarattan International Business School 16 . However. i. In that instance if the counterparty defaults. convexity risk.Risk Management in Banking Sector MARKET RISK 0871913907 Market risk is that risk that changes in financial market prices and rates will reduce the value of the bank’s positions. LIQUIDITY RISK Liquidity risk comprises both • • Funding liquidity risk Trading-related liquidity risk. Credit risk is only an issue when the position is an asset. the part of the value that it cannot recover following the credit event. is referred to as a “risk of tracking error” market risk also includes “basis risk. and the price of the instrument used to hedge that price exposure on the other.e. when it exhibits a positive replacement value. The market-Var methodology attempts to capture multiple component of market such as directional risk.

and the breadth of funding sources. the terms of financing.Risk Management in Banking Sector 0871913907 Funding liquidity risk relates to a financial institution’s ability to raise the necessary cash to roll over its debt. It may reduce an institution’s ability to manage and hedge market risk as well as its capacity to satisfy any shortfall on the funding side through asset liquidation. including the ability to access public market such as commercial paper market. and principally computer system risk also fall into the operational risk category. faulty control. OPERATIONAL RISK It refers to potential losses resulting from inadequate systems.” and available credit lines. temporarily. Very tight controls are an absolute necessary if the bank is to avoid huge losses. and generate huge exposure in to the future. fraud and human error. Gitarattan International Business School 17 . Funding can also be achieved through cash or cash equivalents. This risk is generally very hard to quantify. and collateral requirements of counterparties. This means that a trader can make very large commitment on behalf of the bank. by heir nature. Technology risk. Funding liquidity risk is affected by various factors such as the maturities of the liabilities. If the transaction cannot be postponed its execution my lead to substantial losses on position. leveraged transactions. management failure.” for example when a trader or other employee intentionally falsifies and misrepresents the risk incurred in a transaction. “buying power . is the risk that an institution will not be able to execute a transaction at the prevailing market price because there is. using only small amount of cash. Operational risk includes” fraud. Trading-related liquidity risk. no appetite for the deal on the other side of the market. and (in the case of funds) to satisfy capital withdrawals. Derivative trading is more prone to operational risk than cash transactions because derivatives are. margin. the extent of reliance of secured sources of funding. Many of the recent large losses related to derivatives are the direct consequences of operational failure. to meet the cash. often simply called as liquidity risk.

lose money on a transaction and decided to sue the bank to avoid meeting its obligations.Risk Management in Banking Sector LEGAL RISK 0871913907 Legal risk arises for a whole of variety of reasons. counterparty might lack the legal or regulatory authority to engage in a transaction. Another aspect of regulatory risk is the potential impact of a change in tax law on the market value of a position. It relates to the losses that may result from human errors such as pushing the wrong button on a computer. For example. inadvertently destroying files. or an investor. Legal risks usually only become apparent when counterparty. HUMAN FACTOR RISK Human factor risk is really a special form of operational risk. or entering wrong value for the parameter input of a model. Gitarattan International Business School 18 .

it should be ensured that the bank is not exposed to Liquidity Risk. Thus. further categorized into interest rate risk.Risk Management in Banking Sector MARKET RISK  What is Market Risk? 0871913907 Market Risk may be defined as the possibility of loss to a bank caused by changes in the market variables. etc. currency exchange rates and commodity prices". foreign exchange risk. The immediate impact of changes in interest rates is on the Net Interest Income (NII). focus on the management of Liquidity Risk and Market Risk. Market Risk is the risk to the bank's earnings and capital due to changes in the market level of interest rates or prices of securities. A long term impact of changing interest rates is on the bank's networth since the economic value of a bank's assets. risk monitoring. In other words. Types of market risk • Interest rate risk: Interest rate risk is the risk where changes in market interest rates might adversely affect a bank's financial condition. it is equally concerned about the bank's ability to meet its obligations as and when they fall due. risk reporting. commodity price risk and equity price risk. Gitarattan International Business School 19 . Thus. foreign exchange and equities. The interest rate risk when viewed from these two perspectives is known as 'earnings perspective' and 'economic value' perspective. setting up of limits and triggers. models of analysis that value positions or measure market risk. Besides. liabilities and off-balance sheet positions get affected due to variation in market interest rates. The Bank for International Settlements (BIS) defines market risk as “the risk that the value of 'on' or 'off' balance sheet positions will be adversely affected by movements in equity and interest rate markets. An effective market risk management framework in a bank comprises risk identification. respectively. as well as the volatilities of those changes.

the approach towards measurement and hedging of IRR varies with the segmentation of the balance sheet. The Net Interest Income (NII) or Net Interest Margin (NIM) of banks is dependent on the movements of interest rates. The economic value perspective identifies risk arising from long-term interest rate gaps. which are contracted Gitarattan International Business School 20 . This is measured by measuring the changes in the Net Interest Income (NII) or Net Interest Margin (NIM) i. Any mismatches in the cash flows (fixed assets or liabilities) or repricing dates (floating assets or liabilities). however.e. The regulatory restrictions in the past had greatly reduced many of the risks in the banking system. the banking book comprises assets and liabilities. Earnings perspective involves analyzing the impact of changes in interest rates on accrual or reported earnings in the near term. expose bank's NII or NIM to variations. In a well functioning risk management system. The earning of assets and the cost of liabilities are now closely related to market interest rate volatility Generally.Risk Management in Banking Sector 0871913907 Management of interest rate risk aims at capturing the risks arising from the maturity and repricing mismatches and is measured both from the earnings and economic value perspective. Deregulation of interest rates has. Economic Value perspective involves analyzing the changes of impact on interest on the expected cash flows on assets minus the expected cash flows on liabilities plus the net cash flows on off-balance sheet items. It focuses on the risk to networth arising from all repricing mismatches and other interest rate sensitive positions. the difference between the total interest income and the total interest expense. banks broadly position their balance sheet into Trading and Banking Books. exposed them to the adverse impacts of interest rate risk. The management of Interest Rate Risk should be one of the critical components of market risk management in banks. While the assets in the trading book are held primarily for generating profit on short-term differences in prices/yields.

in an individual foreign currency. which depends upon the currency rate movements. As a result. banks may incur replacement cost. • Foreign exchange risk: Foreign Exchange Risk maybe defined as the risk that a bank may suffer losses as a result of adverse exchange rate movements during a period in which it has an open position. Thus. or a combination of the two. Thus. banks may suffer losses as a result of changes in premia/discounts of the currencies concerned.” Specific / Idiosyncratic” risk refers to that portion of the stock’s price volatility that is determined by characteristics specific to the firm. either spot or forward. which arises from the maturity mismatching of foreign currency positions. Even in cases where spot and forward positions in individual currencies are balanced. banks may have to undertake fresh transactions in the cash/spot market for replacing the failed transactions. banks also face the risk of default of the counterparties or settlement risk. Banks also face another risk called time-zone risk or Herstatt risk which arises out of time-lags in settlement of one currency in one center and the Gitarattan International Business School 21 . • Equity price risk: The price risk associated with equities also has two components” General market risk” refers to the sensitivity of an instrument / portfolio value to the change in the level of broad stock market indices. In the forex business.Risk Management in Banking Sector 0871913907 basically on account of relationship or for steady income and statutory obligations and are generally held till maturity. while the price risk is the prime concern of banks in trading book. the earnings or economic value changes are the main focus of banking book. the quality of its management. the maturity pattern of forward transactions may produce mismatches. The general market risk cannot be eliminated through portfolio diversification while specific risk can be diversified away. The banks are also exposed to interest rate risk. such as its line of business. While such type of risk crystallization does not cause principal loss. or a breakdown in its production process.

RBI has also initiated various steps in moving towards prescribing capital for Gitarattan International Business School 22 . since most commodities are traded in the market in which the concentration of supply can magnify price volatility. fluctuations in the depth of trading in the market (i. particularly those arising from their trading activities. commodity prices generally have higher volatilities and larger price discontinuities.Risk Management in Banking Sector 0871913907 settlement of another currency in another time-zone. The forex transactions with counterparties from another country also trigger sovereign or country risk (dealt with in details in the guidance note on credit risk). The internal models should. comply with quantitative and qualitative criteria prescribed by Basle Committee. Therefore. Exchange managing or hedging for adopted be to strategy> 3. The three important issues that need to be addressed in this regard are: 1.  Treatment of Market Risk in the Proposed Basel Capital Accord The Basle Committee on Banking Supervision (BCBS) had issued comprehensive guidelines to provide an explicit capital cushion for the price risks to which banks are exposed. market liquidity) often accompany and exacerbate high levels of price volatility. The tools of managing exchange risk • Commodity price risk: The price of the commodities differs considerably from its interest rate risk and foreign exchange risk. Nature and magnitude of exchange risk 2.e. Moreover. Reserve Bank of India has accepted the general framework suggested by the Basle Committee. however.. The banks have been given flexibility to use in-house models based on VaR for measuring market risk as an alternative to a standardized measurement framework suggested by Basle Committee.

large banks and those banks operating in international markets should develop expertise in evolving internal models for measurement of market risk. As the valuation norms on banks' investment portfolio have already been put in place and aligned with the international best practices. Once the Committee finalizes the modalities. RBI has also prescribed detailed operating guidelines for Asset-Liability Management System in banks. banks should study the Basel framework on capital for market risk as envisaged in Amendment to the Capital Accord to incorporate market risks published in January 1996 by BCBS and prepare themselves to follow the international practices in this regard at a suitable date to be announced by RBI. In view of this. As the ability of banks to identify and measure market risk improves. The Basle Committee on Banking Supervision proposes to develop capital charge for interest rate risk in the banking book as well for banks where the interest rate risks are significantly above average ('outliers'). The Committee is now exploring various methodologies for identifying 'outliers' and how best to apply and calibrate a capital charge for interest rate risk for banks. it would be necessary to assign explicit capital charge for market risk.  The Proposed New Capital Adequacy Framework Gitarattan International Business School 23 . it may be necessary. a risk weight of 2.5% has been prescribed for investments in Government and other approved securities. As an initial step.Risk Management in Banking Sector 0871913907 market risk. it is appropriate to adopt the Basel norms on capital for market risk. While the small banks operating predominantly in India could adopt the standardized methodology. at least for banks operating in the international markets to comply with the explicit capital charge requirements for interest rate risk in the banking book. besides a risk weight each of 100% on the open position limits in forex and gold.

CREDIT RISK Gitarattan International Business School 24 . they address the need for effective interest rate risk measurement. independent of whether the positions are part of the trading book or reflect banks' non-trading activities. Under the New Basel Capital Accord. which contains refined proposals for the three pillars of the New Accord Minimum Capital Requirements. they form minimum standards expected of internationally active banks. monitoring and control functions within the interest rate risk management process. as well as a system of internal controls.Risk Management in Banking Sector 0871913907 The Basel Committee on Banking Supervision has released a Second Consultative Document. It may be recalled that the Basel Committee had released in June 1999 the first Consultative Paper on a New Capital Adequacy Framework for comments. the proposal to provide explicit capital charge for market risk in the banking book which was included in the Pillar I of the June 1999 Document has been shifted to Pillar II in the second Consultative Paper issued in January 2001. The Committee has also provided a technical paper on evaluation of interest rate risk management techniques. the assumption of assets and liabilities in banking and trading activities. However. even though their specific application will depend to some extent on the complexity and range of activities undertaken by individual banks. The principles are intended to be of general application. The Document has defined the criteria for identifying outlier banks. based as they are on practices currently used by many international banks. a bank may be defined as an outlier whose economic value declined by more than 20% of the sum of Tier 1 and Tier 2 capital as a result of a standardized interest rate shock (200 bps. In particular. Supervisory Review and Market Discipline. The principles are given in Annexure II. According to the proposal.) The second Consultative Paper on the New Capital Adequacy framework issued in January. which includes the development of a business strategy. They refer to an interest rate risk management process. 2001 has laid down 13 principles intended to be of general application for the management of interest rate risk.

In the case of securities trading businesses: funds/ securities settlement may not be effected. In the case of guarantees or letters of credit: funds may not be forthcoming from the constituents upon crystallization of the liability. trading. Alternatively. financial institution or a sovereign. losses stem from outright default due to inability or unwillingness of a customer or counterparty to meet commitments in relation to lending. 3. In the case of treasury operations: the payment or series of payments due from the counter parties under the respective contracts may not be forthcoming or ceases. • • •  Types of Credit Rating Credit rating can be classified as: 2. bank. In a bank's portfolio. Credit risk emanates from a bank's dealings with an individual. corporate. In the case of cross-border exposure: the availability and free transfer of foreign currency funds may either cease or the sovereign may impose restrictions. Internal credit rating External credit rating: Gitarattan International Business School 25 . settlement and other financial transactions. losses result from reduction in portfolio value arising from actual or perceived deterioration in credit quality.Risk Management in Banking Sector  What is Credit Risk? 0871913907 Credit risk is defined as the possibility of losses associated with diminution in the credit quality of borrowers or counterparties. Credit risk may take the following forms • • In the case of direct lending: principal/and or interest amount may not be repaid. External credit rating.

in general. The qualitative analysis is concerned with the quality of management. and legal analyses. or the creditworthiness of an obligor with respect to a particular debt security or other financial obligation. and includes a through review of the firm’s technological changes. qualitative. Financial institutions.” In Moody's words. competitiveness within its industry as well as the expected growth of the industry and its vulnerability to and interest on a specific fixed-income Internal credit rating: Gitarattan International Business School 26 . In the words of S&P. The subject of credit rating might be a company issuing debt obligations. In the issuer credit rating categories are a) Counterparty ratings b) Corporate credit ratings c) Sovereign credit ratings The rating process includes quantitative. In the case of such “issuer credit ratings” the rating is an opinion on the obligor’s overall capacity to meet its financial obligations. a rating is. nor does it consider merits of having guarantors for some of the obligations. The quantitative analyses. when required to hold investment grade bonds by their regulators use the rating of credit agencies such as S&P and Moody's to determine which bonds are of investment grade. “ an opinion on the future ability and legal obligation of an issuer to make timely payments of principal security.” Since S&P and Moody's are considered to have expertise in credit rating and are regarded as unbiased evaluators. an investment recommendation concerning a given security. The quantitative analysis is mainly financial analysis and is based on the firm’s financial reports.” A credit rating is S&P's opinion of the general creditworthiness of an obligor. based on relevant risk factors. and labor relations. there ratings are widely accepted by market participants and regulatory agencies. The opinion is not specific to any particular liability of the company. regulatory changes.Risk Management in Banking Sector 0871913907 A credit rating is not.

02*. A robust RRS should offer a carefully designed. Rs. 50%) in any specific credit facility. A risk rating (RR) is designed to depict the risk of loss in a credit facility. from the credit facilities available to the borrower. The obligor rating represents the probability of default by a borrower in repaying its obligation in the normal course of business. and documented series of steps for the assessment of each rating. The expected loss = 100*. It combines the likelihood of default by a borrower and conditional severity of loss. and a facility rating to each available facility.Risk Management in Banking Sector 0871913907 A typical risk rating system (RRS) will assign both an obligor rating to each borrower (or group of borrowers). 100) and the probability of default (say. yet also to allow professional judgment to significantly influence a rating where it is appropriate. In this example. 1 A typical risk rating methodology (RRM) a. b. The facility rating represents the expected loss of principal and/ or interest on any business credit facility. 2%) of an obligor (or borrower) and the loss rate given default (say. structured. The following are the steps for assessment of rating: a) Objectivity and Methodology: The goal is to generate accurate and consistent risk rating.50 = Rs. Initial assign an obligor rating that identifies the expected probability of default by that borrower (or group) in repaying its obligations in normal course of business. The RRS then identifies the risk loss (principle/interest) by assigning an RR to each individual credit facility granted to an obligor. The expected loss is the product of an exposure (say. should default occur. Risk Rating Continuum (Prototype Risk Rating System) Gitarattan International Business School 27 .

Additional steps (four.Risk Management in Banking Sector 0871913907 RISK Sovereign Low RR 0 1 2 3 4 5 6 7 8 9 10 11 12 Corresponding Probable S&P or Moody's Rating Not Applicable AAA AA A BBB+/BBB BBBBB+/BB BBB+/B BCCC+/CCC CCIn Default Investment Grade Average High Below Investment Grade The steps in the RRS (nine. which sets a floor on the obligor rating (OR). These steps include examining third-party support (step 6). factoring in the maturity of the transaction (step 7). b) Measurement of Default Probability and Recovery Rates. in our example) are associated with arriving at a final facility rating. which may be above OR below the final obligor rating. Each one of steps 2 to 5 may result in the downgrade of the initial rating attributed at step 1. examining the borrower’s absolute and relative position within the industry (step 3). (step 8). reviewing how strongly the transaction is structured. A series of further steps (four) arrive at the final obligor rating. and assessing the amount of collateral (step 9). Gitarattan International Business School 28 . reviewing the quality of the financial information (step 4) and the country risk (step 5). in our prototype system) typically start with a financial assessment of the borrower (initial obligor rating). These steps include analyzing the managerial capability of the borrower (step 2). The process ensures that all credits are objectively rated using a consistent process to arrive at the accurate rating.

 Credit Risk Management In this backdrop. The multiple discriminant analysis (MDA). and makes use of a number of accounting variables to try to predict the probability of default. The linear probability model 2. monitoring and control of the credit risk exposures.Risk Management in Banking Sector 0871913907 Credit rating systems can be compared to multivariate credit scoring systems to evaluate their ability to predict bankruptcy rates and also to provide estimates of the severity of losses. Building Blocks of Credit Risk Management: In a bank. The linear probability model is based on a linear regression model. The logit model 3. They compare four methodologies for credit scoring: 1. Altman and Saunders (1998) provide a detailed survey of credit risk management approaches. it is imperative that banks have a robust credit risk management system which is sensitive and responsive to these factors. proposed and advocated by Aitman is based on finding a linear function of both accounting and market based variables that best discriminates between two groups: firms that actually defaulted and firms that did not default. The linear models are based on empirical procedures. Credit risk management encompasses identification. an effective credit risk management framework would comprise of the following distinct building blocks: • Policy and Strategy Gitarattan International Business School 29 . The effective management of credit risk is a critical component of comprehensive risk management and is essential for the long term success of any banking organization. measurement. They are not found in theory of the firm OR any theoretical stochastic processes for leveraged firms. and applies a few accounting variables to predict the default probability. The probit model 4. The discriminant analysis model The logit model assumes that the default probability is logistically distributed.

The strategy would. Every bank should have a credit risk policy document approved by the Board.</P< LI> Credit Risk Strategy 1.Risk Management in Banking Sector • • 0871913907 Organizational Structure Operations/ Systems  Policy and Strategy The Board of Directors of each bank shall be responsible for approving and periodically reviewing the credit risk strategy and significant credit risk policies. geographical location. Credit Risk Policy 1. legal issues and management of problem loans. Each bank should develop. This strategy should spell out clearly the organization’s credit appetite and the acceptable level of risk-reward trade-off for its activities. therefore. 3. All dealing officials should clearly understand the bank's approach for credit sanction and should be held accountable for complying with established policies and procedures. risk grading/ aggregation techniques. The document should include risk identification. credit origination/ maintenance procedures and guidelines for portfolio management. documentation. its own credit risk strategy or plan that establishes the objectives guiding the bank's credit-granting activities and adopt necessary policies/ procedures for conducting such activities. with the approval of its Board. 2. risk measurement. risk acceptance criteria. credit approval authority. include a statement of the bank's willingness to grant loans based on the type of economic activity. Credit risk policies should also define target markets. 4. Senior management of a bank shall be responsible for implementing the credit risk policy approved by the Board. The credit risk policies approved by the Board should be communicated to branches/controlling offices. 2. reporting and risk control/ mitigation techniques. Gitarattan International Business School 30 .

maturity and anticipated profitability. It will devise the policy and strategy for integrated risk management containing various risk exposures of the bank including the credit risk. This strategy should be viable in the long run and through various credit cycles. market. preferred levels of diversification and concentration.  Organizational Structure Sound organizational structure is sine qua non for successful implementation of an effective credit risk management system. For this purpose.Risk Management in Banking Sector 0871913907 currency. 3. The credit risk strategy should provide continuity in approach as also take into account the cyclical aspects of the economy and the resulting shifts in the composition/ quality of the overall credit portfolio. It is imperative that the independence of this Committee is preserved. Market and Operational Risk Management Committees. This would necessarily translate into the identification of target markets and business sectors. foreign exchange and equity price risks. therefore. The organizational structure for credit risk management should have the following basic features: 1. The Risk Management Committee will be a Board level Sub committee including CEO and heads of Credit. the Asset Liability Management Committee and other risk committees of the bank. In the event of the Board not accepting any recommendation of this Committee. systems should be put in place to spell Gitarattan International Business School 31 . if any. The Board should. the cost of capital in granting credit and the cost of bad debts. ensure that this is not compromised at any cost. The Board of Directors should have the overall responsibility for management of risks. 4. this Committee should effectively coordinate between the Credit Risk Management Committee (CRMC). The Board should decide the risk management policy of the bank and set limits for liquidity. Senior management of a bank shall be responsible for implementing the credit risk strategy approved by the Board. interest rate.

periodic visits of plant and business site. structuring the facilities. Transaction management phase covers risk assessment. This document should be made available to the internal and external auditors for their scrutiny and comments. The credit risk strategy and policies adopted by the committee should be effectively  Operations / Systems Banks should have in place an appropriate credit administration. the banks should have the following credit risk measurement and monitoring procedures: 5. loan administration. credit risk measurement and monitoring processes. business development. periodic credit calls that are documented. the answer to the following question: Given our past experience and our assumptions about the future. on going monitoring and risk measurement. The credit administration process typically involves the following phases: 1. and at least quarterly management reviews of troubled exposures/weak credits  Credit Risk Models A credit risk model seeks to determine. internal approvals. documentation. what is the present value of a given loan or fixed income security? A credit risk model would also seek to determine the (quantifiable) risk that the promised cash flows will not be forthcoming. Banks should establish proactive credit risk management practices like annual / half yearly industry studies and individual obligor reviews. Relationship management phase i.e.Risk Management in Banking Sector 0871913907 out the rationale for such an action and should be properly documented. Gitarattan International Business School 32 . loan pricing. Portfolio management phase entails monitoring of the portfolio at a macro level and the management of problem loans 4. directly or indirectly. On the basis of the broad management framework stated above. The techniques for measuring credit risk that have evolved over the last twenty years are prompted by these questions and dynamic changes in the loan market. 3. 2.

 RBI Guidelines on Credit Risk New Capital Accord: Implications for Credit Risk Management Gitarattan International Business School 33 . models give their users a competitive edge.Risk Management in Banking Sector 0871913907 The increasing importance of credit risk modeling should be seen as the consequence of the following three factors: 1. In a marketplace where margins are fast disappearing and the pressure to lower pricing is unrelenting. • Importance of Credit Risk Models Credit Risk Models have assumed importance because they provide the decision maker with insight or knowledge that would not otherwise be readily available or that could be marshalled at prohibitive cost. risk-based pricing. Regulators are concerned to improve the current system of bank capital requirements especially as it relates to credit risk. The outputs of these models also play increasingly important roles in banks' risk management and performance measurement processes. The credit risk models are intended to aid banks in quantifying. aggregating and managing risk across geographical and product lines. active portfolio management and capital structure decisions. customer profitability analysis. Credit risk modeling may result in better internal risk management and may have the potential to be used in the supervisory oversight of banking organizations. Banks are becoming increasingly quantitative in their treatment of credit risk. New markets are emerging in credit derivatives and the marketability of existing loans is increasing through securitization/ loan sales market. 2." 3.

for estimating regulatory capital. • RBI Guidelines for Credit Risk Management Credit Rating Framework Gitarattan International Business School 34 . even after accounting for operational risk. which cover capital requirements for market (trading book).. Under the Internal Rating Based (IRB) approach.e. The minimum capital adequacy ratio would continue to be 8% of the riskweighted assets. the Committee desires neither to produce a net increase nor a net decrease. 1.. For credit risk. in minimum regulatory capital. the Committee's ultimate goals are to ensure that the overall level of regulatory capital is sufficient to address the underlying credit risks and also provides capital incentives relative to the standardized approach. credit and operational risks. The Basel Committee has released a Second Consultative Document in January 2001. the range of options to estimate capital extends to include a standardized. a foundation IRB and an advanced IRB approaches. The Committee proposes two approaches. Supervisory Review and Market Discipline. i. viz. a reduction in the risk weighted assets of 2% to 3% (foundation IRB approach) and 90% of the capital requirement under foundation approach for advanced IRB approach to encourage banks to adopt IRB approach for providing capital. which contains refined proposals for the three pillars of the New Accord .Risk Management in Banking Sector 0871913907 The Basel Committee on Banking Supervision had released in June 1999 the first Consultative Paper on a New Capital Adequacy Framework with the intention of replacing the current broad-brush 1988 Accord.Minimum Capital Requirements. on an average. Standardized and 2. Internal Rating Based (IRB) Under the standardized approach.

CRF is continued to be used to a great extent. CRF can be used for the following purposes: 1. The CRF deploys a number/ alphabet/ symbol as a primary summary indicator of risks associated with a credit exposure.Risk Management in Banking Sector 0871913907 A Credit-risk Rating Framework (CRF) is necessary to avoid the limitations associated with a simplistic and broad classification of loans/exposures into a "good" or a "bad" category. 3. These would be relevant for portfolio-level analysis. wherein either a borrower or a particular exposure/ facility is rated on the CRF 2. This would largely constitute transaction-level analysis. In spite of the advancement in risk management techniques. Pricing (credit spread) and specific features of the loan facility. Individual credit selection. Such a rating framework is the basic module for developing a credit risk management system and all advanced models/approaches are based on this structure. These frameworks have been primarily driven by a need to standardize and uniformly communicate the "judgment" in credit selection procedures and are not a substitute to the vast lending experience accumulated by the banks' professional staff. Portfolio-level analysis. Surveillance. For instance. monitoring and internal MIS Assessing the aggregate risk profile of bank/ lender. the mean and the standard deviation of losses occurring in each CRF category and the overall migration of exposures would highlight the aggregated credit-risk for the entire portfolio of the bank. Broadly. the spread of credit exposures across various CRF categories. Gitarattan International Business School 35 . 4.

and therefore uncertain. processes or technology within the business unit. although both their impact and their frequency may be uncertain. failures that give rise to key operational risks. Operational failure risk arises from the potential for failure in the course of operating the business. and these risks should be built into the business plan. or resort to insurance. Gitarattan International Business School 36 . In addition.Risk Management in Banking Sector OPERATIONAL RISK What is Operational Risk? 0871913907 Operational risk is the risk associated with operating a business. Operational risk covers such a wide area that it is useful to subdivide operational risk into two components: • • Operational failure risk. and a catastrophic amount. The impact or severity of a financial loss can be divided into two categories: • • An expected amount An unexpected amount. The firm should provide for the losses that arise from the expected component of these failures by charging expected revenues with a sufficient amount of reserves. the firm should set aside sufficient economic capital to cover the unexpected component. The latter is itself subdivided into two classes: an amount classed as severe. and any one of these factors may experience a failure of some kind. Accordingly. Operational strategic risk. These failures can be expected to occur periodically. A portion of failure may be anticipated. operational failure risk can be defined as the risk that there will be a failure of people. A firm uses people. But it is unanticipated. processes and technology to achieve the business plans.

These two principal categories of risk are also sometimes defined as “internal” and “ external” operational risk. processes and technology outside their business unit. It also arises from major new strategic initiatives. such as developing a new line of business or re-engineering an existing business line. and the potential for failure exists there too. this type of risk is referred to as external dependency risk. etc. Gitarattan International Business School 37 . sometimes referred as operations risk. All business rely on people. Operational risk is often thought to be limited to losses that can occur in operating or processing centers. and earthquakes and other such factors that are outside the control of the firm. such as a new competitor that changes the business paradigram. a major political and regulatory regime change.Risk Management in Banking Sector Operational strategic risk arises from environmental 0871913907 factors. This type of operational risk. The figure above summarizes the relationship between operational failure risk and Figure: Two Broad Categories of Operational Risk operational strategic risk. such as • • • • • • People Process Technology Political Taxation Regulation Government Societal Competition. Operational Risk Operational failure risk (Internal operational risk) The risk encountered in pursuit of a particular strategy due to: • • • Operational strategic risk (External operational risk) The risk of choosing an inappropriate strategy in response to environmental factor.

which in turn can give rise to fines and other penalties. In turn this can lead to the execution of additional transactions that would otherwise not have been executed. These are examples of what is often called as “process risk” The system that records the transaction may not be capable of handling the transaction or it may not have the capacity to handle such transactions. errors can occur as the transaction is recorded in various systems or reports. or because the model is used inappropriately and so on. Further an error in market risk and credit risk report might lead to the exposures generated by the deal being understated. and each can be analyzed in terms of capacity. but it by no means covers all of the operational risks facing the firm. It is present during negotiations with the client (regardless of whether the negotiation is a lengthy structuring exercise or a routine electronic negotiation. and each exposes the firm to operational risk. Risk begins to accumulate even before the design of the potential transaction gets underway. each type of risk can be captured either as people. capability or availability Gitarattan International Business School 38 . If any one of the step is out-sourced. “People risk” are not only in the form of risk found early in a transaction.) and continues after the negotiation as the transaction is serviced. The activity carried on behalf of the client by the staff can expose the institution to “people risk”. Several things have to be in place before a transaction is negotiated. But they further rely on using sophisticated financial models to price the transaction. A complete picture of operational risk can only be obtained if the bank’s activity is analyzed from beginning to end. or an external dependency risk. This creates what is called as Model risk which can arise because of wrong parameters like input to the model. processes. However. An error here may result in the delayed settlement of the transaction. then external dependency risk also arises. technology. Our definition of operational risk as the risk associated with operating the business means significant amounts of operational risk are also generated outside the processing centers. Once the transaction is negotiated and a ticket is written.Risk Management in Banking Sector 0871913907 is an important component.

Appropriate policies must be put in place to limit the amount of operational risk that is assumed by an institution. Internal Audit Senior Management Business Management Risk Management Legal Insurance Operations Finance Information Technology Gitarattan International Business School 39 . no single group within the bank should be responsible for simultaneously setting policies. To avoid any conflict of interest. They must also ensure that a methodology for the timely and effective monitoring of the risks that are incurred is in place. taking action and monitoring risk. Senior management needs to give authority to change the operational risk profile to those who are the best able to take action. even though the development of those policies may be delegated. and submitted to the board of directors for approval.Risk Management in Banking Sector  Who Should Manage Operational Risk? 0871913907 The responsibility for setting policies concerning operational risk remains with the senior management.

and whether the resulting processes are effective. The infrastructure and the governance groups share with business management the responsibility for managing operational risk. but independent from.Risk Management in Banking Sector Policy Setting 0871913907 The authority to take action generally rests with business management. performing risk analysis inclusive of stress testing. business management. infrastructure. They involve setting policy and identifying risk as an outgrowth of having designed a common language. The responsibility for the development of a methodology for measuring and monitoring operational risks resides most naturally with group risk management functions. building a best measurement methodology. and other governance group Senior management needs to know whether the responsibilities it has delegated are actually being tended to. constructing business process maps. The internal audit function within the bank is charged with this responsibility. Key to Implementing Bank-wide Operational Risk Management: The eight key elements are necessary to successfully implement a bank-wide operational risk management framework. In this regard. and allocating economic capital as a function of operational risk. installing a timely reporting capability. the risk management function works very closely with. Gitarattan International Business School 40 . providing exposure management. which is responsible for controlling the amount of operational risk taken within each business line. The risk management function also needs to ensure the proper operational risk/ reward analysis is performed in the review of existing businesses and before the introduction of new initiatives and products.

. 1.Risk Management in Banking Sector 0871913907 EIGHT KEY ELEMENTS TO ACHIEVE BEST OPERATIONAL RISK MANAGEMENT. 3. Business Process 6. Gitarattan International Business School 41 . one should create an “operational risk catalogue” which categories and defines the various operational risks arising from each organizational unit in terms of people. This includes explicitly articulating the desired standards for the risk measurement. Policy 8. Measuring Methodology 5. Reporting 4. One also needs to establish clear guidelines for practices that may contribute to a reduction of operational risk. Incompetancy. Exposure Management 1. Develop business process maps of each business.Risk Identification 7. the term “people risk” includes a failure to deploy skilled staff. process. Types of Operational Failure Risk 1. 2. For e. and so on. People Risk 1. and technology risk. Economic Capital 2.g. Establish a common language of risk identification. For e. “Technology risk” would include system failure.. This catalogue should be tool to help with operational risk identification and assessment. Risk Analysis Best Practice 3.g. Develop well-defined operational risk policies.

risk analysis is typically performed as part of a new product process. For e. Stress testing should be a standard Gitarattan International Business School 42 . Operational risk assessment is a complex process. • OCR 4. Information risk. 6. The bank should address the economic question of th cost-benefit of insuring a given risk for those operational risks that can be insured. Exceeding limits. Product complexity.Volume risk. Security risk. 1. 2. 5. Telecommunications failure. Execution error. 7. Technology Risk 3. Fraud.g. 2. 3. It needs to be performed on a firm-wide basis at regular intervals using standard metrics. business and infrastructure groups performed their own assessment of operational risk. Process Risk • • Model Risk TR 1. periodic business reviews. Programming error. 4. 1. Settlement error. Decide how to report exposure. Booking error. Decide how to manage operational risk exposure and take appriate action to hedge the risks. In early days. 3. Today. Develop a comprehensible set of operational risk metrics. 0871913907 4. and procedures for when these tools should deploped. 2.Risk Management in Banking Sector 2. System failure. selfassessment has been discredited. Model/ methodology error 2.. Mark-to-model error. 1. and so on. Develop tools for risk analysis. Sophisticated financial institutions are trying to develop objective measures of operational risk that build significantly more reliability into the quantification of operational risk. 2. 3.

or as business circumstances evolve. Output. Sources of Information in the Measurement Process of Operational Risk :The Inputs (for Assessment) Gitarattan International Business School 43 .Risk Management in Banking Sector 0871913907 part of risk analysis process. The following are the four steps involved in the process: 1. The frequency of risk assessment should be a function of the degree to which operational risks are expected to change over time as businesses undertake new initiatives. 4. For example. 1. Tools and procedures should be developed to enable businesses to make decisions about operational risk based on risk/reward analysis. This frequency might be reviewed as operational risk measurement is rolled out across the bank a bank should update its risk assessment more frequently. Risk assessment framework. Four-Step Measurement Process For Operational Risk  Clear guiding principle for the operational risk measurement process should be set to ensure that it provides an appropriate measure of operational risk across all business units throughout the bank. A key source of this information is often the finished product of other groups. 8. Develop techniques to translate the calculation of operational risk into a required amount of economic capital. 2. Review and validation. Further one should reassess whenever the operational risk profile changes significantly. a unit that supports the business group often publishes report or documents that may provide an excellent starting point for the operational risk assessment. This problem of measuring operational risk can be best achieved by means of a four-step operational risk process. Input: The first step in the operational risk measurement process is to gather the information needed to perform a complete assessment of all significant operational risks. 3. Input.

Risk Assessment Framework The input information gathered in the above step needs to be analyzed and processed through the risk assessment framework. Have there been any significant changes made since the last audit assessment? Did the audit scope include the area of operational risk that is of concern to the present risk assessment? As one diligently works through available information.Risk Management in Banking Sector Likelihood of Occurrence Audit report Regulatory report Management report Expert opinion Business Recovery Plan Business plans Budget plans Operations plans 0871913907 Severity Management interviews Loss history • • • • • • • • • • For example. One often needs to rely on the expertise of business management. there are not sufficient reliable historical data available to confidently project the likelihood or severity of operational losses. The time frame employed for all aspects of the assessment process is typically one year. then one needs to ask if the audit assessment is current and sufficient. Typically. The one-year time horizon is usually selected to align with the business planning cycle of the bank. until reliable data are compiled to offer an assessment of the severity of the operational failure for each of the risks. 2. Risk assessment framework includes: 1. These gaps in the information often need to be filled through discussion with the relevant managers. if one is relying on audit documents as an indication of the degree of control. gaps often become apparent. Risk categories: Gitarattan International Business School 44 .

high and very high. medium. “ Complacency” refer to ineffective management of the business. net of risk mitigants such as insurance. Net likelihood assessment The likelihood that an operational failure might occur within the next year should be assessed. process and technology deployed within the business Internal dependencies should each be reviewed according to a set of factors. complexity. etc. 4. for each identified risk exposure and for each of the four headline risk categories. 5. this assessment can be rated along five point likelihood continuum from very low. One needs to examine the degree of interconnected risk exposures that cut across the headline operational risk categories. 6. in order to understand the full impact of risk. “Complexity’ refers to such items as complexity of products. Change. process or technology. Since it is often unclear how to quantify risk. or moving from internal supply to outsourcing. External dependencies can also be analyzed in terms of the specific type of external interaction. We examine these 9nternal dependencies according to three key components of capability.Risk Management in Banking Sector 0871913907 The operational risk can be broken down into four headline risk categories like the risk of unexpected loss due to operational failure in people. Severity assessment Severity describes the potential loss to the bank given that an operational risk failure has occurred. compliancy: One may view the sources that drive the headline risk categories as falling under the broad categories of “Change” refers to such items as introducing new technology or new products. a merger or acquisition. It should be assessed for each identified risk exposure. capacity and availability. Connectivity and interdependencies The headline risk categories cannot be viewed in isolation from one another. low. 2. Combined likelihood and severity into the overall Operational Risk Assessment Gitarattan International Business School 45 . 3.

and be chaired by risk management unit. and functional areas. 4. and the partners in corporate governance such as internal audit and compliance. Second. This relationship between these causes. in order to finalize the proposed operational risk rating. that there has been sufficient scrutiny to remove any imperfections. can be difficult to assess in an objective fashion. This complicates the measurement of operational risk because each loss is likely to have several causes. 7. First the centralised operational risk management group (ORMG) reviews the assessment results with senior business unit management and key officers. Output The final assessment of operational risk will be formally reported to business management. The committee should have representation from business management. Review and validation: Once the report is generated. one may want an operational risk rating committee to review the assessment – a validation process similar to that followed by credit rating agencies. audit. The assessment provides better operational risk information to management for use in improving risk management decisions. the centralised risk-adjusted return on capital (RAROC) group. and so on. and the relative importance of each. Defining Cause and Effect: Loss data are easier to collect than data associated with the cause of loss. 3. This cannot be accomplished without statistically significant historical data on operational losses. The output of the assessment process has two main uses: 1. the likelihood of loss would need to be expressed in numerical terms.Risk Management in Banking Sector 0871913907 Operational risk measures are constrained in that there is not usually a defensible way to combine the individual likelihood of loss and severity assessments into overall measure of operational risk within a business unit. To do so. This takes the form of review of the individual risk assessments by knowledgeable senior committee personnel to ensure that the framework has been consistently applied across businesses. Gitarattan International Business School 46 .

Of course. one can invest in business unit. An Idealized Bank Of The Future Gitarattan International Business School 47 . one can accept and manage risk through effective monitoring and control. one can transfer risk to another party. and in that case of those that are insurable the required premium may be prohibitive.Risk Management in Banking Sector 0871913907 2. First. The strategy and eventually the decision should be based on cost benefit analysis. one can avoid the risk by withdrawing from business activity. Fourth. being taken by a business unit. 3. Third. not all-operational risks are insurable. Attention High Risk Low Risk Medium Risk Likelihood of Loss ($) A business unit may address its operational risks in several ways. The over all assessment of the likelihood of operational risk & severity of loss for a business unit can be shown as: Medium Risk Severity of Loss ($) Mgmt. The assessment improves the allocation of economic capital to better reflect the extent of the operational riskier. Second.

loans. beyond a clearly articulate tolerance for loss. The ability to control and manage risk will be finely tuned to meet specific business objectives. far fewer significantly large losses.) to a horizontal. More importantly. Evaluating the risk of a specific deal will take into account its effect on the firm’s total risk exposure. Conversely. equities. Study of Operational Risk at Punjab National Bank Gitarattan International Business School 48 . For example. banks that attempt to build this infrastructure in-house will become trapped in a quagmire of large.Risk Management in Banking Sector 0871913907 The efficient bank of the future will be driven by a single analytical risk engine that draws its data from a single logical data repository. Banks that dominate this technology will gain a tremendous competitive advantage. product-oriented environment (e. foreign exchange. customer-oriented environment in which complex combinations of asset types will be traded. reusable. There will be less need for desks that specialize in single product lines. middle-. The successful banks will require far fewer risk systems. Their information technology and trading infrastructure will be cheaper than today’s by orders of magnitude. With the appropriate technology in place. they will be free to focus on their core business and offer products more directly suited to their customers’ desired return to risk profiles. swaps. etc. Most of which will be based on a combination of industry standard. financial trading across all asset classes will move from the current vertical. This engine will power front-. The firm’s exposure will be known and disseminated in real time.g.. The focus will shift to customer needs rather than instrument types. and supply information about enterprise-wide risk. and back-office functions. will be incurred and the return to risk profile will be vastly improved. rather than simply the exposure of the individual deal. set in such a manner so as to maximize the risk-adjusted return on capital for the firm. The management of limits will be based on capital. robust risk software and highly sophisticated proprietary analytics. expensive IT departments-and poorly supported software.

Failure of operational and information security procedures. 5. It is a professionally managed bank with a successful track record of over 110 years. 3. Fraud. undivided India. Inadequate training and employee errors. Punjab National Bank (PNB) has the distinction of being the first Indian bank to have been started solely with Indian capital. including: 1. Gitarattan International Business School 49 . Software or equipment. 6.Risk Management in Banking Sector 0871913907  About Punjab National Bank Established in 1895 at Lahore. financing of trade and international banking. Operational risk can result from a variety of factors. agricultural finance. Improperly documented transactions. With its presence virtually in all the important centres of the country. From its modest beginning. industrial finance. The large presence and vast resource base have helped the Bank to build strong links with trade and industry. 2.4525 Offices including 432 Extension Counters spread throughout the country. Failure to obtain proper internal authorizations. Operational Risk Punjab National Bank is exposed to many types of operational risk. 4. non-resident Indians and multinational companies. 7. the bank has grown in size and stature to become a front-line banking institution in India at present. Among the clients of the Bank are Indian conglomerates. It has the largest branch network in India . exporters. Punjab National Bank offers a wide variety of banking services which include corporate and personal banking.The bank was nationalised in July 1969 along with 13 other banks. Computer systems. medium and small industrial units.

which details the terms and conditions for providing various banking services. which are subject to appropriate physical and logical access controls. Amendments to these manuals are implemented through circulars sent to all offices. Most of the information technology assets including critical servers are hosted in centralized data centers. maintaining key back–up procedures and undertaking regular contingency planning. and specimen signatures are scanned and stored in the system for online verification. Senior officers have delegated power to authorize larger withdrawals. establishing systems and procedures to monitor transactions. Where the depositor does not apply for repayment on the due date. PNB requires the new customer to complete a relationship form. PNB’s banking software has multiple security features to protect the integrity of applications and data. PNB’s operating system validates the check number and balance before permitting withdrawals. Withdrawals from customer accounts are controlled by dual authorization. PNB gives importance to computer security and has s a comprehensive information technology security policy. Gitarattan International Business School 50 . When taking a deposit from a new customer. the amount is transferred to an overdue deposits account for follow up. PNB has a scheme of delegation of financial powers that sets out the monetary limit for each employee with respect to the processing of transactions in a customer's account. I. the deposit is paid to the depositor. Operational Controls and Procedures in Branches PNB has operating manuals detailing the procedures for the processing of various banking transactions and the operation of the application software. PNB enters into a relationship with a customer only after the customer is properly introduced to PNB. When time deposits become due for repayment.Risk Management in Banking Sector 0871913907 PNB attempts to mitigate operational risk by maintaining a comprehensive system of internal controls. Photographs of customers are also obtained for PNB’s records. System generated reminders are sent to depositors before the due date for repayment.

opening of new bank accounts for customers who seek web broking services and recovery of service charges for accounts for holding shares in book-entry form. reconciliation of ATM transactions. back office and accounting and reconciliation functions are fully segregated in both the domestic treasury and foreign exchange treasury. standing instructions and auto-renewal of deposits. Procedures for reporting breaches in Gitarattan International Business School 51 . Operational Controls and Procedures in Regional Processing Centers & Central Processing Centers To improve customer service at PNB’s physical locations. issue of passwords to Internet banking customers. PNB opens the Internet banking account and issues the customer a user ID and password to access his account online. After verification of the same. make inter-city check collections. depositing postdated cheques received from retail loan customers and credit card transaction processing. the customer must provide PNB with documentation to prove the customer's identity. PNB’s front office. The respective middle offices use various risk monitoring tools such as counterparty limits. PNB uses technology to monitor risk limits and exposures. and engage in back office activities for account opening. PNB has centralized transaction processing on a nationwide basis for transactions like the issue of ATM cards and PIN mailers. Operational Controls and Procedures for Internet Banking 0871913907 In order to open an Internet banking account. PNB handles transaction processing centrally by taking away such operations from branches. exposure limits and individual dealer limits. PNB has centralized operations at regional processing centers located at 15 cities in the country. back office activities of non-resident Indian accounts. monitoring of ATM functioning. III. including a copy of the customer's passport. a photograph and specimen signature of the customer. IV.Risk Management in Banking Sector II. position limits. Centralized processing has been extended to the issuance of personalized check books. Operational Controls and Procedures in Treasury PNB has a high level of automation in trading operations. These regional processing centers process clearing checks and inter-branch transactions.

they strike deals in conformity with various limits relating to counterparties.Risk Management in Banking Sector limits are also in place. equity securities and inter-bank money markets. Gitarattan International Business School 52 . Compliance and Audit Group. The inter-bank foreign exchange treasury operations are conducted through Reuters dealing systems. securities and brokers. Trading operations are conducted in conformity with the code of conduct prescribed by internal and regulatory guidelines. including procedures with respect to deal confirmations with counterparties. PNB’s dealers analyze the market conditions and take views on price movements. The deals are then forwarded to the back office for settlement. The processing ensures adequate checks at critical stages. Brokered deals are concluded through voice systems. PNB’s back office undertakes the settlement of funds and securities. The back office has procedures and controls for minimizing operational risks. reconciling actual security holdings with the holdings pursuant to the records and reports any irregularity or shortcoming observed. monitors counterparty limits. Thereafter. ensuring receipt of contract notes from brokers. monitoring receipt of interest and principal amounts on due dates. information and liquidity considerations. Deals carried out through voice systems are input in the system by the dealers for processing. Trade strategies are discussed frequently and decisions are taken based on market forecasts. 0871913907 PNB’s front office treasury operation for rupee transactions consists of operations in fixed income securities. The entire process from deal origination to settlement and accounting takes place via straight through processing. verifying the authenticity of counterparty checks and securities. ensuring transfer of title in the case of purchases of securities. evaluates the mark-tomarket impact on various positions taken by dealers and monitors market risk exposure of the investment portfolio and adherence to various market risk limits set up by the Risk. The Treasury Middle Office Group. Deals done through Reuters systems are captured on a real time basis for processing.

Gitarattan International Business School 53 . to minimize operational risk. This plan allocates audit resources based on an assessment of the operational risks in the various businesses.Risk Management in Banking Sector V. The Internal Audit group also has a dedicated team responsible for information technology security audits. networks and operating systems are covered under the annual audit plan. The Internal Audit group conceptualizes and implements improved systems of internal controls. in accordance with a risk-based audit plan. Audit 0871913907 The Internal Audit Group undertakes a comprehensive audit of all business groups and other functions. Various components of information technology from applications to databases. The audit plan for every fiscal year is approved by the Audit Committee of PNB’s board of directors.

org  www. The new Management Imperative in Finance. WEBSITES:  www. Credit Risk  www.  Bhole Growth and Innovations. Risk Management. M. Mark.bis.  Gleason T . second  www. third edition. Financial Institutions and Markets – Structure.Risk Management in Banking Sector 0871913907 REFERENCES Books:  Galai. Risk Management.James. second edition. Crouny . fourth fourth edition  Saunders Anthony.rbi.iib. Risk.  Schleiferr Gitarattan International Business School 54 .com  www.

Sign up to vote on this title
UsefulNot useful