Professional Documents
Culture Documents
ON
Summer Training Project Report Submitted for Partial Fulfillment for the
Award of the Degree of
Varun Sharma
0871913907
0871913907
ACKNOWLEDGEMENT
Varun Sharma
0871913907
TABLE OF CONTENTS
5
6
6
2. DEFINITION OF RISK
What is Risk?
What is Risk Management? Dose it eliminate Risk?
Objectives of Risk Management functions
Risk in Banking
12
12
13
14
19
25
36
48
49
54
0871913907
EXECUTIVE SUMMARY
This project at Punjab National Bank was undertaken during the period of 2 months
(JUNE 1st 08 to JULY 31st 08) as part of my summer training
As part of summer training, I was made to accompany Customer Relationship Officer to
observe Client Interaction, gauge the level of satisfaction by listening and solving
quarries of existing clients also helped in making new clients.
My Summer Training included the following
Learning the basics of the various Baking Operations such as procedure of opening
new account (Savings, Current), printing and updating of passbook, procedure of
opening a F.D, deposits / withdrawals, issuing of ATM cards and internet banking
passwords etc.
Client Acquisition.
During the course of my training, I got valuable insights about the workings in a bank
branch, internet banking and client interface.
0871913907
OBJECTIVES
To study broad outline of management of credit, market and operational risks associated
with banking sector .
Though the risk management area is very wide and elaborated, still the project covers
whole subject in concise manner.
The study aims at learning the techniques involved to manage the various types of risks,
various methodologies undertaken. The application of the techniques involves us to gain
an insight into the following aspects:
0871913907
The report seeks to present a comprehensive picture of the various risks inherent in the
bank. The risks can be broadly classified into three categories:
Credit risk
Market risk
Operational risk
Within each of these broad groups, an attempt has been made to cover as
comprehensively as possible, the various sub-groups
The computation of capital charge for market risk will also be taken practically as also
the assigning the ratings for individual borrowers. PNB is also under the key process of
testing and implementation of Reuters "KONDOR" software for its VaR calculations and
other aspects of market risk.
1. The major limitation of this study shall be data availability as the data is proprietary
and not readily shared for dissemination.
0871913907
2. Due to the ongoing process of globalization and increasing competition, no one model
or method will suffice over a long period of time and constant up gradation will be
required. As such the project can be considered as an overview of the various risks
prevailing in Punjab National Bank and in the Banking Industry.
3. Each bank, in conforming to the RBI guidelines, may develop its own methods for
measuring and managing risk.
4. The concept of risk management implementation is relatively new and risk
management tools can prove to be costly.
5. Out of the various ways in which risks can be managed, none of the method is perfect
and may be very diverse even for the work in a similar situation for the future.
6. Due to ever changing environment , many risks are unexpected and the remedial
measures available are based on general experience from the past.
7. Selection of methods depends on the firms expectations as well as the risk appetite.
Also risks can only be minimized not completely erased.
0871913907
INTRODUCTION
The significant transformation of the banking industry in India is clearly evident
from the changes that have occurred in the financial markets, institutions and products.
While deregulation has opened up new vistas for banks to argument revenues, it has
entailed greater competition and consequently greater risks. Cross- border flows and
entry of new products, particularly derivative instruments, have impacted significantly on
the domestic banking sector forcing banks to adjust the product mix, as also to effect
rapid changes in their processes and operations in order to remain competitive to the
globalized environment. These developments have facilitated greater choice for
consumers, who have become more discerning and demanding compelling banks to offer
a broader range of products through diverse distribution channels. The traditional face of
banks as mere financial intermediaries has since altered and risk management has
emerged as their defining attribute.
Currently, the most important factor shaping the world is globalization. The
benefits of globalization have been well documented and are being increasingly
recognized. Integration of domestic markets with international financial markets has been
facilitated by tremendous advancement in information and communications technology.
But, such an environment has also meant that a problem in one country can sometimes
adversely impact one or more countries instantaneously, even if they are fundamentally
strong.
There is a growing realisation that the ability of countries to conduct business
across national borders and the ability to cope with the possible downside risks would
0871913907
depend, interalia, on the soundness of the financial system. This has consequently meant
the adoption of a strong and transparent, prudential, regulatory, supervisory, technological
and institutional framework in the financial sector on par with international best
practices. All this necessitates a transformation: a transformation in the mindset, a
transformation in the business processes and finally, a transformation in knowledge
management. This process is not a one shot affair; it needs to be appropriately phased in
the least disruptive manner.
The banking and financial crises in recent years in emerging economies have
demonstrated that, when things go wrong with the financial system, they can result in a
severe economic downturn. Furthermore, banking crises often impose substantial costs on
the exchequer, the incidence of which is ultimately borne by the taxpayer. The World
Bank Annual Report (2002) has observed that the loss of US $1 trillion in banking crisis
in the 1980s and 1990s is equal to the total flow of official development assistance to
developing countries from 1950s to the present date. As a consequence, the focus of
financial market reform in many emerging economies has been towards increasing
efficiency while at the same time ensuring stability in financial markets.
From this perspective, financial sector reforms are essential in order to avoid such
costs. It is, therefore, not surprising that financial market reform is at the forefront of
public policy debate in recent years. The crucial role of sound financial markets in
promoting rapid economic growth and ensuring financial stability. Financial sector
reform, through the development of an efficient financial system, is thus perceived as a
key element in raising countries out of their 'low level equilibrium trap'. As the World
Bank Annual Report (2002) observes, a robust financial system is a precondition for a
sound investment climate, growth and the reduction of poverty .
Financial sector reforms were initiated in India a decade ago with a view to
improving efficiency in the process of financial intermediation, enhancing the
effectiveness in the conduct of monetary policy and creating conditions for integration of
0871913907
the domestic financial sector with the global system. The first phase of reforms was
guided by the recommendations of Narasimham Committee.
The approach was to ensure that the financial services industry operates on the
basis of operational flexibility and functional autonomy with a view to enhancing
efficiency, productivity and profitability'.
system. These changes have infused an element of competition in the financial system,
marking the gradual end of financial repression characterized by price and non-price
controls in the process of financial intermediation. While financial markets have been
fairly developed, there still remains a large extent of segmentation of markets and nonlevel playing field among participants, which contribute to volatility in asset prices. This
volatility is exacerbated by the lack of liquidity in the secondary markets. The purpose of
this paper is to highlight the need for the regulator and market participants to recognize
the risks in the financial system, the products available to hedge risks and the
instruments, including derivatives that are required to be developed/introduced in the
Indian system.
The financial sector serves the economic function of intermediation by ensuring
efficient allocation of resources in the economy. Financial intermediation is enabled
through a four-pronged transformation mechanism consisting of liability-asset
transformation, size transformation, maturity transformation and risk transformation.
10
0871913907
11
0871913907
DEFINITION OF RISK
What is Risk?
"What is risk?" And what is a pragmatic definition of risk? Risk means different
things to different people. For some it is "financial (exchange rate, interest-call money
rates), mergers of competitors globally to form more powerful entities and not leveraging
IT optimally" and for someone else "an event or commitment which has the potential to
generate commercial liability or damage to the brand image". Since risk is accepted in
business as a trade off between reward and threat, it does mean that taking risk bring forth
benefits as well. In other words it is necessary to accept risks, if the desire is to reap the
anticipated benefits.
Risk in its pragmatic definition, therefore, includes both threats that can
materialize and opportunities, which can be exploited. This definition of risk is very
pertinent today as the current business environment offers both challenges and
opportunities to organizations, and it is up to an organization to manage these to their
competitive advantage.
What is Risk Management - Does it eliminate risk?
Risk management is a discipline for dealing with the possibility that some future
event will cause harm. It provides strategies, techniques, and an approach to recognizing
and confronting any threat faced by an organization in fulfilling its mission. Risk
management may be as uncomplicated as asking and answering three basic questions:
12
0871913907
And the other which is about minimising risks/loss and protecting corporate
assets.
The management of an organization needs to consciously decide on whether they
13
0871913907
Managing risks essentially is about striking the right balance between risks and
controls and taking informed management decisions on opportunities and threats
facing an organization. Both situations, i.e. over or under controlling risks are
highly undesirable as the former means higher costs and the latter means possible
exposure to risk.
Mitigating or minimising risks, on the other hand, means mitigating all risks even
if the cost of minimising a risk may be excessive and outweighs the cost-benefit
analysis. Further, it may mean that the opportunities are not adequately exploited.
In the context of the risk management function, identification and management of
Risk is more prominent for the financial services sector and less so for consumer products
industry. What are the primary objectives of your risk management function? When
specifically asked in a survey conducted, 33% of respondents stated that their risk
management function is indeed expressly mandated to optimise risk.
Risks in Banking
Risks manifest themselves in many ways and the risks in banking are a result of
many diverse activities, executed from many locations and by numerous people. As a
financial intermediary, banks borrow funds and lend them as a part of their primary
activity. This intermediation activity, of banks exposes them to a host of risks. The
volatility in the operating environment of banks will aggravate the effect of the various
risks. The case discusses the various risks that arise due to financial intermediation and
by highlighting the need for asset-liability management; it discusses the Gap Model for
risk management.
Typology of Risk Exposure
Based on the origin and their nature, risks are classified into various categories.
The most prominent financial risks to which the banks are exposed to taking into
consideration practical issues including the limitations of models and theories, human
14
0871913907
factor, existence of frictions such as taxes and transaction cost and limitations on quality
and quantity of information, as well as the cost of acquiring this information, and more.
FINANCIAL RISKS
MARKET
RISK
LIQUIDITY
RISK
OPERATIONAL
RISK
CREDIT RISK
LEGAL &
REGULATORY RISK
FUNDING
LIQUIDITY RISK
TRANSACTION
RISK
ISSUE RISK
EQUITY RISK
HUMAN
FACTOR RISK
TRADING
LIQUIDITY RISK
PORTFOLIO
CONCENTRATION
ISSUER RISK
INEREST
RATE RISK
COUNTERPARTY
RISK
CURRENCY
RISK
COMMODITY
RISK
15
TRADING
RISK
GENERAL
MARKET RISK
0871913907
GAP RISK
SPECIFIC
RISK
1. MARKET RISK
Market risk is that risk that changes in financial market prices and rates will
reduce the value of the banks positions. Market risk for a fund is often measured relative
to a benchmark index or portfolio, is referred to as a risk of tracking error market risk
also includes basis risk, a term used in risk management industry to describe the chance
of a breakdown in the relationship between price of a product, on the one hand, and the
price of the instrument used to hedge that price exposure on the other. The market-Var
methodology attempts to capture multiple component of market such as directional risk,
convexity risk, volatility risk, basis risk, etc.
2. CREDIT RISK
Credit risk is that risk that a change in the credit quality of a counterparty will
affect the value of a banks position. Default, whereby a counterparty is unwilling or
unable to fulfill its contractual obligations, is the extreme case; however banks are also
exposed to the risk that the counterparty might downgraded by a rating agency.
Credit risk is only an issue when the position is an asset, i.e., when it exhibits a
positive replacement value. In that instance if the counterparty defaults, the bank either
loses all of the market value of the position or, more commonly, the part of the value that
it cannot recover following the credit event. However, the credit exposure induced by the
replacement values of derivative instruments are dynamic: they can be negative at one
point of time, and yet become positive at a later point in time after market conditions
have changed. Therefore the banks must examine not only the current exposure,
16
0871913907
measured by the current replacement value, but also the profile of future exposures up to
the termination of the deal.
3. LIQUIDITY RISK
Liquidity risk comprises both
necessary cash to roll over its debt, to meet the cash, margin, and collateral requirements
of counterparties, and (in the case of funds) to satisfy capital withdrawals. Funding
liquidity risk is affected by various factors such as the maturities of the liabilities, the
extent of reliance of secured sources of funding, the terms of financing, and the breadth
of funding sources, including the ability to access public market such as commercial
paper market. Funding can also be achieved through cash or cash equivalents, buying
power , and available credit lines.
Trading-related liquidity risk, often simply called as liquidity risk, is the risk that
an institution will not be able to execute a transaction at the prevailing market price
because there is, temporarily, no appetite for the deal on the other side of the market. If
the transaction cannot be postponed its execution my lead to substantial losses on
position. This risk is generally very hard to quantify. It may reduce an institutions ability
to manage and hedge market risk as well as its capacity to satisfy any shortfall on the
funding side through asset liquidation.
4. OPERATIONAL RISK
It refers to potential losses resulting from inadequate systems, management
failure, faulty control, fraud and human error. Many of the recent large losses related to
derivatives are the direct consequences of operational failure. Derivative trading is more
prone to operational risk than cash transactions because derivatives are, by heir nature,
leveraged transactions. This means that a trader can make very large commitment on
17
0871913907
behalf of the bank, and generate huge exposure in to the future, using only small amount
of cash. Very tight controls are an absolute necessary if the bank is to avoid huge losses.
Operational risk includes fraud, for example when a trader or other employee
intentionally falsifies and misrepresents the risk incurred in a transaction. Technology
risk, and principally computer system risk also fall into the operational risk category.
5. LEGAL RISK
Legal risk arises for a whole of variety of reasons. For example, counterparty
might lack the legal or regulatory authority to engage in a transaction. Legal risks usually
only become apparent when counterparty, or an investor, lose money on a transaction and
decided to sue the bank to avoid meeting its obligations. Another aspect of regulatory risk
is the potential impact of a change in tax law on the market value of a position.
6. HUMAN FACTOR RISK
Human factor risk is really a special form of operational risk. It relates to the
losses that may result from human errors such as pushing the wrong button on a
computer, inadvertently destroying files, or entering wrong value for the parameter input
of a model.
18
0871913907
MARKET RISK
What is Market Risk?
Market Risk may be defined as the possibility of loss to a bank caused by changes
in the market variables. The Bank for International Settlements (BIS) defines market risk
as the risk that the value of 'on' or 'off' balance sheet positions will be adversely affected
by movements in equity and interest rate markets, currency exchange rates and
commodity prices". Thus, Market Risk is the risk to the bank's earnings and capital due to
changes in the market level of interest rates or prices of securities, foreign exchange and
equities, as well as the volatilities of those changes. Besides, it is equally concerned about
the bank's ability to meet its obligations as and when they fall due. In other words, it
should be ensured that the bank is not exposed to Liquidity Risk. Thus, focus on the
management of Liquidity Risk and Market Risk, further categorized into interest rate risk,
foreign exchange risk, commodity price risk and equity price risk. An effective market
risk management framework in a bank comprises risk identification, setting up of limits
and triggers, risk monitoring, models of analysis that value positions or measure market
risk, risk reporting, etc.
Types of market risk
19
0871913907
Interest rate risk is the risk where changes in market interest rates might adversely
affect a bank's financial condition. The immediate impact of changes in interest rates is
on the Net Interest Income (NII). A long term impact of changing interest rates is on the
bank's networth since the economic value of a bank's assets, liabilities and off-balance
sheet positions get affected due to variation in market interest rates. The interest rate risk
when viewed from these two perspectives is known as 'earnings perspective' and
'economic value' perspective, respectively.
Management of interest rate risk aims at capturing the risks arising from the
maturity and repricing mismatches and is measured both from the earnings and economic
value perspective.
Earnings perspective involves analyzing the impact of changes in interest
rates on accrual or reported earnings in the near term. This is measured by
measuring the changes in the Net Interest Income (NII) or Net Interest Margin
(NIM) i.e. the difference between the total interest income and the total interest
expense.
Economic Value perspective involves analyzing the changes of impact on
interest on the expected cash flows on assets minus the expected cash flows on
liabilities plus the net cash flows on off-balance sheet items. It focuses on the risk
to networth arising from all repricing mismatches and other interest rate sensitive
positions. The economic value perspective identifies risk arising from long-term
interest rate gaps.
The management of Interest Rate Risk should be one of the critical components of
market risk management in banks. The regulatory restrictions in the past had greatly
reduced many of the risks in the banking system. Deregulation of interest rates has,
however, exposed them to the adverse impacts of interest rate risk. The Net Interest
Income (NII) or Net Interest Margin (NIM) of banks is dependent on the movements of
interest rates. Any mismatches in the cash flows (fixed assets or liabilities) or repricing
20
0871913907
dates (floating assets or liabilities), expose bank's NII or NIM to variations. The earning
of assets and the cost of liabilities are now closely related to market interest rate volatility
Generally, the approach towards measurement and hedging of IRR varies with the
segmentation of the balance sheet. In a well functioning risk management system, banks
broadly position their balance sheet into Trading and Banking Books. While the assets
in the trading book are held primarily for generating profit on short-term differences in
prices/yields, the banking book comprises assets and liabilities, which are contracted
basically on account of relationship or for steady income and statutory obligations and
are generally held till maturity. Thus, while the price risk is the prime concern of banks in
trading book, the earnings or economic value changes are the main focus of banking
book.
risk refers to the sensitivity of an instrument / portfolio value to the change in the level
of broad stock market indices. Specific / Idiosyncratic risk refers to that portion of the
stocks price volatility that is determined by characteristics specific to the firm, such as its
line of business, the quality of its management, or a breakdown in its production process.
The general market risk cannot be eliminated through portfolio diversification while
specific risk can be diversified away.
a result of adverse exchange rate movements during a period in which it has an open
position, either spot or forward, or a combination of the two, in an individual foreign
currency. The banks are also exposed to interest rate risk, which arises from the maturity
mismatching of foreign currency positions. Even in cases where spot and forward
positions in individual currencies are balanced, the maturity pattern of forward
21
0871913907
transactions may produce mismatches. As a result, banks may suffer losses as a result of
changes in premia/discounts of the currencies concerned.
In the forex business, banks also face the risk of default of the counterparties or
settlement risk. While such type of risk crystallization does not cause principal loss,
banks may have to undertake fresh transactions in the cash/spot market for replacing the
failed transactions. Thus, banks may incur replacement cost, which depends upon the
currency rate movements. Banks also face another risk called time-zone risk or Herstatt
risk which arises out of time-lags in settlement of one currency in one center and the
settlement of another currency in another time-zone. The forex transactions with
counterparties from another country also trigger sovereign or country risk (dealt with in
details in the guidance note on credit risk).
The three important issues that need to be addressed in this regard are:
1. Nature and magnitude of exchange risk
2. Exchange managing or hedging for adopted be to strategy>
3. The tools of managing exchange risk
and foreign exchange risk, since most commodities are traded in the market in
which the concentration of supply can magnify price volatility. Moreover,
fluctuations in the depth of trading in the market (i.e., market liquidity) often
accompany and exacerbate high levels of price volatility. Therefore, commodity
prices generally have higher volatilities and larger price discontinuities.
22
0871913907
23
0871913907
capital for market risk as envisaged in Amendment to the Capital Accord to incorporate
market risks published in January 1996 by BCBS and prepare themselves to follow the
international practices in this regard at a suitable date to be announced by RBI.
24
0871913907
of internal controls. In particular, they address the need for effective interest rate risk
measurement, monitoring and control functions within the interest rate risk management
process. The principles are intended to be of general application, based as they are on
practices currently used by many international banks, even though their specific
application will depend to some extent on the complexity and range of activities
undertaken by individual banks. Under the New Basel Capital Accord, they form
minimum standards expected of internationally active banks. The principles are given in
Annexure II.
CREDIT RISK
What is Credit Risk?
Credit risk is defined as the possibility of losses associated with diminution in the
credit quality of borrowers or counterparties. In a bank's portfolio, losses stem from
outright default due to inability or unwillingness of a customer or counterparty to meet
commitments in relation to lending, trading, settlement and other financial transactions.
Alternatively, losses result from reduction in portfolio value arising from actual or
perceived deterioration in credit quality. Credit risk emanates from a bank's dealings with
an individual, corporate, bank, financial institution or a sovereign. Credit risk may take
the following forms
In the case of direct lending: principal/and or interest amount may not be repaid;
In the case of guarantees or letters of credit: funds may not be forthcoming from
the constituents upon crystallization of the liability;
In the case of treasury operations: the payment or series of payments due from the
counter parties under the respective contracts may not be forthcoming or ceases;
In the case of securities trading businesses: funds/ securities settlement may not
be effected;
25
0871913907
In the case of cross-border exposure: the availability and free transfer of foreign
currency funds may either cease or the sovereign may impose restrictions.
security.
Since S&P and Moody's are considered to have expertise in credit rating and are
regarded as unbiased evaluators, there ratings are widely accepted by market participants
and regulatory agencies. Financial institutions, when required to hold investment grade
bonds by their regulators use the rating of credit agencies such as S&P and Moody's to
determine which bonds are of investment grade.
The subject of credit rating might be a company issuing debt obligations. In the
case of such issuer credit ratings the rating is an opinion on the obligors
overall
capacity to meet its financial obligations. The opinion is not specific to any particular
liability of the company, nor does it consider merits of having guarantors for some of the
obligations. In the issuer credit rating categories are
a) Counterparty ratings
26
0871913907
industry as well as the expected growth of the industry and its vulnerability to
technological changes, regulatory changes, and labor relations.
27
0871913907
Average
High
RR
Corresponding Probable
0
1
2
3
4
5
6
7
8
B-
10
11
12
CCC+/CCC
CCIn Default
Investment Grade
Below Investment
Grade
The steps in the RRS (nine, in our prototype system) typically start with a
financial assessment of the borrower (initial obligor rating), which sets a floor on the
obligor rating (OR). A series of further steps (four) arrive at the final obligor rating. Each
one of steps 2 to 5 may result in the downgrade of the initial rating attributed at step 1.
28
0871913907
These steps include analyzing the managerial capability of the borrower (step 2),
examining the borrowers absolute and relative position within the industry (step 3),
reviewing the quality of the financial information (step 4) and the country risk (step 5).
The process ensures that all credits are objectively rated using a consistent process to
arrive at the accurate rating.
Additional steps (four, in our example) are associated with arriving at a final facility
rating, which may be
examining third-party support (step 6), factoring in the maturity of the transaction (step
7), reviewing how strongly the transaction is structured. (step 8), and assessing the
amount of collateral (step 9).
b) Measurement of Default Probability and Recovery Rates.
Credit rating systems can be compared to multivariate credit scoring systems to
evaluate their ability to predict bankruptcy rates and also to provide estimates of the
severity of losses. Altman and Saunders (1998) provide a detailed survey of credit risk
management approaches. They compare four methodologies for credit scoring:
1. The linear probability model
2. The logit model
3. The probit model
4. The discriminant analysis model
The logit model assumes that the default probability is logistically distributed, and
applies a few accounting variables to predict the default probability. The linear
probability model is based on a linear regression model, and makes use of a number of
accounting variables to try to predict the probability of default. The multiple discriminant
analysis (MDA), proposed and advocated by Aitman is based on finding a linear function
of both accounting and market based variables that best discriminates between two
groups: firms that actually defaulted and firms that did not default.
The linear models are based on empirical procedures. They are not found in
theory of the firm OR any theoretical stochastic processes for leveraged firms.
29
0871913907
Organizational Structure
Operations/ Systems
Policy and Strategy
The Board of Directors of each bank shall be responsible for approving and
periodically reviewing the credit risk strategy and significant credit risk policies.
Credit Risk Policy
1. Every bank should have a credit risk policy document approved by the Board. The
document should include risk identification, risk measurement, risk grading/
aggregation techniques, reporting and risk control/ mitigation techniques,
documentation, legal issues and management of problem loans.
2. Credit risk policies should also define target markets, risk acceptance criteria,
credit approval authority, credit origination/ maintenance procedures and
guidelines for portfolio management.
3. The credit risk policies approved by the Board should be communicated to
branches/controlling offices. All dealing officials should clearly understand the
30
0871913907
bank's approach for credit sanction and should be held accountable for complying
with established policies and procedures.
4. Senior management of a bank shall be responsible for implementing the credit
risk policy approved by the Board.</P< LI>
Credit Risk Strategy
1. Each bank should develop, with the approval of its Board, its own credit risk
strategy or plan that establishes the objectives guiding the bank's credit-granting
activities and adopt necessary policies/ procedures for conducting such activities.
This strategy should spell out clearly the organizations credit appetite and the
acceptable level of risk-reward trade-off for its activities.
2. The strategy would, therefore, include a statement of the bank's willingness to
grant loans based on the type of economic activity, geographical location,
currency, market, maturity and anticipated profitability. This would necessarily
translate into the identification of target markets and business sectors, preferred
levels of diversification and concentration, the cost of capital in granting credit
and the cost of bad debts.
3. The credit risk strategy should provide continuity in approach as also take into
account the cyclical aspects of the economy and the resulting shifts in the
composition/ quality of the overall credit portfolio. This strategy should be viable
in the long run and through various credit cycles.
4. Senior management of a bank shall be responsible for implementing the credit
risk strategy approved by the Board.
Organizational Structure
31
0871913907
32
0871913907
33
0871913907
Credit Risk Models have assumed importance because they provide the decision
maker with insight or knowledge that would not otherwise be readily available or that
could be marshalled at prohibitive cost. In a marketplace where margins are fast
disappearing and the pressure to lower pricing is unrelenting, models give their users a
competitive edge. The credit risk models are intended to aid banks in quantifying,
aggregating and managing risk across geographical and product lines. The outputs of
these models also play increasingly important roles in banks' risk management and
performance measurement processes, customer profitability analysis, risk-based pricing,
active portfolio management and capital structure decisions. Credit risk modeling may
result in better internal risk management and may have the potential to be used in the
supervisory oversight of banking organizations.
34
0871913907
accounting for operational risk. Under the Internal Rating Based (IRB) approach, the
Committee's ultimate goals are to ensure that the overall level of regulatory capital is
sufficient to address the underlying credit risks and also provides capital incentives
relative to the standardized approach, i.e., a reduction in the risk weighted assets of 2% to
3% (foundation IRB approach) and 90% of the capital requirement under foundation
approach for advanced IRB approach to encourage banks to adopt IRB approach for
providing capital.
The minimum capital adequacy ratio would continue to be 8% of the riskweighted assets, which cover capital requirements for market (trading book), credit and
operational risks. For credit risk, the range of options to estimate capital extends to
include a standardized, a foundation IRB and an advanced IRB approaches.
35
0871913907
OPERATIONAL RISK
What is Operational Risk?
Operational risk is the risk associated with operating a
business. Operational risk covers such a wide area that it is useful to subdivide
operational risk into two components:
operating the business. A firm uses people, processes and technology to achieve the
business plans, and any one of these factors may experience a failure of some kind.
Accordingly, operational failure risk can be defined as the risk that there will be a failure
36
0871913907
of people, processes or technology within the business unit. A portion of failure may be
anticipated, and these risks should be built into the business plan. But it is unanticipated,
and therefore uncertain, failures that give rise to key operational risks. These failures can
be expected to occur periodically, although both their impact and their frequency may be
uncertain.
The impact or severity of a financial loss can be divided into two categories:
An expected amount
An unexpected amount.
The latter is itself subdivided into two classes: an amount classed as severe, and a
catastrophic amount. The firm should provide for the losses that arise from the expected
component of these failures by charging expected revenues with a sufficient amount of
reserves. In addition, the firm should set aside sufficient economic capital to cover the
unexpected component, or resort to insurance.
factors, such as a
new
competitor that changes the business paradigram, a major political and regulatory regime
change, and earthquakes and other such factors that are outside the control of the firm. It
also arises from major new strategic initiatives, such as developing a new line of business
or re-engineering an existing business line. All business rely on people, processes and
technology outside their business unit, and the potential for failure exists there too, this
type of risk is referred to as external dependency risk.
People
Process
Technology
Gitarattan International
SchoolCategories
Figure: Business
Two Broad
Political
Taxation
Regulation
Government
of Operational
Risk
Societal
Competition, etc.
37
0871913907
The figure above summarizes the relationship between operational failure risk and
operational strategic risk. These two principal categories of risk are also sometimes
defined as internal and external operational risk.
Operational risk is often thought to be limited to losses that can occur in operating
or processing centers. This type of operational risk, sometimes referred as operations risk,
is an important component, but it by no means covers all of the operational risks facing
the firm. Our definition of operational risk as the risk associated with operating the
business means significant amounts of operational risk are also generated outside the
processing centers.
Risk begins to accumulate even before the design of the potential transaction gets
underway. It is present during negotiations with the client (regardless of whether the
negotiation is a lengthy structuring exercise or a routine electronic negotiation.) and
continues after the negotiation as the transaction is serviced.
A complete picture of operational risk can only be obtained if the banks activity
is analyzed from beginning to end. Several things have to be in place before a transaction
is negotiated, and each exposes the firm to operational risk. The activity carried on behalf
of the client by the staff can expose the institution to people risk. People risk are not
38
0871913907
only in the form of risk found early in a transaction. But they further rely on using
sophisticated financial models to price the transaction. This creates what is called as
Model risk which can arise because of wrong parameters like input to the model, or
because the model is used inappropriately and so on.
Once the transaction is negotiated and a ticket is written, errors can occur as the
transaction is recorded in various systems or reports. An error here may result in the
delayed settlement of the transaction, which in turn can give rise to fines and other
penalties. Further an error in market risk and credit risk report might lead to the
exposures generated by the deal being understated. In turn this can lead to the execution
of additional transactions that would otherwise not have been executed. These are
examples of what is often called as process risk
The system that records the transaction may not be capable of handling the
transaction or it may not have the capacity to handle such transactions. If any one of the
step is out-sourced, then external dependency risk also arises. However, each type of risk
can be captured either as people, processes, technology, or an external dependency risk,
and each can be analyzed in terms of capacity, capability or availability
Who Should Manage Operational Risk?
The responsibility for setting policies concerning operational risk remains with
the senior management, even though the development of those policies may be delegated,
and submitted to the board of directors for approval. Appropriate policies must be put in
place to limit the amount of operational risk
management needs to give authority to change the operational risk profile to those who
are the best able to take action. They must also ensure that a methodology for the timely
and effective monitoring of the risks that are incurred is in place. To avoid any conflict of
interest, no single group within the bank should be responsible for simultaneously setting
policies, taking action and monitoring risk.
Internal Audit
39
0871913907
Senior Management
Business Management
Risk Management
Legal
Insurance
Operations
Finance
Information
Technology
Policy Setting
The authority to take action generally rests with business management, which is
responsible for controlling the amount of operational risk taken within each business line.
The infrastructure and the governance groups share with business management the
responsibility for managing operational risk.
The responsibility for the development of a methodology for measuring and
monitoring operational risks resides most naturally with group risk management
functions. The risk management function also needs to ensure the proper operational risk/
reward analysis is performed in the review of existing businesses and before the
introduction of new initiatives and products. In this regard, the risk management function
works very closely with, but independent from, business management, infrastructure, and
other governance group
40
0871913907
1. Policy
2.Risk Identification
8. Economic Capital
7. Risk Analysis
3. Business Process
Best Practice
6. Reporting
4. Measuring Methodology
5. Exposure Management
41
0871913907
1. Incompetancy.
2. Fraud.
2. Process Risk
Model Risk
TR
1. Execution error.
2. Product complexity.
3. Booking error.
OCR
4. Settlement error.
1. Exceeding limits.
2. Security risk.
3. Technology Risk
3.Volume risk.
1. System failure.
2. Programming error.
42
0871913907
3. Information risk.
4. Telecommunications failure.
43
0871913907
units throughout the bank. This problem of measuring operational risk can be best
achieved by means of a four-step operational risk process. The following are the four
steps involved in the process:
1. Input.
2. Risk assessment framework.
3. Review and validation.
4. Output.
1. Input:
The first step in the operational risk measurement process is to gather the
information needed to perform a complete assessment of all significant operational risks.
A key source of this information is often the finished product of other groups. For
example, a unit that supports the business group often publishes report or documents that
may provide an excellent starting point for the operational risk assessment.
Sources of Information in the Measurement Process of Operational Risk :The
Inputs (for Assessment)
Likelihood of Occurrence
Audit report
Regulatory report
Management report
Expert opinion
Business Recovery Plan
Business plans
Budget plans
Operations plans
Severity
Management interviews
Loss history
44
0871913907
gaps in the information often need to be filled through discussion with the relevant
managers.
Typically, there are not sufficient reliable historical data available to confidently
project the likelihood or severity of operational losses. One often needs to rely on the
expertise of business management, until reliable data are compiled to offer an assessment
of the severity of the operational failure for each of the risks. The time frame employed
for all aspects of the assessment process is typically one year. The one-year time horizon
is usually selected to align with the business planning cycle of the bank.
45
0871913907
One may view the sources that drive the headline risk categories as falling under the
broad categories of Change refers to such items as introducing new technology or
new products, a merger or acquisition, or moving from internal supply to outsourcing,
etc. Complexity refers to such items as complexity of products, process or
technology. Complacency refer to ineffective management of the business.
4. Net likelihood assessment
The likelihood that an operational failure might occur within the next year should be
assessed, net of risk mitigants such as insurance, for each identified risk exposure and
for each of the four headline risk categories. Since it is often unclear how to quantify
risk, this assessment can be rated along five point likelihood continuum from very
low, low, medium, high and very high.
5. Severity assessment
Severity describes the potential loss to the bank given that an operational risk failure
has occurred. It should be assessed for each identified risk exposure.
6. Combined likelihood and severity into the overall Operational Risk Assessment
Operational risk measures are constrained in that there is not usually a defensible way
to combine the individual likelihood of loss and severity assessments into overall
measure of operational risk within a business unit. To do so, the likelihood of loss
would need to be expressed in numerical terms. This cannot be accomplished without
statistically significant historical data on operational losses.
7. Defining Cause and Effect:
Loss data are easier to collect than data associated with the cause of loss. This
complicates the measurement of operational risk because each loss is likely to have
several causes. This relationship between these causes, and the relative importance of
each, can be difficult to assess in an objective fashion.
3. Review and validation:
Once the report is generated. First the centralised operational risk management
group (ORMG) reviews the assessment results with senior business unit management and
key officers, in order to finalize the proposed operational risk rating. Second, one may
46
0871913907
want an operational risk rating committee to review the assessment a validation process
similar to that followed by credit rating agencies. This takes the form of review of the
individual risk assessments by knowledgeable senior committee personnel to ensure that
the framework has been consistently applied across businesses, that there has been
sufficient scrutiny to remove any imperfections, and so on. The committee should have
representation from business management, audit, and functional areas, and be chaired by
risk management unit.
4. Output
The final assessment of operational risk will be formally reported to business
management, the centralised risk-adjusted return on capital (RAROC) group, and the
partners in corporate governance such as internal audit and compliance. The output of the
assessment process has two main uses:
1. The assessment provides better operational risk information to management for
use in improving risk management decisions.
2. The assessment improves the allocation of economic capital to better reflect the
extent of the operational riskier, being taken by a business unit.
3. The over all assessment of the likelihood of operational risk & severity of loss for
a business unit can be shown as:
Medium
Risk
Severity of Loss ($)
Low
Risk
Mgmt. Attention
High
Risk
Medium
Risk
47
0871913907
one can transfer risk to another party. Of course, not all-operational risks are insurable,
and in that case of those that are insurable the required premium may be prohibitive. The
strategy and eventually the decision should be based on cost benefit analysis.
48
0871913907
The firms exposure will be known and disseminated in real time. Evaluating the
risk of a specific deal will take into account its effect on the firms total risk exposure,
rather than simply the exposure of the individual deal.
Banks that dominate this technology will gain a tremendous competitive
advantage. Their information technology and trading infrastructure will be cheaper than
todays by orders of magnitude. Conversely, banks that attempt to build this infrastructure
in-house will become trapped in a quagmire of large, expensive IT departments-and
poorly supported software.
The successful banks will require far fewer risk systems. Most of which will be
based on a combination of industry standard, reusable, robust risk software and highly
sophisticated proprietary analytics. More importantly, they will be free to focus on their
core business and offer products more directly suited to their customers desired return to
risk profiles.
Study of Operational Risk at Punjab National Bank
About Punjab National Bank
Established in 1895 at Lahore, undivided India, Punjab National Bank (PNB) has
the distinction of being the first Indian bank to have been started solely with Indian
capital.The bank was nationalised in July 1969 along with 13 other banks. From its
modest beginning, the bank has grown in size and stature to become a front-line banking
institution in India at present. It is a professionally managed bank with a successful track
record of over 110 years.
It has the largest branch network in India - 4525 Offices including 432 Extension
Counters spread throughout the country. With its presence virtually in all the important
centres of the country, Punjab National Bank offers a wide variety of banking services
which include corporate and personal banking, industrial finance, agricultural finance,
financing of trade and international banking. Among the clients of the Bank are Indian
conglomerates, medium and small industrial units, exporters, non-resident Indians and
49
0871913907
multinational companies. The large presence and vast resource base have helped the Bank
to build strong links with trade and industry.
Operational Risk
Punjab National Bank is exposed to many types of operational risk. Operational risk can
result from a variety of factors, including:
1. Failure to obtain proper internal authorizations,
2. Improperly documented transactions,
3. Failure of operational and information security procedures,
4. Computer systems,
5. Software or equipment,
6. Fraud,
7. Inadequate training and employee errors.
PNB attempts to mitigate operational risk by maintaining a comprehensive system of
internal controls, establishing systems and procedures to monitor transactions,
maintaining key backup procedures and undertaking regular contingency planning.
I. Operational Controls and Procedures in Branches
PNB has operating manuals detailing the procedures for the processing of various
banking transactions and the operation of the application software. Amendments to these
manuals are implemented through circulars sent to all offices.
When taking a deposit from a new customer, PNB requires the new customer to complete
a relationship form, which details the terms and conditions for providing various banking
services.
Photographs of customers are also obtained for PNBs records, and specimen signatures
are scanned and stored in the system for online verification. PNB enters into a
relationship with a customer only after the customer is properly introduced to PNB.
When time deposits become due for repayment, the deposit is paid to the depositor.
System generated reminders are sent to depositors before the due date for repayment.
50
0871913907
Where the depositor does not apply for repayment on the due date, the amount is
transferred to an overdue deposits account for follow up.
PNB has a scheme of delegation of financial powers that sets out the monetary limit for
each employee with respect to the processing of transactions in a customer's account.
Withdrawals from customer accounts are controlled by dual authorization. Senior officers
have delegated power to authorize larger withdrawals. PNBs operating system validates
the check number and balance before permitting withdrawals. PNBs banking software
has multiple security features to protect the integrity of applications and data.
PNB gives importance to computer security and has s a comprehensive information
technology security policy. Most of the information technology assets including critical
servers are hosted in centralized data centers, which are subject to appropriate physical
and logical access controls.
51
0871913907
PNB has centralized transaction processing on a nationwide basis for transactions like the
issue of ATM cards and PIN mailers, reconciliation of ATM transactions, monitoring of
ATM functioning, issue of passwords to Internet banking customers, depositing postdated cheques received from retail loan customers and credit card transaction processing.
Centralized processing has been extended to the issuance of personalized check books,
back office activities of non-resident Indian accounts, opening of new bank accounts for
customers who seek web broking services and recovery of service charges for accounts
for holding shares in book-entry form.
IV. Operational Controls and Procedures in Treasury
PNB has a high level of automation in trading operations. PNB uses technology to
monitor risk limits and exposures. PNBs front office, back office and accounting and
reconciliation functions are fully segregated in both the domestic treasury and foreign
exchange treasury. The respective middle offices use various risk monitoring tools such
as counterparty limits, position limits, exposure limits and individual dealer limits.
Procedures for reporting breaches in
limits are also in place.
PNBs front office treasury operation for rupee transactions consists of operations in
fixed income securities, equity securities and inter-bank money markets. PNBs dealers
analyze the market conditions and take views on price movements. Thereafter, they strike
deals in conformity with various limits relating to counterparties, securities and brokers.
The deals are then forwarded to the back office for settlement.
The inter-bank foreign exchange treasury operations are conducted through Reuters
dealing systems. Brokered deals are concluded through voice systems. Deals done
through Reuters systems are captured on a real time basis for processing. Deals carried
out through voice systems are input in the system by the dealers for processing. The
entire process from deal origination to settlement and accounting takes place via straight
through processing. The processing ensures adequate checks at critical stages. Trade
strategies are discussed frequently and decisions are taken based on market forecasts,
52
0871913907
V. Audit
The Internal Audit Group undertakes a comprehensive audit of all business groups and
other functions, in accordance with a risk-based audit plan. This plan allocates audit
resources based on an assessment of the operational risks in the various businesses. The
Internal Audit group conceptualizes and implements improved systems of internal
controls, to minimize operational risk. The audit plan for every fiscal year is approved by
the Audit Committee of PNBs board of directors. The Internal Audit group also has a
dedicated team responsible for information technology security audits. Various
components of information technology from applications to databases, networks and
operating systems are covered under the annual audit plan.
53
0871913907
REFERENCES
Books:
Galai, Mark, Crouny , Risk Management, second edition.
Bhole L. M, Financial Institutions and Markets Structure, Growth and
Innovations, fourth edition.
Gleason T .James, Risk. The new Management Imperative in Finance,
fourth edition
Saunders Anthony, Credit Risk Management, second edition.
Schleiferr Bell, Risk Management, third edition.
54
0871913907
WEBSITES:
www.rbi.org
www.bis.com
www.iib.org
www.pnbindia.com
www.google.co.in
55