RISK MANAGEMENT IN BANKING

A PROJECT SUBMITTED IN
PART COMPLETION OF

MASTERS OF MANAGEMENT STUDIES

TO
UNIVERSITY OF MUMBAI

BY
NAYAN THARVAL

UNDER THE GUIDANCE OF

PROF. SONALI TIPRE

THAKUR INSTITUTE OF MANAGEMENT STUDIES & RESEARCH

KANDIALI (E), MUMBAI-400101
MMS (2005-2007)

1
CERTIFICATE
 THAKUR INSTITUTE OF MANAGEMENT
STUDIES AND RESEARCH, MUMBAI

This is to certify that Mr. Nayan Tharval of TIMSR has successfully

completed the project work titled Risk Management In Banking in

part completion for the degree of MMS prescribed by Mumbai

University

This project is the record of authentic work carried out by him and
References of work and relative sources of information have been
given at the end of the project.

___________________ _____________________

Signature of the Guide Signature of the Student Prof. Sonali Tipre

Nayan Tharval

2
Acknowledgement

We believe that behind the ascend of each and every student lie not only the
relentless urge to work hard but also the guidance and inspiration of their guide,
co-guide and other helpful people.
With a deep sense of gratitude I would like to thank each and every person who
has contributed towards the successful completion of the project work.

I owe a special thank to my project guide Prof. Sonali Tipre for providing me
with the valuable insights in to the projects. She elucidated me the minute
intricacies how the Banks carry out Risk Management and Measurement of
various risks that they are exposed to.

Sincere thanks to the workforce of TIMSR, for their kind and timely support &
cooperation.

3
4
Synopsis

Market volatility, corporate irregularities and anxious capital markets have

shaken the banking industry and highlighted the perils of poor risk management.
The past decade has seen dramatic losses in the banking industry. Firms that
had been performing well suddenly announced large losses due to credit
exposures that turned sour, interest rate positions taken, or derivative exposures
that may or may not have been assumed to hedge balance sheet risk. In
response to this, commercial banks have almost universally embarked upon an
upgrading of their risk management and control systems. Traditional risk systems
can't capture the inter-relationships between various risk types across
geographies, departments and lines of business. Since the late 1980s, a number
of large U.S. banks have invested heavily in systems designed to measure the
risks associated with their different lines of business. Risk management in the
banking sector is a key issue linked to financial system stability.

The immediate purpose of such risk-measurement systems is to provide bank

managements with a more reliable way to determine the amount of capital
necessary to support each of their major activities and, thus, to determine the
overall leverage for the bank as a whole. A large number of banks have
implemented new performance measures such as risk adjusted return on capital
(RAROC), economic value added (EVA) and Value at Risk (VaR) to control and
price their risks. The importance of these risk measurement tools has been
greatly magnified by regulators, such as the Federal Reserve and Bank of
England, who plan to start using these concepts to calculate the minimum
amount of capital that banks must hold. For competitive and regulatory reasons,
it is now necessary for all banks to have a sound risk-measurement framework

5
This report aims at:

i. Explaining the basic concepts of Risk and Risk Management. ii. Providing
quick access to the whys and hows of risk management.
iii. Providing easy-to-understand information, including equations and
examples that can be quickly applied to most risk measurement
problems.
iv. Providing information bout how risk measurement is used in the
management of risk and probability.
 6
Table of Content
Chapter Topic Page No.
No

Part – I : Risks In Banking – An Introduction

1 Introduction 9

1.1 Defining Risk 9

1.2 Defining Risk Management 9

1.3 Risk Management framework 9-10

2 Types Of Risks 11-13

3 Risk Management Systems and Procedures 14-16

4 Risk Measurement – An Introduction 17-19

4.1 Economic Capital 17

4.2 Risk Adjusted performance 18-19

Part – II : Credit Risk

5 Introduction to Credit Risk 21-27

5.1 Meaning of Credit Risk 21

5.2 Bifurcation of credit Risk 21-22

5.3 Sources of credit Risk 23

5.4 Need for Credit Risk Analysis 23-25

5.5 Quantifying credit risk 25-27

6 Types of Credit Structure 28-34

7 Credit Risk and Basel Accords 35-39

7.1 1998 Basel Accord 35-36

7.2 Basel 2 (New) accord 37-39

8 Credit Risk Measurement 40-47

8.1 EC Framework for Credit Risk Quantification 40

8.2 Calculationof EL andUL for Single Facility/Loan 41

8.3 Determining EL and UL due to default and 42-44

Downgrades

8.4 Calculation of EL and UL for Portfolio 45

8.5 RAROC over one Year 46-47

Part – III : Market Risk

9 Introduction to Market risk 49-51

9.1 Meaning of Market risk 49

9.2 The Three Main Factors of Market Risk 49-51

7
10 Market Risk Management 52-57

10.1 Board and Senior Management Oversight 52-53

10.2 Organizational Structure for Market Risk 54-57

11 Market Risk Monitoring And Control 58-69

11.1 Risk Monitoring 58

11.2 Risk Control 58-59

Part – Part Iv Operational Risk

12 Introduction To Operational Risk 61-62

12.1 Meaning of Operational Risk 61

12.2 Operational Risk Management Principles 61-62

 13 OperationalRiskManagementAnd Measurement 63

13.1 Board And Senior Management’s Oversight 63

13.2 Operational Risk Function 64

13.3 Operational Risk Assessment and Quantification 64

8
Part - I
Risk In Banking – An Overview

Banks are said to be in the business of making money by providing services to

customers and taking risks. In general, if a bank takes more risk it can expect to
make more money, but greater risk also increases
the danger that the bank could lose badly and be forced out of business. Banks
run their business with two goals in mind: to generate profit and to stay in
business. Banks therefore try to ensure that their risk taking is informed and
prudent. The control of that gambling is the business of risk management.

9
10
Chapter 1 Introduction

1.1 Defining Risk:

Financial risk in a banking organization is possibility that the outcome of an
action or event could bring up adverse impacts. Such outcomes could either
result in a direct loss of earnings / capital or may result in imposition of
constraints on bank’s ability to meet its business objectives. Such constraints
pose a risk as these could hinder a bank's ability to conduct its ongoing business
or to take benefit of opportunities to enhance its business. Risks are usually
defined by the adverse impact on profitability of several distinct sources of
uncertainty. While the types and degree of risks an organization may be exposed
to depend upon a number of factors such as its size, complexity business
activities, volume etc, it is believed that generally the banks face Credit, Market,
Liquidity, Operational, Compliance / legal / regulatory and reputation risks.

1.2 Defining Risk Management:

Risk Management is a discipline at the core of every financial institution and
encompasses all the activities that affect its risk profile. It involves identification,
measurement, monitoring and controlling risks. Risk management as commonly
perceived does not mean minimizing risk; rather the goal of risk management is
to optimize risk reward trade -off.

1.3 Risk Management framework.

A risk management framework encompasses the scope of risks to be managed,
the process/systems and procedures to manage risk and the roles and
responsibilities of individuals involved in risk management. The framework
should be comprehensive enough to capture all risks a bank is exposed to and
have flexibility to accommodate any change in business activities.

11
An effective risk management framework includes:

a) Clearly defined risk management policies and procedures covering risk

identification, acceptance, measurement, monitoring, reporting and control.

b) A well constituted organizational structure defining clearly roles and

responsibilities of individuals involved in risk taking as well as managing it.
Banks, in addition to risk management functions for various risk categories may
institute a setup that supervises overall risk management at the bank. Such a
setup could be in the form of a separate department or bank’s Risk Management
 Committee (RMC) could perform such function. The structure should be such
that ensures effective monitoring and control over risks being taken. The
individuals responsible for review function (Risk review, internal audit,
compliance etc) should be independent from risk taking units and report directly
to board or senior management who are also not involved in risk taking.

c) There should be an effective management information system that ensures

flow of information from operational level to top management and a system to
address any exceptions observed. There should be an explicit procedure
regarding measures to be taken to address such deviations.

d) The framework should have a mechanism to ensure an ongoing review of

systems, policies and procedures for risk management and procedure to adopt
changes.

12
Chapter 2 Types of Risks
Banks are exposed to the various kinds of risk. For e.g. Market risk, credit risk &
operational risk.

Bank operations

Market risk Operational risk Credit risk

Liquidity risk Forex risk Trading risk Traditional risk

 Interest rate risk

Pre
settlement settlement

The risks associated with the provision of banking services differ by the type of
service rendered. Three Broad categories of Risks faced by banks are
systematic or market risk, credit risk, and operational risk.

1. Systematic risk/ Market Risk is the risk of asset value change associated
with systematic factors. It is sometimes referred to as market risk, which is in fact
a somewhat imprecise term. By its nature, this risk can be hedged, but cannot be
diversified completely away. In fact, systematic risk can be thought of as
undiversifiable risk. All investors assume this type of risk, whenever assets
owned or claims issued can change in value as a result of broad economic
factors. As

13
such, systematic risk comes in many different forms. For the banking sector,
however, two are of greatest concern, namely variations in the general level of
interest rates and the relative value of currencies. Because of the bank's
dependence on these systematic factors, most try to estimate the impact of these
particular systematic risks on performance, attempt to hedge against them and
thus limit the sensitivity to variations in undiversifiable factors. Accordingly, most
will track interest rate risk closely. They measure and manage the firm's
vulnerability to interest rate variation, even though they can not do so perfectly.
At the same time, international banks with large currency positions closely
monitor their foreign exchange risk and try to manage, as well as limit, their
exposure to it. In a similar fashion, some institutions with significant investments
in one commodity such as oil, through their lending activity or geographical
franchise, concern themselves with commodity price risk. Others with high single-
industry concentrations may monitor specific industry concentration risk as well
as the forces that affect the fortunes of the industry involved.
2. Credit risk arises from non-performance by a borrower. It may arise from
either an inability or an unwillingness to perform in the pre committed contracted
manner. This can affect the lender holding the loan contract, as well as other
lenders to the creditor. Therefore, the financial condition of the borrower as well
as the current value of any underlying collateral is of considerable interest to its
bank. The real risk from credit is the deviation of portfolio performance from its
expected value. Accordingly, credit risk is diversifiable, but difficult to eliminate
completely. This is because a portion of the default risk may, in fact, result from
the systematic risk outlined above. In addition, the idiosyncratic nature of some
portion of these losses remains a problem for creditors in spite of the beneficial
effect of diversification on total uncertainty. This is particularly true for banks that
lend in local markets and ones that take on highly illiquid assets. In such cases,
the

14
credit risk is not easily transferred, and accurate estimates of loss are difficult to
obtain.

3. Operational risk is associated with the problems of accurately processing,

settling, and taking or making delivery on trades in exchange for cash. It also
arises in record keeping, processing system failures and compliance with various
regulations. As such, individual operating problems are small probability events
for well-run organizations but they expose a firm to outcomes that may be quite
costly.
 15
Chapter 3 Risk Management System and Procedure

The management of the banking firm relies on a sequence of steps to implement

a risk management system. These can be seen as containing the following four
parts:
(i) Standards and reports
(ii) Position limits or rules
(iii) Investment guidelines or strategies
(iv) Incentive contracts and compensation.
In general, these tools are established to measure exposure, define procedures
to manage these exposures, limit individual positions to acceptable levels, and
encourage decision makers to manage risk in a manner that is consistent with
the firm's goals and objectives. To see how each of these four parts of basic risk
management techniques achieves these ends, we elaborate on each part of the
process below.

(i) Standards and Reports

The first of these risk management techniques involves two different conceptual
activities, i.e., standard setting and financial reporting. They are listed together
because they are the sine qua non of any risk system. Underwriting standards,
risk categorizations, and standards of review are all traditional tools of risk
management and control. Consistent evaluation and rating of exposures of
various types are essential to understand the risks in the portfolio, and the extent
to which these risks must be mitigated or absorbed. The standardization of
financial reporting is the next ingredient. Obviously outside audits, regulatory
reports, and rating agency evaluations are essential for investors to gauge asset
quality and firm level risk.
These reports have long been standardized, for better or worse. However, the
need here goes beyond public reports and audited statements to the need for
management information on asset quality and risk posture. Such internal reports
need similar standardization

16
and much more frequent reporting intervals, with daily or weekly reports
substituting for the quarterly GAAP periodicity.

(ii) Position Limits and Rules

A second technique for internal control of active management is the use of
position limits, and/or minimum standards for participation. In terms of the latter,
the domain of risk taking is restricted to only those assets or counterparties that
pass some prespecified quality standard. Then, even for those investments that
are eligible, limits are imposed to cover exposures to counterparties, credits, and
overall position concentrations relative to various types of risks. While such limits
are costly to establish and administer, their imposition restricts the risk that can
be assumed by any one individual, and therefore by the organization as a whole.
In general, each person who can commit capital will have a well-defined limit.
This applies to traders, lenders, and portfolio managers. Summary reports show
limits as well as current exposure by business unit on a periodic basis. In large
organizations with thousands of positions maintained, accurate and timely
reporting is difficult, but even more essential.

(iii) Investment Guidelines and Strategies

Investment guidelines and recommended positions for the immediate future are
the third technique commonly in use. Here, strategies are outlined in terms of
concentrations and commitments to particular areas of the market, the extent of
desired asset-liability mismatching or exposure, and the need to hedge against
systematic risk of a particular type. The limits described above lead to passive
risk avoidance and/or diversification, because managers generally operate within
position limits and prescribed rules. Beyond this, guidelines offer firm level advice
as to the appropriate level of active management, given the state of the market
and the willingness of senior management to absorb the risks implied by the
aggregate portfolio. Such guidelines lead to firm level hedging and asset-liability
matching.

17
In addition, securitization and even derivative activity are rapidly growing
techniques of position management open to participants looking to reduce their
exposure to be in line with management's guidelines.

(iv) Incentive Schemes

To the extent that management can enter incentive compatible contracts with line
managers and make compensation related to the risks borne by these
individuals, then the need for elaborate and costly controls is lessened. However,
such incentive contracts require accurate position valuation and proper internal
control systems. Such tools which include position posting, risk analysis, the
allocation of costs, and setting of required returns to various parts of the
organization are not trivial. Notwithstanding the difficulty, well designed systems
align the goals of managers with other stakeholders in a most desirable way.

18
Chapter 4 Risk Measurement – An Introduction

Until and unless risks are not assessed and measured it will not be possible to
control risks. Further a true assessment of risk gives management a clear view of
institution’s standing and helps in deciding future action plan. To adequately
capture institutions risk exposure, risk measurement should represent aggregate
exposure of institution both risk type and business line and encompass short run
as well as long run impact on institution. To the maximum possible extent
institutions should establish systems / models that quantify their risk profile,
however, in some risk categories such as operational risk, quantification is quite
difficult and complex. Wherever it is not possible to quantify risks, qualitative
measures should be adopted to capture those risks. Economic Capital gives a
common framework for quantifying the risk arising from many diverse sources. It
also allows calculating the amount of equity capital that the bank should hold.
RAROC has become industry standard way of measuring risk-adjusted
probability. It allows comparing the probability of different transactions.

4.1. Economic capital

Economic capital is one of the most important risk metrics because it provides
with a unifying framework to translate all the risks into a single metric. For market
risks, daily value at risk is calculated and then translated into economic capital.
For credit and operating risks economic capital is directly estimated from the
probability distribution of losses. Economic capital is the net value the bank must
have at the beginning of the year to ensure that there is only a small probability
of defaulting within that year. The net value is the value of the assets minus the
liabilities. The small probability is the probability that corresponds to the bank’s
target credit rating.

19
4.2 .Risk Adjusted Performance
Economic capital is useful for identifying large risks and setting aside the
required amount of capital to be held by the bank to ensure smooth functioning
without defaulting. However, when deciding whether to carry out a transaction,
the bank is not only concerned about the risk, it is also interested in probability
relative to that risk. By measuring risk- adjusted performance (RAP), a bank can
integrate risk measurement into the daily profitability management of the
business. Traditionally, the banking industry relied on measurements that gave
an incomplete picture and its relation to risk. The two most common
measurements were Return on Assets (ROA) and Return on Equity (ROE). ROA
is a profit divided by the rupee value of the portfolio. ROE is the profitability
divided by either book capital or Regulatory capital. The book capital is the net
value of the bank as measured by accounting methods. The regulatory capital is
the minimum amount of capital that must be held by the bank according to
regulators such as the Bank of England and the Federal Reserve. The return on
assets takes no account of the risk of the assets. As an alternative, over the last
decade the industry has developed two metrics for risk-adjusted performance
that are based on Economic Capital: RAROC and SVA. RAROC is the risk-
adjusted return on capital, and SVA is shareholder value added.

4.2.1. Risk – Adjusted Return on Capital (RAROC) RAROC is the expected

net risk-adjusted profit (ENP) divided by the economic capital that is required to
support the transaction.

RAROC = ENP
EC

20
4.2.2. Shareholder Value Added (SVA)
Shareholder value added (SVA) gives a dollar- based measure of performance. It
is simply the actual or expected probability minus the required probability to meet
the hurdle rate.

SVA = ENP – H x EC

21
Part – II
Credit Risk

Burgeoning non-performing assets in the Indian banking system have brought

to light the inefficiencies in the credit risk management practices of Indian
banks. It is the time that Indian banks realize the importance of effective credit
risk management practices in mitigating their losses and improving their bottom
line.
 22
Chapter 5 Introduction to Credit Risk

5.1 Meaning of Credit Risk

The Reserve Bank of India has defined Credit Risk as the possibility of the loss
that stems from outright default due to inability or unwillingness of a customer or
counter party to meet their commitments in relation to lending, trading, settlement
and other financial transactions. If the probability of loss is high, the credit risk
involved is also high and vice-versa.

5.2 Bifurcation of Credit Risk

The study of credit risk can be bifurcated to facilitate better cognition of the
concept.

Overall Credit Risk

Firm Credit risk Portfolio Credit Risk

A single borrower/obligor exposure is generally known as Firm Credit Risk while

the credit exposure to a group of similar borrowers , is called portfolio Credit Risk
This bifurcation is important for the proper understanding and management of
credit risk as the ultimate reasons for failure to pay can be traced to economic,
industry, or customer – specific factors. While risk decides the fate of overall
portfolio, portfolio risk in turn determines the quantum of capital cushion required.

23
Both firm credit risk and portfolio credit risk are impacted or triggered by
systematic and unsystematic risks.
 Firm Credit Risk Portfolio Credit Risk Credit risk

Systematic Risk Unsystematic Risk Socio-political

Risks Business Risks Financial

Economic Risks

Other Exogenous Risks Risks

External forces that affect all business and households in the country or
economic system are called systematic risks and are considered as
uncontrollable. The second type of credit risks is unsystematic risks and is
controllable risks. They do not affect the entire economy or all business
enterprises/households. Such risks are largely industry specific and /or firm
specific. A creditor can diversify these risks by extending credit to a range of
customers.

24
5.3. Sources of Credit Risk
Credit – related losses can occur in the following ways:  A customer fails to
repay money that was lent by the bank  A customer enters into a derivative
contract with the bank in
which the payments are based on market prices, and then the market
moves so that the customer owes money, but customer fails to pay.
 The bank holds a debt security (e.g. a bond or a loan) and the credit quality
 of the security issuer falls, causing the value of the security to fall. Here, a
default has not occurred, but the increased possibility of a default makes
the security less valuable.
 The bank holds a debt security and the market’s price for risk changes. For
example, the price for all BB-rated bonds may fall because the market is
less wiling to take risks. In this case, there is no credit event, just a change
in market sentiment. This risk is therefore typically treated as market risk

5.4. Need for Credit Risk Analysis

Much of importance has been attached to credit risk analysis, especially by
banks and other financial intermediaries with significant credit exposure. The
main reasons are as follows:
 Prudence : It is the responsibility of the supplier of the credit to ensure that
their actions are prudent, because excessive credit will prove destructive
to everyone involved as has been evidenced by the demise of many
banks in Japan during the past decade, as the result of over lending in the
late 1980’s. Usually everyone is very confident during the heightened
pace of economic activity, and financial institutions are no exceptions.
Lending during the boom- phase is highly challenging and so is providing
credit during a recession period.

25
 Increase in bankruptcies: Recessionary phases are common in the
economy, although the timing and causes may be different for different
countries. In 2002/2003, the US economy went through massive job
losses and sluggish growth and was almost on the verge of an economic
slowdown. Given the fact that the incidence of bankruptcies during
recession is high, the role of accurate credit analysis is very important

 Disintermediation: With the expansion of the secondary capital and debt

markets, many good credit-worthy customers, especially the larger ones
access and raise funds directly from public. Since credit rating is
compulsory for raising debt from the public market, the firms that are not
able to fulfill this requirement approach financial intermediaries, including
 banks. This can result in the lowering of the quality of the credit asset
portfolio. Hence, a more vigilant approach by the lenders is necessary.

 Increase in Competition: he banking business is witnessing more

competition with the advent of the new generation banks and liberalization
policies pursued by governments. With the increase in the competition,
naturally pricing is under pressure. In other words, as your returns
become lower, technically your risk level should also reduce. So tighter
credit risk analysis is necessary.

 Volatility of collateral/asset values: Gone are the days, when collaterals

offered comfort. While it is no longer easy to insist on collateral security in
view of the increasing competition in the market. The land and houses that
are as collateral security with the bank against the loan issued by the bank
to customer may touch all time high during boom period but during
recession it

26
may not quote even half the value of the credit extended during boom
periods.

 Poor Asset Quality: Banks in India and abroad face the problem of non-
performing assets (NPA), i.e. credit assets that are on the verge of
becoming credit losses. In other words, they display high risk tendencies
to become bad debts. NPA management is a major challenge for banks.
Credit Risk analysis helps to keep check on NPA.

 High impact of Credit Losses: It is a common perception that a small

percentage of bad debts is acceptable and won’t do much damage.
However, unfortunately this is not true. Even a small credit facility turning
bad will hurt business, especially for banks and other financial
intermediaries operating in a highly competitive sector. Credit Risk
Analysis helps in minimizing credit loss which is a best option rather than
attempting to book 20, 25 or 50 times the business volumes, to ensure
adequate returns to shareholders.
5.5. Quantifying Credit Risk
Quantitative measurement has been adopted by banks to improve their
processes for selecting and pricing credit transactions. Quantitative
measurement has become even more important since it was adopted by the
Basel Committee on Banking as the basis for getting regulatory capital. A bank’s
credit risk has two distinct facets, “quality of Risk” and “quantity of risk”. The
former refers to “severity of losses”, by both default probability and the recoveries
that could affect in the event of default. The latter refers to the outstanding
balance as on the date of default.
Credit Risk is a function of other risks or the combined outcome of other risk
such as, Default risk, Exposure risk, and Recovery risk.

27
Default Risk: It is the probability of the event of default, i.e. missing a payment
obligation, breaking an agreement or economic default. A payment default is
declared when a scheduled payment is not made within 90 days from the due
date. Default Risk depends upon the credit standing of the borrower and is
measured by the probability that default occurs during a given time period.
Although this cannot be measured directly, it can be observed from historical
statistics or can be collected internally from rating agencies.

Exposure Risk: The uncertainty prevailing with future cash flows generates
exposure risk. The outstanding balances at the time of default are not known in
advance particularly under credit facilities like committed lines of credit,
overdrafts, project financing etc. Hence, the amount at risk in future that can
potentially be lost in case of default is uncertain.

Recovery Risk: The recoveries in case of losses are not predictable. They
depend upon the type of default, availability of collaterals, third party guarantees,
and legal issues.
 Collateral’s Value: The existence of collateral minimizes credit risk, if such
collateral can be easily possessed and has significant value. Sometimes,
the economic value of collateral assets might be eroded and may even be
less than the value of the outstanding debt.
 Guarantor’s Value: The net worth of the guarantors and, in turn, their ability
 to discharge liabilities upon invocation of guarantee may undergo changes
affecting the ultimate realizable amount.
 Legal Issues: Recovery risk depends upon the type of default. A payment
default doesn’t mean that the borrower will never pay, but it triggers
various types of actions such as renegotiation up to the obligation to repay
all outstanding balances.

5.5.1. Why Measure Credit Risk?

28
There are three main sets of decisions for which it is important to measure credit
risk such as: Origination, Portfolio optimization, and Capitalization

1. Supporting Origination Decisions: The most basic decision is whether to

accept a new asset into the portfolio. The origination decision can be framed
in two possible ways:
 29
 Given the risk and a fixed price, is the asset worth taking? This is the type
of decision made when dealing with a large volume of retail customers. It is a
more rigid approach where there is little opportunity to modify the price, and
therefore the decision becomes “yes/no”
 Given the risk, what price is required to make the asset worth buying?
This approach is typically used in a flexible, liquid trading environment, or in
negotiating rates and fees for a corporate loan

2. Supporting Portfolio Optimization: In optimizing a portfolio, the manager

seeks to minimize the ratio of risk to return. To reduce the portfolio’s risk, the
manager must know where there are concentrations of risk and how the risk
can be diversified. Quantifying credit risks with the help of appropriate credit-
portfolio model helps the bank manager to identify risk concentrations in the
given portfolio and allow the manager to try “what- if “analyses to test
strategies for diversifying the portfolio.

3. Supporting Capital Management: Quantification of credit risks helps to set

the provisions for expected losses over the next year, and the reserves, in case
losses are unusually bad. Credit risk measurement also helps to ensure whether
the total economic capital available is sufficient to maintain the bank’s target
credit rating given the risks or not. If it is insufficient, the bank must raise more
capital, reduce the risk or expect to be downgraded.

30
Chapter 6 Types of Credit Structure

Credit risk can arise in many ways, from granting loans to trading derivatives.
The amount of credit risk depends largely on the structure of the agreement
 between the bank and its customers. An agreement between a bank and a
customer that creates credit exposure is often called a credit structure or a
credit facility

1.Credit Exposure To Large
Corporations
Commercial loans Commercial
Lines Letter Of Credit &
Gurantees
Leases
Credit Exposure To
Credit derivatives Personal Loans
Credit cards
Car Loans
Leases and hire
purchase agreements
Credit Structure Mortgages
Retail Customers
Home-equity lines of
Credit Exposures In credit
Trading Operations

Bonds
Asset-backed securities
Securities lending and
repos
Margin accounts
Credit exposure for
derivatives

31
6.1 Credit Exposure to Large Corporations:

 Commercial Loans: Typically, commercial loans have fixed structure for

disbursements from the bank to the company and have a fixed schedule of
repayments, including interest payments. There may also be a fee paid by
the company at the initiation of the loan. The loan may be secured
(collateralized) or unsecured. If it is secured, then in the event of default, the
 bank will take legal possession of some specified asset and be able to sell
this to reduce the loss. An unsecured loan is a general obligation of the
company and in the case of default; the bank will just get its share of the
residual value of the company. The loan may also be classified as senior or
Subordinated(also called junior).When a company liquidates, it pays off the
senior loans first; then if there are any remaining assets, it pays off the
subordinated loans. As senior loans always get paid before subordinated
loans, they have lower loss in the event of default.
For credit risk measurement, the most important loan features are the
collateral type, the level of seniority, the term or maturity and the scheduled
amounts that are expected to be outstanding (i.e. the amount that the
company owes the bank at any given time)

 Commercial Lines: In a standard loan, the pattern of disbursements and

repayments is set on the day of closing deal. For a line of credit (also known
as revolver or a commitment), only a maximum amount is set in advance.
The company then draws on the line according to its needs and repays it
when it wishes. With a line of credit, the bank faces the possibility of loss on
both the drawn and undrawn amounts, and should therefore set aside
capital for each.

 Letters of Credit: There are two primary types of letters of credit (LC): Trade
LC and Backup LC. Trade LC is tied to specific export 32
transactions. A trade LC guarantees payment from a local importer to an
overseas exporter; if the importer fails to pay, the bank will pay, and then try
to reclaim the amount from the importer. For the bank, this creates a short-
term exposure to the local importer. A backup letter of credit is a general
form of guarantee or credit enhancement in which the bank agrees to make
payments to a third party if the bank’s customer fails. This is used to lower
the cost of the customer’s getting credit from the third party, because the
third party now only faces the risk of a bank default. He bank faces the full
default risk from its customer and has the same risk as if it had given the
customer a direct loan.

 Leases: Leases are form of collateralized loan, but with different tax
 treatment in certain situations. In an equipment lease, the equipment is
given to the customer, and n return, the customer makes rental payments.
After sufficient payments, the customer may keep the equipment. In terms
of credit risk, this is equivalent to giving the customer a loan, having them
buy the equipment, and pledging the equipment as collateral to secure the
loan. In both the cases, if the customer stops making payments, the bank
ends up owing the equipment.

 Credit Derivatives: In almost all cases, the calculation of the risk for credit
derivatives can be based on the analysis that would be used for the
underlying loan.
As a simple example, consider a derivative in which one bank agrees to
pay an initial amount, and in return, a second bank agrees to make
payments equal to all the payments they receive from a particular
corporate loan. For the first bank, if the corporation defaults, the bank will
receive less money and will therefore make a loss. For the second bank, if
the corporation defaults, the bank will receive less money from the
corporations, but it will also need to pay less to the first bank. The
changes in 33
payments therefore cancel each other out, and they make no loss.
Through this agreement, the economic risk of the loan has been
transferred from the second bank to the first. In measuring the risk for the
first bank, we would treat this credit derivative as if it were just a loan to
the corporation.

6.2 Credit Exposure to Retail Customers:

 Personal Loans: Personal loans are typically unsecured and may be used
by the customer for any purpose. They are generally structured to have a
fixed time for repayment. The interest charges may be fixed at the time of
origination, or may float according to the bank’s published prime rate,
which the bank may change at its discretion.

 Credit Cards: Credit cards are again generally unsecured by collateral, but
they have no fixed time for repayment. The interest-rate is typically 10% to
 15% above the floating prime rate, to compensate for the very heavy
default rates experienced on credit cards.

 Car Loans: Car loans are same as personal loans except that they are for a
specific purpose and have the car as collateral. They tend to have a lower
loss given default than personal loans because of the collateral, and they
have a lower probability of default because the customer is unwilling to
lose the car.

 Leases and Hire-Purchase Agreements: In a lease, the customer is

allowed to use a physical asset (such as a car) that is owned by the bank.
Leases are typically structured so that at the end of a finite period, the asset
will be returned to the bank. The customer makes regular payments to cover
the interest that would have been required to purchase the asset and to cover
34
depreciation. The customer typically has the option to buy the asset
outright at the end of the lease for a prespecified lump sum.
Hire- purchase agreements are similar to leases except that the payments
include the full value of the asset, and the customer is certain to own the
asset at the end of the agreement
Leases and hire-purchase agreements are similar to car loans in that they
are secured by the physical asset that has been purchased. Leases are
structured such that the bank continues to own the physical asset legally
until all lease payments have been made. This makes repossession easier
and reduces the loss given default.

 Mortgages: Mortgages use the customer’s home as collateral. This

minimizes the probability of default. Furthermore, banks generally ensure
that the loan to value ratio is less than 90%, so even if the property value
drops by 10%, the bank will still have a loss given default of 0.

 Home-Equity Lines of credit: A home-equity line of credit (HELOC) is like a

credit card but secured by the customer’s house. This ensures a low
probability of default.
6.3 Credit Exposures in Trading Operations

 Bonds: Bonds credit risk depends on the level of seniority and whether it is
secured with collateral or not.

 Asset- Backed Securities: Asset- backed securitization is used with retail

assets, such as credit cards and mortgages. In an asset-backed security, the
payments from many uniform assets are bundled together to form a pool.
This pool is then used to make payments to several sets of bonds. The
analysis of the 35
credit risk of an asset-backed security is the same as the analysis of a
portfolio of loans. In this case, we calculate the probability distribution of
the payments from the pool of underlying assets and use this to estimate
the probability that the pool will sufficient to pay the bonds. The calculation
of the probability distribution depends on the risk of the individual assets
and the correlation between them.

 Securities lending and Repurchase Agreements: Sec lending and repos

agreements are common functions in bank’s trading operations. From
credit-risk perspective, both sec lending and repos are short-term
collateralized loans. In sec lending, counterparty asks to borrow a security
from the bank for a limited period of time. The security is typically a share
or bond. To minimize the credit risk, the counterparty gives collateral to
the bank that is worth slightly more than the borrowed security. The
collateral is typically in the form of cash. At the end of the trade, the
counterparty returns the security and the bank returns the cash, less a
small amount as a fee.
Repos are very similar to securities lending except that they are used to
gain funding. In a repo, a security is sold by the bank with a guarantee
from the bank to repurchase it at a fixed price and date. At the time of
sale, the bank receives cash. At the time of repurchase, the bank sends
the cash to the counterparty, plus a small additional amount, which is
effectively an interest payment for the loan.
In both the cases, the bank could make a credit loss if the counterparty
defaults and the value of the security have risen to be higher than the
amount of cash that the bank was expecting to pay to get the security
back. The expected exposure at default will be the average amount by
which the value of the security can be expected to exceed the cash.

36
 Margin Accounts: A margin account is another form of collateralized
loan. In a margin account, a customer takes a loan from the bank, and
then with the loan and his own funds, purchases a security. The security is
then held by the bank as collateral against the loan. The pledging of the
security as collateral by the customer to the bank is called hypothecation.
It is also possible for the bank to pledge the security to another bank to get
a loan. This is called rehypothecation.
Margin accounts are used by customers who want to leverage their
positions and increase their potential returns. As an example, consider a
customer who has %10000 and takes a loan for $10000. Thus customer
now has $20000 which he can use to buy securities worth $20000. If the
price rises by 10% to $22,000 and the customer sells these securities,
then after paying back the loan with interest, the customer has a little less
than $12,000, a nearly 20%gain, conversely , if the price falls by 10%, the
customer makes a 20% loss. Typically, retail customers are allowed to
borrow only up to half the value of the securities that own. If the value of
the securities falls, the bank will ask the customer for more cash to
maintain the 50% ratio; this is called a margin call. If the customer does
not respond, the bank will sell all or part of the shares. After paying off the,
any residual value is given back to the customer. If the securities lost more
than 50% of their value before they are liquidated, and the customer failed
to make up the difference, the bank would suffer credit loss.

37
Chapter 7 Credit Risk and Basel Accords

The Basel Committee on Banking Supervision was established in the mid –

1980s. It is a committee of national banking regulators, such as the Bank of
England and the Federal Reserve Board. The purpose of the committee is to
set common standards for banking regulations and to improve the stability of
the international banking system. Basel Accords helps the banks in managing
credit risk and as well as other risks.

7.1. 1998 Basel Accord:

The 1998 accord was motivated largely by low amount of available capital
kept by Japanese banks in relation to the risks in their lending portfolios. This
low ratio was believed to allow the Japanese banks to make loans at unfairly
low rates. The 1998 accord required that all banks should hold available
capital equal to atleast 8% of their risk-weighted assets (RWA) .The first
accord has two basic principals:
1. To ensure adequate level of capital in the international banking system.
2. To create more level playing field in competitive terms so that banks could
no longer build business volume without adequate capital backing.
The prescribed formula is given below:

Tier1 + Tier 2 Capital

Risk Weighted Assets
Capital: While tier 1 capital consists of paid-up share capital and disclosed
reserves. Tier 2 capital comprises undisclosed reserves, asset revaluation
reserves, hybrid capital instruments (such as mandatory convertible debt) and
subordinated debt. Also, the tier 1 capital should be at least 50% of the total
capital.

38
Risk – Weighted Assets: Assets in the balance sheet of a bank have been
differentiated, based on the risks. While central government/Central bank
obligations carry nil (0%) risk, those of the private business sector carry full
risk (100%).The portfolio approach is adopted to measure risk with assets
classified into four buckets(0%,20%,50%,and 100%). This distinction,
 depending upon counter parties, gives a unique perspective to the capital
adequacy of a banking institution. If a bank has more counter parties having
nil (or lower) risk, it needs to hold less capital than a bank which has parties
with 100% risk weight.
The summarized weight scale is given below: Risk Weight of On – B/S items

Risk 0% 20% 50% 100%

Weights
Counter Parties

CentralGovt,CentralBank exposure in
x
National Currency

OECD Govt/ Central Banks & claims

x
guaranteed by them

Multi-Lateraldevelopment X
banks(ADB, IBRD, etc )

BanksinOECD/Claims guaranteed by
x
them

Residentialmortgage backed loans

x
Private sector entities
x

39
7.2. Basel 2 (New) Accord:
The suggested form of new Accord was published in January 2001 to obtain
comments from the banking industry. The final Accord will be effective from 2006
– 2007. The new Accord retains the same concepts of EWA and Tier 1 and Tier
2 available capital, but it changes the method for calculating RWA.
The new Accord has three pillars:
i) Minimum requirement of Capital
ii) Role of supervisory review process
iii) Market discipline
The measurement of minimum requirement of capital gives many formulas to
replace the simple calculations of the 1998 Accord. The supervisory review
pillar requires regulators to ensure that the bank has effective risk management,
and requires the regulators to increase the required capital if they think that the
risks are not being adequately measured. The market discipline pillar requires
banks to disclose large amounts of information so that depositors and investors
can decide for themselves the risk of the bank and require commensurately high
interest-rates and return on capital.

Minimum Capital Requirements: The new Accord allows banks to calculate

their required regulatory capital using one of two approaches:
a) The standardized Approach: The standardized approach is more
complex than the 1998 Accord and has sections dealing with many
specific cases, but broad intention is that risk weights should be set
according to the credit rating of the customer. In the standardized
approach, the credit rating must be made by an organization
outside the bank such as External Credit Assessment Institutions
(ECAI) The rated counter parties receive weights ranging from 20%
to 150%, depending upon the rating assigned by ECAI. However,
the un-rated counter parties continue to

40
receive 100% weight. Generally all AAA and AA rated companies
require only 20% weight while credit exposures rated B and below
require 150% weight.

Risk Weights for Government and Banks under the new standardized Approach

Grade AAA to A+ to BBB+ BB+ to Below Unrated

AA A to BBB B B

Governme 0% 20% 50% 100% 150% 100%

n ts

Banks 20% 50% 100% 100% 150% 100%

Risk Weights for Corporate Exposures under the New Standardized

Approach
Grade AAA to A+ to A- BBB+ to Below Unrated
AA BB BB
Corporati 20% 50% 100% 150% 100%
o ns

b) The Internal Rating Based Approach for Credit Risk: IRB allows
banks to use their own internal estimates of risk to determine
capital requirements, which the approval of their Supervisors (or
Central Banks).
IRB are of two types:

i. IRB foundation, where banks are required to provide their own

internal estimates of Probability of Default (PD) and use
predetermined regulatory inputs for Loss Given Default (LGD),
Exposure at Default (EAD) and a factor for maturity.

41
ii. IRB Advanced, where all inputs to risk weighted asset calculation –
PD , LGD, and EAD – estimated by the bank itself , subject to
regulatory satisfaction

iii. The adoption of an IRB approach requires empirical data, the main
components are as follows:
Probability of Default (PD) – Defined as the statistical percentage
probability of a borrower defaulting within a one year time horizon. PD
is directly linked to the Customer rating. The PD can range from
0.000% for a zero risk customer to 100% for a very high- risk customer

Loss Given Default: It is estimated amount of loss expected if a credit

facility defaults, calculated as a percentage of the exposure at the date
of default. The value depends on the collateral, if any and other factors
that impact on the likely level of recovery. LGD estimates are to be
based upon historical recovery rates and stress tested for economic
downturns, among others
 Exposure at Default (EAD): Represents the expected level of usage
of the facility when default occurs. This value does not take account of
guarantees, collateral or security.

Under the IRB approach, a bank estimates each borrower’s creditworthiness

and the results are translated into estimates of a potential future loss amount,
which from the basis of minimum capital requirements, subject to strict
methodological and disclosure standards. The expected credit loss from an
exposure is the main driver for determining the credit rating in IRB. PD is based
on the stand alone borrower risk rating or customer rating. LGD is dependent
upon the collateral while EAD is the amount of credit extended.

42
43
Chapter 8 Credit Risk Measurement

8.1. Economic Capital Framework for Credit Risk Quantification:

EC captures the variance or the uncertainty of the losses around the average.
With its focus on uncertainty, EC quantifies the portfolio credit risk. For the
credit risk of lending operations, the required economic Capital (EC) depends
on the probability distribution of the losses. The probability distribution for credit
losses is sketched below:

MPL

EL

P
R
O
B
A
B
Credit Risk Measured as
I
Economic Capital
L
I
T
 Worst Case loss
y

Credit Loss

EC = MPL – EL

Where: MPL: Max Probable Loss

EL : Expected Loss

44
8.2. Calculation of EL & UL for Singe Facility/ Single Loan

Expected Loss (EL): Mean of losses

Unexpected Loss (UL): Standard Deviation

Formula for EL is as follows:

EL = P (1 x E x S) + (1 – P) (0 x E x S)
=PxExS
Where: P: In case there is default, the probability is represented as ‘P’ E:
Exposure at Default
S: Loss Given Default/ Severity
(1 – P): In case there is no default, it represented by ‘(1 – P)’

Formula for UL is as follows:

UL = P – P2 x E x S

Example: If we loaned $ 100 to a BBB rated company, then P would be 22

basis points. LGD is 30%, and then EL is as follows: EL = 0.0022 x $100 x 0.3 =
$ 0.066
(P) (E) (S)

UL = 0.0022 – 0.00222 x $ 100 x 0.3 = $ 1.41

45
8.3. Determining Losses Due to Both Default and Downgrades When a
company is downgraded, it means that the rating agency believes that the
probability of default has risen. A promise by this downgraded company to make
a future payment is no longer as valuable as it was because there is an
increased probability that the company will not be able to fulfill its promise.
Consequently, there is a fall in the value of the bond or a loan.
To obtain the EL and UL for this risk, we require the probability of a grade
change and the loss if such a change occurs. The probability of a grade change
has been researched and published by the credit-rating agencies.

Probability of Grade Migration (bps) – Table showing the probability of a

company of one grade migrating to another grade before the end of the year.

Ratin Rating At The Start Of The Year

g AAA AA A BBB BB B CCC Defau
At lt
The
AAA 9366 66 7 3 3 0 16 0
End
AA 583 917 225 25 7 10 0 0
Of
 the 2
Year A 40 694 917 483 44 33 31 0
6

BBB 8 49 519 892 667 46 93 0

6

BB 3 6 49 444 833 576 200 0

1

B 0 9 20 81 747 841 1074 0

8

CCC 0 2 1 16 105 387 6395 0

Defau 0 1 4 22 98 530 2194 10000

lt

To understand how to read this table, let us use it to find the grade migration
probabilities for a company that is rated Single A at the start of the year. Looking
down the third column, we see that the company

46
has a 7- basis point chance of becoming AAA rated by the end of the year. It has
a 2.25% chance of being rated AA, a 91.76% chance of remaining single – A and
a 5.19% chance of being downgraded to BBB. Looking down to the bottom of the
column, we see that it has a 4- basis points chance of falling into default.

Thus from external rating agencies we can get any company’s probability of
moving to a different grade by the end of the year. Associated with each grade is
a discount rate relative to the risk-free rate.
As an example, let us calculate the EL and UL for a BBB – rated bond with a
single payment of $100 that is currently due in 3 years. At the end of the year the
bond will have 2 years to maturity. Corporate Bond spreads – Table showing the
probability (bps) of corporate bond migrating from one grade to another over the
years.

Rating 1yr 2yr 3yr 5yr 7yr 10yr 30yr

 AAA 38 43 48 62 72 81 92

AA 48 58 63 77 92 101 112

A 73 83 103 117 137 156 165

BBB 118 133 148 162 182 201 220

BB 275 300 325 350 375 450 575

B 500 50 600 675 725 775 950

CCC 700 750 900 1000 1100 1250 1500

The loss given default (LGD) is assumed to be 30%. If it is assumed that the risk-
free discount rate of 5% and the bond is still rated BBB, the value will be $88.45
Value BBB = $100________ = $ 88.45
(1 + 5% + 1.33%)2

Table Showing Change in Values for a BBB bond due to Credit Events:

Rating Value Loss

AAA $ 89.96 $ - 1.52

AA $ 89.71 $ - 1.26

A $ 89.29 $ - 0.84

BBB $ 88. 45 $ - 0.00

47
BB $ 85.73 $ 2.71

B $ 81.90 $ 6.55

CCC $ 79.91 $ 9.44

Defaul $ 61.91 $ 26.53

t

The calculation of EL and UL for the same example of BBB bond is as

follows
Year Probabil Loss Expected Unexpected
End i ty (LG ) Loss Loss
 Rating (PG , (PG LG ) (LG – EL )2 PG
bps )

AAA 3 $(1.52 $(0.000) $ 0.001

)

AA 25 $(1.26 $(0.003) $0.005

)

A 483 $(0.84 $(0.040) $0.051

)

BBB 8926 - - $0.031

BB 444 $2.71 $0.121 $0.284

B 81 $6.55 $0.053 $0.328

CCC 16 $9.44 $0.015 0.137

Default 22 $26.53 $0.058 $1.525

Total $0.203 $1.537

48
8.4. Calculation of EL and UL of the Portfolio

The expected loss for the portfolio (EL P) is simply the sum of the expected losses
for the individual loans within the portfolio. The unexpected loss for the portfolio
(ULP) is the standard deviation obtained from the sum of the variances for the
individual loans.

Example of Historical Losses Used To Estimate the Unexpected Loss of the

Portfolio

Year Assets Write – offs %loss

$Bn $Bn

1990 231 1.2 0.5%

1991 236 2.6 1.1

1992 243 0.7 0.3

1993 245 5.6 2.3

1994 250 5.9 2.4

1995 269 9.4 3.5

 1996 284 2.1 0.7

1997 309 1.8 0.6

1998 333 0.2 0.1

1999 352 11.7 3.3

2000 386 2.5 0.7

EL% PH 1.4%

UL% PH 1.2%

In dollar terms, the UL for the portfolio is the UL as percentage, multiplied by the
total size of the portfolio:
49
UL PH = N E UL% PH = 11 x 285.27 x 1.2% = $37.65 Bn

8.5. RAROC Over One Year:

RAROC is the expected net risk-adjusted profit (ENP) divided by the economic
capital that is required to support the transaction.

RAROC = ENP
EC

Where for a loan, the expected net profit ENP is the interest income on the loan,
plus any fees (F), minus interest to be paid on debt, minus operating costs (OC),
and minus expected loss.
Thus Formula can be Re-written as:
RAROC = A0 rA + F – D0 rD – OC – EL
EC
Here: The interest income on the loan asset is the initial loan amount (A 0),

multiplied by the interest rate on the loan (rA)

The interest to be paid on the debt is the amount of debt (D 0), multiplied by the
interest rate on the debt (rD).
Example:
A loan of $100 for 1 year to a company rated BBB with the following
assumptions:
1. the collateral is such that the LGD is 30%
2. The average default correlation with the rest of the portfolio is 3%
3. The capital multiplier for the portfolio is 6
4. The probability of default is 22 basis points i.e. 0.22% 5. The
interbank rate for one-year debt is 5 (rD).

6. The customer is being charged 6.5% interest (rA)

7. The operating costs(OC) are $1
8. The Hurdle rate (H) of 25%

50
Solution:

Calculation of risk characteristics of the loan

EL = P x E x S = 0.22% x $100 x 30% = $0.066

UL = P – P2 x E x S = 0.22% - 0.22% 2 x $100 x 30% = $1.41 ULC = 3% x $

1.41 = $ 0.24

EC = Economic multiplier x ULC = 6 x $0.24 = $ 1.46

Calculation of RAROC

RAROC =
A0 rA + F – D0 rD – OC – EL = $100 x 6.5% -($100-$1.46)x 5%- $1- $0.066
EC $1.46

RAROC = 35%

Calculation of SVA

SVA = ENP – H x EC = 35% - 25% x $1.46 = $ 0.14

 51
Part – III

Market Risk

Banks are exposed to market risk via their trading activities and their balance
sheets. The measurement of trading risk is probably the most advanced of the
three main types of risks faced by banks.

52
Chapter 9 Introduction to Market Risk

9.1. Meaning of Market Risk:

It is the risk that the value of on and off-balance sheet positions of a financial
institution will be adversely affected by movements in market rates or prices such
as interest rates, foreign exchange rates, equity prices, credit spreads and/or
commodity prices resulting in a loss to earnings and capital.

9.2. Three Main factors of Market risk

1. Interest rate risk:
Interest rate risk arises when there is a mismatch between positions, which are
subject to interest rate adjustment within a specified period. The bank’s lending,
funding and investment activities give rise to interest rate risk. The immediate
impact of variation in interest rate is on bank’s net interest income, while a long
term impact is on bank’s net worth since the economic value of bank’s assets,
liabilities and off balance sheet exposures are affected. Consequently there are
two common perspectives for the assessment of interest rate risk
a) Earning perspective: In earning perspective, the focus of analysis is the
impact of variation in interest rates on accrual or reported earnings. This is a
traditional approach to interest rate risk assessment and obtained by measuring
the changes in the Net Interest Income (NII) or Net Interest Margin (NIM) i.e. the
difference between the total interest income and the total interest expense.
b) Economic Value perspective: It reflects the impact of fluctuation in the
interest rates on economic value of a financial institution. Economic value of the
bank can be viewed as the present value of future cash flows. In this respect
economic value is affected both by changes in future cash flows and discount
rate used for determining present value. Economic value perspective considers
the potential longer-term impact of interest rates on an institution.

53
Sources of interest rate risks:
Interest rate risk occurs due to
(1) Differences between the timing of rate changes and the timing of cash flows
(re-pricing risk);
(2) Changing rate relationships among different yield curves effecting bank
activities (basis risk);
(3) Changing rate relationships across the range of maturities (yield curve risk);
(4) interest-related options embedded in bank products (options risk).

2. Foreign Exchange Risk:

It is the current or prospective risk to earnings and capital arising from adverse
movements in currency exchange rates. It refers to the impact of adverse
movement in currency exchange rates on the value of open foreign currency
position. The banks are also exposed to interest rate risk, which arises from the
maturity mismatching of foreign currency positions. Even in cases where spot
and forward positions in individual currencies are balanced, the maturity pattern
of forward transactions may produce mismatches. As a result, banks may suffer
losses due to changes in discounts of the currencies concerned. In the foreign
exchange business, banks also face the risk of default of the counter parties or
settlement risk. While such type of risk crystallization does not cause principal
loss, banks may have to undertake fresh transactions in the cash/spot market for
replacing the failed transactions. Thus, banks may incur replacement cost, which
depends upon the currency rate movements. Banks also face another risk called
time-zone risk, which arises out of time lags in settlement of one currency in one
center and the settlement of another currency in another time zone. The Forex
transactions with counter parties situated outside Pakistan also involve sovereign
or country risk.

54
3. Liquidity risk

Liquidity risk is potential outcome of the inability of the banks to generate cash to
cope up with the decline in the deposits or increase in the assets, to the large
extent it is an outcome of the mismatch in the maturity patterns of the assets &
liabilities.

Possible needs for the liquidity are manifold they can be classified into 4 broad
categories

1. Funding risk: - the need to replace the outflows of the funds. e.g. non
renewal of the wholesale funds
2. Time risk: - the need to compensate for the no receipt of the expected
inflow of the funds e.g. when the borrower fails to meet his commitment.
3. Call risk:- the need to find new funds when contingent liability becomes due
e.g. a sudden surge in the borrowing under ATMs 4. the need to undertake
new transactions when desirable, e.g. a request for the imp client
 55
Chapter 10 Market Risk Management

10.1. Board and senior Management Oversight.

Likewise other risks, the concern for management of Market risk must start from
the top management. Effective board and senior management oversight of the
bank’s overall market risk exposure is cornerstone of risk management process.
For its part, the board of directors has following responsibilities.
a) Delineate banks overall risk tolerance in relation to market risk. b) Ensure that
bank’s overall market risk exposure is maintained at prudent levels and
consistent with the available capital. c) Ensure that top management as well as
individuals responsible for market risk management possess sound expertise
and knowledge to accomplish the risk management function.
d) Ensure that the bank implements sound fundamental principles that facilitate
the identification, measurement, monitoring and control of market risk.
e) Ensure that adequate resources (technical as well as human) are devoted to
market risk management.

The first element of risk strategy is to determine the level of market risk the
institution is prepared to assume. The risk appetite in relation to market risk
should be assessed keeping in view the capital of the institution as well as
exposure to other risks. Once the market risk appetite is determined, the
institution should develop a strategy for market risk-taking in order to maximize
returns while keeping exposure to market risk at or below the pre-determined
level. While articulating market risk strategy the board needs to consider
economic and market conditions, and the resulting effects on market risk;
expertise available to profit in specific markets and their ability to identify, monitor
and control the market risk in those markets; the institution’s portfolio mix and
diversification. Finally the market risk strategy should be periodically reviewed
and effectively communicated 56
to the relevant staff. There should be a process to identify any shifts from the
approved market risk strategy and target markets, and to evaluate the resulting
impact.
The Board of Directors should periodically review the financial results of the
institution and, based on these results, determine if changes need to be made to
the strategy. While the board gives a strategic direction and goals, it is the
responsibility of top management to transform those directions into procedural
guidelines and policy document and ensure proper implementation of those
policies.
Accordingly, senior management is responsible to:
a) Develop and implement procedures that translate business policy and
strategic direction set by BOD into operating standards that are well understood
by bank’s personnel.
b) Ensure adherence to the lines of authority and responsibility that board has
established for measuring, managing, and reporting market risk.
c) Oversee the implementation and maintenance of Management Information
System that identify, measure, monitor, and control bank’s market risk.
d) Establish effective internal controls to monitor and control market risk.

The institutions should formulate market risk management polices which are
approved by board. The policy should clearly delineate the lines of authority and
the responsibilities of the Board of Directors, senior management and other
personnel responsible for managing market risk; set out the risk management
structure and scope of activities; and identify risk management issues, such as
market risk control limits, delegation of approving authority for market risk control
limit setting and limit Excesses.

57
10.2. Organizational Structure for Market Risk Management The
organizational structure used to manage market risk vary depending upon the
nature size and scope of business activities of the institution, however, any
structure does not absolve the directors of their fiduciary responsibilities of
ensuring safety and soundness of institution. While the structure varies
depending upon the size, scope and complexity of business, at a minimum it
should take into account following aspect.
a) The structure should conform to the overall strategy and risk policy set by the
BOD.
b) Those who take risk (front office) must know the organization’s risk profile,
products that they are allowed to trade, and the approved limits.
c) The risk management function should be independent, reporting directly to
senior management or BOD.
d) The structure should be reinforced by a strong MIS for controlling, monitoring
and reporting market risk, including transactions between an institution and its
affiliates.

Besides the role of Board as discussed earlier a typical organization set up for
Market Risk Management should include: -
 The Risk Management Committee
 The Asset-Liability Management Committee (ALCO)  The
Middle Office.

Risk Management Committee: It is generally a board level subcommittee

constituted to supervise overall risk management functions of the bank. The
structure of the committee may vary in banks depending upon the size and
volume of the business. Generally it could include heads of Credit, Market and
operational risk Management Committees. It will decide the policy and strategy
for

58
integrated risk management containing various risk exposures of the bank
including the market risk. The responsibilities of Risk Management Committee
with regard to market risk management aspects include:
a) Devise policies and guidelines for identification, measurement, monitoring and
control for all major risk categories.
b) The committee also ensures that resources allocated for risk management are
adequate given the size nature and volume of the business and the managers
and staffs that take, monitor and control risk possess sufficient knowledge and
expertise.
c) The bank has clear, comprehensive and well-documented policies and
procedural guidelines relating to risk management and the relevant staff fully
understands those policies.
d) Reviewing and approving market risk limits, including triggers or stop losses
for traded and accrual portfolios.
e) Ensuring robustness of financial models and the effectiveness of all systems
used to calculate market risk.
f) The bank has robust Management information system relating to risk reporting.

Asset-Liability Committee: Popularly known as ALCO, is senior management

level committee responsible for supervision / management of Market Risk (mainly
interest rate and Liquidity risks). The committee generally comprises of senior
managers from treasury, Chief Financial Officer, business heads generating and
using the funds of the bank, credit, and individuals from the departments having
direct link with interest rate and liquidity risks. The CEO or some senior person
nominated by CEO should be head of the committee. The size as well as
composition of ALCO could depend on the size of each institution, business mix
and organizational complexity. To be effective ALCO should have members from
each area of the bank that significantly influences liquidity risk. In addition, the
head of the Information system Department (if any) may be an invitee for building

59
up of MIS and related computerization. Major responsibilities of the committee
include:
a) To keep an eye on the structure /composition of bank’s assets and liabilities
and decide about product pricing for deposits and advances. b) Decide on
required maturity profile and mix of incremental assets and liabilities.
c) Articulate interest rate view of the bank and deciding on the future business
strategy.
d) Review and articulate funding policy.
e) Decide the transfer pricing policy of the bank.
f) Evaluate market risk involved in launching of new products. ALCO should
ensure that risk management is not confined to collection of data.
Rather, it will ensure that detailed analysis of assets and liabilities is carried out
so as to assess the overall balance sheet structure and risk profile of the bank.
The ALCO should cover the entire balance sheet/business of the bank while
carrying out the periodic analysis.

Middle Office: The risk management functions relating to treasury operations

are mainly performed by middle office. The concept of middle office has recently
been introduced so as to independently monitor measure and analyze risks
inherent in treasury operations of banks. Besides the unit also prepares report for
the information of senior management as well as bank’s ALCO. Basically the
middle office performs risk review function of day-to-day activities. Being a highly
specialized function, it should be staffed by people who have relevant expertise
and knowledge. The methodology of analysis and reporting may vary from bank
to bank depending on their degree of sophistication and exposure to market
risks. These same criteria will govern the reporting requirements demanded of
the Middle Office, which may vary from simple gap analysis to computerized VaR
modeling. Middle Office staff may prepare forecasts (simulations)

60
showing the effects of various possible changes in market conditions related to
risk exposures. Banks using VaR or modeling methodologies should ensure that
its
ALCO is aware of and understand the nature of the output, how it is derived,
assumptions and variables used in generating the outcome and any
shortcomings of the methodology employed. Segregation of duties should be
evident in the middle office, which must report to ALCO independently of the
treasury function. In respect of banks without a formal Middle Office, it should be
ensured that risk control and analysis should rest with a department with clear
reporting independence from Treasury or risk taking units, until normal Middle
Office framework is established.
 61
Chapter 11 Market Risk Monitoring and Control

11.1. Risk monitoring

Risk monitoring processes are established to evaluate the performance of bank’s
risk strategies/policies and procedures in achieving overall goals. Whether the
monitoring function is performed by middle-office or it is a part of banks internal
audit it is important that the monitoring function should be independent of units
taking risk and report directly to the top management/board. Banks should have
an information system that is accurate, informative and timely to ensure
dissemination of information to management to support compliance with board
policy. Reporting of risk measures should be regular and should clearly compare
current exposures to policy limits. Further past forecast or risk estimates should
be compared with actual results to identify any shortcomings in risk
measurement techniques. The board on regular basis should review these
reports. While the types of reports for board and senior management could vary
depending upon overall market risk profile of the bank, at a minimum following
reports should be prepared.
a) Summaries of bank’s aggregate market risk exposure b) Reports
demonstrating bank’s compliance with policies and limits c) Summaries of finding
of risk reviews of market risk policies, procedures and the adequacy of risk
measurement system including any findings of internal/external auditors or
consultants.

11.2. Risk Control.

Bank’s internal control structure ensures the effectiveness of process relating to
market risk management. Establishing and maintaining an effective system of
controls including the enforcement of official lines of authority and appropriate
segregation of duties, is one of the management’s most important
responsibilities. Persons responsible for risk monitoring and control procedures
should be independent of the

62
functions they review. Key elements of internal control process include internal
audit and review and an effective risk limit structure. Audit: Banks need to review
and validate each step of market risk measurement process. This review function
can be performed by a number of units in the organization including internal
audit/control department or ALCO support staff. In small banks, external auditors
or consultants can perform the function. The audit or review should take into
account.
a) The appropriateness of bank’s risk measurement system given the nature,
scope and complexity of bank’s activities
b) The accuracy or integrity of data being used in risk models. c) The
reasonableness of scenarios and assumptions
d) The validity of risk measurement calculations.

Risk limits: As stated earlier it is the board that has to determine bank’s overall
risk appetite and exposure limit in relation to its market risk strategy. Based on
these tolerances the senior management should establish appropriate risk limits.
Risk limits for business units, should be compatible with the institution’s
strategies, risk management systems and risk tolerance. The limits should be
approved and periodically reviewed by the Board of Directors and/or senior
management, with changes in market Conditions or resources prompting a
reassessment of limits.

63
Part IV

Operational Risk
 The management of specific operational risks is not a new practice; it has
always been important for banks to try to prevent fraud, maintain the integrity of
internal controls, and reduce errors in transactions processing, and so on.
However, what is relatively new is the view of operational risk management as a
comprehensive practice comparable to the management of credit and market
risks in principle.

64
Chapter 12 Introduction to Operation Risk
12.1. Meaning of Operational Risk:
Operational risk is the risk of loss resulting from inadequate or failed internal
processes, people and system or from external events. Operational risk is
associated with human error, system failures and inadequate procedures and
controls. It is the risk of loss arising from the potential that inadequate information
system; technology failures, breaches in internal controls, fraud, unforeseen
catastrophes, or other operational problems may result in unexpected losses or
reputation problems. Operational risk exists in all products and business
activities.

12.2. Operational Risk Management Principles.

There are 6 fundamental principles that all institutions, regardless of their size
or complexity, should address in their approach to operational risk
management.
a) Ultimate accountability for operational risk management rests with the board,
and the level of risk that the organization accepts, together with the basis for
managing those risks, is driven from the top down by those charged with overall
responsibility for running the business. b) The board and executive management
should ensure that there is an effective, integrated operational risk management
framework. This should incorporate a clearly defined organizational structure,
with defined roles and responsibilities for all aspects of operational risk
management/monitoring and appropriate tools that support the identification,
assessment, control and reporting of key risks. c) Board and executive
management should recognize, understand and have defined all categories of
operational risk applicable to the institution.
Furthermore, they should ensure that their operational risk management
framework adequately covers all of these categories of

65
operational risk, including those that do not readily lend themselves to
measurement.
d) Operational risk policies and procedures that clearly define the way in which
all aspects of operational risk are managed should be documented and
communicated. These operational risk management policies and procedures
should be aligned to the overall business strategy and should support the
continuous improvement of risk management.
e) All business and support functions should be an integral part of the overall
operational risk management framework in order to enable the institution to
manage effectively the key operational risks facing the institution.
f) Line management should establish processes for the identification,
assessment, mitigation, monitoring and reporting of operational risks that are
appropriate to the needs of the institution, easy to implement, operate
consistently over time and support an organizational view of operational risks
and material failures.
 66
67
Chapter 13 Operational Risk Management and
Measurement

13.1 Board and senior management’s oversight

Likewise other risks, the ultimate responsibility of operational risk management
rests with the board of directors. Both the board and senior management should
establish an organizational culture that places a high priority on effective
operational risk management and adherence to sound operating controls. The
board should establish tolerance level and set strategic direction in relation to
operational risk. Such a strategy should be based on the requirements and
obligation to the stakeholders of the institution.
Senior management should transform the strategic direction given by the board
through operational risk management policy. Although the Board may delegate
the management of this process, it must ensure that its requirements are being
executed. The policy should include:
a) The strategy given by the board of the bank.
b) The systems and procedures to institute effective operational risk
management framework.
c) The structure of operational risk management function and the roles and
responsibilities of individuals involved.
The policy should establish a process to ensure that any new or changed activity,
such as new products or systems conversions, will be evaluated for operational
risk prior to going online. It should be approved by the board and documented.
The management should ensure that it is communicated and understood
throughout in the institution. The management also needs to place proper
monitoring and control processes in order to have effective implementation of the
policy. The policy should be regularly reviewed and updated, to ensure it
continue to reflect the environment within which the institution operates.

68
13.2. Operational Risk Function
A separate function independent of internal audit should be established for
effective management of operational risks in the bank. Such a functional set up
would assist management to understand and effectively manage operational risk.
The function would assess, monitor and report operational risks as a whole and
ensure that the management of operational risk in the bank is carried out as per
strategy and policy.
To accomplish the task the function would help establish policies and standards
and coordinate various risk management activities. Besides, it should also
provide guidance relating to various risk management tools, monitors and handle
incidents and prepare reports for management and BOD.

13.3. Operational Risk Assessment and Quantification Banks should identify

and assess the operational risk inherent in all material products, activities,
processes and systems and its vulnerability to these risks.
Banks should also ensure that before new products, activities, processes and
systems are introduced or undertaken, the operational risk inherent in them is
subject to adequate assessment procedures. While a number of techniques are
evolving, operating risk remains the most difficult risk category to quantify. It
would not be feasible at the moment to expect banks to develop such measures.
However the banks could systematically track and record frequency, severity and
other information on individual loss events. Such a data could provide meaningful
information for assessing the bank’s exposure to operational risk and developing
a policy to mitigate / control that risk.

69
Bibliography

Reference Books:

1. The Fundamentals Of Risk Measurement - By Chris

Marrison

2. Credit Risk Analysis - By Ciby Joseph

3. Credit Risk Models – By Amandio F C da Silva

Websites:

1. Google.com

2. www.SAS Risk Management For Banking. htm

3. www.Risk Management – Banking Information, Federal

reserve Bank Of Chicago.htm

70