NOTES INDEX

Topic Page No
Basics 1 to 4
Chapter 1 5 to 6
Chapter 2 7 to 8
Chapter 3 9
Chapter 4 10
Chapter 5 11 to 15
Chapter 6 16 to 17
Chapter 7 18
Chapter 8 19
Chapter 9 20 to 21
Basel capital
22
requirements
 I. Risks Events occur due to Such decisions are made This ultimately leads to
→ → →
arise due DECISIONS based on 2 factors: OUTCOMEs
to events ↓ ↓ ↓ ↓
Such decisions can be Probability Consequence Mathematically,
taken (or) (or) Outcome = Probability x
↓ ↓ Likelihood Impact Consequence
By us By others (or) (or) ↓
↓ ↓ Possibility Exposure Since probability is always
↓ ↓ positive, BUT consequence can
Eg: Co Eg: Growth
Probability Consequence be either positive or negative,
invests in a of Netflix
is always s can be even the ultimate outcome can
new increases
between good or bad be either positive or negative
technology risk for PVR
0 to 1 for the entity (Plus x Minus = Minus)
↓ ↓ ↓ ↓ ↓ ↓
This risk This risk So it is So it can be If outcome = If outcome =
arises due arises due always either positive AND negative OR if
to our own to other's positive positive or within risk positive but
decision decisions (or neutral) negative tolerance above risk
level tolerance level
II. Risk management matrix - it is a table plotting the ↓ ↓
consequence/impact of a risk against the probability of its occurrence, to Opportunity Threat
determine the possible outcome of such risk by computing the risk level ↓ ↓
↓ Thus, for determining whether
Probability → This is a basic 2x2 matrix. a particular risk is an
LOW HIGH Advanced matrix will have more
Impact ↓ opportunity or threat, the entity
Low rows & columns with ranks (1 to ↓ ↓
High
5). For each risk, probability
LOW probability + probability + 1. Measure 2. See if
→ rank X impact rank = Risk Level.
Low Impact Low Impact Risk level is compared to risk the possible outcome is
Low High tolerance level to determine outcome of within risk
HIGH probability + probability + category of risk (LPLI, LPHI, HPLI, each risk tolerance level
High Impact High Impact HPHI) ↓ ↓
↓ This can be Risk tolerance
Category → LPLI LPHI HPLI HPHI measured level is entity
Nature Safest Moderate Moderate Dangerous ← using a RISK specific,
Colour management based on the
Green Orange Orange Red
coding MATRIX entity's RISK
Action Tolerate Transfer Treat Terminate
Risk Risk Risk Risk
Strategy
Retention Transfer Reduction Avoidance
↓
Low Probability High Impact events are referred to as Black Swan General point, not related here:
Events. For example - Fire in factory. Entities cannot be prepared for COSO full form = Committee of
such events as their impact can be catastophic, so the best strategy is to Sponsoring Organizations of
transfer these risks to another entity. Examples: the Treadway Commission
1. Take fire insurance to transfer loss to insurance company
2. Banks sell of tranches loans to ARCs to transfer the risk of default The Open Group is a global
3. Underwrite recievables to transfer the risk of default by counterparty consortium that enables
However, it is not possible to transfer all LPHI events. Example: COVID-19 achievement of biz objectives
At times, MANAGEMENT MAY SKIP (forget) preparing for LPHI category through technology standards
 III. Risk vs Uncertainity → IV. Insurance company example
We know → Risk = Probability x Impact Say based on historial data - avg
However, in case the probability of an event is not known, but it mortality rate per annum is 1%
will have an impact, then it will be a uncertainity and not a risk. ↓
If probability and impact = available → RISK So, if an insurance co insures 100
Impact known BUT probability unknown → UNCERTAINITY people, it would EXPECT 1
person to die in the coming year
V. Risk Management Process ↓
1. IDENTIFY the risk so that surprises can be avoided. Risk can be However, such EXPECTATION of
identified through RM tools such as SWOT analysis, ERM, etc. the insurance company will not
2. ANALYZE the risk - determine possible impact and probability of necessarily hold good as average
occurrence in order to calculate the risk level of each risk data of 1% is for the entire
3. EVALUATE the risk - rank the risks based on predefined criteria population of the country,
4. TREAT the risk - take action to assume such risk (LPLI), transfer whereas the insurance company
such risks (LPHI), reduce such risks (HPLI), or avoid such risks (HPHI) is insuring only 100 people
5. MONITOR & REVIEW the risks ↓
- This is done through risk register In order to mitigate this risk,
- Risk register is a record of identified risks for a project, along insurance companies follow the
with the analysis of its impact and probability, the evaluation of LAW OF LARGE NUMBERS
such risks as low, medium, high with colour coding, and finally the ↓
proposed strategy to deal with such risk The law of large numbers states
- Under this step, the CRO & RM team must monitor whether that as sample size (number of
such RM strategy has been implemented & review implementation people insured in this case)
increases, the actual results will
VI. Risks can arise from within the entity or from outside, & each of be closer to the expected results
such risks can either be controlled by the entity or uncontrollable (i.e., number of actual deaths
Risk Event Classification 1 Classification 2 will be close to number of
Poor employee morale Internal Controllable deaths expected by insurance
Theft by employee Internal Uncontrollable ↓
Compliance with Laws External Controllable Thus, the best risk management
Natural disasters External Uncontrollable strategy for insurance
↓ companies is to sell more
In order to tackle such risks, entity must have Risk Mitigation Plans ↓
(Risk Management Techniques) in place This is because, the insurance
↓ company would have computed
Based on the categorization of the risk, such risk mitigation plan insurance premium based on the
should either tolerate, transfer, treat or terminate such risk "expected deaths". Thus, selling
Example: Student in a school is always fighting with a classmate, more insurance policies will
teacher takes him to Principal. What can the Principal do? ensure that "actual deaths" are
Option Action Principal's response Category + Strategy closer to "expected deaths" due
Option 1 Tolerate Forgive student LPLI - Risk retention to law of large numbers.
Option 2 Transfer Shift to other section LPHI - Risk transfer ↓
Option 3 Treat Give punishment HPLI - Risk reduction Thus by selling more policies,
Option 4 Terminate Dismiss from school HPHI - Risk avoidance insurance companies can convert
↓ uncertanities into risks. This
Such risk mitigation plans may be either quantitative or qualitative ensures lower gap between
Quantitative - Value At Risk (VAR) - Risk should not exceed certain expected payouts and actual
predetermined level in Rs payouts, so the risk premium
Qualitative - Scenario Analysis, Stress Testing, where level of risk is calculations hold good and the
determined based on ratings and colour coding insurance company makes money
 VII.
RiskRisk Tolerance v/s Risk Appetite
Risk IX. VAR, Stress Testing and Scenario Analysis
Tolerance: Appetite: - VAR states a certain LOSS AMOUNT and the PROBABILITY of
Low risk
Maximum occurrence of such loss OVER A PERIOD OF TIME
Maximum level of - Example: A Bank has a 1 day VAR of $2.5 million at 95%
level of Moderate risk which confidence level
risk which risk the entity - This means the bank has a 5% chance of making a loss of
the entity is MORE THAN $2.5 million in any given day
COULD WILLING - Therefore VAR contains three elements: TIME (1 day),
High risk
take to take PROBABILITY (5% chances of loss), and AMOUNT ($2.5 million)
Always, Risk Tolerance >= Risk Appetite ↓
↓
- Stress Testing is a qualitative method that analyses the
VIII. Risk attitude - based on one's risk
entity's magnitude of potential losses in various macro-
appetite, their risk attitude can be
economic scenarios.
classified into below categories:
- The impact is normally determined for three different
↓ ↓ ↓
scenarios - Pessimistic, Expected and Optimistic, along with the
Risk Risk Risk
probability of each of these scenarios
Averse Neutral Seekers
- Under stress testing, variability of multiple variables are
↓ ↓ ↓
considered at the same time to determine impact on the entity
Avoid
Balanced Assume - Scenario Analysis is a part of Stress Testing, where multiple
taking
approach more risks scenarios are imagines, along with their impact on the entity
risks
- Under stress testing, we consider the combined impact of
↓ ↓ ↓
variance in all factors, say interest rates, forex rates and inflation
Eg: Person Eg: Person Eg: Person together in one go (larger picture)
who investing who
- Whereas under scenario analysis, each factor is considered
invests in both invests
individually. For example: What is the impact on the entity is
only in bonds & only in
bonds equity equity interest rate alone goes up? (individual scenario picture)
↓ ↓ ↓ ↓
Moderate Value at Risk (VAR) = How Stress testing = How much loss
Low risk High risk
risk and much loss will the entity incur will the entity incur under
and low and high
moderate under NORMAL circumstances ABNORMAL conditions
return return
return VAR = Quantitative Stress testing = Qualitative

X. Inherent Risk, Residual Risk and Control Score General Chapters:

Inherent risk - The natural level of risk inherent in a - Chapter 1: Introduction
process or activity without implementing any risk - Chapter 2: Sources & evaluation of risk
controls to reduce or mitigate the risk - Chapter 3: Risk management (process)
Residual risk - Risk remaining after inherent risks have - Chapter 4: Evaluation of RM strategies
been reduced through risk controls - Chapter 5: Risk Models (VAR, etc.)
Control score = Inherent risk - Residual risk
Eg: 100 students cheat when there is no invigilator, 10 Chapters on types of risk:
students cheat even when there is an invigilator - Chapter 6: Credit risk - Risk of default
Inherent risk = Risk before controls = 100 by counterparty (borrower from bank
Residual risk = Risk after controls = 10 POV)
Control score = Inherent risk - Residual risk = 100 - 10 = 90 - Chapter 7: Corporate Governance (PTO)
Higher control score indicates risk is more controllable, i.e., - Chapter 8: ERM (PTO)
risk can be reduced by implementing risk controls - Chapter 9: Operational Risk - Risks from

1. Basel Norms:
- International banking rules and
regulations for risk management at
banking institutions
- These rules are made by a Committee
consisting of Governors of Central Banks
of 10 countries
- Basel norms are meant to maintain
enough capital at banks so that they can
absorb unexpected losses (defaults)
4. ERM - Enterprise Risk Management
(aka) BRM - Business Risk Management:
- It is a biz strategy which assists Orgs in
preparing for worst-case scenarios, while
aspiring to be "better, faster & cheaper"
- ERM looks at the org as one from RM
POV, dispensing off the traditional
approach of individual depts
independently managing risks
- ERM seeks to achieve overall risk
reduction in the entire org
XI. Some common terms
2. ISO 31000:
3. OECD - Organization for
- International Org for
Economic Cooperation and
Standardization (ISO) is a standard
Development:
setting body
- An inter-governmental
- ISO codified a family of standards
organization of developed
relating to risk mgt called ISO 31000
countries
- ISO 31000 is meant to provide
- What they do: Seek
principles & generic guidance on
answers to common
RM which can be used across orgs,
economic problems, identify
industries, subject matters & regions
good practices, & promote
5. Corporate Governance:
international trade
- Different stakeholders have
- Why do they do this? In
different interest, so conflicts arise
order to foster further
- CG = set of policies & procedures
development of member
designed to mitigate conflict
countries
between various stakeholders
- Relevance in RM - OECD
- Eg: Managerial personnel are
has given Principles of RM
interested in showing better
to be followed by Risk
performance, hence the concept of
Managers and Risk
independent dirs was introduced to
Committees
maintain balance & consider rqmts
(Refer Chapter 2, Pg 2.33)
of other stakeholders

XII. Audit risk: Risk that auditor expresses an INAPPROPRIATE OPINION when FS is MATERIALLY MISSTATED
The auditor should always keep audit risk to an acceptably low level
↓
Case Auditor opinion In reality Comment on opinion Is it audit risk?
Case 1 FS give T&F view FS = materially misstated Inappropriate opinion Yes, it is audit risk
Case 2 Modified opinion FS give T&F view Inappropriate opinion No, it is NOT audit risk
↓
Audit risk = Risk of Material Misstatement x Detection Risk
↓ ↓
Risk of Material Misstatement = Inherent risk x Control risk Detection Risk
The entity's management is responsible for reducing Risk of Material Misstatement ↓
↓ ↓ It is the risk
Inherent Risk Control Risk that auditor
↓ ↓ is not able to
Susceptibility of ABCOTD to material Risk that an entity's internal controls FAIL to detect
misstatements BEFORE considering the prevent, detect and correct material misstatements
related (internal) controls misstatements on a timely basis in FS despite
↓ ↓ planning &
SA 315 - Identifying and assessing the Risk of Material Misstatement: conducting
- SA in India advocate risk based auditing, wherein, the auditor is FIRST: required to audit as per
understand the entity and its environment, & NEXT: use this understanding to IDENTIFY & Standards
ASSESS whether ABCOTD has high or low ROMM ↓
- Such identification & assessment of ROMM will affect the NT&E of CONTROL TESTING Auditor is
- Results of control testing determine if entity's internal controls are operating effectively responsible
- Such operating effectiveness of controls will determine the NT&E of further audit for reducing
procedures (Controls NOT operating effectively = more FAP to reduce detection risk) detection risk
 → 1: Categorization as per Paul Hopkins Pg 1.16-17 Dynamic Risks Static Risks
Topic 3.
→ 2: Fundamental v/s Particular risks Pg 1.17 Arise when there are changes in Arise even without any changes
Classification of Risks
→ 3: Dynamic risks v/s Static risks Pg 1.17 the economy in the economy
Over time, regularity is observed
They are less predictable
Categorization of risks as per Paul Hopkins - Page 1.16 & 1.17 in occurences, so more predictable
↓ ↓ ↓ Generally NOT insurable More insurable than dynamic risks
Pure risks (or) Hazard Risks Control risks Opportunity risk - 2 aspects Eg: Change in cons preferences Eg: Fire, theft, dishonesty, etc.
↓ ↓ ↓ ↓
Arises from Risk from Risk from Logic for whether something is insurable or not - An insurance
Risk will NOT result in any gain, but MAY result
unknown taking an NOT taking company will offer insurance on something only if it is predictable.
in loss (or NPNL at best)
events opportunity opportunity Thus, if something is predictable, it is insurable
↓ ↓ ↓ ↓ ↓ ↓
Related to Also called Pure risk: They are predictable Control risks &
Personal Property Opportunity
Liability risks particular Speculative - Personal risk over time oppor risks are
risks risks cost
projects risk - Property risk ↓ unknown, thus not
↓ ↓ ↓ ↓ ↓ - Liability risks Hence insurable predictable & not
Reduction Implement Speculative risks are risks are
Legal liability for Occurrence of fundamental risks Particular risks &
Death, in value controls to deliberately taken, and NOT
damages to cust, cannot be predicted. However, if static risks: They are
accident, of assets reduce when taken, may or may predictable
compensation to it is considered LPLI, insurers predictable over time
disability, due to potential not be succesful. So, hence
employees for may venture into this space for ↓
etc. physical impact if speculative risks can lead not
injury, etc. easy premium income Hence insurable
damage they occur to loss, no loss, or gain insurable
Insurable risks - Pure (Property, Personal, Liability), Static, Particular
Fundamanetal risks - Page 1.17 Particular risks - Page 1.17 GENERALLY NOT insurable - Control, Oppor, Dynamic, Fundamental
Impersonal in nature, i.e., they are NOT caused Caused due to actions of individuals or Eg: Company has machines. What are the risks?
due to actions of individuals organizations 1. Technical breakdown in machine → Org has no benefit of such
They are NOT controllable They are PARTIALLY CONTROLLABLE breakdown, but it can lead to loss → Hazard (Pure) risk
Impacts a large group of people Impact is organization specific 2. Machine is producing slowly → Machine is to be upgraded →
Catastrophic impact + left to be dealt with by Govt Dealt with by individual people/orgs This upgradation process itself is a project → Control (uncertainity)
Generally NOT insurable, BUT insurance cos may 3. Co needs more productivity (not possible from present machine)
They are generally insurable, but subject
venture into risks whose occurances are irregular → Co needs to buy new machines → Co intends new machines will
to conditions
AND impact is minimal (LPLI risks) increase productivity → But it may or may not deliver →
Eg: Earthquake, wars, etc. Eg: Fire accidents in factory, etc. Opportunity (speculative) risks
 Types of risk - Page 1.20 & 1.21
↓ ↓ ↓ ↓ ↓ ↓
Finance related risks Market related risks Operations related risks Management related risks Compliance related risks Security related risks
1.19 1.20 & 1.21 1.20 & 1.21 1.20 & 1.21 1.20 & 1.21 1.20, 1.21 & 1.22
↓ ↓ ↓ ↓ ↓ ↓
A. Financial risk 1. Market risk 2. Operational risk 3. Strategic risk 4. Compliance risk 14. Information risk
B. Credit risk 8. Interest rate risk 10. Management risk 6. Reputation risk 5. Regulatory risk (data security risk)
C. Liquidity risk 9. Foreign exchange risk 11. Staffing risk 16. Fraud risk 7. Legal risk 19. Security risk
17. Price risk 12. Technology risk 20. Governance risk 15. Country risk 21. Safety risk
13. Business continuity risk
18. Process risk
Bowtie Analysis: Hazard
Inflammable gas used in production

Cause 1:
Preventine Control 1: Reactive Control 1: Effect 1:
Inexperienced
Routine staff training Automated warning Loss of human life
workers
on safety procedures systems

Event
Cause 2: Leakage of Effect 2:
Preventine Control 2: Reactive Control 2:
Poorly maintained inflammable Stoppage in
Regular maintenance gas Build contingency plan
equipment operations

Cause 3: Preventine Control 3: Reactive Control 3:

Effect 3:
Improper storage Periodical testing of Make prompt
Fines & penalties
of inflammable storage tanks payment to avoid
by regulators
gases

Delphi Approach:

Develop Prepare Approach Mr A - Expert in economics

Maruti Aggregate the
(revise) questionnare panel of
wants to risks identified by
product based on experts Mr B - Expert in automotives
launch experts based on
launch (modified) (different
new SUV the questionnare
strategy strategy fields) Mr C - Expert in pricing

Each time, the strategy is modified based on the risks identified by the experts. The organization will prepare a
revised questionnare based on the modified strategy, which is again sent to the panel of experts. Again,
experts identify risks, & strategy is also modified again. The cycle is repeated until
all experts in the panel have a common opinion (no risks).
(As per ICAI, it is done a maximum of 4 times )
 Service Level Agreements (SLA):
↓ Understand the business
Based on this, develop a Risk
- They are agreements between ↓
Management Plan
customer and SERVICE PROVIDER Identify risks
- May be legally binding or ↓ ↓
informal Understand cause & effect Such RM plan can vary based on
- The agreement may be ↓ ↓ ↓
between two different orgs or Industry Locale Biz variables
even between two departments
in the same org
- SLAs contain details about But which risks should the organization deal with?
services to be provided to
termination of agmt Decide based on Calculate
- SLAs may require parties to Business Impact ↓ ↓
regularly meet in order to create Analysis Likelyhood Magnitude
an open forum for
communication Identify the
- SLAs normally provide for pervasive risks Determine the risk score
rewards and penalties ↓
How?
| | | ↓
↓ ↓ ↓ What benefits
Importance of Is the risk How much is the or
activity to business controllable potential loss? opportunities
 RASP framework - Risk Architecture, Strategy, Protocol
↓ ↓ ↓
Risk Architecture specifies Risk Strategy defines Risk Protocols contain
↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓
Risk reporting They They specify tools,
Roles &
& Risk Risk Risk They are detailed contain techniques, models, etc.
responsibilitie
communication appetite attitude philosophy guidelines rules and to be used for RM in the
s
structure procedures org
|
| Risk Management Individual Business
| Committee Units
↓ | |
Board of | |
Directors | |
| | |
Audit Committee
| | |
| | | | Finance Department - Disclosure
| | | | committee
↓ ↓ ↓ ↓ ↓
Responsible Responsible for Responsible for Responsible for day Responsible for proper disclosure of the
for overall RM formulating the detailed overseeing internal to day risk management policy in the Financial
of the org RM policy based on the and external audit implementation of Statements of the entity
↓ defined RM appetite ↓ RM policies and
Responsible Both internal and procedures
for setting external audit is "risk
vision, goals, based audit"
objectives
 The Eight Content Elements of an Integrated Report as given in Integrated Reporting Framework (IRF)
↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓
1. Organizational Overview 2. Governance 3. Business 4. Risk & 5. 6. 7. Outlook 8. Basis of
and External Environment ↓ Model Opportunity Strategy Performance ↓ prepration and
↓ ↓ (i) Specific (ii) Leadership ↓ Reporting and ↓ (i) Org's presentation
Org External strategic Structure A. Inputs ↓ Resource (i) expectations about ↓
Overview Environment processes ↓ A. Source ↓ Quantitative the external (i) Summary of
↓ (iv) Particular ↓ Short, indicators ↓ materiality
B. Business
Impact of (iii) Org's actions for B. medium & ↓ (ii) How those determination
activities -
PESTLE in culture, strategic Assessment long term (ii) expectations will process
differentiation,
short, ethics & direction (explanation, strategic Qualitative affect the org ↓
revenue
possible
medium & values generation outcomes,
objectives indicators ↓ (ii) Description
long term (vi) after initial assumptions, ↓ ↓ (iii) How is the org of reporting
(v) Is pay & Implementing point of volatality) Strategies A. Org's equipped to face boundary &
incentives governance sale, ↓ to achieve effect on these changes? how it has been
linked to practices innovation, C. Steps strategic determined
capitals
adapability
value taken to objectives (financial, (which area will be
creation? (vii) ↓ mitigate ↓ manufactured impacted by the
, intellectual, risks we have
Responsibility C. Outputs risk / Resource highlighted, & how
human, social
of TCWG ↓ create allocation and did we determine
D. value to relationship, this?)
Outcome implement natural) ↓
(internal / strategy ↓ (iii) Summary of
external ↓ B. C. Linkage between frameworks used
and Measuring Stakeholder → past and current for risk evaluation
positive / targets relationships performance & quantification

↓ ↓ ↓
(i) Basic information (ii) Key Quantitative Information (KQI) (iii) Significant
↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ factors (risks) in
A. Culture, B. D. Competitive E. Position A. C. No of D. Highlight external envmt
C. Principal
ethics, Ownership landscape & in value Number B. Revenue countries significant changes & response
activities
values & operating mkt positioning chain of of from previous period strategy
 Value at Risk - Shows the probability of loss beyond a certain point for a given time period
For example: HDFC Bank has a 1 day VaR of Rs 25 crore at 95% confidence level
This means there is a 95% probability that HDFC Bank's loss in a single day will NOT exceeed Rs 25 crore. In
other words, probability of HDFC Bank's loss in a single day to exceed Rs 25 crore is only 5%
VaR has 3 components: 1. Time period (1 day); 2. Confidence level (95%); 3. Amount VAR = σ x z score

Day Stock price (x) Mean(x̄) (x - x̄) (x - x̄)^2 2,000

1st 1,000 1,133 -133 17,778
2nd 1,500 1,133 367 1,34,444 1,500
3rd 1,700 1,133 567 3,21,111
4th 800 1,133 -333 1,11,111 1,000
→
5th 500 1,133 -633 4,01,111
6th 1,300 1,133 167 27,778 500
Total 6,800 - - 10,13,333
Mean(x̄) = 6800/6 = Rs 1133.33 -
1st 2nd 3rd 4th 5th 6th
σ = √[(x - x̄)^2/n] = √10,13,33/6 = Rs 410.96
↓
So, mean gives us avg price, & SD tells us how much the mean could fluctuate on an avg, in both directions,
i.e., SD is an avg of deviations from mean line. Now, plotting the same data in a normal distribution chart.
↓
1. Normal distribution is a
probability distribution that is
symmetric about the mean,
showing that data near mean
are more frequent in
occurrence than data far from
mean. It is a bell shaped curve.
2. In this graph, we can see y
axis is probability, & x axis is
share price. The center point of
x axis is the mean mkt price
which we calc at Rs 1,133.33 &
this price can go up or down
3. If price goes down, the 1st point we see is 722.37, which is the mean price minus SD, i.e., 1,133.33 - SD of
410.96 which gives us 722.37. The next point down x axis is 311.41 which is the mean minus 2 times the SD
4. Under ND, probability of positive and negative outcomes is equal, i.e., both have an equal chance of
occurrence of 50%. Therefore, the LHS of the graph and the RHS of the graph both represent 50% each (i.e.,
the chance of market price going up = 50% or 0.5 and chance of price going down is also = 50% or 0.5)
5. Under VaR, only negative outcomes (loss) is measured. Therefore, confidence level (probability) is always
>= 50%. In other words, VaR at 50% confidence level is zero as there is equal chance of gain or loss under ND
6. z score represents SD multiplier, i.e., z score measures distance b/w the mean & share price at a given
probability level, & the UoM of z score is SD. For ex, at mkt price of 722.37, z score is 1 as difference b/w the
mean of 1,133.33 & 722.37 is 410.96, which equals 1 times of SD, giving a z score of 1
7. As we know the y axis represents probability. Normally, under questions, we would be given a particular
"confidence level" and this basically represents probability. If a level of probability is given, say 99%
confidence level, we need to find out the z score from ND table at this probability level to arrive at VaR.
8. z score is calculated by tracing the exact CL we require in the standard normal distribution table
9. Normally, VaR is calculated at 99% CL where z score is 2.33 AND at 95% CL where z score is 1.645
10. At 99% CL, VaR = SD x z score = 410.96x2.33 = Rs 957.55 (99% probability that loss won't exceed 957.55)
11. As higher CL is taken, the VaR value will also go up (Predicting loss with precision = predicting bigger loss)
 Possible complications in VaR sums
↓ ↓ ↓ ↓
1. Multiple period VaR 2. Portoflio VaR 3. Reverse 4. Types of normal distribution tables
↓ ↓ VaR ↓
In the example we just Instead of a calculation A. STANDARD Normal Distribution Table
saw, we calculated 1 single security ↓ Provides area for 0 to z score
day VaR. like in the SFM (search for value of Required CL minus 50%)
↓ example we November Eg: If we need 95% confident level, i.e. 0.95,
If the question saw, if a 2020 we should search for 0.45 on table (0.95-0.50)
requires VaR for portfolio of Exam ↓
multiple days, then we multiple Paper
have to multiply the 1 securities is Question
day VaR by square given, the only 1(c)
root of number of days complication ↓
↓ that will arise is VaR given,
For example, if 1 day that SD find
VaR is 100 and we calculation investment
need to calculate 1 would have to amount ↓
month VaR where 1 be done on B. ONE TAIL Normal Distribution Table
month has 25 trading portfolio basis Provides area for -∞ to z score (loss area)
days, 1 month VaR = ↓ (search 100 minus Required CL)
100 x √25 = 500 Refer Portfolio Eg: If we need 95% confident level, i.e. 0.95,
↓ Management we should search for 0.05 on table (1.00-0.95)
Logic for taking √ of Chapter in SFM ↓
number of days is
because SD itself is √
and when we find SD In any table, the first column
we divide by n on the left is the z value
(number of days), i.e., column and other columns
even n is within √. So represent the value we need
here, too, we take √n to search
↑ ↓
Table Reqd - 99% Reqd - 96% C. TWO TAIL Normal Distribution Table
Standard Search 0.49 Search 0.46 Provides area for -∞ to nega ve z score AND
One Tail Search 0.01 Search 0.04 positive z score to ∞
Two Tail Search 0.02 Search 0.08 (search for value {100 minus required CL} x2)
Cumulative Search 0.99 Search 0.96 Eg: If we need 95% confident level, i.e. 0.95, we
↑ should search for 0.10 on table ({1.00-0.95} x2)
D. CUMULATIVE Normal Distribution Table
Provides area for negative z to positive ∞
(search for value of Required CL on positive side)
Eg: If we need 95% confident level, i.e. 0.95, we
should search for 0.95 on table ←

IMPORTANT: Normally, under VaR we assume

ZERO return. However, if there is an expected
return, we should deduct expected return from
the normal VaR calculated to arrive actual VaR
 Q. 1(c) Nov'20 Exam: Details of Mr A Amount availale in bank = 7,00,000 - 1,000 = 6,99,000
Balance available in bank account 7,00,000 As VaR = max amount in bank, VaR = Rs 6,99,000
Mandatory minimum balance in bank 1,000 VaR = σ x z score at 99% CL x √number of days
These funds are available from Tuesday to Friday 6,99,000 = σ x 2.33 x √4; On solving, σ = Rs 1,50,000
Mr A wants to make an investment such that the → As per the question, σ of investment is 1.5%
maximum VaR is equal to balance in his bank a/c Thus, σ in Rs is Rs 1,50,000 and σ in % is 1.5%,
Standard Deviation of his investment is 1.5% investment would be Rs 1,50,000 ÷ 1.5% or Rs 1 crore
He takes confidence level of 99% Thus, if Mr A invests Rs 1 crore for 4 days, he have
Find the amount he should invest VaR of Rs 6,99,000 at 99% confidence level

Question: Neel holds Rs 1 cr share of XY Ltd. Whose Market Price Standard deviation is 2% per day.
Assuming 252 days in a year, determine maximum loss level over the period of 1 trading day and 10 trading
days with 99% confidence level. Assuming share price are normally for level of 99%, the equivalent Z Score
from normal table of Cumulative Area Shall be 2.33
VaR for 1 day = σ x z score at 99% CL x √number of days = (Rs 1 crore x 2%) x 2.33 = Rs 4,66,000
VaR for 10 days = σ x z score at 99% CL x √number of days = (Rs 1 crore x 2%) x 2.33 x √10 = Rs 14,73,621

Question: Consider a portfolio consisting of a Rs 200,00,000 investment in share XYZ & Rs 200,00,000
investment in share ABC. The daily standard deviation of both shares is 1% and that the coefficient of
correlation between them is 0.3. Determine the 10- day 99% value at risk for the portfolio? Given: The Z
score from this normal table at 99% confidence level is 2.33 (show calculation upto four decimals)
Portfolio σ = √(Wa^2 x σa^2) + (Wb^2 x σb^2) + (2 x Waσa x Wbσb x r[a,b]) = √(0.5^2 x 1^2) + (0.5^2 x
1^2) + (2 x 0.5 x 1 x 0.5 x 1 x 0.3) = √0.25 + 0.25 + 0.15 = √0.65 = 0.8062%
VaR for 10 days = σ x z score at 99% CL x √no of days = (Rs 4cr x 0.8062%) x 2.33 x √10= Rs 23,76,067.1286

Question: Suppose you hold Rs 2 crore shares of X Ltd. whose standard deviation is 2% per day. Assuming
260 trading days a year, determine max loss level over a period of 1 one week with 99%, 98% & 95% CL
Assuming 5 trading days in a week, VAR at 99% CL for 5 days = σ x z score at 99% CL x √no of days = (Rs
We know z at 99% CL = 2.33 2 crore x 2%) x 2.33 x √5 = Rs 20,84,015
We know z at 95% CL = 1.65 VAR at 98% CL for 5 days = σ x z score at 98% CL x √no of days = (Rs
Intrapolating z at 98% CL = 2.16 2 crore x 2%) x 2.16 x √5 = Rs 19,31,963
VAR at 95% CL for 5days = σ x z score at 95% CL x √no of days = (Rs 2 crore x 2%) x 1.65 x √5 = Rs 14,75,805

If table is given, use it to find nearest values for 0.98, say 0.9805 & 0.9795 and then intrapolate for 0.98
If table is given, intrapolate exactly for 0.99 & 0.95 instead of using std z score IF Q says use 4 decimals

Full revaluation approaches to VaR

Historical Approach Bootstrap Approach Monte Carlo Approach
It is a non-parametric approach, Steps to find 95% CL VaR for 1 day: Steps to fund 95% CL VaR for a
meaning it does NOT take into 1. Gather historical loss data portfolio of stocks for 1 day:
consideration normal distribution 2. Select a random sample from the 1. Select random samples of
Steps to find 95% CL VaR for 1 day: data and record its VaR return of 1 day for each stock
1. Collect historical loss data 3. Keep repeating this process until 2. Based on this, future
2. Arrange loss in descending order sufficient number of samples are portoflio return is simulated
(largest to smallest loss) retrieved. Sampling with 3. Repeat Step 1 & 2 multiple
3.The 5th largest loss is 95% CL VaR replacement is followed, meaning, times & get several simulations
This is commonly used as in reality the same sample could be chosen 4. Plot these simulations as
losses do NOT follow normal dstbn multiple times at random. the basis for normal dstbn
4. Take an avg of all the random 5. Derive VaR at 95% CL as it is
Here too, normal dstbn is NOT used ← VaRs retrieved to arrive at VaR usually done for normal dstbn
 Coherent Risk Measures - It means risk measures should be logical and consistent. To be coherent, risk measures should have the ALL following 4 properties:
↓ ↓ ↓ ↓
Property 1: Sub-additivity Property 2: Homogeneity Property 3: Monotonicity Property 4: Risk Free Condition (or)
↓ ↓ ↓ Translation Invariance
It means that portfolio should show This states that the size of a portfolio Assuming two portfolios with same ↓
the effect of diversification and the risk involved in the portfolio is level of SD, one with a higher Adding cash to a portfolio will reduce
↓ directly proportional to each other expected future return than the other, the risk of the portfolio
Always in a portfolio, the combined ↓ the portfolio with the higher expected ↓
risk of the portoflio (Portoflio SD) will If investment is Rs 1 crore & the risk future return will always be the less For example, if there are two portfolio
be lower or at the worst equal to the involved is Rs 25 lakhs, if investment is riskier investment of Rs 1 crore each, where Portfolio A
risk of the individual stocks which doubled to Rs 2 crore, the risk would ↓ invests the entire Rs 1 crore in Stock
make up the portfolio also double to become Rs 50 lakhs In other words, if there are two X, while in Portfolio B, Rs 90 Lakhs is
↓ ↓ portfolios, and one is always giving invested in Stock X, and Rs 10 lakh is
This is because co-relation (r) of VaR fulfills homogeneity property as higher return (lower loss) than the kept as cash (or in the the form of risk
stocks is between -1 to +1, meaning VaR can be measured as a % also and other, it means the portfolio which is free securities)
that they either move in opposite when investment increases, the giving higher returns has lower risk in ↓
directions (-1 to 0) or move in the associated VaR also increases comparision to the other portfolio Here, Portfolio A will have a higher
same direction (0 to +1) ↓ risk than Portfolio B because Portfolio
↓ Year Stock A (x - x̄) (x - x̄)^2 Example: Say VaR at 0 return is Rs 100 B also has cash
If a Co has a finance dept which needs 2016 10% 2 4 for both Portfolio A & Portfolio B. In A, ↓
to pay USD & sales dept which needs 2017 11% 1 1 we expect return of Rs 40 & in B we In other words, if a portfolio has cash,
to receive USD, both these risks 2018 12% - - expect return of Rs 80, the risk this cash can be used to absorb the
create a natural hedge due to 2019 13% 1 1 adjusted VaR of A will be 60 & B will losses generated from the risky asset
diversification, but is not measured in x̄ = 12% 6 be 20. So, more return = lower risk
↓ σ(A) = √[(x - x̄)^2/n] = √6/4 = 1.225% ↓ Conclusion: VaR is not a coherent
However, under VaR, the effect of This property can be seen from ex- measure as it is NOT sub-additive,
diversification is NOT considered, Year Stock B (x - x̄) (x - x̄)^2 post perspective or through i.e., VaR does not consider benefit of
therefore the portfolio risk can be 2016 5% -3 9 backtesting, i.e., looking back or portfolio diversification (it ignores
←
higher than the individual risks of the 2017 20% -1 1 introspecting what would have been corelation between different
stocks forming the portfolio 2018 6% 1 1 the less risky invsmt if we had data investments in a portfolio)
↓ 2019 8% 3 9 about returns on the day of investing ↓
In other words, VaR does not consider x̄ = 8% 20 ↓ But, conditional VaR or Expected
corelation & thus is NOT sub-additive σ(B) = √[(x - x̄)^2/n] = √20/4 = 2.236% VaR fulfills monotonicity property Shortfall is a choerent measure
 Stress testing v/s Reverse Stress Testing

The three pillars of Basel II

Gini Coefficient and Lorenzo Curve - Measure of income inequality

 Maximum Permissable Bank Finance (MPBF) is used to calculate the maximum amount of Working Capital
loan that a bank should give. Three methods of MPBF were recommended by the Tandon Committee:
Particulars MPBF - Method 1 MPBF - Method 2 MPBF - Method 3
Margin to be funded by
borrower from long term funds 25% of WCG 25% of CA 100% of CCA + 25% of OCA
Minimum Current Ratio (CR) 1:1 1.33:1 1.5:1
Approach Liberal Balanced Stringent
Usage Used Commonly used Not adopted
Example MPBF - Method 1 MPBF - Method 2 MPBF - Method 3
A. Current Assets 500 500 500
B. Core Current Assets 0 0 75
C. Other Current Assets 0 0 425
D. Current Liabilities 150 150 150
E. Short Term Bank Borrowings 50 50 50
F. Other Current Liabilities 100 100 100
G. Working Capital Gap (A-D) 400 400 400
H. Margin 100 125 181.25
(25% of WCG) (25% of CA) (100% of CCA + 25% of OCA)
I. MPBF (G-H) {WCG - Margin} 300 275 218.75
J. Current Ratio 1.25 1.33 1.57
CA = Current Assets CL = Current Liabilities OCL = CL minus Short Term Bank Borrowings
WCG = Working Capital Gap = CA - OCL OCA = CA - CCA CR = CA/(OCL + MPBF)
CCA = Core Current Assets - Bare minimum level of CA required to carry on operations. It represents
"permanent" CA that an org would always maintain irrespective of funding.
 Focus of Pillar I = Ensure
adequate capital, measured in
terms of Capital Adequacy Ratio
(Capital to Risk Weighted Assets
↓

↓
Here, Risk Weighted Assets is
asset value x risk weight
↓ As creditworthiness
Asset value the amount of loan Risk weight is calculated based on "how → is used to find risk
given (exposure at default) . The risky" a loan which is dependent on the weight, "credit risk"
challenge is calculating risk weight creditworthiness of the borrower affects CAR, hence
it is a part of Pillar I
Basel II gives 2 methods for calculating risk weight (creditworthiness) ← of Basel II

Approach I - Standardized Approach:
Here, the bank obtains credit rating for
the counterparty from an external agency
such as S&P/Moodys/Fitch and based on
the credit rating, a risk weight is assigned.
For example, the risk weight for AAA
rated company may be 1, while risk
weight for D raated company may be 3
(risk weight is taken between 1 to 3)
Approach II - Internal Rating Based Approach: Here, credit
risk is calculated as {PD x EAD x LGD x Maturity} . Maturity
means effective time to maturity. Based on this calculation, a
risk weight is derived (b/w 1 to 3). There are 2 approaches for
obtaining the four inputs
↓ ↓
Foundation Approach Advanced Approach
Bank determines the Probability of All four inputs are
deafult (PD) by itself determined by bank
Inputs of EAD, LGD and Maturity is itself, with approval
given by Supervisor (regulator - RBI) of supervisor

Basel II also suggests two methods for credit risk mitigation: 1. Securitization (on previous page); 2. CDS
↓
1. Credit Default Swaps (or) CDS - Derivative contract where underlying is "default" by borrower
A. Risk Capacity/Risk Tolerance: Max level of risk → Risk Capacity v/s Risk Appetite
org can assume given its current level of resources Risk Low risk Risk
↓ Capacity: (Rs 100 crore) Appetite:
B. Risk appetite covers two aspects → Maximum Maximum
Moderate
↓ ↓ level of level of
risk
Aggregate level of risk Types of risk the org is risk which risk which
(Rs 200 crore)
the org is willing to willing to assume the entity the entity
assume (Quantitative) (Qualitative) COULD High risk is WILLING
↓ ↓ take (Rs 400 crore) to take
Risk Appetite should be Always Risk Capacity >= Risk Appetite
↓ ↓
Within the org's risk In line with org's overall
capacity goals, objectives, strategy

C. Risk Appetite Framework (RAF): Approach to → Effective RAF should:

establish, communicate and monitor risk appetite 1. Establish process to communicate RAF
↓ 2. Involve both top-down & bottom-up approach
RAF is set up considering the following factors 3. Embed risk appetite into risk culture of the org
↓ ↓ ↓ 4. Evaluate opportunities for appropriate risk taking
Material Interests The organization's 5. Act as a defence against excessive risk taking
risks to of all overall goals, objectives 6. Allow for RAS to be open to be challenged
the org stakeholders and strategy 7. Adaptable to changing business
↓ ↓ ↓
RAF includes 3 components
↓ ↓ ↓ Effective RAS should:
Risk Roles and 1. Include key background info and assumptions
Risk
Appetite responsibilities of 2. Be linked to short-term and long-term objectives
Limits
Statement those overseeing RAF 3. Determine risk appetite
↓ 4. Determine risk limit for each material risk
D. Risk Appetite Statement (RAS) → 5. Include quantitative risk limits for functions
↓ ↓ 6. Include qualitative statements elaborating reason
Aggregate level of risk Types of risk the org is for taking/not taking certain types of risk
the org is willing to willing to assume 7. Ensure alignment of individual risk limits with
assume (Quantitative) (Qualitative) overall risk appetite
↓ ↓ 8. Be forward looking, and subject to scenario
Which the org is willing to take OR avoid in order to testing and stress testing
achieve business objectives

E. Risk Limits → Risk limits should:

↓ 1. Consider interests of all stakeholders
Specific quantitative limit of risk (in % of a base) 2. Be established for functions and legal entities
which a function/dept or specific risk categories or 3. Be expressed relative to earnings, capital, etc.
other categorization is allowed to assume 4. Include limits for material risks at different levels
↓ (group wide, legal entity wide, function wide, etc.)
It is basically an allocation of the org's risk appetite 5. Be based on best practices and benchmarks, BUT
to different functions/other categorization customized for the organization
↓ 6. NOT be complicated, ambiguous or subjective
Risk assumed by such function/other category should 7. Be monitored on a regular basis
NOT breach risk limit. If breached, an exception report
is triggered to inform appropriate level mgt
 To start a business one needs RISK MATURITY shows how developed orgs are to deal with risk, i.e., whether only top mgt (CFO) focus on RM,
↓ ↓ ↓ ↓ or is RM a part of everyone's job. There are 5 levels of risk maturity: (Org structure: Staff mgr (CFO) → Line mgr)
Visionary Hacker Hustler CFO ↓ ↓ ↓ ↓ ↓
↓ ↓ ↓ ↓ 1. Risk Naïve 2. Risk Aware 3. Risk defined 4. Risk managed 5. Risk enabled
Who has Who Who Child Teenager Adult Middle age Old age
Who grows
a vision develops manages Score: 0 to 7 Score: 8 to 14 Score: 15 to 20 Score: 21 to 25 Score: 26 & abv
the business
for the biz product finances Line manager is Risks are split dept ERM is The org is fully
ERM partially
↓ ↓ ↓ ↓ focused only on wise, staff maintained in the prepared to deal
followed, i.e., risks
Together, they approach an investor for funding operations. Risk is manager of each org, but not all with all risks and
identified in few
↓ managed by CFO dept are threats can be can convert all
areas through
The investor will check level only concerned only converted into (100%) threats
RBIA, while risks
↓ ↓ ↓ ↓ Best for start ups about risks in opportunities into opportunities
not identified in
Is Is BIZ How as line mgr's focus Customers may be Most practical Not practical to
Is there unimportant areas
GROWTH MODEL much is is only on growth dissatisfied approach achieve
an IDEA?
possible? sustainable? the RISK? No risk register No risk register No risk register RR maintained RR maintained
↓ No formal Risks identified Risk mitigation Enterprise wide RM & internal
If risk is LOW → he will easily invest approach is w/in functions but strategy & RM approach to RM is controls are fully
But if risk is HIGH → invests IF return is HIGHER developed for RM not processes policy is in place developed & embedded into
↓ Risks are NOT AND has been communicated operations
It is the job of the CFO to reduce and control risk of Silo mentality = communicated communicated A risk register is in Org is capable of
the entire company in order to attract investments reluctance to across the org Risk appetite has place converting
↓ share info w. It is scattered silo been defined uncertainities into
Dealing with risk at org level instead of individual risk E'ees of dif. depts ← approach opportunities
level = Enterprise RM (or) Business RM
↓ Risk Maturity level is determined based on 4 factors (how will internal auditor check risk maturity level?)
ERM serves three purposes 1. Are biz 2. Is risk APPETITE 3. Is control 4. Do adequate processes exist for
↓ ↓ ↓ objectives are defined and envmt strong A) assessment, B) management; and
Deal with Helps meet defined AND communicated including tone C) communication
To bring org's overall risk
risk at org's goals & communicated across the org from the top of risks in the company
within their risk appetite
overall objectives
↓ ↓ ↓
But as business grows, risk becomes everyone's
responsibility, and not just the job of the CFO
 Segment 1.1: What is operational risk? It is the risk arising from inadequate or failed
↓ ↓ ↓
A. Processes or People; or B. Systems; or C. External events
↓ ↓ ↓
Segment 1.2: Why do these Segment 1.2: Why do these risks arise? Segment 1.2: Why do the risks arise?
risks arise? ↓ ↓ ↓ ↓
↓ ↓ Due to Inadequate technology External
External Change in
Inadequately Inadequately ↓ events
crime like industry
defined defined What can the org do to mitigate this? like
theft envmt
products or policies or ↓ ↓ ↓ terrorist
services processes Manage Focus on Focus on newer issues which can pose risks
Technology Cyber risk Segment 13
risk and ↓ ↓ ↓ ↓ What can org do to mitigate this?
What can the org do to Segment 7 Information Machine Analytics Distributed Artificial ↓ ↓ ↓
mitigate this? Security Learning (Big Data) Ledger Intelligence Business Identify Transfer
↓ controls Seg 13.1 Seg 13.2 Technology (AI) Continuity Key Risk the risk
(1) (2) Segment 11 (Blockchain) Seg 13.3 Plan Indicators ↓
Appoint CRO Understanding (3) Seg 13.4 Segment 9 and Option A:
(general controls in Set up Process perform Outsourcing
point) the org Notes /SOPs ↓ Scenario Seg 10
Segment 5 Segment 3.5 Step 1: Business Impact → Step 2: Functional Analysis ↓
(4) Analysis (BIA) → Recovery Plan (FRP) Seg 8 Option B:
Set up (5) (6) (7) Segment 9.1 Segment 9.2 Insurance
Operational Incorporate Build Set up operational Seg 14
Risk Risk Control Operational Policy Framework
Management Self Risk Segment 3.4 What if operational risks occur despite taking all these steps?
Committee Assessment Management ↓ ↓ ↓
(ORMC) (RCSA) Policy Entity level Dept level Record the reason why such Operational Loss Data Management
Segment 3.2 Segment 6 Segment 3.1 policies policies risks are occuring Segment 12
↓ ↓
(8) Focus on the type of risk (9) Identify → Quantify → Report → Corrective
Analyse these reasons to
faced by organization Risk grading/rating (probability x impact) Seg 12.1 Seg 12.2 Seg 12.3 Action
understand the root cause
Segment 4.2 Segment 4.3 Seg 12.4
 AI means using a machine to take decisions. → ML means giving huge amounts to data to the
machine for it to:
Since the end result of ML is also machine based ← 1. Establish relationships between data
decision making, ML is basically a subset of AI 2. Learn these relationships by itself; and
↓ 3. Then take decisions by itself
Since ML is a subset of AI, it implies that AI is a
broader concept than ML → But what kind of AI is not ML? In case the machine
is given a pre-defined code based on which it is to
In a nutshell, if we give a pre-defined if-then-else take decisions (an if-then-else code) , then it is not
code to a machine, it is purely AI. But, if we feed a ← ML because, in this case the machine is not
machine with data, & then the machine builds the learning and taking decisions based on past data,
if-then-else code by itself, it is both ML and AI but using a pre-defined logic to take decisions.

Big Data means huge quantity of data → Analytics is compressing Big Data into sensible
↓ reports which can be used for understanding what
For example: Amazon fulfills over 2 billion orders the data represents and then taking decisions
every year. This data of orders is enormous. ↓
For example, a summary report is generated
Link between Big Data, AI, ML and Analytics: If containing the geography wise orders, average
Amazon uses total order data of 2020 as input, it is ← order value, highest ordered items, etc. This
Big Data due to its enormous volume. Now, if the compresses the big data into systematic, usable
machine establishes relationships between this and sensible reports using Analytics.
data, is able to identify what are the products
frequently bought together, and used this data to If a report is generated containing a summary of
make a recommendation to the user based when → products which were recommended to customers,
he is viewing another product, it is use of AI & ML. but were not actually bought it is use of Analytics

Machine learning
↓ ↓
Supervised ML Unsupervised ML
↓ ↓
Input is a labelled (pre-defined) dataset based on Input is raw data with no pre-defined relationships
which the machine learns existing relationships ↓
between variables The machine simply groups data together based
↓ ↓ on similar characteristics
Regression model Classification model ↓ ↓
↓ ↓ Clustering Association
Answer to one variable Variables have ↓ ↓
changes in response to pre-defined answers Divides data into
Gives probability of
another variable only clusters with similar
co-occurrence
↓ ↓ characteristics
Examples: Examples: ↓ ↓
1. Experience & Salary 1. Yes or No Example: Which Example: Which
2. Height & Weight 2. Heads or Tails customers have bought products were bought
3. Market return & 3. Disease or No disease /used the same product together
Security return 4. Right or Wrong ↓ ↓
↓ ↓ Now, machine can give Machine can now
Here one variable is Such variables have product specific offers recommend customer
independent, & the categorical answers to customers (calling to buy product X when
other is dependent (conclusive answers) plan/data plan, etc.) he is buying product Y
 Basel norms are set up by Bank Objective of BIS: Objectives of Basel norms:
for International Settlement → Coordination of Central Banks. It → 1. Enhance resiliance of banks
(BIS) in Basel, Switzerland is a Bank of Central Banks for economic and financial
2. To promote transparency in
Basel (1988; outdated )→ Basel II (2004; used )→ Basel III (2010; used ) ← banking operations
↓
Focus of Basel Norms = Ensure adequate capital, measured in terms of
→
Capital Adequacy Ratio (Capital to Risk Weighted Assets Ratio)
↓ ↓
Why is CAR required? Example: - Here, the loss is 9 crore, but Minimum CAR requirement:
Capital invested 1 the capital is only 1 crore - As per Basel II - 8%
Deposits 100 - Therefore, the excess loss of 8 - As per RBI - 9%
Cash available 101 will be absorbed from the
CRR, SLR, etc. 26 deposits on hand (money which
Balance (loans given) 75 → is not ours) In order to maintain such
Interest income (Say - This is why CAR is required, minimum CAR, the bank can:
15% of loans given) 11.25 i.e., to maintain a minimum level 1. Raise more Capital (increase
→
Maximum possible of capital which is enough to numerator)
defaults & other costs -20.25 absorb the possible losses 2. Sell/reduce Risk Weighted
Maximum loss -9.00 - In India, this CAR % is 9% Assets (reduce denominator)

Calculation of CAR: As we know, CAR has two components - Capital and Risk Weighted Assets (RWA)
↓ ↓
Risk Weighted Assets (RWA)
↓ ↓ ↓
Low risk Medium risk High risk
↓ ↓ ↓
Full Some
Collateral is of
collateral collateral
no/low value
available available
↓ ↓ ↓
Housing Borrowers Agriculture
Min requirements Basel II Basel III RBI loans, Gold with good loans,
Common Equity 2.00% 4.50% 5.50% loans, etc. credit rating education
Tier I capital 4.00% 6.00% 7.00%
Total Capital 8.00% 8.00% 9.00%
Basel 3 vs 2: Basel III uses same concepts as
Continuing the same example: Bank has Rs 75 crore to Basel II but has different rates for capital reqmts
lend. Of this, say bank has lent in following pattern: Basel III also introduced below new concepts:
Risk Amount Risk weight Amount x Weight 1. Capital conservation buffer - 2.5% of
Low 25 1.2 30 common equity - imposed during stress periods
Medium 30 1.8 54 2. Counter cyclical buffer - 0 to 2.50% of
High 20 2.4 48 common eq - imposed during high credit growth
Total 75 ↓ 132 3. Liquidity coverage ratio - Maintain enough
Risk weights are given based on the riskiness of loans. High Quality Liquid Assets to face cash outflows
As per Basel norms, risk weight should be b/w 1 to 3, for 30 days during stress periods
1 indicating no risk & 3 indicating highest risk of default ↑
↓ Conclusion: Bank needs to raise CAR to 9%
→ Understanding: If banks want to give riskier
loans, they need to have higher capital