What are the Major Risks for Banks?

Major risks for banks include credit, operational, market, and liquidity risk.
Since banks are exposed to a variety of risks, they have well-constructed
risk management infrastructures and are required to follow government
regulations. Government agencies, such as the Office of Superintendent of
Financial Institutions (OSFI) in Canada, set the regulations to counteract
risks and protect depositors.

Why Do the Risks for Banks Matter?

Due to the large size of some banks, overexposure to risk can cause bank
failure and impact millions of people. By understanding the risks posed to
banks, governments can set better regulations to encourage prudent
management and decision-making.

The ability of a bank to manage risk also affects investors’ decisions. Even
if a bank can generate large revenues, lack of risk management can lower
profits due to losses on loans. Value investors are more likely to invest in a
bank that is able to provide profits and is not at an excessive risk of losing
money.

Summary

 The major risks faced by banks include credit, operational, market,

and liquidity risks.
 Prudent risk management can help banks improve profits as they
sustain fewer losses on loans and investments.
 Ways to decrease risks include diversifying assets, using prudent
practices when underwriting, and improving operating systems.

Credit Risk

Credit risk is the biggest risk for banks. It occurs when borrowers or
counterparties fail to meet contractual obligations. An example is when
borrowers default on a principal or interest payment of a loan. Defaults
can occur on mortgages, credit cards, and fixed income securities. Failure
to meet obligational contracts can also occur in areas such
as derivatives and guarantees provided.

While banks cannot be fully protected from credit risk due to the nature of
their business model, they can lower their exposure in several ways. Since
deterioration in an industry or issuer is often unpredictable, banks lower
their exposure through diversification.
By doing so, during a credit downturn, banks are less likely to be
overexposed to a category with large losses. To lower their risk exposure,
they can loan money to people with good credit histories, transact with
high-quality counterparties, or own collateral to back up the loans.

Operational Risk

Operational risk is the risk of loss due to errors, interruptions, or damages

caused by people, systems, or processes. The operational type of risk is
low for simple business operations such as retail banking and asset
management, and higher for operations such as sales and trading. Losses
that occur due to human error include internal fraud or mistakes made
during transactions. An example is when a teller accidentally gives an
extra $50 bill to a customer.

On a larger scale, fraud can occur through breaching a bank’s

cybersecurity. It allows hackers to steal customer information and money
from the bank, and blackmail the institutions for additional money. In
such a situation, banks lose capital and trust from customers. Damage to
the bank’s reputation can make it more difficult to attract deposits or
business in the future.

Market Risk

Market risk mostly occurs from a bank’s activities in capital markets. It is

due to the unpredictability of equity markets, commodity prices, interest
rates, and credit spreads. Banks are more exposed if they are heavily
involved in investing in capital markets or sales and trading.

Commodity prices also play a role because a bank may be invested in

companies that produce commodities. As the value of the commodity
changes, so does the value of the company and the value of the
investment. Changes in commodity prices are caused by supply and
demand shifts that are often hard to predict. So, to decrease market risk,
diversification of investments is important. Other ways banks reduce their
investment include hedging their investments with other, inversely related
investments.

Liquidity Risk

Liquidity risk refers to the ability of a bank to access cash to meet funding

obligations. Obligations include allowing customers to take out their
deposits. The inability to provide cash in a timely manner to customers
can result in a snowball effect. If a bank delays providing cash for a few of
their customer for a day, other depositors may rush to take out their
deposits as they lose confidence in the bank. This further lowers the
bank’s ability to provide funds and leads to a bank run.

Reasons that banks face liquidity problems include over-reliance on short-

term sources of funds, having a balance sheet concentrated in illiquid
assets, and loss of confidence in the bank on the part of customers.
Mismanagement of asset-liability duration can also cause funding
difficulties. This occurs when a bank has many short term liabilities and
not enough short-term assets.

Short-term liabilities are customer deposits or short-term guaranteed

investment contracts (GICs) that the bank needs to pay out to customers.
If all or most of a bank’s assets are tied up in long-term loans or
investments, the bank may face a mismatch in asset-liability duration.

Regulations exist to lessen liquidity problems. They include a requirement

for banks to hold enough liquid assets to survive for a period of time even
without the inflow of outside funds.

Additional Resources
This has been CFI’s guide to the Major Risks Faced by Banks. To keep
advancing your career, the additional CFI resources below will be useful:

 Risk Management
 Capital Adequacy Ratio
 Leverage Ratios
 Basel III
 See all risk management resources

What is Enterprise Risk Management, and Why is It Critical for

Proper Corporate Governance?

The process of identifying events that have the potential to threaten

the entity and endanger business continuity

Historically, most organizations and their stakeholders have vehemently

pursued business and financial growth while taking a reactive approach to
risk management.

Although facilitating business growth will remain at the top of

organizational leaders’ priority list, companies can no longer afford to be
defensive regarding risk management.

Forward-thinking decision-makers are keenly aware of this fact, which is

why countless entities have embraced the enterprise risk management
(ERM) framework. This approach seeks to align a company’s pursuit of
acceptable returns and its desire to manage risks within its appetite.

Enterprise risk management is essential to corporate governance. It

enables business leaders to protect their brands from reputational
damage, avoid costly fines from regulatory entities, and minimize their
exposure to civil litigation, which are vital to ensuring long-term success.
What is Enterprise Risk Management?
In simplistic terms, enterprise risk management is the process of
identifying events that have the potential to threaten the entity and
endanger business continuity.

ERM is also designed to “provide reasonable assurance” to stakeholders

that the entity will achieve its objectives. Businesses leveraging ERM use a
top-down approach that includes its board of directors, decision-makers,
and management personnel across the organization.

Enterprise risk management transitions away from compartmentalized

risk assessment, which has long been the standard approach for many
industries.

ERM is a more holistic approach that breaks away from defensive-minded

risk management strategies. The latter focuses on mitigating and avoiding
risks rather than proactively eliminating roadblocks and potential
vulnerabilities.

The ERM philosophy permits business leaders to identify, prepare for, and
remove hazards that arise within a company’s key departments, including
finance, legal, and HR.

Enterprise risk management also eliminates information silos by shifting

the risk management burden away from division heads and into the
hands of C-suite decision-makers.

Organizational leaders can leverage their high-level business overview to

mandate specific departments to engage in or stop certain activities.

Core Components of Enterprise Risk Management

The Committee of Sponsoring Organizations (COSO) created the
enterprise risk management framework. In this framework, COSO
identified eight critical components of ERM:
Internal environmental factors

The internal environment of an organization includes its corporate culture

and the overall business ecosystem.

Culture plays a key role in creating the company’s risk appetite and
influences management’s attitude toward incurring risks. Although the C-
suite creates expectations for the internal environment, one should look
at employees’ behavior to assess a business’s culture.

Objective setting

When setting objectives, organizational leaders must remain aware of the

company’s overall risk appetite. For instance, a company with a low-risk
tolerance should avoid setting overly ambitious objectives. Achieving lofty
goals requires a company to take on much higher risk exposure, which
may not sit well with stakeholders.

Identification of events

Organizational leaders must identify events that have the potential to

negatively impact business continuity. As part of these efforts, decision-
makers need to identify incidents that can threaten the business from
both a strategic and operational perspective.

An operational risk, for example, could be a natural disaster that disrupts

production. Conversely, a strategic risk could come from a government
regulation that imposes a new tax on one of your manufacturing
materials.

Risk assessment

Under the COSO model, events should be classified based on their

likelihood of occurring and their potential to impact the business.

Naturally, business leaders should prioritize preventing or preparing for

an event that’s both highly likely to occur and very damaging to the
business. Business leaders must consider direct and indirect impacts on
the company when assessing risks.

Response

In terms of risk response, businesses have four primary options:

 Risk avoidance
 Risk reduction
 Risk sharing (i.e. purchasing insurance)
 Risk acceptance

When determining which response strategy to use, decision-makers

should consider how likely the event is to occur, what financial impacts it
could have on the business, and whether taking on said risk will move it
closer to a critical objective.

Control

More commonly referred to as “internal controls,” control activities enable

businesses to mitigate risks by implementing standardized policies and
procedures.

Controls typically fall into one of two categories: preventive and detective.

As their name suggests, preventive controls are designed to mitigate risk

by preventing specific events from occurring. Detective activities reveal
risky activities that are currently occurring so management can take
action.

Information gathering and communication

Gathering information requires you to implement the right entity

management systems. When businesses rely on antiquated manual
processes, they can’t effectively capture data, much less distribute it to
decision-makers.
Reliable and easily accessible access to your corporate data is essential for
risk management and corporate governance. By centralizing
information on all entities, organizations can track and manage entity
data, including corporate filings, ownership structure, and compliance
obligations.

These advanced reporting features help organizations to identify and

mitigate risks across entities, ensuring compliance with regulations and
reducing the risk of penalties.

Disseminating information to managers and C-suite executives is critical,

as doing so informs decision-making processes and promotes buy-in
across the organization.

Monitoring

Businesses with successful ERM strategies conduct regular audits to

assess their performance. Organizations can leverage an internal
committee or hire an external auditor.

The latter approach is often preferred, as an objective third party can

deliver a more nuanced perspective of a company’s enterprise risk
management strategy.

Why is Enterprise Risk Management Necessary?

Individual business units and their managers often view a business
through a limited lens.

For instance, the head of the accounting department will have a strong
understanding of risks as they pertain to the organization’s finances.
However, they’ll be far less conscious of other risk types, such as
compliance challenges that arise during legal entity management.

While narrowing its focus is necessary for each business unit to fulfill its
responsibilities, it must lend itself better to holistic enterprise risk
management.
Transitioning toward a holistic enterprise risk management approach
serves two essential purposes. First and foremost, ERM enables an
organization to minimize risk and pursue goals while staying within its risk
appetite. Secondarily, an enterprise risk management strategy can reveal
opportunities to reduce risk and pursue business goals.

Consequently, your business should embrace a strategy focused on

organization-wide risk monitoring, management, and mitigation. Doing so
will insulate you from undue risk and empower you to push toward key
organizational objectives without inadvertently undermining business
continuity.

16 banks at risk of capital shortfall if top 3 borrowers default

Illustration: TBS
 At end of September 2022, in the pre-shock scenario, 11 out of 61
scheduled banks could not maintain CRAR
 The remaining 50 banks were considered for the analysis of that
quarter
 Thus, a total of 27 banks, out of the 61 banks, will not be able to
maintain CRAR if the top three borrowers of each bank default
Sixteen banks will fail to maintain the minimum required Capital to
Risk-weighted Assets Ratio (CRAR) in case the top three borrowers of
each bank default, according to the Bangladesh Bank's Financial
Stability Assessment Report for the period of July-September last year.

The Capital to Risk (Weighted) Assets Ratio (CRAR) is the ratio of a bank's
capital to its risk-weighted assets and current liabilities.
Advertisement: 0:01

Close Player

According to the central bank report, at the end of September 2022, in the
pre-shock scenario, 11 out of 61 scheduled banks could not maintain the
minimum regulatory requirement of 10% CRAR. The remaining 50 banks
were considered for the analysis of that quarter.

Thus, a total of 27 banks, out of the 61 banks, will not be able to maintain
CRAR if the top three borrowers of each bank default.

When asked about this, Arfan Ali, former managing director of Bank Asia,
told The Business Standard that many banks have given large loans to a small
number of individuals or institutions. In some cases, a large portion of bank
loans gets stuck among a few borrowers. 

So, if these people or institutions default, the banks will be in trouble. That is
why banks have to spread out their loans in smaller amounts to reduce risks,
he added.

The central bank's Financial Stability Department (FSD) conducts stress

testing on scheduled banks on a quarterly basis to identify their resilience
under different plausible adverse scenarios. Credit, Market and Combined
Shocks of banks have been seen in this test.

The aftershock Capital to Risk-weighted Assets Ratio (CRAR) is compared

with the minimum regulatory requirement of 10% in line with the Basel III
capital framework. 
This hypothetical test is a useful risk management tool for instructing banks
to ensure safety measures in respect of capital maintenance and liquidity
management against any probable adverse economic and financial condition.

In the case of credit shock, the central bank says, If non-performing loans
(NPLs) increased by 3% of every bank, then six banks would fail to maintain
the minimum required CRAR. However, if the Forced Sale Value (FSV) of
Mortgaged Collateral declined by 10%, then no bank would fail to maintain
this ratio.

In the case of Market Shock, the report says, If the deposit interest rate
increased by 1%, then two banks would fail to maintain the minimum CRAR.

In the case of Combined Shock, this test evaluates the performance of a bank
by aggregating the results of different credit shocks, exchange rate shocks,
equity price shocks, and interest rate shocks. 

In the event of combined shock (except default of top large borrowers and
increase in NPLs of the highest outstanding sector), 13 banks would fail to
maintain the minimum required CRAR.

According to the report, Pre-Shock CRAR decreased by 14 basis points in the

September quarter, compared to the previous quarter. The ratio was 11.15%
in June, which stood at 11.01% in September.

A bank-wise review showed that the state-owned banks could not maintain
the minimum required CRAR in this quarter as in other quarters. In
September, their ratio decreased by 25 basis points to 6.18% compared to
June.

Private banks have managed to keep the required CRAR, but the ratio has
declined compared to June. 

Also, Bangladesh Krishi Bank, Rajshahi Krishi Unnayan Bank and Probashi
Kallyan Bank – these three specialised banks could not maintain the CRAR,
on the contrary, their deficit increased. Their CRAR declined from

-35.77% in the April-June quarter to -37.27% in the July-September quarter.

However, the required CRAR of foreign commercial banks has increased to
30.36% from 26.44% in June.

What the Capital Adequacy Ratio (CAR) Measures, With

Formula

What Is the Capital Adequacy Ratio?

The capital adequacy ratio (CAR) is an indicator of how well a bank can meet
its obligations. Also known as the capital-to-risk weighted assets ratio
(CRAR), the ratio compares capital to risk-weighted assets and is watched by
regulators to determine a bank's risk of failure. It's used to protect depositors
and promote the stability and efficiency of financial systems around the world.

Two types of capital are measured:

Tier-1 capital, core funds on hand to manage losses so that a bank can
continue operating and,

Tier-2 capital, a secondary supply of funds available from the sale of assets
once a bank closes down.1

KEY TAKEAWAYS

 CAR is critical to ensure that banks have a large enough financial

cushion to absorb a reasonable amount of losses before they become
insolvent.
 CAR is used by regulators to determine capital adequacy for banks and
to run stress tests.
 Tier 1 and tier 2 capital are both used to measure CAR.
 The downside of using CAR is that it doesn't account for the risk of a
potential run on the bank, or what would happen in a financial crisis.
0 seconds of 2 minutes, 13 secondsVolume 75%
 
Capital Adequacy Ratio

Understanding CAR
The capital adequacy ratio is calculated by dividing a bank's capital by its
risk-weighted assets. Currently, the minimum ratio of capital to risk-weighted
assets is 8% under Basel II and 10.5% (which includes a 2.5% conservation
buffer) under Basel III.23 High capital adequacy ratios are those that are
higher than the minimum requirements under Basel II and Basel III.

A minimum capital adequacy ratio is critical in ensuring that banks have

enough cushion to absorb a reasonable amount of losses before they
become insolvent and consequently lose depositors’ funds.

The capital used to calculate the capital adequacy ratio is divided into two
tiers. The two capital tiers are added together and divided by risk-weighted
assets to calculate a bank's capital adequacy ratio.4 Risk-weighted
assets are calculated by looking at a bank's loans, evaluating the risk and
then assigning a weight. When measuring credit exposures, adjustments are
made to the value of assets listed on a lender’s balance sheet.

All of the loans the bank has issued are weighted based on their degree
of credit risk. For example, loans issued to the government are weighted at
0.0%, while those given to individuals are assigned a weighted score of
100.0%.

Tier-1 Capital

Tier-1 capital, or core capital, consists of equity capital, ordinary share

capital, intangible assets and audited revenue reserves. Tier-1 capital is the
capital that is permanently and easily available to absorb and cushion losses
suffered by a bank without it being required to stop operating.

Tier-2 Capital

Tier-2 capital comprises unaudited retained earnings, unaudited reserves,

and general loss reserves. Tier-2 capital is the capital that absorbs and
cushions losses in the case where a bank is winding up. As such, it provides
a lesser degree of protection to depositors and creditors. It is used once a
bank loses all its Tier-1 capital.
Risk-Weighted Assets

Risk-weighted assets are used to determine the minimum amount of capital

that must be held by banks and other institutions to reduce the risk
of insolvency. The capital requirement is based on a risk assessment for
each type of bank asset. For example, a loan that is secured by a letter of
credit is considered to be riskier and requires more capital than a mortgage
loan that is secured by a house.

Off-balance sheet agreements, such as foreign exchange contracts and

guarantees, also have credit risks. Such exposures are converted to their
credit equivalent figures and then weighted in a similar fashion to that of on-
balance sheet credit exposures. The off-balance sheet and on-balance sheet
credit exposures are then added together to obtain the total risk-weighted
credit exposures.

The CAR Formula

���=���� 1 �������+���� 2 �������
���� ����ℎ��� ������CAR=Risk Weighted Asse
tsTier 1 Capital+Tier 2 Capital

Example
Suppose Acme Bank has $20 million in tier-1 capital and $5 million in tier-2
capital. It has loans that have been weighted and calculated at $65 million.
The capital adequacy ratio of Acme Bank is therefore 38% (($20 million + $5
million) / $65 million).

A CAR of 38% is a high capital adequacy ratio. That means that Acme Bank
should be able to weather a financial downturn and losses associated with its
loans. It is less likely than banks with less than minimum CARs to become
insolvent.

Why the Capital Adequacy Ratio Matters

 Minimum capital adequacy ratios are critical. They can reveal whether
individual banks have enough financial cushion to absorb a reasonable
amount of loss so that they don't become insolvent and consequently
lose depositors’ funds.
  Broadly, the capital adequacy ratios can help ensure the efficiency and
stability of a nation’s financial system by lowering the risk of banks
collapsing. Generally speaking, a bank with a high capital adequacy
ratio is considered safe and likely to meet its financial commitments.
 During the winding up process, funds belonging to depositors are given
a higher priority than the bank’s capital. So depositors are only at risk of
losing their savings if a bank registers a loss that exceeds the amount
of capital it possesses. Thus, the higher the bank’s capital adequacy
ratio, the higher the degree of protection for depositors' assets.

 
All things considered, a bank with a high capital adequacy ratio (CAR) is
perceived as healthy and in good shape to meet its financial obligations.

CAR vs. the Solvency Ratio

Both the capital adequacy ratio and the solvency ratio provide ways to
evaluate a company's ability to meet financial obligations.

However, the capital adequacy ratio is applied specifically to banks and

measures their abilities to overcome financial losses related to loans they've
made. The solvency ratio debt evaluation metric is used to measure whether
a company has enough available cash to meet its own short- and long-term
debt obligations. Solvency ratios below 20% indicate an increased likelihood
of default.5

Analysts often favor the solvency ratio because it measures actual cash flow
rather than net income, not all of which may be readily available to a
company to meet debt obligations. The solvency ratio is best used to
compare debt situations of similar firms within the same industry, as certain
industries tend to be significantly more debt-heavy than others.

CAR vs. Tier-1 Leverage Ratio

The tier-1 leverage ratio is related to the capital adequacy ratio. The tier-1
leverage ratio compares a bank's core capital with its total assets. It is
calculated by dividing Tier-1 capital by a bank's average total consolidated
assets and certain off-balance sheet exposures. The higher the tier-1
leverage ratio is, the more likely a bank can withstand negative shocks to
its balance sheet.
Limitation of Using CAR
 One limitation of CAR is that it fails to account for expected losses
during a bank run or financial crisis that can distort a bank's capital and
cost of capital.
 Many analysts and bank executives consider the economic
capital measure to be a more accurate and reliable assessment of a
bank's financial soundness and risk exposure than the capital
adequacy ratio.
 The calculation of economic capital, which estimates the amount of
capital a bank needs on hand to ensure its ability to handle its current
outstanding risk, is based on the bank's financial health, credit rating,
expected losses, and confidence level of solvency.
 By including such economic possibilities as expected losses, this
measurement is thought to represent a more realistic appraisal of a
bank's actual financial health and risk level.

What Are the Basel Accords?

They are a trio of regulatory agreements formed by the Basel Committee on
Bank Supervision. The Committee weighs in on regulations that concern a
bank's capital risk, market risk, and operational risk. The purpose of the
agreements is to ensure that banks (and other financial institutions) always
have enough capital to deal with unexpected losses.6

What's the Minimum Capital Adequacy Ratio Allowed?

According to the Basel II agreement, the minimum is 8%. With the Basel III
agreement, and an added conservation buffer of 2.5%, it is 10.5%.23 The
U.S.'s Federal Deposit Insurance Company (FDIC)  calls for an 8% minimum
ratio for total capital to total risk-weighted assets.7

What's the Purpose of the Capital Adequacy Ratio?

The capital adequacy ratio is intended to ensure that banks have enough
funds available to handle a reasonable amount of losses and prevent
insolvency.

The Bottom Line

CAR, or the capital adequacy ratio, is a comparison of the available capital
that a bank has on hand to its risk-weighted assets. The ratio provides a
quick idea of whether a bank has enough funds to cover losses and remain
solvent under difficult financial circumstances. CAR minimums are 8.0%
under Basel II and 10.5% (with an added 2.5% conservation buffer) under
Basel III. The higher the CAR, the better able a bank should be to meet its
financial obligations when under stress.