Credit risk is a type of risk that can occur in all activities of commercial

banks. Therefore, credit risk management at commercial banks faces many

difficulties and challenges. Specifically:

First: When there is an operational risk, namely a risk of business processes, bank
officials and departments also have a part of "extruding" responsibility for each
other, one department blames the other's processes for not being strict leading to
the incident.

Second: In some banks that have not invested resources and assigned adequate
authority to the operational risk management department (for example, in some
banks' branches there is only a risk management department but no risk
management department), a transparent information mechanism has not been
established, etc Many operational risk events arise that are handled behind closed
doors, which are gaps in regulations, processes and operational systems, so there is
a possibility of repeating errors. Currently, there is also the phenomenon of
branches because of the achievements of their units, so the information and
reporting data are still inaccurate. The handling of units/branches that violate the
provision of inaccurate data and information by the legal department, not by the
bank's operational risk management department, causing many difficulties in the
accuracy, completeness and up-to-date of the necessary data for operational risk
management.

Third: In the period when commercial banks are transforming the core banking
system, almost the entire system and implementation methods have changed,
bankers need time to update, process and get used to the new system. This leads to
sometimes delays in transactions with banks or possible system failures.

Fourth: The requirements for risk management operate in the regulations of banks
and according to Basel II standards in general are terms that require readers and
applications to have high knowledge and qualifications. Some terms are quite
abstract so it is difficult to understand or there is confusion in reading
comprehension of these terms. That partly affects the fact that commercial banks
have not implemented some requirements of Basel II.

Fifth: Difficulties in managing fraud risks from employees, customers, outsourcing

risks such as hiring bank security guards or difficulties in managing risks to ensure
business operations take place continuously, without interruption...
Example: The banking operation violations at the Bank for Investment and
Development of Vietnam (BIDV) in 2016. From 2011 to 2016, Tran Bac Ha,
former chairman of BIDV, made a number of wrong-doings such as violating
democratic centralism principles and working regulations to pour money into
companies that were set up by himself.
Specifically, Ha directed the establishment of two companies including An Phu
Joint Stock Company which was owned by Tran Duy Tung – Ha’s son and the
Binh Ha Livestock Joint Stock Company. Ha also instructed and approved the
granting of credit with incentives which go against regulations of the State Bank of
Vietnam (SBV) and BIDV despite the fact that the two companies did not have
enough financial capital to carry out the project nor were they eligible for credit
extension as prescribed by the SBV and BIDV. The action has resulted in a loss of
more than 1.5 trillion VND (64.2 million USD) to BIDV.
Sixth: Business units, direct operations are still passive in operating the contents of
operational risk management. Operational units have little consultation but mainly
comply with regulations of senior departments.

Seventh: Database and analysis, forecasting business environment ... insufficient

and weak, leading to banks still facing many difficulties and confusion in planning
long-term strategies. The strategy is based on evaluating the results of the old year,
the old quarter, the old month ... and the goals of the new year, the new quarter, the
new month without considering the level of risk and the ability to manage risk
adequately...