Chandigarh School of Business

Masters of Business Administration

3rd Semester

Management of Financial Services

MBA 912-18

Lecture : Risk Management in Banks

Subject In-charge:Ms.Muskan Pulani

Designation: Assistant Professor
Mail ID: muskan.j2605@cgc.ac.in
CAMPUS: JHANJERI, MOHALI
 Topics of Discussion

•Concept of Risk in Banks

•Risk Management- Concept
•Types of Risk
•Risk Management Process
•Basel Committee & Norms

Topic Outcome: CO6: Illustrate the prospective of Asset Liability Management in

Corporate financial institutions.
In the liberalized economy in India, Banks and new
regulators in recent years have been making sustained efforts
to understand and measure the increasing risks they are
exposed to.
With the Indian economy becoming global, the Banks are
realizing the importance of different types of risks.
Some of the risk are credit risks, market risks, operational
risks, reputational risks and legal risks, using quantitative
techniques in risk modeling.
RBI issued the first set of guidelines to Banks on Risk
Management on October 20, 1999.
A risk can be defined as an unplanned event with financial
consequences resulting in loss or reduced earnings.
Therefore, a risky proposition is one with potential profit or a
looming loss.
Risk stems from uncertainty or unpredictability of the future.
In commercial and business risk generates profit or loss
depending upon the way in which it is managed.
Risk can be defined as the volatility of the potential outcome. Risk is
the possibility of something adverse happening.

Risk management is the process of assessing risk, taking steps to reduce risk
to an acceptable level and maintaining that level of risk.
Thus, we can say that after the risks have been identified, risk management
attempts to lessen their effects. This is done by applying a range of
management techniques. For example, the risk may be reduced by taking out
insurance or using derivatives or re-plan the whole project.
The essential components of any risk management system
are –

Risk Identification i.e the naming and defining of each type of

risk associated with a transaction or type of product or service;

Risk Measurement i.e. the estimation of the size ,probability and

timing of potential loss under various scenarios;

Risk Control-i.e. the framing of policies and guidelines that

define the risk limits not only at the individual level but also for
particular transaction
Measurement of risk is a very important step in risk
management
process.
Some risk can be easily quantified like exchange risk, interest rate risk etc.
While some risks like country risk, operational risk etc. cannot be
mathematically deduced. They can only be qualitatively compared and
measured.
Some risks like gap risk in forex operations can be measured using modern
mathematical and statistical tool like value at risk etc.
Therefore it is important to identify and appreciate the risk and quantify it.
Only then the next step management of risk can be attempted.
The management is a process consisting of the following steps.
 Identify all areas of risk
 evaluate these risks
 set various exposure limits for
• type of business
• mismatches
• counter parties
 issue clear policy guidelines / directives.
Types of Risks :
1. Credit Risk –
This is the risk of non recovery of loan or the risk of
reduction in the value of asset.
The credit risk also includes the pre-payment risk resulting
in loss of opportunity to the bank to earn higher interest
income.
Credit Risk also arises due excess exposure to a single
borrower, industry or a geographical area.
The element of country risk is also present which is the risk
of losses being incurred due to adverse foreign exchange
reserve situation or adverse political or economic situations
in another country
2. Interest Rate Risk-
This risk arises due to fluctuations in the interest rates.
It can result in reduction in the revenues of the bank
due to fluctuations in the interest rates which are
dynamic and which change differently for assets and
liabilities.
With the deregulated era interest rates are market
determined and banks have to fall in line with the
market trends even though it may stifl e their Net
Interest margins
3. Liquidity Risk-
Liquidity is the ability to meet commitments as and
when they are due and ability to undertake new
transactions when they are profitable.
Liquidity risk may emanate in any of the following
situations-
(a)net outflow of funds arising out of withdrawals/non
renewal of deposits
(b) non recovery of cash receipts from recovery of loans
(c)conversion of contingent liabilities into fund based
commitment and
(d) increased availment of sanctioned limits
(1)Foreign Exchange Risk - Risk may arise on account of
maintenance of positions in forex operations and it involves
currency rate risk, transaction risks (profits/loss on transfer of
earned profits due to time lag) and transportation risk (risks
arising out of exchange restrictions)
(2)Regulatory Risks- It is defined as the risk associated with the
impact on profitability and financial position of a bank due to
changes in the regulatory conditions, for example the introduction
of asset classification norms have adversely affected the banks of
NPAs and balance sheet bottom lines.
(3)Technology Risk - This risk is associated with computers and the
communication technology which is being increasingly
introduced in the banks. This entails the risk of obsolescence and
the risk of losing business to better technologically
(7)Market Risk-This is the risk of losses in off and on balance sheet
positions arising from movements in market prices.
(8)Strategic Risk-This is the risk arising out of certain strategic decisions
taken by the banks for sustaining themselves in the present day scenario
for example decision to open a subsidiary may run the risk of losses if
the subsidiary does not do good business.
The essential components of any risk management system are –
(i)Risk Identification-i.e the naming and defining of each type of risk
associated with a transaction or type of product or service
(ii)Risk Measurement-i.e. the estimation of the size ,probability and
timing of potential loss under various scenarios
(iii)Risk Control-i.e. the framing of policies and guidelines that define
the risk limits not only at the individual level but also for particular
transactions

In risk management exercise the top management has to lay

down clear cut policy guidelines in quantifiable and precise terms
- for different layers line personnel business parameters, limits etc. It is
very important for the management to plant at the macro level what the
organisations is looking in for in any business proposition or venture and
convert these expectations into micro level factors and requirements for
field level functionaries only then they will be able to convert these
expectations into reality. A very important assumption is made but
normally omitted or over looked is provision of infra-structural support
and conductive climate. Ultimately top management has a greater role to
play in any risk management process
CREDIT RISK
Credit risk is defined as the possibility of losses associated with
diminution in the credit quality of borrowers or counterparties.
In a bank’s portfolio, losses stem from outright default due to
inability or unwillingness of a customer or counterparty to meet
commitments in relation to lending, trading, settlement and other
financial transactions.
Alternatively, losses result from reduction in portfolio value arising
from actual or perceived deterioration in credit quality.

Credit risk emanates from a bank’s dealings

individual, corporate, bank, with an financial
sovereign. institution or a
Credit risk may take the following forms:
in the case of direct lending: principal /and or interest
amount may not be repaid;
in the case of guarantees or letters of credit: funds may
not be forthcoming from the constituents upon
crystallization of the liability;
in the case of treasury operations: the payment or series
of payments due from the counter parties under the
respective contracts may not be forthcoming or ceases;
in the case of securities trading businesses: funds/
securities settlement may not be effected;
in the case of cross-border exposure: the availability and
free transfer of foreign currency funds may either cease or
restrictions may be imposed by the sovereign.
In this backdrop, it is imperative that banks have a robust credit risk
management system which is sensitive and responsive to these factors.
The effective management of credit risk is a critical component of
comprehensive risk management and is essential for the long term
success of any banking organisation.
The Credit risk management encompasses identification, measurement,
monitoring and control of the credit risk exposures.
Building Blocks of Credit Risk Management:
In a bank, an effective credit risk management framework would
comprise of the following distinct building blocks:
a) Policy and Strategy
b) Organisational Structure
c) Operations/ Systems
Policies and Strategies
The Board of Directors of each bank shall be responsible for approving
and periodically reviewing the credit risk strategy and significant credit
risk policies.
Credit Risk Policy
Every bank should have a credit risk policy document approved by the
Board. The document should include risk identification, risk
measurement, risk grading/ aggregation techniques, reporting and risk
control/ mitigation techniques, documentation, legal issues and
management of problem loans.
Credit risk policies should also define target markets, risk acceptance
criteria, credit approval authority, credit origination/ maintenance
procedures and guidelines for portfolio management.
The credit risk policies approved by the Board should be communicated
to branches/controlling offices. All dealing officials should clearly
understand the bank’s approach for credit sanction and should be held
accountable for complying with established policies and procedures.
Senior management of a bank shall be responsible for implementing the
credit risk policy approved by the Board.
Credit Risk Strategy
 Each bank should develop, with the approval of its Board, its own credit risk
strategy or plan that establishes the objectives guiding the bank’s credit-
granting activities and adopt necessary policies/ procedures for conducting such
activities. This strategy should spell out clearly the organisation’s credit appetite
and the acceptable level of risk-reward trade-off for its activities.
 The strategy would, therefore, include a statement of the bank’s willingness to
grant loans based on the type of economic activity, geographical location,
currency, market, maturity and anticipated profitability. This would necessarily
translate into the identification of target markets and business sectors,
preferred levels of diversification and concentration, the cost of capital in
granting credit and the cost of bad debts.
 The credit risk strategy should provide continuity in approach as also take into
account the cyclical aspects of the economy and the resulting shifts in the
composition/ quality of the overall credit portfolio. This strategy should be
viable in the long run and through various credit cycles.
 Senior management of a bank shall be responsible for implementing the
credit risk strategy approved by the Board.
Organisational Structure
Sound organizational structure is sine qua non (end result) for
successful implementation of an effective credit risk management
system.
The organizational structure for credit risk management should have
the following basic features:
The Board of Directors should have the overall responsibility for
management of risks.
The Board should decide the risk management policy of the bank and set
limits for liquidity, interest rate, foreign exchange and equity price risks.
The Risk Management Committee will be a Board level Sub committee
including CEO and heads of Credit, Market and Operational Risk
Management Committees.
It will devise the policy and strategy for integrated risk management
containing various risk exposures of the bank including the credit risk.
For this purpose, this Committee should effectively coordinate between
the Credit Risk Management Committee (CRMC), the Asset Liability
Management Committee and other risk committees of the bank, if any. It
is imperative that the independence of this Committee is preserved.
The Board should, therefore, ensure that this is not
compromised at any cost.
In the event of the Board not accepting any recommendation
of this Committee, systems should be put in place to spell
out the rationale for such an action and should be properly
documented.
This document should be made available to the internal and
external auditors for their scrutiny and comments.
The credit risk strategy and policies adopted by the
committee should be effectively communicated throughout
the organisation.
Each bank may, depending on the size of the organization or loan/
investment book, constitute a high level Credit Risk Management
Committee (CRMC).
The Committee should be headed by the Chairman/CEO/ED, and should
comprise of heads of Credit Department, Treasury, Credit Risk
Management Department (CRMD) and the Chief Economist. The
functions of the Credit Risk Management Committee should be as
under:
Be responsible for the implementation of the credit risk policy/ strategy
approved by the Board.
 Monitor credit risk on a bank wide basis and ensure compliance
with limits approved by the Board.
Recommend to the Board, for its approval, clear policies on standards
for presentation of credit proposals, financial covenants, rating
standards and benchmarks,
Decide delegation of credit approving powers, prudential limits on large
credit exposures, standards for loan collateral, portfolio management,
loan review mechanism, risk concentrations, risk monitoring and
evaluation, pricing of loans, provisioning, regulatory/legal compliance,
etc.
Concurrently, each bank should also set up Credit Risk Management Department
(CRMD), independent of the Credit Administration Department. The CRMD
should:
•Measure, control and manage credit risk on a bank-wide basis within the limits
set by the Board/ CRMC
•Enforce compliance with the risk parameters and prudential limits set by the
Board/ CRMC.
•Lay down risk assessment systems, develop MIS, monitor quality of loan/
investment portfolio, identify problems, correct deficiencies and undertake loan
review/audit. Large banks could consider separate set up for loan review/audit.
•Be accountable for protecting the quality of the entire loan/ investment portfolio.
The Department should undertake portfolio evaluations and conduct
comprehensive studies on the environment to test the resilience of the loan
portfolio.
Operations / Systems
Banks should have in place an appropriate credit
administration, credit risk measurement and
monitoring processes. The credit administration
process typically involves the following phases:
Relationship management phase i.e. business
development.
Transaction management phase covers risk
assessment, loan pricing, structuring the facilities,
internal approvals, documentation, loan
administration, on going monitoring and risk
measurement.
Portfolio management phase entails monitoring of the portfolio at a
macro level and the management of problem loans.
On the basis of the broad management framework stated above, the banks should
have the following credit risk measurement and monitoring procedures:
· Banks should establish proactive credit risk management practices like annual/ half
yearly industry studies and individual obligor reviews, periodic credit calls that are
documented, periodic visits of plant and business site, and at least quarterly
management reviews of troubled exposures/weak credits.
· Banks should have a system of checks and balances in place for extension of credit
viz.:
- Separation of credit risk management from credit sanction
-Multiple credit approvers making financial sanction subject to approvals at various
stages viz. credit ratings, risk approvals, credit approval grid, etc.
- An independent audit and risk review function.
· The level of authority required to approve credit will increase as amounts and
transaction risks increase and as risk ratings worsen.
·Every obligor and facility must be assigned a risk rating.
·Mechanism to price facilities depending on the risk grading of the customer, and to
attribute accurately the associated risk weightings to the facilities.
· Banks should ensure that there are consistent standards for the origination,
documentation and maintenance for extensions of credit.
·Banks should have a consistent approach towards early problem recognition, the
classification of problem exposures, and remedial action.
·Banks should maintain a diversified portfolio of risk assets; have a system to conduct
regular analysis of the portfolio and to ensure on-going control of risk concentrations.
·Credit risk limits include, obligor limits and concentration limits by
industry or geography. The Boards should authorize efficient and
effective credit approval processes for operating within the approval
limits.
·In order to ensure transparency of risks taken, it is the responsibility of
banks to accurately, completely and in a timely fashion, report the
comprehensive set of credit risk data into the independent risk system.
·Banks should have systems and procedures for monitoring financial
performance of customers and for controlling outstanding within limits.
· A conservative policy for provisioning in respect of non-performing
advances may be adopted.
·Successful credit management requires experience, judgement and
commitment to technical development. Banks should have a clear, well-
documented scheme of delegation of powers for credit sanction.
Banks must have a Management Information System (MIS), which should
enable them to manage and measure the credit risk inherent in all on-
and off-balance sheet activities. The MIS should provide adequate
information on the composition of the credit portfolio, including
identification of any concentration of risk. Banks should price their loans
according to the risk profile of the borrower and the risks associated with
the loans.
Interest Rate Risk (IRR) Management
What is Interest Rate Risk :
Interest rate risk is the risk where changes in market interest rates might
adversely affect a bank’s financial condition. The management of Interest Rate
Risk should be one of the critical components of market risk management in
banks. The regulatory restrictions in the past had greatly reduced many of the
risks in the banking system. Deregulation of interest rates has, however, exposed
them to the adverse impacts of interest rate risk. T
What is the Impact of IRR:
The immediate impact of changes in interest rates is on the Net Interest Income
(NII). A long term impact of changing interest rates is on the bank’s networth
since the economic value of a bank’s assets, liabilities and off-balance sheet
positions get affected due to variation in market interest rates.
 The Net Interest Income (NII) or Net Interest Margin (NIM) of banks is
dependent on the movements of interest rates. Any mismatches in the cash
fl ows (fixed assets or liabilities) or repricing dates (fl oating assets or
liabilities), expose bank’s NII or NIM to variations. The earning of assets and
the cost of liabilities are closely related to market interest rate volatility.
The interest rate risk when viewed from these two
perspectives is known as ‘earnings perspective’ and
economic value’ perspective, respectively.
‘ Management of interest rate risk aims at capturing the risks arising from the
maturity and re-pricing mismatches and is measured both from the earnings
and economic value perspective.
(a) Earnings perspective involves analysing the impact of
changes in interest rates on accrual or reported earnings in the
near term. This is measured by measuring the changes in the Net
Interest Income (NII) or Net Interest Margin (NIM)
i.e. the difference between the total interest income and the total
interest expense.
(b) Economic Value perspective involves analysing the changes
of impact og interest on the expected cash flows on assets minus
the expected cash flows on liabilities plus the net cash flows on
off-balance sheet items. It focuses on the risk to networth arising
from all repricing mismatches and other interest rate sensitive
positions. The economic value perspective identifies risk arising
from long-term interest rate gaps.
Board and senior management oversight of interest rate risk
Principle 1: In order to carry out its responsibilities, the board of
directors in a bank should approve strategies and policies with
respect to interest rate risk management and ensure that senior
management takes the steps necessary to monitor and control
these risks. The board of directors should be informed regularly of
the interest rate risk exposure of the bank in order to assess the
monitoring and controlling of such risk.
Principle 2: Senior management must ensure that the structure of
the bank's business and the level of interest rate risk it assumes are
effectively managed, that appropriate policies and procedures are
established to control and limit these risks, and that resources are
available for evaluating and controlling interest rate risk.
Principle 3: Banks should clearly define the individuals and/or committees
responsible for managing interest rate risk and should ensure that there is
adequate separation of duties in key elements of the risk management process
to avoid potential conflicts of interest. Banks should have risk measurement,
monitoring and control functions with clearly defined duties that are
sufficiently independent from position-taking functions of the bank and which
report risk exposures directly to senior management and the board of directors.
Larger or more complex banks should have a designated independent unit
responsible for the design and administration of the bank's interest rate risk
measurement, monitoring and control functions.
Adequate risk management policies and procedures
Principle 4: It is essential that banks' interest rate risk policies and procedures
are clearly defined and consistent with the nature and complexity of their
activities. These policies should be applied on a consolidated basis and, as
appropriate, at the level of individual affiliates, especially when recognising
legal distinctions and possible obstacles to cash movements among affiliates.
Principle 5: It is important that banks identify the risks
inherent in new products and activities and ensure these are
subject to adequate procedures and controls before being
introduced or undertaken. Major hedging or risk
management initiatives should be approved in advance by
the board or its appropriate delegated committee.
Risk measurement, monitoring and control functions
Principle 6: It is essential that banks have interest rate risk
measurement systems that capture all material sources of
interest rate risk and that assess the effect of interest rate
changes in ways that are consistent with the scope of their
activities. The assumptions underlying the system should be
clearly understood by risk managers and bank management.
Principle 7: Banks must establish and enforce operating limits
and other practices that maintain exposures within levels
consistent with their internal policies.
Principle 8: Banks should measure their vulnerability to loss
under stressful market conditions - including the breakdown of
key assumptions - and consider those results when establishing
and reviewing their policies and limits for interest rate risk.
Principle 9: Banks must have adequate information systems for
measuring, monitoring, controlling and reporting interest rate
exposures on a timely basis. Reports must be
provided to the bank's board of directors, senior
management and, where appropriate, individual business
line managers.
Internal controls
Principle 10: Banks must have an adequate system of internal controls
over their interest rate risk management process. A fundamental
component of the internal control system involves regular independent
reviews and evaluations of the effectiveness of the system and, where
necessary, ensuring that appropriate revisions or enhancements to
internal controls are made. The results of such reviews should be
available to the relevant supervisory authorities.
Information for supervisory authorities
Principle 11: Supervisory authorities should obtain from banks
sufficient and timely information with which to evaluate their level of
interest rate risk. This information should take appropriate account of
the range of maturities and currencies in each bank's portfolio, including
off-balance sheet items, as well as other relevant factors, such as the
distinction between trading and non-trading activities.
Capital adequacy
Principle 12: Banks must hold capital commensurate with the level of interest
rate risk they undertake.
Disclosure of interest rate risk
Principle 13: Banks should release to the public information on the
level of interest rate risk and their policies for its management.

Sources, effects and measurement of interest rate risk

Interest rate risk is the exposure of a bank's financial condition to adverse
movements in interest rates. Accepting this risk is a normal part of banking and
can be an important source of profitability and shareholder value. However,
excessive interest rate risk can pose a significant threat to a bank's earnings and
capital base. Changes in interest rates affect a bank's earnings by changing its
net interest income and the level of other interest-sensitive income and
operating expenses. Changes in interest rates also affect the underlying value of
the bank's assets, liabilities and off-balance sheet instruments because the
present value of future cash fl ows (and in some cases, the cash fl ows
themselves) change when interest rates change.
Liquidity Risk Management
What is Liquidity Risk :
Liquidity risk is the potential inability to meet the liabilities as
they become due. It arises when the banks are unable to generate
cash to cope with a decline in deposits or increase in assets. It
originates from the mismatches in the maturity pattern of assets
and liabilities.
Importance of Liquidity Risk :
Measuring and managing liquidity needs are vital for effective
operation of commercial banks. By assuring a bank’s ability to
meet its liabilities as they become due, liquidity management can
reduce the probability of an adverse situation developing.
Liquidity Risk Management
Analysis of liquidity risk involves the measurement of not only the
liquidity position of the bank on an ongoing basis but also
examining how funding requirements are likely to be affected
under crisis scenarios. Net funding requirements are determined
by analyzing the bank’s future cash flows based on assumptions of
the future behavior of assets and liabilities that are classified into
specified time buckets and then calculating the cumulative net
fl ows over the time frame for liquidity assessment.
Future cash fl ows are to be analysed under “what if ” scenarios so
as to assess any significant positive / negative liquidity swings that
could occur on a day-to-day basis and under bank specific and
general market crisis scenarios.
Factors to be taken into consideration while determining
liquidity of the bank’s future stock of assets and liabilities
include their potential marketability, the extent to which
maturing assets /liability will be renewed, the acquisition of
new assets / liability and the normal growth in asset / liability
accounts.
Factors affecting the liquidity of assets and liabilities of the
bank cannot always be forecast with precision. Hence they
need to be reviewed frequently to determine their continuing
validity, especially given the rapidity of change in financial
markets.
The liquidity risk in banks manifest in different dimensions:
i) (a) Funding Risk – need to replace net outflows due to unanticipated
withdrawal/non-renewal of deposits (wholesale and retail);
(b)Time Risk – need to compensate for non-receipt of expected inflows
of funds, i.e. performing assets turning into non-performing assets; and
(c)Call Risk – due to crystallisation of contingent liabilities and unable
to undertake profitable business opportunities when desirable.
How is it measured :
Liquidity measurement is quite a difficult task and can be measured
through stock or cash fl ow approaches. The key ratios, adopted across
the banking system are
Loans to Total Assets,
Loans to Core Deposits,
Large Liabilities (minus) Temporary Investments to Earning Assets
(minus) Temporary Investments,
Purchased Funds to Total Assets,
Loan Losses/Net Loans,
However, the ratios do not reveal the intrinsic liquidity
profile of Indian banks which are operating generally in an
illiquid market. Experiences show that assets commonly
considered as liquid like Government securities, other
money market instruments, etc. have limited liquidity as the
market and players are unidirectional.
Thus, analysis of liquidity involves tracking of cash fl ow
mismatches. For measuring and managing net funding
requirements, the use of maturity ladder and calculation of
cumulative surplus or deficit of funds at selected maturity
dates is recommended as a standard tool.
The following prudential limits are considered by Banks to put in
place to avoid liquidity crisis:-
i) Cap on inter-bank borrowings, especially call borrowings;
ii) Purchased funds vis-à-vis liquid assets;
iii) Core deposits vis-à-vis Core Assets i.e. Cash Reserve Ratio,
Statutory Liquidity Ratio and Loans;
iv) Duration of liabilities and investment portfolio;
v) Maximum Cumulative Outflows across all time bands;
vi) Commitment Ratio – track the total commitments given to
corporates / banks and other financial institutions to limit the
off-balance sheet exposure;
vii) Swapped Funds Ratio, i.e. extent of Indian Rupees raised out
of foreign currency sources.
BCBS Principles for the Assessment of Liquidity Management
in Banks
Developing a Structure for Managing Liquidity Principle 1:
Each bank should have an agreed strategy for
the day-to-day management of liquidity. This strategy should be
communicated throughout the organisation.
Principle 2: A bank’s board of directors should approve the
strategy and significant policies related to the management of
liquidity. The board should also ensure that senior management
takes the steps necessary to monitor and control liquidity risk.
The board should be informed regularly of the liquidity situation
of the bank and immediately if there are any material changes in
the bank’s current or prospective liquidity position.
Principle 3: Each bank should have a management structure in
place to execute effectively the liquidity strategy. This structure
should include the ongoing involvement of members of senior
management. Senior management must
ensure that liquidity is effectively managed, and that
appropriate policies and procedures are established to
control and limit liquidity risk. Banks should set and regularly
review limits on the size of their liquidity positions over particular
time horizons.
Principle 4: A bank must have adequate
systems information
measuring, for monitoring, controlling and
reporting liquidity risk. Reports should be provided on a timely
basis to the bank’s board of directors, senior management and
other appropriate personnel.
Measuring and Monitoring Net Funding Requirements
Principle 5: Each bank should establish a process for the ongoing
measurement and monitoring of net funding requirements.
Principle 6: A bank should analyse liquidity utilising a variety of
“what if ” scenarios.
Principle 7: A bank should review frequently the assumptions
utilised in managing liquidity to determine that they continue to
be valid.
Managing Market Access
Principle 8: Each bank should periodically review its efforts to
establish and maintain relationships with liability holders, to
maintain the diversification of liabilities, and aim to ensure its
capacity to sell assets.
Contingency Planning
Principle 9: A bank should have contingency plans in place that address the
strategy for handling liquidity crises and include procedures for making up cash
fl ow shortfalls in emergency situations.
Foreign Currency Liquidity Management
Principle 10: Each bank should have a measurement, monitoring and control
system for its liquidity positions in the major currencies in which it is active. In
addition to assessing its aggregate foreign currency liquidity needs and the
acceptable mismatch in combination with its domestic currency commitments,
a bank should also undertake separate analysis of its strategy for each currency
individually.
Principle 11: Subject to the analysis undertaken according to Principle 10, a
bank should, where appropriate, set and regularly review limits on the size of its
cash fl ow mismatches over particular time horizons for foreign currencies in
aggregate and for each significant individual currency in which the bank
operates.
Internal Controls for Liquidity Risk Management
Principle 12: Each bank must have an adequate system of internal controls
over its liquidity risk management process. A fundamental component of the
internal control system involves regular independent reviews and evaluations
of the effectiveness of the system and, where necessary, ensuring that
appropriate revisions or enhancements to internal controls are made. The
results of such reviews should be available to supervisory authorities.
Role of Public Disclosure in Improving Liquidity
Principle 13: Each bank should have in place a mechanism for ensuring that
there is an adequate level of disclosure of information about the bank in order
to manage public perception of the organisation and its soundness.
Sound Practices for managing liquidity in banking organizations, Basel
Committee on Banking Supervision, February, 2000
OPERATIONAL RISK (OR)
What is Operational Risk ?
Operational risk has been defined by the Basel Committee on Banking
Supervision1 as the risk of loss resulting from inadequate or failed internal
processes, people and systems or from external events. This definition is based
on the underlying causes of operational risk. It seeks to identify why a loss
happened and at the broadest level includes the breakdown by four causes:
people, processes, systems and external factors.

Management of specific operational risks is not a new practice; it has always

been important for banks to try to prevent fraud, maintain the integrity of
internal controls, reduce errors in transaction processing, and so on. However,
what is relatively new is the view of operational risk management as a
comprehensive practice comparable to the management of credit and market
risk.
Growing number of high-profile operational loss events worldwide have led
banks and supervisors to increasingly view operational risk management as an
inclusive discipline. OR can arise from internal and external fraud, failure to
comply with employments laws or meet workplace safety standards, policy
breaches, compliance breaches, key personnel risks, damage to physical assets,
business disruptions and system failures, transaction processing failures,
information security breaches and the like.
The Basel Committee on Banking supervision has recognized that managing OR
is becoming an important feature of sound risk management practice in modern
financial markets. The Committee has noted that the most important types of
operational risk involve breakdowns in internal controls and corporate
governance. Such breakdowns can lead to financial losses through error, fraud or
failure to perform within accepted time-lines or cause the interests of the bank
to be compromised in some other way, for example by its dealers, lending
officers or other staff exceeding their authority or conducting business in an
unethical or risky manner. Other aspects of operational risk include major
failure of information technology systems or events such as major fires or other
disasters.
The Basel Committee has identified the following types of operational risk events as
having the potential to result in substantial losses:-
Internal fraud. For example, intentional misreporting of positions,
employee theft, and insider trading on an employee’s own account.
External fraud. For example, robbery, forgery, cheque kiting, and
damage from computer hacking.
Employment practices and workplace safety. For example, workers compensation claims,
violation of employee health and safety rules, organised labour activities, discrimination
claims, and general liability.
Clients, products and business practices. For example, fiduciary breaches, misuse of
confidential customer information, improper trading activities on the bank’s account,
money laundering, and sale of unauthorised products.
Damage to physical assets. For example, terrorism, vandalism, earthquakes, fires and
floods.
Business disruption and system failures. For example, hardware and software failures,
telecommunication problems, and utility outages.
Execution, delivery and process management. For example: data entry errors, collateral
management failures, incomplete legal documentation, and unauthorized access given to
client accounts, non- client counterparty mis-performance, and vendor disputes.
Several recent cases demonstrate that inadequate internal controls can lead to
significant losses for banks. The types of control break-downs may be grouped
into five categories:
• Lack of Control Culture - Management’s inattention and laxity in control
culture, insufficient guidance and lack of clear management accountability.
• Inadequate recognition and assessment of the risk of certain banking
activities, whether on-or-off-balance sheet. Failure to recognise and assess the
risks of new products and activities or update the risk assessment when
significant changes occur in business conditions or environment. Many
recent cases highlight the fact that control systems that function well for
traditional or simple products are unable to handle more sophisticated or
complex products.
• Absence/failure of key control structures and activities, such as segregation
of duties, approvals, verifications, reconciliations and reviews of operating
performance.
• Inadequate communication of information between levels of management
within the bank – upward, downward or cross- functional.
• Inadequate /effective audit/monitoring programs.
Measuring Operational Risk
Operational risk is more difficult to measure than market or credit risk
due to the non-availability of objective data, redundant data, lack of
knowledge of what to measure etc.
Operational risk, however, is an ill-defined “inside
measurement,” related to the measures of internal
volume,
performance, such as internal audit ratings,
turnover, error rates and income volatility, interaction of people,
processes, methodologies, technology systems, business terminology
and culture.
Risk Management Tools
A robust operational risk management process consists of clearly
defined steps which involve identification of the risk events, analysis,
assessment of the impact, treatment and reporting.
 While sophisticated tools for measuring and managing

operational risks are still to evolve, the current practices in this area are based
on self-assessment. The starting point is the development of enterprise-wise
generic standards for OR which includes Corporate Governance standards. It is
extremely important for a robust risk management framework that the
operational risks are managed where they originate. Risk management and
compliance monitoring is a line management function and the risk culture has
to be driven by the line Manager. It is, therefore, the line manager’s
responsibility to develop the generic operational risk standards applicable to his
line of business. The purpose of this tool is to set minimum operational risk
standards for all business and functional units to establish controls and monitor
risks through Control Standards and Risk Indicators. Once the standards are
set, the line manager has to undertake a periodic operational risk self
assessment to identify key areas of risk so that necessary risk based controls
and checks can be developed to monitor and mitigate the risks. Control
Standards set minimum controls and minimum requirements for self-
assessment of effectiveness of controls for the key processes.
The Risk indicators identify operational risks and control weaknesses
through statistical trend analysis. The Risk Indicators are reviewed
periodically to ensure that they are constantly updated. Reporting is a
very important tool in the management of operational risks since it
ensures timely escalation and senior management overview. Reporting
should include significant operational risk exceptions, corporate
governance exceptions, minutes of meetings of Operations Risk
Committee and real time incident reports.
Conclusion
Operational Risk management is one of the most complex and fastest
growing areas in banking across the world. The methods to quantify the
risk are evolving rapidly but though they are still far away from the
desired levels. Nevertheless, it is extremely important that the
significance and impact of this risk area on the overall viability of a
banking enterprise is given due recognition so that there are strong
incentives for banks to continue to work towards developing models to
measure operational risks and to hold the required capital buffers for
this risk.
 Sources & References
• Financial Services by M Y Khan, McGraw Hill
Education (India) Pvt Ltd, 2013
• Merchant Banking by H.R. Machi Raju, New Age
International (P) Ltd., Publishers, 2010
 www.slideshare.com
 www.wikipedia.com
 www.google.com
 Topics to be covered in Next Lecture

•Revision- Unit 1 Topics

THANK YOU.

For any doubts contact me during my office hours:

Day: Wednesday
Time: 2:00 - 2:40 PM
Contact No.:7696266298
Email ID muskan.j2605@cgc.ac.in

54