A

TPP Report

Titled

‘Risk Management’

For the traning undergone at

Punjab National Bank, Nonsari

For the fulfilling the requirement of the award of degree of MBA

Under the Supervision of

Mr.Raghubir Singh (Branch Manager)

Submitted to: Submitted by:

Prof. M.K Jain Naveen Khatak

Director 9th Semester

Roll no. 23

Reg. No. 09-UD-678

INSTITUTE OF MANAGEMENT STUDIES

KURUKSHETRA UNIVERSITY KURUKSHETRA

(September 2013)

DECLARATION

I , NAVEEN KHATAK ,student of Institute of Management Studies ,Kurukshetra University

Kurukshetra, hereby declare that project report entitled ‘RISK MANAGEMENT’ is my original

work. This has not been previously submitted for the award of any other diploma, degree or other

similar title.

Signature of candidate

ACKNOWLEDGEMENT

I would like to express my sincere thanks to Mr. RAGHUBIR SINGH for providing me the

opportunity to work in their esteemed organization as trainee.

I take this opportunity to express my deep gratitude to my project guide without his help and

guidance it would not have been possible for me to complete this project as successfully as I did.

Finally, I would like to thanks all others who have contributed to this effort whom I may have

missed out.

NAVEEN KHATAK

Roll no. 23

9thsem. MBA 5 year

Kurukshetra University

Kurukshetra.

CONTENTS

Chapter No. Title of chapter Page no.

1. Introduction

(A)Banking sector in India

(B)Players in the sector

2. Punjab National Bank

(A)Introduction

(B)Vision and Mission

(C)Organizational structure

(D)Product and services

3. Risk Manangement in Punjab National Bank

(A)In General

(B)In pnb

(C)BASEL

4 SWOT analysis, Suggestions and Conclusion

(A)SWOT analysis

(B)Suggestions

(C)Conclusion

Banking Sector in India

Currently, India has 96 scheduled commercial banks(SCBs) - 27 public sector banks (that is with

the Government of India holding a stake), 31 private banks (these do not have government stake;

they may be publicly listed and traded on stock exchanges) and 38 foreign banks. They have a

combined network of over 53,000 branches and 49,000 ATMs. According to a report by ICRA

(Investment Information and Credit Rating Agency of India Limited) a rating agency, the

public sector banks hold over 75 percent of total assets of the banking industry, with the private

and foreign banks holding 18.2% and 6.5% respectively.

Banking in India originated in the last decades of the 18th century. The first banks were The

General Bank of India which started in 1786, and the Bank of Hindustan, both of which are

now defunct. The oldest bank in existence in India is the State Bank of India, which originated in

the Bank of Calcutta in June 1806, which almost immediately became the Bank of Bengal. This

was one of the three presidency banks, the other two being the Bank of Bombay and the Bank of

Madras, all three of which were established under charters from the British East India Company.

For many years the Presidency banks acted as quasi-central banks, as did their successors. The

three banks merged in 1921 to form the Imperial Bank of India, which, upon India's

independence, became the State Bank of India.

Indian merchants in Calcutta established the Union Bank in 1839, but it failed in 1848 as a

consequence of the economic crisis of 1848-49. The Allahabad Bank, established in 1865 and

still functioning today, is the oldest Joint Stock bank in India.(Joint Stock Bank: A company

that issues stock and requires shareholders to be held liable for the company's debt) It was not the

first though. That honor belongs to the Bank of Upper India, which was established in 1863, and

which survived until 1913, when it failed, with some of its assets and liabilities being transferred

to the Alliance Bank of Simla. When the American Civil War stopped the supply of cotton to

Lancashire from the Confederate States, promoters opened banks to finance trading in Indian

cotton. With large exposure to speculative ventures, most of the banks opened in India during

that period failed. The depositors lost money and lost interest in keeping deposits with banks.

Subsequently, banking in India remained the exclusive domain of Europeans for next several

decades until the beginning of the 20th century.Foreign banks too started to arrive, particularly in

Calcutta, in the 1860s. The Comptoire d'Escompte de Paris opened a branch in Calcutta in 1860,

and another in Bombay in 1862; branches in Madras and Pondicherry, then a French colony,

followed. HSBC established itself in Bengal in 1869. Calcutta was the most active trading port in

India, mainly due to the trade of the British Empire, and so became a banking center.

PUNJAB NATIONAL BANK

Punjab National Bank (PNB) (BSE: 532461), is a state-owned financial services company lo-

cated in New Delhi, India. It was registered on May 19, 1894 under the Indian Companies Act

with its office in Anarkali Bazaar Lahore. Today, the Bank is the second largest government-

owned commercial bank in India with about 5000 branches across 764 cities. It serves over 37

million customers. The bank has been ranked 248th biggest bank in the world by the Bankers Al-

manac, London. The bank's total assets for financial year 2007 were about US$60 billion. PNB

has a banking subsidiary in the UK, as well as branches in Hong Kong, Dubai and Kabul, and

representative offices in Amati, Dubai, Oslo, and Shanghai.

Punjab National Bank is one of the Big Four Banks of

India, along with ICICI Bank, State Bank of India

and Canara Bank.

Vision :

To be a Leading Global Bank with Pan India footprints and become a household brand in the

Indo-Gangetic Plains providing entire range of financial products and services under one roof

Mission:

Banking for the unbanked

Organisational structur

Board of Directors:

1. Shri K.R.Kamath

chairman & managing director

And chairman of Indian bank’s association

2. Shri Rakesh Sethi

Executive Director

3. Smt. Usha Ananthasubramanian

Executive Director

4. Shri. S R Bansal

Executive Director

Directors:

1. Shri. Anurag jain

Govt. of India Nominee Director

2. Shri. B P Kanungo

Reserve bank Of India Nominee Director

3. Shri. M A Antulay

Part time non official Director

4. Shri. B B Chaudhry

Part-time non-offical director

5. Shri. Devinder kumar Singla

Shareholder Director

Product and services:

Foreign Currency Non-resident Deposit A/c Scheme (FD)

Non-resident External Deposit A/c Scheme (SB/CA/FD)

Non-resident Ordinary Deposit A/c Scheme (SB/CA/FD/RD)

Foreign Inward Remittances – Rupee Drawing Arrangements / Speed Remittances with

Exchange Houses

Money Transfer Schemes

PNB-NRI REMIT Scheme

Exchange of Foreign Currency Travellers Cheques/Notes

World Travel Card

Buyers’ / Suppliers’ Credit against Imports into India

Letter of Guarantee (issued on behalf of foreign bank)

Precious Metal Business (on consignment basis)

Gold (Metal) Loan Scheme for Domestic Jewellery Manufacturers.

ECGC – Bank assurance - Selling of policies to exporters

History of Punjab National Bank

1895: PNB commenced its operations in Lahore. PNB has the distinction of being the

first Indian bank to have been started solely with Indian capital that has survived to the

present. (The first entirely Indian bank, the Oudh Commercial Bank, was established in

1881 in Faizabad, but failed in 1958.) PNB's founders included several leaders of the

Swadeshi movement such as Dayal Singh Majithia and Lala HarKishan Lal, Lala Lal-

chand, Shri Kali Prasanna Roy, Shri E.C. Jessawala, Shri Prabhu Dayal, Bakshi Jaishi

Ram, and Lala Dholan Das. Lala Lajpat Rai was actively associated with the manage-

ment of the Bank in its early years.

1904: PNB established branches in Karachi and Peshawar.

1940: PNB absorbed Bhagwan Das Bank, a scheduled bank located in Delhi circle.

1947: Partition of India and Pakistan at Independence. PNB lost its premises in Lahore,

but continued to operate in Pakistan.

1951: PNB acquired the 39 branches of Bharat Bank (est. 1942); Bharat Bank became

Bharat Nidhi Ltd.

1961: PNB acquired Universal Bank of India.

1963: The Government of Burma nationalized PNB's branch in Rangoon (Yangon).

1965: After the Indo-Pak war the government of Pakistan seized all the offices in

Pakistan of Indian banks, including PNB's head office, which may have moved to Kara-

chi. PNB also had one or more branches in East Pakistan (Bangladesh).

1960: PNB amalgamated Indo Commercial Bank (est. 1933) in a rescue.

1969: The Government of India (GOI) nationalized PNB and 13 other major commercial

banks, on July 19, 1969.

1976: PNB opened a branch in London.

1986: The Reserve Bank of India inquired PNB to transfer its London branch to State

Bank of India after the branch was involved in a fraud scandal.

1986: PNB acquired Hindustan Commercial Bank (est. 1943) in a rescue. The acquisition

added Hindustan's 142 branches to PNB's network.

1993: PNB acquired New Bank of India, which the GOI had nationalized in 1980.

1998: PNB set up a representative office in Almaty, Kazakhstan.

2003: PNB took over Nedungadi Bank, the oldest private sector bank in Kerala. At the

time of the merger with PNB, Nedungadi Bank's shares had zero value, with the result

that its shareholders received no payment for their shares.

PNB also opened a representative office in London.

2004: PNB established a branch in Kabul, Afghanistan.

PNB also opened a representative office in Shanghai.

PNB established an alliance with Everest Bank in Nepal that permits migrants to transfer

funds easily between India and Everest Bank's 12 branches in Nepal.

2005: PNB opened a representative office in Dubai.

2007: PNB established PNBIL - Punjab National Bank (International) - in the UK, with

two offices, one in London, and one in South Hall. Since then it has opened a third

branch in Leicester, and is planning a fourth in Birmingham.

2008: PNB opened a branch in Hong Kong.

2009: PNB opened a representative office in Oslo, Norway, and a second branch in Hong

Kong, this in Kowloon.

2010: PNB received permission to upgrade its representative office in the Dubai Interna-

tional Financial Centre to a branch.

DEFINITION OF RISK

What is Risk?

"What is risk?" And what is a pragmatic definition of risk? Risk means different things to

different people. For some it is "financial (exchange rate, interest-call money rates), mergers of

competitors globally to form more powerful entities and not leveraging IT optimally" and for

someone else "an event or commitment which has the potential to generate commercial liability

or damage to the brand image". Since risk is accepted in business as a trade off between reward

and threat, it does mean that taking risk bring forth benefits as well. In other words it is necessary

to accept risks, if the desire is to reap the anticipated benefits.

Risk in its pragmatic definition, therefore, includes both threats that can materialize and

opportunities, which can be exploited. This definition of risk is very pertinent today as the cur-

rent business environment offers both challenges and opportunities to organizations, and it is up

to an organization to manage these to their competitive advantage.

What is Risk Management - Does it eliminate risk?

Risk management is a discipline for dealing with the possibility that some future event

will cause harm. It provides strategies, techniques, and an approach to recognizing and con-

fronting any threat faced by an organization in fulfilling its mission. Risk management may be as

uncomplicated as asking and answering three basic questions:

1. What can go wrong?

2. What will we do (both to prevent the harm from occurring and in the aftermath of an "in-

cident")?

3. If something happens, how will we pay for it?

Risk management does not aim at risk elimination, but enables the organization to bring

their risks to manageable proportions while not severely affecting their income. This balancing

act between the risk levels and profits needs to be well-planned. Apart from bringing the risks to

manageable proportions, they should also ensure that one risk does not get transformed into any

other undesirable risk. This transformation takes place due to the inter-linkage present among the

various risks. The focal point in managing any risk will be to understand the nature of the trans-

action in a way to unbundle the risks it is exposed to.

Risk Management is a more mature subject in the western world. This is largely a result

of lessons from major corporate failures, most telling and visible being the Barings collapse. In

addition, regulatory requirements have been introduced, which expect organizations to have ef-

fective risk management practices. In India, whilst risk management is still in its infancy, there

has been considerable debate on the need to introduce comprehensive risk management prac-

tices.

Objectives of Risk Management Function

Two distinct viewpoints emerge –

One which is about managing risks, maximizing profitability and creating opportunity

out of risks

And the other which is about minimising risks/loss and protecting corporate assets.

The management of an organization needs to consciously decide on whether they want

their risk management function to 'manage' or 'mitigate' Risks.

Managing risks essentially is about striking the right balance between risks and controls

and taking informed management decisions on opportunities and threats facing an organi-

zation. Both situations, i.e. over or under controlling risks are highly undesirable as the

former means higher costs and the latter means possible exposure to risk.

Mitigating or minimising risks, on the other hand, means mitigating all risks even if the

cost of minimising a risk may be excessive and outweighs the cost-benefit analysis. Fur-

ther, it may mean that the opportunities are not adequately exploited.

In the context of the risk management function, identification and management of Risk is

more prominent for the financial services sector and less so for consumer products industry.

What are the primary objectives of your risk management function? When specifically asked in a

survey conducted, 33% of respondents stated that their risk management function is indeed ex-

pressly mandated to optimise risk.

Risks in Banking

Risks manifest themselves in many ways and the risks in banking are a result of many di-

verse activities, executed from many locations and by numerous people. As a financial interme-

diary, banks borrow funds and lend them as a part of their primary activity. This intermediation

activity, of banks exposes them to a host of risks. The volatility in the operating environment of

banks will aggravate the effect of the various risks. The case discusses the various risks that arise

due to financial intermediation and by highlighting the need for asset-liability management; it

discusses the Gap Model for risk management.

Basel I Accord: The Basel Committee on Banking Supervision, which came into existence in

1974, volunteered to develop a framework for sound banking practices internationally. In 1988

the full set of recommendations was documented and given to the Central banks of the countries

for implementation to suit their national systems. This is called the Basel Capital Accord or Basel

I Accord. It provided level playing field by stipulating the amount of capital that needs to be

maintained by internationally active banks.

Basel II Accord: Banking has changed dramatically since the Basel I document of 1988.

Advances in risk management and the increasing complexity of financial activities / instruments

(like options, hybrid securities etc.) prompted international supervisors to review the

appropriateness of regulatory capital standards under Basel I. To meet this requirement, the Basel

I accord was amended and refined, which came out as the Basel II accord.

The new proposal is based on three mutually reinforcing pillars that allow banks and supervisors

to evaluate properly the various risks that banks have to face and realign regulatory capital more

closely with underlying risks. Each of these three pillars has risk mitigation as its central board.

The new risk sensitive approach seeks to strengthen the safety and soundness of the industry by

focusing on:

● Risk based capital (Pillar 1)

● Risk based supervision (Pillar 2)

● Risk disclosure to enforce market discipline (Pillar 3)

BASEL II FRAMEWORK

The new proposal is based on three mutually reinforcing pillars that allow banks and

supervisors to evaluate properly the various risks that banks face and realign regulatory

capital more closely with underlying risks.

Basel II

Framework

Pillar I Pillar II Pillar III

Minimum Capital Supervisory Market

Requirements Review Process Discipline

THE FIRST PILLAR – MINIMUM CAPITAL REQUIREMENTS

The first pillar sets out minimum capital requirement for the bank. The new framework maintains

minimum capital requirement of 8% of risk assets.

Basel II focuses on improvement in measurement of risks. The revised credit risk measurement

methods are more elaborate than the current accord. It proposes for the first time, a measure for

operational risk, while the market risk measure remains unchanged.

THE SECOND PILLAR - SUPERVISORY REVIEW PROCESS

Supervisory review process has been introduced to ensure not only that bank have adequate

capital to support all the risks, but also to encourage them to develop and use better risk

management techniques in monitoring and managing their risks. The process has four key

principles-

a) Banks should have a process for assessing their overall capital adequacy in relation to their

risk profile and a strategy for monitoring their capital levels.

b) Supervisors should review and evaluate bank’s internal capital adequacy assessment and

strategies, as well as their ability to monitor and ensure their compliance with regulatory capital

ratios.

c) Supervisors should expect banks to operate above the minimum regulatory capital ratios and

should have the ability to require banks to hold capital in excess of the minimum.

d) Supervisors should seek to intervene at an early stage to prevent capital from decreasing

below minimum level and should require rapid remedial action if capital is not mentioned or

restored.

THE THIRD PILLAR – MARKET DISCIPLINE

Market discipline imposes strong incentives to banks to conduct their business in a safe, sound

and effective manner. It is proposed to be effected through a series of disclosure requirements on

capital, risk exposure etc. so that market participants can assess a bank’s capital adequacy. These

disclosures should be made at least semi-annually and more frequently if appropriate. Qualitative

disclosures such as risk management objectives and policies, definitions etc. may be published

annually.

Typology of Risk Exposure

Based on the origin and their nature, risks are classified into various categories. The most

prominent financial risks to which the banks are exposed to taking into consideration practical is-

sues including the limitations of models and theories, human factor, existence of frictions such as

taxes and transaction cost and limitations on quality and quantity of information, as well as the

cost of acquiring this information, and more.

FINANCIAL RISKS

MARKETRISK

LIQUIDITY RISK

OPERATIONAL RISK

HUMAN FAC-TOR RISK

CREDIT RISK LEGAL & REGULATORY RISK

FUNDING LIQUIDITY RISK

TRADING LIQ-UIDITY RISK

TRANSACTION RISK

PORTFOLIO CONCENTRATION

ISSUE RISK ISSUER RISK COUNTERPARTY RISK

EQUITY RISK INEREST RATE RISK

CURRENCY RISK

COMMODITY RISK

TRADING RISK

GAP RISK

GENERAL MAR-KET RISK

SPECIFIC RISK

1. MARKET RISK

Market risk is that risk that changes in financial market prices and rates will reduce the

value of the bank’s positions. Market risk for a fund is often measured relative to a benchmark

index or portfolio, is referred to as a “risk of tracking error” market risk also includes “basis

risk,” a term used in risk management industry to describe the chance of a breakdown in the rela-

tionship between price of a product, on the one hand, and the price of the instrument used to

hedge that price exposure on the other. The market-Var methodology attempts to capture multi-

ple component of market such as directional risk, convexity risk, volatility risk, basis risk, etc.

2. CREDIT RISK

Credit risk is that risk that a change in the credit quality of a counterparty will affect the

value of a bank’s position. Default, whereby a counterparty is unwilling or unable to fulfill its

contractual obligations, is the extreme case; however banks are also exposed to the risk that the

counterparty might downgraded by a rating agency.

Credit risk is only an issue when the position is an asset, i.e., when it exhibits a positive

replacement value. In that instance if the counterparty defaults, the bank either loses all of the

market value of the position or, more commonly, the part of the value that it cannot recover fol-

lowing the credit event. However, the credit exposure induced by the replacement values of de-

rivative instruments are dynamic: they can be negative at one point of time, and yet become posi-

tive at a later point in time after market conditions have changed. Therefore the banks must ex-

amine not only the current exposure, measured by the current replacement value, but also the

profile of future exposures up to the termination of the deal.

3. LIQUIDITY RISK

Liquidity risk comprises both

Funding liquidity risk

Trading-related liquidity risk.

Funding liquidity risk relates to a financial institution’s ability to raise the necessary cash

to roll over its debt, to meet the cash, margin, and collateral requirements of counterparties, and

(in the case of funds) to satisfy capital withdrawals. Funding liquidity risk is affected by various

factors such as the maturities of the liabilities, the extent of reliance of secured sources of

funding, the terms of financing, and the breadth of funding sources, including the ability to

access public market such as commercial paper market. Funding can also be achieved through

cash or cash equivalents, “buying power ,” and available credit lines.

Trading-related liquidity risk, often simply called as liquidity risk, is the risk that an

institution will not be able to execute a transaction at the prevailing market price because there

is, temporarily, no appetite for the deal on the other side of the market. If the transaction cannot

be postponed its execution my lead to substantial losses on position. This risk is generally very

hard to quantify. It may reduce an institution’s ability to manage and hedge market risk as well as

its capacity to satisfy any shortfall on the funding side through asset liquidation.

4. OPERATIONAL RISK

It refers to potential losses resulting from inadequate systems, management failure, faulty

control, fraud and human error. Many of the recent large losses related to derivatives are the

direct consequences of operational failure. Derivative trading is more prone to operational risk

than cash transactions because derivatives are, by heir nature, leveraged transactions. This means

that a trader can make very large commitment on behalf of the bank, and generate huge exposure

in to the future, using only small amount of cash. Very tight controls are an absolute necessary if

the bank is to avoid huge losses.

Operational risk includes” fraud,” for example when a trader or other employee intention-

ally falsifies and misrepresents the risk incurred in a transaction. Technology risk, and princi-

pally computer system risk also fall into the operational risk category.

5. LEGAL RISK

Legal risk arises for a whole of variety of reasons. For example, counterparty might lack

the legal or regulatory authority to engage in a transaction. Legal risks usually only become ap-

parent when counterparty, or an investor, lose money on a transaction and decided to sue the

bank to avoid meeting its obligations. Another aspect of regulatory risk is the potential impact of

a change in tax law on the market value of a position.

6. HUMAN FACTOR RISK

Human factor risk is really a special form of operational risk. It relates to the losses that

may result from human errors such as pushing the wrong button on a computer, inadvertently de-

stroying files, or entering wrong value for the parameter input of a model.

MARKET RISK

What is Market Risk?

Market Risk may be defined as the possibility of loss to a bank caused by changes in the

market variables. The Bank for International Settlements (BIS) defines market risk as “the risk

that the value of 'on' or 'off' balance sheet positions will be adversely affected by movements in

equity and interest rate markets, currency exchange rates and commodity prices". Thus, Market

Risk is the risk to the bank's earnings and capital due to changes in the market level of interest

rates or prices of securities, foreign exchange and equities, as well as the volatilities of those

changes. Besides, it is equally concerned about the bank's ability to meet its obligations as and

when they fall due. In other words, it should be ensured that the bank is not exposed to Liquidity

Risk. Thus, focus on the management of Liquidity Risk and Market Risk, further categorized

into interest rate risk, foreign exchange risk, commodity price risk and equity price risk. An ef-

fective market risk management framework in a bank comprises risk identification, setting up of

limits and triggers, risk monitoring, models of analysis that value positions or measure market

risk, risk reporting, etc.

Types of market risk

Interest rate risk:

Interest rate risk is the risk where changes in market interest rates might adversely affect

a bank's financial condition. The immediate impact of changes in interest rates is on the Net In-

terest Income (NII). A long term impact of changing interest rates is on the bank's networth since

the economic value of a bank's assets, liabilities and off-balance sheet positions get affected due

to variation in market interest rates. The interest rate risk when viewed from these two perspec-

tives is known as 'earnings perspective' and 'economic value' perspective, respectively.

Management of interest rate risk aims at capturing the risks arising from the maturity and

repricing mismatches and is measured both from the earnings and economic value perspective.

Earnings perspective involves analyzing the impact of changes in interest rates

on accrual or reported earnings in the near term. This is measured by measuring the

changes in the Net Interest Income (NII) or Net Interest Margin (NIM) i.e. the difference

between the total interest income and the total interest +expense.

Economic Value perspective involves analyzing the changes of impact on inter-

est on the expected cash flows on assets minus the expected cash flows on liabilities plus

the net cash flows on off-balance sheet items. It focuses on the risk to networth arising

from all repricing mismatches and other interest rate sensitive positions. The economic

value perspective identifies risk arising from long-term interest rate gaps.

The management of Interest Rate Risk should be one of the critical components of market

risk management in banks. The regulatory restrictions in the past had greatly reduced many of

the risks in the banking system. Deregulation of interest rates has, however, exposed them to the

adverse impacts of interest rate risk. The Net Interest Income (NII) or Net Interest Margin (NIM)

of banks is dependent on the movements of interest rates. Any mismatches in the cash flows

(fixed assets or liabilities) or repricing dates (floating assets or liabilities), expose bank's NII or

NIM to variations. The earning of assets and the cost of liabilities are now closely related to mar-

ket interest rate volatility

Generally, the approach towards measurement and hedging of IRR varies with the seg-

mentation of the balance sheet. In a well functioning risk management system, banks broadly po-

sition their balance sheet into Trading and Banking Books. While the assets in the trading book

are held primarily for generating profit on short-term differences in prices/yields, the banking

book comprises assets and liabilities, which are contracted basically on account of relationship or

for steady income and statutory obligations and are generally held till maturity. Thus, while the

price risk is the prime concern of banks in trading book, the earnings or economic value changes

are the main focus of banking book.

Equity price risk:

The price risk associated with equities also has two components” General market risk”

refers to the sensitivity of an instrument / portfolio value to the change in the level of broad stock

market indices.” Specific / Idiosyncratic” risk refers to that portion of the stock’s price volatility

that is determined by characteristics specific to the firm, such as its line of business, the quality

of its management, or a breakdown in its production process. The general market risk cannot be

eliminated through portfolio diversification while specific risk can be diversified away.

Foreign exchange risk:

Foreign Exchange Risk maybe defined as the risk that a bank may suffer losses as a result

of adverse exchange rate movements during a period in which it has an open position, either spot

or forward, or a combination of the two, in an individual foreign currency. The banks are also ex-

posed to interest rate risk, which arises from the maturity mismatching of foreign currency posi-

tions. Even in cases where spot and forward positions in individual currencies are balanced, the

maturity pattern of forward transactions may produce mismatches. As a result, banks may suffer

losses as a result of changes in premia/discounts of the currencies concerned.

In the forex business, banks also face the risk of default of the counterparties or settle-

ment risk. While such type of risk crystallization does not cause principal loss, banks may have

to undertake fresh transactions in the cash/spot market for replacing the failed transactions. Thus,

banks may incur replacement cost, which depends upon the currency rate movements. Banks

also face another risk called time-zone risk or Herstatt risk which arises out of time-lags in settle-

ment of one currency in one center and the settlement of another currency in another time-zone.

The forex transactions with counterparties from another country also trigger sovereign or country

risk (dealt with in details in the guidance note on credit risk).

The three important issues that need to be addressed in this regard are:

1. Nature and magnitude of exchange risk

2. Exchange managing or hedging for adopted be to strategy>

3. The tools of managing exchange risk

Commodity price risk:

The price of the commodities differs considerably from its interest rate risk and foreign

exchange risk, since most commodities are traded in the market in which the concentration of

supply can magnify price volatility. Moreover, fluctuations in the depth of trading in the market

(i.e., market liquidity) often accompany and exacerbate high levels of price volatility. Therefore,

commodity prices generally have higher volatilities and larger price discontinuities.

Treatment of Market Risk in the Proposed Basel Capital Accord

The Basle Committee on Banking Supervision (BCBS) had issued comprehensive guide-

lines to provide an explicit capital cushion for the price risks to which banks are exposed, partic-

ularly those arising from their trading activities. The banks have been given flexibility to use in-

house models based on VaR for measuring market risk as an alternative to a standardized mea-

surement framework suggested by Basle Committee. The internal models should, however, com-

ply with quantitative and qualitative criteria prescribed by Basle Committee.

Reserve Bank of India has accepted the general framework suggested by the Basle Com-

mittee. RBI has also initiated various steps in moving towards prescribing capital for market risk.

As an initial step, a risk weight of 2.5% has been prescribed for investments in Government and

other approved securities, besides a risk weight each of 100% on the open position limits in forex

and gold. RBI has also prescribed detailed operating guidelines for Asset-Liability Management

System in banks. As the ability of banks to identify and measure market risk improves, it would

be necessary to assign explicit capital charge for market risk. While the small banks operating

predominantly in India could adopt the standardized methodology, large banks and those banks

operating in international markets should develop expertise in evolving internal models for mea-

surement of market risk.

The Basle Committee on Banking Supervision proposes to develop capital charge for in-

terest rate risk in the banking book as well for banks where the interest rate risks are significantly

above average ('outliers'). The Committee is now exploring various methodologies for identify-

ing 'outliers' and how best to apply and calibrate a capital charge for interest rate risk for banks.

Once the Committee finalizes the modalities, it may be necessary, at least for banks operating in

the international markets to comply with the explicit capital charge requirements for interest rate

risk in the banking book. As the valuation norms on banks' investment portfolio have already

been put in place and aligned with the international best practices, it is appropriate to adopt the

Basel norms on capital for market risk. In view of this, banks should study the Basel framework

on capital for market risk as envisaged in Amendment to the Capital Accord to incorporate mar-

ket risks published in January 1996 by BCBS and prepare themselves to follow the international

practices in this regard at a suitable date to be announced by RBI.

The Proposed New Capital Adequacy Framework

The Basel Committee on Banking Supervision has released a Second Consultative Docu-

ment, which contains refined proposals for the three pillars of the New Accord - Minimum Capi -

tal Requirements, Supervisory Review and Market Discipline. It may be recalled that the Basel

Committee had released in June 1999 the first Consultative Paper on a New Capital Adequacy

Framework for comments. However, the proposal to provide explicit capital charge for market

risk in the banking book which was included in the Pillar I of the June 1999 Document has been

shifted to Pillar II in the second Consultative Paper issued in January 2001. The Committee has

also provided a technical paper on evaluation of interest rate risk management techniques. The

Document has defined the criteria for identifying outlier banks. According to the proposal, a

bank may be defined as an outlier whose economic value declined by more than 20% of the sum

of Tier 1 and Tier 2 capital as a result of a standardized interest rate shock (200 bps.)

The second Consultative Paper on the New Capital Adequacy framework issued in Janu-

ary, 2001 has laid down 13 principles intended to be of general application for the management

of interest rate risk, independent of whether the positions are part of the trading book or reflect

banks' non-trading activities. They refer to an interest rate risk management process, which in-

cludes the development of a business strategy, the assumption of assets and liabilities in banking

and trading activities, as well as a system of internal controls. In particular, they address the need

for effective interest rate risk measurement, monitoring and control functions within the interest

rate risk management process. The principles are intended to be of general application, based as

they are on practices currently used by many international banks, even though their specific ap-

plication will depend to some extent on the complexity and range of activities undertaken by in-

dividual banks. Under the New Basel Capital Accord, they form minimum standards expected of

internationally active banks. The principles are given in Annexure II.

CREDIT RISK

What is Credit Risk?

Credit risk is defined as the possibility of losses associated with diminution in the credit

quality of borrowers or counterparties. In a bank's portfolio, losses stem from outright default

due to inability or unwillingness of a customer or counterparty to meet commitments in relation

to lending, trading, settlement and other financial transactions. Alternatively, losses result from

reduction in portfolio value arising from actual or perceived deterioration in credit quality. Credit

risk emanates from a bank's dealings with an individual, corporate, bank, financial institution or

a sovereign. Credit risk may take the following forms

In the case of direct lending: principal/and or interest amount may not be repaid;

In the case of guarantees or letters of credit: funds may not be forthcoming from the con-

stituents upon crystallization of the liability;

In the case of treasury operations: the payment or series of payments due from the

counter parties under the respective contracts may not be forthcoming or ceases;

In the case of securities trading businesses: funds/ securities settlement may not be ef-

fected;

In the case of cross-border exposure: the availability and free transfer of foreign currency

funds may either cease or the sovereign may impose restrictions.

Types of Credit Rating

Credit rating can be classified as:

2. External credit rating.

3. Internal credit rating

External credit rating:

A credit rating is not, in general, an investment recommendation concerning a given se-

curity. In the words of S&P,” A credit rating is S&P's opinion of the general creditworthiness of

an obligor, or the creditworthiness of an obligor with respect to a particular debt security or other

financial obligation, based on relevant risk factors.” In Moody's words, a rating is, “ an opinion

on the future ability and legal obligation of an issuer to make timely payments of principal and

interest on a specific fixed-income security.”

Since S&P and Moody's are considered to have expertise in credit rating and are regarded

as unbiased evaluators, there ratings are widely accepted by market participants and regulatory

agencies. Financial institutions, when required to hold investment grade bonds by their regulators

use the rating of credit agencies such as S&P and Moody's to determine which bonds are of

investment grade.

The subject of credit rating might be a company issuing debt obligations. In the case of

such “issuer credit ratings” the rating is an opinion on the obligor’s overall capacity to meet its

financial obligations. The opinion is not specific to any particular liability of the company, nor

does it consider merits of having guarantors for some of the obligations. In the issuer credit rat-

ing categories are

a) Counterparty ratings

b) Corporate credit ratings

c) Sovereign credit ratings

The rating process includes quantitative, qualitative, and legal analyses. The quantitative

analyses. The quantitative analysis is mainly financial analysis and is based on the firm’s finan-

cial reports. The qualitative analysis is concerned with the quality of management, and includes a

through review of the firm’s competitiveness within its industry as well as the expected growth

of the industry and its vulnerability to technological changes, regulatory changes, and labor rela-

tions.

Internal credit rating:

A typical risk rating system (RRS) will assign both an obligor rating to each borrower (or

group of borrowers), and a facility rating to each available facility. A risk rating (RR) is designed

to depict the risk of loss in a credit facility. A robust RRS should offer a carefully designed,

structured, and documented series of steps for the assessment of each rating.

The following are the steps for assessment of rating:

a) Objectivity and Methodology:

The goal is to generate accurate and consistent risk rating, yet also to allow professional

judgment to significantly influence a rating where it is appropriate. The expected loss is the prod-

uct of an exposure (say, Rs. 100) and the probability of default (say, 2%) of an obligor (or bor-

rower) and the loss rate given default (say, 50%) in any specific credit facility. In this example,

The expected loss = 100*.02*.50 = Rs. 1

A typical risk rating methodology (RRM)

a. Initial assign an obligor rating that identifies the expected probability of default by

that borrower (or group) in repaying its obligations in normal course of business.

b. The RRS then identifies the risk loss (principle/interest) by assigning an RR to each

individual credit facility granted to an obligor.

The obligor rating represents the probability of default by a borrower in repaying its obli-

gation in the normal course of business. The facility rating represents the expected loss of princi -

pal and/ or interest on any business credit facility. It combines the likelihood of default by a bor-

rower and conditional severity of loss, should default occur, from the credit facilities available to

the borrower.

Risk Rating Continuum (Prototype Risk Rating System)

RISK RR Corresponding Probable

S&P or Moody's Rating

Sovereign 0 Not Applicable

Low 1 AAA

2 AA Investment Grade

3 A

4 BBB+/BBB

Average 5 BBB-

6 BB+/BB

7 BB-

High 8

9

10

B+/B

B-

CCC+/CCC

Below Investment

Grade

11 CC-

12 In Default

The steps in the RRS (nine, in our prototype system) typically start with a financial

assessment of the borrower (initial obligor rating), which sets a floor on the obligor rating (OR).

A series of further steps (four) arrive at the final obligor rating. Each one of steps 2 to 5 may

result in the downgrade of the initial rating attributed at step 1. These steps include analyzing the

managerial capability of the borrower (step 2), examining the borrower’s absolute and relative

position within the industry (step 3), reviewing the quality of the financial information (step 4)

and the country risk (step 5). The process ensures that all credits are objectively rated using a

consistent process to arrive at the accurate rating.

Additional steps (four, in our example) are associated with arriving at a final facility rating,

which may be above OR below the final obligor rating. These steps include examining third-

party support (step 6), factoring in the maturity of the transaction (step 7), reviewing how

strongly the transaction is structured. (step 8), and assessing the amount of collateral (step 9).

b) Measurement of Default Probability and Recovery Rates.

Credit Risk Management

In this backdrop, it is imperative that banks have a robust credit risk management system

which is sensitive and responsive to these factors. The effective management of credit risk is a

critical component of comprehensive risk management and is essential for the long term success

of any banking organization. Credit risk management encompasses identification, measurement,

monitoring and control of the credit risk exposures.

Building Blocks of Credit Risk Management:

In a bank, an effective credit risk management framework would comprise of the follow-

ing distinct building blocks:

Policy and Strategy

Organizational Structure

Operations/ Systems

Policy and Strategy

The Board of Directors of each bank shall be responsible for approving and periodically

reviewing the credit risk strategy and significant credit risk policies.

Credit Risk Policy

1. Every bank should have a credit risk policy document approved by the Board. The docu-

ment should include risk identification, risk measurement, risk grading/ aggregation tech-

niques, reporting and risk control/ mitigation techniques, documentation, legal issues and

management of problem loans.

2. Credit risk policies should also define target markets, risk acceptance criteria, credit ap-

proval authority, credit origination/ maintenance procedures and guidelines for portfolio

management.

3. The credit risk policies approved by the Board should be communicated to branches/con-

trolling offices. All dealing officials should clearly understand the bank's approach for

credit sanction and should be held accountable for complying with established policies

and procedures.

4. Senior management of a bank shall be responsible for implementing the credit risk policy

approved by the Board.

Credit Risk Strategy

1. Each bank should develop, with the approval of its Board, its own credit risk strategy or

plan that establishes the objectives guiding the bank's credit-granting activities and adopt

necessary policies/ procedures for conducting such activities. This strategy should spell

out clearly the organization’s credit appetite and the acceptable level of risk-reward trade-

off for its activities.

2. The strategy would, therefore, include a statement of the bank's willingness to grant loans

based on the type of economic activity, geographical location, currency, market, maturity

and anticipated profitability. This would necessarily translate into the identification of

target markets and business sectors, preferred levels of diversification and concentration,

the cost of capital in granting credit and the cost of bad debts.

3. The credit risk strategy should provide continuity in approach as also take into account

the cyclical aspects of the economy and the resulting shifts in the composition/ quality of

the overall credit portfolio. This strategy should be viable in the long run and through

various credit cycles.

4. Senior management of a bank shall be responsible for implementing the credit risk strat-

egy approved by the Board.

Organizational Structure

Sound organizational structure is sine qua non for successful implementation of an effec-

tive credit risk management system. The organizational structure for credit risk management

should have the following basic features:

1. The Board of Directors should have the overall responsibility for management of risks.

The Board should decide the risk management policy of the bank and set limits for liq-

uidity, interest rate, foreign exchange and equity price risks.

The Risk Management Committee will be a Board level Sub committee including CEO

and heads of Credit, Market and Operational Risk Management Committees. It will devise the

policy and strategy for integrated risk management containing various risk exposures of the bank

including the credit risk. For this purpose, this Committee should effectively coordinate between

the Credit Risk Management Committee (CRMC), the Asset Liability Management Committee

and other risk committees of the bank, if any. It is imperative that the independence of this Com-

mittee is preserved. The Board should, therefore, ensure that this is not compromised at any cost.

In the event of the Board not accepting any recommendation of this Committee, systems should

be put in place to spell out the rationale for such an action and should be properly documented.

This document should be made available to the internal and external auditors for their scrutiny

and comments. The credit risk strategy and policies adopted by the committee should be effec-

tively

Operations / Systems

Banks should have in place an appropriate credit administration, credit risk measurement

and monitoring processes. The credit administration process typically involves the following

phases:

1. Relationship management phase i.e. business development.

2. Transaction management phase covers risk assessment, loan pricing, structuring the facil-

ities, internal approvals, documentation, loan administration, on going monitoring and

risk measurement.

3. Portfolio management phase entails monitoring of the portfolio at a macro level and the

management of problem loans

4. On the basis of the broad management framework stated above, the banks should have

the following credit risk measurement and monitoring procedures:

5. Banks should establish proactive credit risk management practices like annual / half

yearly industry studies and individual obligor reviews, periodic credit calls that are docu-

mented, periodic visits of plant and business site, and at least quarterly management re-

views of troubled exposures/weak credits\

RBI Guidelines on Credit Risk New Capital Accord: Implications for

Credit Risk Management

The Basel Committee on Banking Supervision had released in June 1999 the first Consul-

tative Paper on a New Capital Adequacy Framework with the intention of replacing the current

broad-brush 1988 Accord. The Basel Committee has released a Second Consultative Document

in January 2001, which contains refined proposals for the three pillars of the New Accord - Mini-

mum Capital Requirements, Supervisory Review and Market Discipline.

The Committee proposes two approaches, for estimating regulatory capital. viz.,

1. Standardized and

2. Internal Rating Based (IRB)

Under the standardized approach, the Committee desires neither to produce a net in-

crease nor a net decrease, on an average, in minimum regulatory capital, even after accounting

for operational risk. Under the Internal Rating Based (IRB) approach, the Committee's ultimate

goals are to ensure that the overall level of regulatory capital is sufficient to address the underly-

ing credit risks and also provides capital incentives relative to the standardized approach, i.e., a

reduction in the risk weighted assets of 2% to 3% (foundation IRB approach) and 90% of the

capital requirement under foundation approach for advanced IRB approach to encourage banks

to adopt IRB approach for providing capital.

The minimum capital adequacy ratio would continue to be 8% of the risk-weighted as-

sets, which cover capital requirements for market (trading book), credit and operational risks. For

credit risk, the range of options to estimate capital extends to include a standardized, a founda-

tion IRB and an advanced IRB approaches.

RBI Guidelines for Credit Risk Management Credit Rating Framework

A Credit-risk Rating Framework (CRF) is necessary to avoid the limitations associated

with a simplistic and broad classification of loans/exposures into a "good" or a "bad" category.

The CRF deploys a number/ alphabet/ symbol as a primary summary indicator of risks associated

with a credit exposure. Such a rating framework is the basic module for developing a credit risk

management system and all advanced models/approaches are based on this structure. In spite of

the advancement in risk management techniques, CRF is continued to be used to a great extent.

These frameworks have been primarily driven by a need to standardize and uniformly communi-

cate the "judgment" in credit selection procedures and are not a substitute to the vast lending ex-

perience accumulated by the banks' professional staff.

Broadly, CRF can be used for the following purposes:

1. Individual credit selection, wherein either a borrower or a particular exposure/ facility is

rated on the CRF

2. Pricing (credit spread) and specific features of the loan facility. This would largely con-

stitute transaction-level analysis.

3. Portfolio-level analysis.

4. Surveillance, monitoring and internal MIS

Assessing the aggregate risk profile of bank/ lender. These would be relevant for portfolio-level

analysis. For instance, the spread of credit exposures across various CRF categories, the mean

and the standard deviation of losses occurring in each CRF category and the overall migration of

exposures would highlight the aggregated credit-risk for the entire portfolio of the bank.

OPERATIONAL RISK

What is Operational Risk?

Operational risk is the risk associated with operating a business.

Operational risk covers such a wide area that it is useful to subdivide operational risk into two

components:

Operational failure risk.

Operational strategic risk.

Operational failure risk arises from the potential for failure in the course of operating

the business. A firm uses people, processes and technology to achieve the business plans, and any

one of these factors may experience a failure of some kind. Accordingly, operational failure risk

can be defined as the risk that there will be a failure of people, processes or technology within

the business unit. A portion of failure may be anticipated, and these risks should be built into the

business plan. But it is unanticipated, and therefore uncertain, failures that give rise to key

operational risks. These failures can be expected to occur periodically, although both their impact

and their frequency may be uncertain.

The impact or severity of a financial loss can be divided into two categories:

An expected amount

An unexpected amount.

The latter is itself subdivided into two classes: an amount classed as severe, and a catastrophic

amount. The firm should provide for the losses that arise from the expected component of these

failures by charging expected revenues with a sufficient amount of reserves. In addition, the firm

should set aside sufficient economic capital to cover the unexpected component, or resort to

insurance.

Operational strategic risk arises from environmental factors, such as a new competitor that

changes the business paradigram, a major political and regulatory regime change, and

earthquakes and other such factors that are outside the control of the firm. It also arises from

major new strategic initiatives, such as developing a new line of business or re-engineering an

existing business line. All business rely on people, processes and technology outside their

business unit, and the potential for failure exists there too, this type of risk is referred to as

external dependency risk.

The figure above summarizes the relationship between operational failure risk and operational

strategic risk. These two principal categories of risk are also sometimes defined as “internal” and

“ external” operational risk.

Operational risk is often thought to be limited to losses that can occur in operating or pro-

cessing centers. This type of operational risk, sometimes referred as operations risk, is an impor-

tant component, but it by no means covers all of the operational risks facing the firm. Our defini -

tion of operational risk as the risk associated with operating the business means significant

amounts of operational risk are also generated outside the processing centers.

Figure: Two Broad Categories of Operational Risk

Operational Risk

Operational failure risk (Internal operational risk)

The risk encountered in pursuit of a particular strategy due to:

People Process Technology

Operational strategic risk (External operational risk)

The risk of choosing an inappropriate strategy in response to environmental factor, such as

Political Taxation Regulation Government Societal Competition, etc.

Risk begins to accumulate even before the design of the potential transaction gets

underway. It is present during negotiations with the client (regardless of whether the negotiation

is a lengthy structuring exercise or a routine electronic negotiation.) and continues after the

negotiation as the transaction is serviced.

A complete picture of operational risk can only be obtained if the bank’s activity is

analyzed from beginning to end. Several things have to be in place before a transaction is

negotiated, and each exposes the firm to operational risk. The activity carried on behalf of the

client by the staff can expose the institution to “people risk”. “People risk” are not only in the

form of risk found early in a transaction. But they further rely on using sophisticated financial

models to price the transaction. This creates what is called as Model risk which can arise because

of wrong parameters like input to the model, or because the model is used inappropriately and so

on.

Once the transaction is negotiated and a ticket is written, errors can occur as the

transaction is recorded in various systems or reports. An error here may result in the delayed

settlement of the transaction, which in turn can give rise to fines and other penalties. Further an

error in market risk and credit risk report might lead to the exposures generated by the deal being

understated. In turn this can lead to the execution of additional transactions that would otherwise

not have been executed. These are examples of what is often called as “process risk”

The system that records the transaction may not be capable of handling the transaction or

it may not have the capacity to handle such transactions. If any one of the step is out-sourced,

then external dependency risk also arises. However, each type of risk can be captured either as

people, processes, technology, or an external dependency risk, and each can be analyzed in terms

of capacity, capability or availability

Who Should Manage Operational Risk?

The responsibility for setting policies concerning operational risk remains with the senior

management, even though the development of those policies may be delegated, and submitted to

the board of directors for approval. Appropriate policies must be put in place to limit the amount

of operational risk that is assumed by an institution. Senior management needs to give authority

to change the operational risk profile to those who are the best able to take action. They must

also ensure that a methodology for the timely and effective monitoring of the risks that are in -

curred is in place. To avoid any conflict of interest, no single group within the bank should be re-

sponsible for simultaneously setting policies, taking action and monitoring risk.

Policy Setting

The authority to take action generally rests with business management, which is

responsible for controlling the amount of operational risk taken within each business line. The

infrastructure and the governance groups share with business management the responsibility for

managing operational risk.

Internal Audit

Senior Management

Business Management Risk Management

Legal

Operations

Information Technology

Finance

Insurance

The responsibility for the development of a methodology for measuring and monitoring

operational risks resides most naturally with group risk management functions. The risk manage-

ment function also needs to ensure the proper operational risk/ reward analysis is performed in

the review of existing businesses and before the introduction of new initiatives and products. In

this regard, the risk management function works very closely with, but independent from, busi-

ness management, infrastructure, and other governance group

Senior management needs to know whether the responsibilities it has delegated are actu-

ally being tended to, and whether the resulting processes are effective. The internal audit func-

tion within the bank is charged with this responsibility.

Key to Implementing Bank-wide Operational Risk Management:

The eight key elements are necessary to successfully implement a bank-wide operational

risk management framework. They involve setting policy and identifying risk as an outgrowth of

having designed a common language, constructing business process maps, building a best mea-

surement methodology, providing exposure management, installing a timely reporting capability,

performing risk analysis inclusive of stress testing, and allocating economic capital as a function

of operational risk.

EIGHT KEY ELEMENTS TO ACHIEVE BEST OPERATIONAL RISK

MANAGEMENT.

1. Policy

2.Risk Identification

1. Develop well-defined operational risk policies. This includes explicitly articulating the

desired standards for the risk measurement. One also needs to establish clear guidelines

for practices that may contribute to a reduction of operational risk.

2. Establish a common language of risk identification. For e.g., the term “people risk” in-

cludes a failure to deploy skilled staff. “Technology risk” would include system failure,

and so on.

3. Develop business process maps of each business. For e.g., one should create an “opera-

tional risk catalogue” which categories and defines the various operational risks arising

from each organizational unit in terms of people, process, and technology risk. This cata-

logue should be tool to help with operational risk identification and assessment.

Types of Operational Failure Risk

1. People Risk 1. Incompetancy.

2. Fraud.

Best Practice 3. Business Process

4. Measuring Methodology

8. Economic Capital

7. Risk Analysis

6. Reporting

5. Exposure Management

2. Process Risk

Model Risk

TR

OCR

1. Model/ methodology error

2. Mark-to-model error.

1. Execution error.

2. Product complexity.

3. Booking error.

4. Settlement error.

1. Exceeding limits.

2. Security risk.

3.Volume risk.

3. Technology Risk 1. System failure.

2. Programming error.

3. Information risk.

4. Telecommunications failure.

4. Develop a comprehensible set of operational risk metrics. Operational risk assessment is

a complex process. It needs to be performed on a firm-wide basis at regular intervals us-

ing standard metrics. In early days, business and infrastructure groups performed their

own assessment of operational risk. Today, self-assessment has been discredited. Sophis-

ticated financial institutions are trying to develop objective measures of operational risk

that build significantly more reliability into the quantification of operational risk.

5. Decide how to manage operational risk exposure and take appriate action to hedge the

risks. The bank should address the economic question of th cost-benefit of insuring a

given risk for those operational risks that can be insured.

6. Decide how to report exposure.

7. Develop tools for risk analysis, and procedures for when these tools should deploped. For

e.g., risk analysis is typically performed as part of a new product process, periodic busi-

ness reviews, and so on. Stress testing should be a standard part of risk analysis process.

The frequency of risk assessment should be a function of the degree to which operational

risks are expected to change over time as businesses undertake new initiatives, or as busi-

ness circumstances evolve. This frequency might be reviewed as operational risk mea-

surement is rolled out across the bank a bank should update its risk assessment more fre-

quently. Further one should reassess whenever the operational risk profile changes signif-

icantly.

8. Develop techniques to translate the calculation of operational risk into a required amount

of economic capital. Tools and procedures should be developed to enable businesses to

make decisions about operational risk based on risk/reward analysis.

Four-Step Measurement Process For Operational Risk

Clear guiding principle for the operational risk measurement process should be set to en-

sure that it provides an appropriate measure of operational risk across all business units through-

out the bank. This problem of measuring operational risk can be best achieved by means of a

four-step operational risk process. The following are the four steps involved in the process:

1. Input.

2. Risk assessment framework.

3. Review and validation.

4. Output.

1. Input:

The first step in the operational risk measurement process is to gather the information

needed to perform a complete assessment of all significant operational risks. A key source of this

information is often the finished product of other groups. For example, a unit that supports the

business group often publishes report or documents that may provide an excellent starting point

for the operational risk assessment.

Sources of Information in the Measurement Process of Operational Risk :The Inputs (for

Assessment)

Likelihood of Occurrence Severity

Audit report Management interviews

Regulatory report Loss history

Management report

Expert opinion

Business Recovery Plan

Business plans

Budget plans

Operations plans

For example, if one is relying on audit documents as an indication of the degree of

control, then one needs to ask if the audit assessment is current and sufficient. Have there been

any significant changes made since the last audit assessment? Did the audit scope include the

area of operational risk that is of concern to the present risk assessment? As one diligently works

through available information, gaps often become apparent. These gaps in the information often

need to be filled through discussion with the relevant managers.

Typically, there are not sufficient reliable historical data available to confidently project

the likelihood or severity of operational losses. One often needs to rely on the expertise of

business management, until reliable data are compiled to offer an assessment of the severity of

the operational failure for each of the risks. The time frame employed for all aspects of the

assessment process is typically one year. The one-year time horizon is usually selected to align

with the business planning cycle of the bank.

2. Risk Assessment Framework

The input information gathered in the above step needs to be analyzed and processed

through the risk assessment framework. Risk assessment framework includes:

1. Risk categories:

The operational risk can be broken down into four headline risk categories like the risk of

unexpected loss due to operational failure in people, process and technology deployed within

the business

Internal dependencies should each be reviewed according to a set of factors. We examine

these 9nternal dependencies according to three key components of capability, capacity and

availability.

External dependencies can also be analyzed in terms of the specific type of external

interaction.

2. Connectivity and interdependencies

The headline risk categories cannot be viewed in isolation from one another. One needs to

examine the degree of interconnected risk exposures that cut across the headline operational

risk categories, in order to understand the full impact of risk.

3. Change, complexity, compliancy:

One may view the sources that drive the headline risk categories as falling under the broad

categories of “Change” refers to such items as introducing new technology or new products,

a merger or acquisition, or moving from internal supply to outsourcing, etc. “Complexity’

refers to such items as complexity of products, process or technology. “ Complacency” refer

to ineffective management of the business.

4. Net likelihood assessment

The likelihood that an operational failure might occur within the next year should be

assessed, net of risk mitigants such as insurance, for each identified risk exposure and for

each of the four headline risk categories. Since it is often unclear how to quantify risk, this

assessment can be rated along five point likelihood continuum from very low, low, medium,

high and very high.

5. Severity assessment

Severity describes the potential loss to the bank given that an operational risk failure has

occurred. It should be assessed for each identified risk exposure.

6. Combined likelihood and severity into the overall Operational Risk Assessment

Operational risk measures are constrained in that there is not usually a defensible way to

combine the individual likelihood of loss and severity assessments into overall measure of

operational risk within a business unit. To do so, the likelihood of loss would need to be

expressed in numerical terms. This cannot be accomplished without statistically significant

historical data on operational losses.

7. Defining Cause and Effect:

Loss data are easier to collect than data associated with the cause of loss. This complicates

the measurement of operational risk because each loss is likely to have several causes. This

relationship between these causes, and the relative importance of each, can be difficult to

assess in an objective fashion.

3. Review and validation:

Once the report is generated. First the centralised operational risk management group

(ORMG) reviews the assessment results with senior business unit management and key officers,

in order to finalize the proposed operational risk rating. Second, one may want an operational

risk rating committee to review the assessment – a validation process similar to that followed by

credit rating agencies. This takes the form of review of the individual risk assessments by knowl-

edgeable senior committee personnel to ensure that the framework has been consistently applied

across businesses, that there has been sufficient scrutiny to remove any imperfections, and so on.

The committee should have representation from business management, audit, and functional ar-

eas, and be chaired by risk management unit.

4. Output

The final assessment of operational risk will be formally reported to business manage-

ment, the centralised risk-adjusted return on capital (RAROC) group, and the partners in corpo-

rate governance such as internal audit and compliance. The output of the assessment process has

two main uses:

1. The assessment provides better operational risk information to management for use in im-

proving risk management decisions.

2. The assessment improves the allocation of economic capital to better reflect the extent of

the operational riskier, being taken by a business unit.

3. The over all assessment of the likelihood of operational risk & severity of loss for a busi-

ness unit can be shown as:

Mgmt. AttentionMedium

RiskHigh Risk

Severity of Loss ($)

Likelihood of Loss ($)

A business unit may address its operational risks in several ways. First, one can invest in busi-

ness unit. Second, one can avoid the risk by withdrawing from business activity. Third, one can

accept and manage risk through effective monitoring and control. Fourth, one can transfer risk to

another party. Of course, not all-operational risks are insurable, and in that case of those that are

insurable the required premium may be prohibitive. The strategy and eventually the decision

should be based on cost benefit analysis.

An Idealized Bank Of The Future

The efficient bank of the future will be driven by a single analytical risk engine that

draws its data from a single logical data repository. This engine will power front-, middle-, and

back-office functions, and supply information about enterprise-wide risk. The ability to control

and manage risk will be finely tuned to meet specific business objectives. For example, far fewer

significantly large losses, beyond a clearly articulate tolerance for loss, will be incurred and the

return to risk profile will be vastly improved.

Medium Risk

Low Risk

With the appropriate technology in place, financial trading across all asset classes will

move from the current vertical, product-oriented environment (e.g., swaps, foreign exchange,

equities, loans, etc.) to a horizontal, customer-oriented environment in which complex

combinations of asset types will be traded.

There will be less need for desks that specialize in single product lines. The focus will

shift to customer needs rather than instrument types. The management of limits will be based on

capital, set in such a manner so as to maximize the risk-adjusted return on capital for the firm.

The firm’s exposure will be known and disseminated in real time. Evaluating the risk of a

specific deal will take into account its effect on the firm’s total risk exposure, rather than simply

the exposure of the individual deal.

Banks that dominate this technology will gain a tremendous competitive advantage. Their

information technology and trading infrastructure will be cheaper than today’s by orders of

magnitude. Conversely, banks that attempt to build this infrastructure in-house will become

trapped in a quagmire of large, expensive IT departments-and poorly supported software.

The successful banks will require far fewer risk systems. Most of which will be based on

a combination of industry standard, reusable, robust risk software and highly sophisticated pro-

prietary analytics. More importantly, they will be free to focus on their core business and offer

products more directly suited to their customers’ desired return to risk profiles.

Study of Operational Risk at Punjab National Bank

Punjab National Bank is exposed to many types of operational risk. Operational risk can result

from a variety of factors, including:

1. Failure to obtain proper internal authorizations,

2. Improperly documented transactions,

3. Failure of operational and information security procedures,

4. Computer systems,

5. Software or equipment,

6. Fraud,

7. Inadequate training and employee errors.

PNB attempts to mitigate operational risk by maintaining a comprehensive system of internal

controls, establishing systems and procedures to monitor transactions, maintaining key back–up

procedures and undertaking regular contingency planning.

I. Operational Controls and Procedures in Branch

PNB has operating manuals detailing the procedures for the processing of various banking

transactions and the operation of the application software. Amendments to these manuals are

implemented through circulars sent to all offices.

When taking a deposit from a new customer, PNB requires the new customer to complete a

relationship form, which details the terms and conditions for providing various banking services.

Photographs of customers are also obtained for PNB’s records, and specimen signatures are

scanned and stored in the system for online verification. PNB enters into a relationship with a

customer only after the customer is properly introduced to PNB. When time deposits become due

for repayment, the deposit is paid to the depositor. System generated reminders are sent to

depositors before the due date for repayment. Where the depositor does not apply for repayment

on the due date, the amount is transferred to an overdue deposits account for follow up.

PNB has a scheme of delegation of financial powers that sets out the monetary limit for each

employee with respect to the processing of transactions in a customer's account. Withdrawals

from customer accounts are controlled by dual authorization. Senior officers have delegated

power to authorize larger withdrawals. PNB’s operating system validates the check number and

balance before permitting withdrawals. PNB’s banking software has multiple security features to

protect the integrity of applications and data.

PNB gives importance to computer security and has s a comprehensive information technology

security policy. Most of the information technology assets including critical servers are hosted in

centralized data centers, which are subject to appropriate physical and logical access controls.

II. Operational Controls and Procedures for Internet Banking

In order to open an Internet banking account, the customer must provide PNB with

documentation to prove the customer's identity, including a copy of the customer's passport, a

photograph and specimen signature of the customer. After verification of the same, PNB opens

the Internet banking account and issues the customer a user ID and password to access his

account online.

III. Operational Controls and Procedures in Regional Processing Centers &

Central Processing Centers

To improve customer service at PNB’s physical locations, PNB handles transaction processing

centrally by taking away such operations from branches. PNB has centralized operations at

regional processing centers located at 15 cities in the country. These regional processing centers

process clearing checks and inter-branch transactions, make inter-city check collections, and

engage in back office activities for account opening, standing instructions and auto-renewal of

deposits.

PNB has centralized transaction processing on a nationwide basis for transactions like the issue

of ATM cards and PIN mailers, reconciliation of ATM transactions, monitoring of ATM

functioning, issue of passwords to Internet banking customers, depositing post-dated cheques

received from retail loan customers and credit card transaction processing. Centralized

processing has been extended to the issuance of personalized check books, back office activities

of non-resident Indian accounts, opening of new bank accounts for customers who seek web

broking services and recovery of service charges for accounts for holding shares in book-entry

form.

IV. Operational Controls and Procedures in Treasury

PNB has a high level of automation in trading operations. PNB uses technology to monitor risk

limits and exposures. PNB’s front office, back office and accounting and reconciliation functions

are fully segregated in both the domestic treasury and foreign exchange treasury. The respective

middle offices use various risk monitoring tools such as counterparty limits, position limits,

exposure limits and individual dealer limits. Procedures for reporting breaches in

limits are also in place.

PNB’s front office treasury operation for rupee transactions consists of operations in fixed in-

come securities, equity securities and inter-bank money markets. PNB’s dealers analyze the mar-

ket conditions and take views on price movements. Thereafter, they strike deals in conformity

with various limits relating to counterparties, securities and brokers. The deals are then for-

warded to the back office for settlement.

The inter-bank foreign exchange treasury operations are conducted through Reuters dealing

systems. Brokered deals are concluded through voice systems. Deals done through Reuters

systems are captured on a real time basis for processing. Deals carried out through voice systems

are input in the system by the dealers for processing. The entire process from deal origination to

settlement and accounting takes place via straight through processing. The processing ensures

adequate checks at critical stages. Trade strategies are discussed frequently and decisions are

taken based on market forecasts, information and liquidity considerations. Trading operations are

conducted in conformity with the code of conduct prescribed by internal and regulatory

guidelines.

The Treasury Middle Office Group, monitors counterparty limits, evaluates the mark-to-market

impact on various positions taken by dealers and monitors market risk exposure of the

investment portfolio and adherence to various market risk limits set up by the Risk, Compliance

and Audit Group.

PNB’s back office undertakes the settlement of funds and securities. The back office has

procedures and controls for minimizing operational risks, including procedures with respect to

deal confirmations with counterparties, verifying the authenticity of counterparty checks and

securities, ensuring receipt of contract notes from brokers, monitoring receipt of interest and

principal amounts on due dates, ensuring transfer of title in the case of purchases of securities,

reconciling actual security holdings with the holdings pursuant to the records and reports any

irregularity or shortcoming observed.

V. Audit

The Internal Audit Group undertakes a comprehensive audit of all business groups and other

functions, in accordance with a risk-based audit plan. This plan allocates audit resources based

on an assessment of the operational risks in the various businesses. The Internal Audit group

conceptualizes and implements improved systems of internal controls, to minimize operational

risk. The audit plan for every fiscal year is approved by the Audit Committee of PNB’s board of

directors. The Internal Audit group also has a dedicated team responsible for information

technology security audits. Various components of information technology from applications to

databases, networks and operating systems are covered under the annual audit plan.

Swot analysis

Strengths :-

Large market share.

Dominance in northern India and in rural retail banking.

Financial high performance

Weaknesses:-

Potential for political interference.

Limited international operations provide little diversification; pace of overseas expansion

is fairly slow

Opportunities :-

Plans for PNB Investment Services to set up an investment consultancy and a merchant

banking subsidiary.

Increased business with customers in rural areas through banking correspondents and

technology (for the bank to benefit from low value, high volume transactions).

Threats :-

The gradual entry of foreign banks operating more fully.

FINDINGS

Credit risk is generally well contained, but there are still problems associated with loan

classification, loan provisioning.

Market risk and operational risk are clear challenge, as the are relatively new to the areas

that were not well developed under the original Based Capital accord.

The new regulation will allow bank to introduce substantial improvements in their overall

risk management capababilities, improving risk based performance measurement.

Basel II leands to increase in data collection and maintence of privacy and security in

various issues.

SUGGESTIONS

The bank should review Basel II components and develop a vision, strategy and action plan for

what is expected to be a suitable framework based on how the banking system evolves over time.

The bank need regular engagement for sustained support.

Training and additional assistance to make it easier for the banking system to comply with new

guidelines on market and operational risk.

CONCLUSION

Implementation of basel II has been described as a long journey rather than a destination by it -

self. Undoubtedly, it would require commitment of substational capital and human resources on

the part of both bank and the supervisors. Rbi has decided to follow a consultative process while

implementing Basel II norms and move in a grdual sequentional and co-ordinate manner. For the

purpose, dialogue has already been initated with stakeholders.

REFERENCES

FROM STAFF CONCERN

www.pnbindia.com

www.google.co.in

www.rbi.org