bank risk management
DESCRIPTION
credit risk ,liquidity risk , risk measurement & management..TRANSCRIPT
Slide 1
Risk Management in Banks
In the new liberalized economy in India, Banks and regulators in recent years have been making sustained efforts to understand and measure the increasing risks they are exposed to. With the Indian economy becoming global, the Banks are realising the importance of different types of risks. Some of the risk are credit risks, market risks, operational risks, reputational risks and legal risks, using quantitative techniques in risk modelling. RBI issued the first set of guidelines to Banks on Risk Management on October 20, 1999.
A risk can be defined as an unplanned event with financial consequences resulting in loss or reduced earnings. Therefore, a risky proposition is one with potential profit or a looming loss. Risk stems from uncertainty or unpredictability of the future. In commercial and business risk generates profit or loss depending upon the way in which it is managed. Risk can be defined as the volatility of the potential outcome. Risk is the possibility of something adverse happening.
Risk management is the process of assessing risk, taking steps to reduce risk to an acceptable level and maintaining that level of risk.Thus, we can say that after the risks have been identified, risk management attempts to lessen their effects. This is done by applying a range of management techniques. For example, the risk may be reduced by taking out insurance or using derivatives or re-plan the whole project.
The essential components of any risk management system are
Risk Identification i.e the naming and defining of each type of risk associated with a transaction or type of product or service;
Risk Measurement i.e. the estimation of the size ,probability and timing of potential loss under various scenarios;
Risk Control-i.e. the framing of policies and guidelines that define the risk limits not only at the individual level but also for particular transaction
Measurement of risk is a very important step in risk management process. Some risk can be easily quantified like exchange risk, interest rate risk etc. While some risks like country risk, operational risk etc. cannot be mathematically deduced. They can only be qualitatively compared and measured. Some risks like gap risk in forex operations can be measured using modern mathematical and statistical tool like value at risk etc. Therefore it is important to identify and appreciate the risk and quantify it. Only then the next step management of risk can be attempted. The management is a process consisting of the following steps.Identify all areas of riskevaluate these risksset various exposure limits fortype of businessmismatchescounter partiesissue clear policy guidelines / directives.
Types of Risks :1. Credit Risk This is the risk of non recovery of loan or the risk of reduction in the value of asset. The credit risk also includes the pre-payment risk resulting in loss of opportunity to the bank to earn higher interest income. Credit Risk also arises due excess exposure to a single borrower, industry or a geographical area. The element of country risk is also present which is the risk of losses being incurred due to adverse foreign exchange reserve situation or adverse political or economic situations in another country
2. Interest Rate Risk-This risk arises due to fluctuations in the interest rates. It can result in reduction in the revenues of the bank due to fluctuations in the interest rates which are dynamic and which change differently for assets and liabilities. With the deregulated era interest rates are market determined and banks have to fall in line with the market trends even though it may stifle their Net Interest margins
3. Liquidity Risk-Liquidity is the ability to meet commitments as and when they are due and ability to undertake new transactions when they are profitable. Liquidity risk may emanate in any of the following situations-(a) net outflow of funds arising out of withdrawals/non renewal of deposits(b) non recovery of cash receipts from recovery of loans (c) conversion of contingent liabilities into fund based commitment and(d) increased availment of sanctioned limits
(4) Foreign Exchange Risk - Risk may arise on account of maintenance of positions in forex operations and it involves currency rate risk, transaction risks (profits/loss on transfer of earned profits due to time lag) and transportation risk (risks arising out of exchange restrictions)(5) Regulatory Risks- It is defined as the risk associated with the impact on profitability and financial position of a bank due to changes in the regulatory conditions, for example the introduction of asset classification norms have adversely affected the banks of NPAs and balance sheet bottom lines. (6) Technology Risk - This risk is associated with computers and the communication technology which is being increasingly introduced in the banks. This entails the risk of obsolescence and the risk of losing business to better technologically
(7) Market Risk-This is the risk of losses in off and on balance sheet positions arising from movements in market prices.(8) Strategic Risk-This is the risk arising out of certain strategic decisions taken by the banks for sustaining themselves in the present day scenario for example decision to open a subsidiary may run the risk of losses if the subsidiary does not do good business.
The essential components of any risk management system are (i) Risk Identification-i.e the naming and defining of each type of risk associated with a transaction or type of product or service(ii) Risk Measurement-i.e. the estimation of the size ,probability and timing of potential loss under various scenarios(iii) Risk Control-i.e. the framing of policies and guidelines that define the risk limits not only at the individual level but also for particular transactions
In risk management exercise the top management has to lay down clear cut policy guidelines in quantifiable and precise terms - for different layers line personnel business parameters, limits etc. It is very important for the management to plant at the macro level what the organisations is looking in for in any business proposition or venture and convert these expectations into micro level factors and requirements for field level functionaries only then they will be able to convert these expectations into reality. A very important assumption is made but normally omitted or over looked is provision of infra-structural support and conductive climate. Ultimately top management has a greater role to play in any risk management process
CREDIT RISKCredit risk is defined as the possibility of losses associated with diminution in the credit quality of borrowers or counterparties. In a banks portfolio, losses stem from outright default due to inability or unwillingness of a customer or counterparty to meet commitments in relation to lending, trading, settlement and other financial transactions. Alternatively, losses result from reduction in portfolio value arising from actual or perceived deterioration in credit quality. Credit risk emanates from a banks dealings with an individual, corporate, bank, financial institution or a sovereign.
Credit risk may take the following forms: in the case of direct lending: principal /and or interest amount may not be repaid; in the case of guarantees or letters of credit: funds may not be forthcoming from the constituents upon crystallization of the liability; in the case of treasury operations: the payment or series of payments due from the counter parties under the respective contracts may not be forthcoming or ceases; in the case of securities trading businesses: funds/ securities settlement may not be effected; in the case of cross-border exposure: the availability and free transfer of foreign currency funds may either cease or restrictions may be imposed by the sovereign.
In this backdrop, it is imperative that banks have a robust credit risk management system which is sensitive and responsive to these factors. The effective management of credit risk is a critical component of comprehensive risk management and is essential for the long term success of any banking organisation. The Credit risk management encompasses identification, measurement, monitoring and control of the credit risk exposures. Building Blocks of Credit Risk Management: In a bank, an effective credit risk management framework would comprise of the following distinct building blocks:a) Policy and Strategyb) Organisational Structurec) Operations/ Systems
Policies and StrategiesThe Board of Directors of each bank shall be responsible for approving and periodically reviewing the credit risk strategy and significant credit risk policies.Credit Risk Policy Every bank should have a credit risk policy document approved by the Board. The document should include risk identification, risk measurement, risk grading/ aggregation techniques, reporting and risk control/ mitigation techniques, documentation, legal issues and management of problem loans. Credit risk policies should also define target markets, risk acceptance criteria, credit approval authority, credit origination/ maintenance procedures and guidelines for portfolio management. The credit risk policies approved by the Board should be communicated to branches/controlling offices. All dealing officials should clearly understand the banks approach for credit sanction and should be held accountable for complying with established policies and procedures. Senior management of a bank shall be responsible for implementing the credit risk policy approved by the Board.
Credit Risk Strategyv Each bank should develop, with the approval of its Board, its own credit risk strategy or plan that establishes the objectives guiding the banks credit-granting activities and adopt necessary policies/ procedures for conducting such activities. This strategy should spell out clearly the organisations credit appetite and the acceptable level of risk-reward trade-off for its activities. v The strategy would, therefore, include a statement of the banks willingness to grant loans based on the type of economic activity, geographical location, currency, market, maturity and anticipated profitability. This would necessarily translate into the identification of target markets and business sectors, preferred levels of diversification and concentration, the cost of capital in granting credit and the cost of bad debts.v The credit risk strategy should provide continuity in approach as also take into account the cyclical aspects of the economy and the resulting shifts in the composition/ quality of the overall credit portfolio. This strategy should be viable in the long run and through various credit cycles.v Senior management of a bank shall be responsible for implementing the credit risk strategy approved by the Board.
Organisational StructureSound organizational structure is sine qua non (end result) for successful implementation of an effective credit risk management system. The organizational structure for credit risk management should have the following basic features: The Board of Directors should have the overall responsibility for management of risks. The Board should decide the risk management policy of the bank and set limits for liquidity, interest rate, foreign exchange and equity price risks. The Risk Management Committee will be a Board level Sub committee including CEO and heads of Credit, Market and Operational Risk Management Committees. It will devise the policy and strategy for integrated risk management containing various risk exposures of the bank including the credit risk. For this purpose, this Committee should effectively coordinate between the Credit Risk Management Committee (CRMC), the Asset Liability Management Committee and other risk committees of the bank, if any. It is imperative that the independence of this Committee is preserved.
The Board should, therefore, ensure that this is not compromised at any cost. In the event of the Board not accepting any recommendation of this Committee, systems should be put in place to spell out the rationale for such an action and should be properly documented. This document should be made available to the internal and external auditors for their scrutiny and comments. The credit risk strategy and policies adopted by the committee should be effectively communicated throughout the organisation.
Each bank may, depending on the size of the organization or loan/ investment book, constitute a high level Credit Risk Management Committee (CRMC). The Committee should be headed by the Chairman/CEO/ED, and should comprise of heads of Credit Department, Treasury, Credit Risk Management Department (CRMD) and the Chief Economist. The functions of the Credit Risk Management Committee should be as under:Be responsible for the implementation of the credit risk policy/ strategy approved by the Board. Monitor credit risk on a bank wide basis and ensure compliance with limits approved by the Board. Recommend to the Board, for its approval, clear policies on standards for presentation of credit proposals, financial covenants, rating standards and benchmarks, Decide delegation of credit approving powers, prudential limits on large credit exposures, standards for loan collateral, portfolio management, loan review mechanism, risk concentrations, risk monitoring and evaluation, pricing of loans, provisioning, regulatory/legal compliance, etc.
Concurrently, each bank should also set up Credit Risk Management Department (CRMD), independent of the Credit Administration Department. The CRMD should:Measure, control and manage credit risk on a bank-wide basis within the limits set by the Board/ CRMC Enforce compliance with the risk parameters and prudential limits set by the Board/ CRMC. Lay down risk assessment systems, develop MIS, monitor quality of loan/ investment portfolio, identify problems, correct deficiencies and undertake loan review/audit. Large banks could consider separate set up for loan review/audit. Be accountable for protecting the quality of the entire loan/ investment portfolio. The Department should undertake portfolio evaluations and conduct comprehensive studies on the environment to test the resilience of the loan portfolio.
Operations / SystemsBanks should have in place an appropriate credit administration, credit risk measurement and monitoring processes. The credit administration process typically involves the following phases:Relationship management phase i.e. business development.Transaction management phase covers risk assessment, loan pricing, structuring the facilities, internal approvals, documentation, loan administration, on going monitoring and risk measurement.Portfolio management phase entails monitoring of the portfolio at a macro level and the management of problem loans.
On the basis of the broad management framework stated above, the banks should have the following credit risk measurement and monitoring procedures: Banks should establish proactive credit risk management practices like annual / half yearly industry studies and individual obligor reviews, periodic credit calls that are documented, periodic visits of plant and business site, and at least quarterly management reviews of troubled exposures/weak credits. Banks should have a system of checks and balances in place for extension of credit viz.:- Separation of credit risk management from credit sanction - Multiple credit approvers making financial sanction subject to approvals at various stages viz. credit ratings, risk approvals, credit approval grid, etc. - An independent audit and risk review function. The level of authority required to approve credit will increase as amounts and transaction risks increase and as risk ratings worsen. Every obligor and facility must be assigned a risk rating. Mechanism to price facilities depending on the risk grading of the customer, and to attribute accurately the associated risk weightings to the facilities. Banks should ensure that there are consistent standards for the origination, documentation and maintenance for extensions of credit. Banks should have a consistent approach towards early problem recognition, the classification of problem exposures, and remedial action. Banks should maintain a diversified portfolio of risk assets; have a system to conduct regular analysis of the portfolio and to ensure on-going control of risk concentrations.
Credit risk limits include, obligor limits and concentration limits by industry or geography. The Boards should authorize efficient and effective credit approval processes for operating within the approval limits. In order to ensure transparency of risks taken, it is the responsibility of banks to accurately, completely and in a timely fashion, report the comprehensive set of credit risk data into the independent risk system. Banks should have systems and procedures for monitoring financial performance of customers and for controlling outstanding within limits. A conservative policy for provisioning in respect of non-performing advances may be adopted. Successful credit management requires experience, judgement and commitment to technical development. Banks should have a clear, well-documented scheme of delegation of powers for credit sanction. Banks must have a Management Information System (MIS), which should enable them to manage and measure the credit risk inherent in all on- and off-balance sheet activities. The MIS should provide adequate information on the composition of the credit portfolio, including identification of any concentration of risk. Banks should price their loans according to the risk profile of the borrower and the risks associated with the loans.
Interest Rate Risk (IRR) ManagementWhat is Interest Rate Risk : Interest rate risk is the risk where changes in market interest rates might adversely affect a banks financial condition. The management of Interest Rate Risk should be one of the critical components of market risk management in banks. The regulatory restrictions in the past had greatly reduced many of the risks in the banking system. Deregulation of interest rates has, however, exposed them to the adverse impacts of interest rate risk. TWhat is the Impact of IRR:The immediate impact of changes in interest rates is on the Net Interest Income (NII). A long term impact of changing interest rates is on the banks networth since the economic value of a banks assets, liabilities and off-balance sheet positions get affected due to variation in market interest rates.
The Net Interest Income (NII) or Net Interest Margin (NIM) of banks is dependent on the movements of interest rates. Any mismatches in the cash flows (fixed assets or liabilities) or repricing dates (floating assets or liabilities), expose banks NII or NIM to variations. The earning of assets and the cost of liabilities are closely related to market interest rate volatility. The interest rate risk when viewed from these two perspectives is known as earnings perspective and economic value perspective, respectively. Management of interest rate risk aims at capturing the risks arising from the maturity and repricing mismatches and is measured both from the earnings and economic value perspective.
(a) Earnings perspective involves analysing the impact of changes in interest rates on accrual or reported earnings in the near term. This is measured by measuring the changes in the Net Interest Income (NII) or Net Interest Margin (NIM) i.e. the difference between the total interest income and the total interest expense.(b) Economic Value perspective involves analysing the changes of impact og interest on the expected cash flows on assets minus the expected cash flows on liabilities plus the net cash flows on off-balance sheet items. It focuses on the risk to networth arising from all repricing mismatches and other interest rate sensitive positions. The economic value perspective identifies risk arising from long-term interest rate gaps.
Board and senior management oversight of interest rate riskPrinciple 1: In order to carry out its responsibilities, the board of directors in a bank should approve strategies and policies with respect to interest rate risk management and ensure that senior management takes the steps necessary to monitor and control these risks. The board of directors should be informed regularly of the interest rate risk exposure of the bank in order to assess the monitoring and controlling of such risk.Principle 2: Senior management must ensure that the structure of the bank's business and the level of interest rate risk it assumes are effectively managed, that appropriate policies and procedures are established to control and limit these risks, and that resources are available for evaluating and controlling interest rate risk.
Principle 3: Banks should clearly define the individuals and/or committees responsible for managing interest rate risk and should ensure that there is adequate separation of duties in key elements of the risk management process to avoid potential conflicts of interest. Banks should have risk measurement, monitoring and control functions with clearly defined duties that are sufficiently independent from position-taking functions of the bank and which report risk exposures directly to senior management and the board of directors. Larger or more complex banks should have a designated independent unit responsible for the design and administration of the bank's interest rate risk measurement, monitoring and control functions.Adequate risk management policies and proceduresPrinciple 4: It is essential that banks' interest rate risk policies and procedures are clearly defined and consistent with the nature and complexity of their activities. These policies should be applied on a consolidated basis and, as appropriate, at the level of individual affiliates, especially when recognising legal distinctions and possible obstacles to cash movements among affiliates.
Principle 5: It is important that banks identify the risks inherent in new products and activities and ensure these are subject to adequate procedures and controls before being introduced or undertaken. Major hedging or risk management initiatives should be approved in advance by the board or its appropriate delegated committee.Risk measurement, monitoring and control functionsPrinciple 6: It is essential that banks have interest rate risk measurement systems that capture all material sources of interest rate risk and that assess the effect of interest rate changes in ways that are consistent with the scope of their activities. The assumptions underlying the system should be clearly understood by risk managers and bank management.
Principle 7: Banks must establish and enforce operating limits and other practices that maintain exposures within levels consistent with their internal policies.Principle 8: Banks should measure their vulnerability to loss under stressful market conditions - including the breakdown of key assumptions - and consider those results when establishing and reviewing their policies and limits for interest rate risk.Principle 9: Banks must have adequate information systems for measuring, monitoring, controlling and reporting interest rate exposures. Reports must be provided on a timely basis to the bank's board of directors, senior management and, where appropriate, individual business line managers.
Internal controlsPrinciple 10: Banks must have an adequate system of internal controls over their interest rate risk management process. A fundamental component of the internal control system involves regular independent reviews and evaluations of the effectiveness of the system and, where necessary, ensuring that appropriate revisions or enhancements to internal controls are made. The results of such reviews should be available to the relevant supervisory authorities.Information for supervisory authoritiesPrinciple 11: Supervisory authorities should obtain from banks sufficient and timely information with which to evaluate their level of interest rate risk. This information should take appropriate account of the range of maturities and currencies in each bank's portfolio, including off-balance sheet items, as well as other relevant factors, such as the distinction between trading and non-trading activities.
Capital adequacyPrinciple 12: Banks must hold capital commensurate with the level of interest rate risk they undertake.Disclosure of interest rate riskPrinciple 13: Banks should release to the public information on the level of interest rate risk and their policies for its management.
Sources, effects and measurement of interest rate riskInterest rate risk is the exposure of a bank's financial condition to adverse movements in interest rates. Accepting this risk is a normal part of banking and can be an important source of profitability and shareholder value. However, excessive interest rate risk can pose a significant threat to a bank's earnings and capital base. Changes in interest rates affect a bank's earnings by changing its net interest income and the level of other interest-sensitive income and operating expenses. Changes in interest rates also affect the underlying value of the bank's assets, liabilities and off-balance sheet instruments because the present value of future cash flows (and in some cases, the cash flows themselves) change when interest rates change.
Liquidity Risk ManagementWhat is Liquidity Risk : Liquidity risk is the potential inability to meet the liabilities as they become due. It arises when the banks are unable to generate cash to cope with a decline in deposits or increase in assets. It originates from the mismatches in the maturity pattern of assets and liabilities. Importance of Liquidity Risk : Measuring and managing liquidity needs are vital for effective operation of commercial banks. By assuring a banks ability to meet its liabilities as they become due, liquidity management can reduce the probability of an adverse situation developing.
Liquidity Risk ManagementAnalysis of liquidity risk involves the measurement of not only the liquidity position of the bank on an ongoing basis but also examining how funding requirements are likely to be affected under crisis scenarios. Net funding requirements are determined by analyzing the banks future cash flows based on assumptions of the future behavior of assets and liabilities that are classified into specified time buckets and then calculating the cumulative net flows over the time frame for liquidity assessment.Future cash flows are to be analysed under what if scenarios so as to assess any significant positive / negative liquidity swings that could occur on a day-to-day basis and under bank specific and general market crisis scenarios.
Factors to be taken into consideration while determining liquidity of the banks future stock of assets and liabilities include their potential marketability, the extent to which maturing assets /liability will be renewed, the acquisition of new assets / liability and the normal growth in asset / liability accounts. Factors affecting the liquidity of assets and liabilities of the bank cannot always be forecast with precision. Hence they need to be reviewed frequently to determine their continuing validity, especially given the rapidity of change in financial markets.
The liquidity risk in banks manifest in different dimensions:i) (a) Funding Risk need to replace net outflows due to unanticipated withdrawal/non-renewal of deposits (wholesale and retail);(b) Time Risk need to compensate for non-receipt of expected inflows of funds, i.e. performing assets turning into non-performing assets; and (c) Call Risk due to crystallisation of contingent liabilities and unable to undertake profitable business opportunities when desirable.How is it measured :Liquidity measurement is quite a difficult task and can be measured through stock or cash flow approaches. The key ratios, adopted across the banking system areLoans to Total Assets, Loans to Core Deposits, Large Liabilities (minus) Temporary Investments to Earning Assets (minus) Temporary Investments, Purchased Funds to Total Assets, Loan Losses/Net Loans,
However, the ratios do not reveal the intrinsic liquidity profile of Indian banks which are operating generally in an illiquid market. Experiences show that assets commonly considered as liquid like Government securities, other money market instruments, etc. have limited liquidity as the market and players are unidirectional. Thus, analysis of liquidity involves tracking of cash flow mismatches. For measuring and managing net funding requirements, the use of maturity ladder and calculation of cumulative surplus or deficit of funds at selected maturity dates is recommended as a standard tool.
The following prudential limits are considered by Banks to put in place to avoid liquidity crisis:-i) (i) Cap on inter-bank borrowings, especially call borrowings; ii) Purchased funds vis--vis liquid assets; iii) Core deposits vis--vis Core Assets i.e. Cash Reserve Ratio, Statutory Liquidity Ratio and Loans; iv) Duration of liabilities and investment portfolio; v) Maximum Cumulative Outflows across all time bands; vi) Commitment Ratio track the total commitments given to corporates / banks and other financial institutions to limit the off-balance sheet exposure; vii) Swapped Funds Ratio, i.e. extent of Indian Rupees raised out of foreign currency sources.
BCBS Principles for the Assessment of Liquidity Management in BanksDeveloping a Structure for Managing LiquidityPrinciple 1: Each bank should have an agreed strategy for the day-to-day management of liquidity. This strategy should be communicated throughout the organisation.Principle 2: A banks board of directors should approve the strategy and significant policies related to the management of liquidity. The board should also ensure that senior management takes the steps necessary to monitor and control liquidity risk. The board should be informed regularly of the liquidity situation of the bank and immediately if there are any material changes in the banks current or prospective liquidity position.
Principle 3: Each bank should have a management structure in place to execute effectively the liquidity strategy. This structure should include the ongoing involvement of members of senior management. Senior management must ensure that liquidity is effectively managed, and that appropriate policies and procedures are established to control and limit liquidity risk. Banks should set and regularly review limits on the size of their liquidity positions over particular time horizons.Principle 4: A bank must have adequate information systems for measuring, monitoring, controlling and reporting liquidity risk. Reports should be provided on a timely basis to the banks board of directors, senior management and other appropriate personnel.
Measuring and Monitoring Net Funding RequirementsPrinciple 5: Each bank should establish a process for the ongoing measurement and monitoring of net funding requirements.Principle 6: A bank should analyse liquidity utilising a variety of what if scenarios.Principle 7: A bank should review frequently the assumptions utilised in managing liquidity to determine that they continue to be valid.Managing Market AccessPrinciple 8: Each bank should periodically review its efforts to establish and maintain relationships with liability holders, to maintain the diversification of liabilities, and aim to ensure its capacity to sell assets.
Contingency PlanningPrinciple 9: A bank should have contingency plans in place that address the strategy for handling liquidity crises and include procedures for making up cash flow shortfalls in emergency situations.Foreign Currency Liquidity ManagementPrinciple 10: Each bank should have a measurement, monitoring and control system for its liquidity positions in the major currencies in which it is active. In addition to assessing its aggregate foreign currency liquidity needs and the acceptable mismatch in combination with its domestic currency commitments, a bank should also undertake separate analysis of its strategy for each currency individually.Principle 11: Subject to the analysis undertaken according to Principle 10, a bank should, where appropriate, set and regularly review limits on the size of its cash flow mismatches over particular time horizons for foreign currencies in aggregate and for each significant individual currency in which the bank operates.
Internal Controls for Liquidity Risk ManagementPrinciple 12: Each bank must have an adequate system of internal controls over its liquidity risk management process. A fundamental component of the internal control system involves regular independent reviews and evaluations of the effectiveness of the system and, where necessary, ensuring that appropriate revisions or enhancements to internal controls are made. The results of such reviews should be available to supervisory authorities.Role of Public Disclosure in Improving LiquidityPrinciple 13: Each bank should have in place a mechanism for ensuring that there is an adequate level of disclosure of information about the bank in order to manage public perception of the organisation and its soundness.Sound Practices for managing liquidity in banking organizations, Basel Committee on Banking Supervision, February, 2000
OPERATIONAL RISK (OR)What is Operational Risk ?Operational risk has been defined by the Basel Committee on Banking Supervision1 as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition is based on the underlying causes of operational risk. It seeks to identify why a loss happened and at the broadest level includes the breakdown by four causes: people, processes, systems and external factors.Management of specific operational risks is not a new practice; it has always been important for banks to try to prevent fraud, maintain the integrity of internal controls, reduce errors in transaction processing, and so on. However, what is relatively new is the view of operational risk management as a comprehensive practice comparable to the management of credit and market risk.
Growing number of high-profile operational loss events worldwide have led banks and supervisors to increasingly view operational risk management as an inclusive discipline. OR can arise from internal and external fraud, failure to comply with employments laws or meet workplace safety standards, policy breaches, compliance breaches, key personnel risks, damage to physical assets, business disruptions and system failures, transaction processing failures, information security breaches and the like.The Basel Committee on Banking supervision has recognized that managing OR is becoming an important feature of sound risk management practice in modern financial markets. The Committee has noted that the most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error, fraud or failure to perform within accepted time-lines or cause the interests of the bank to be compromised in some other way, for example by its dealers, lending officers or other staff exceeding their authority or conducting business in an unethical or risky manner. Other aspects of operational risk include major failure of information technology systems or events such as major fires or other disasters.
The Basel Committee has identified the following types of operational risk events as having the potential to result in substantial losses:-Internal fraud. For example, intentional misreporting of positions, employee theft, and insider trading on an employees own account. External fraud. For example, robbery, forgery, cheque kiting, and damage from computer hacking. Employment practices and workplace safety. For example, workers compensation claims, violation of employee health and safety rules, organised labour activities, discrimination claims, and general liability. Clients, products and business practices. For example, fiduciary breaches, misuse of confidential customer information, improper trading activities on the banks account, money laundering, and sale of unauthorised products. Damage to physical assets. For example, terrorism, vandalism, earthquakes, fires and floods. Business disruption and system failures. For example, hardware and software failures, telecommunication problems, and utility outages. Execution, delivery and process management. For example: data entry errors, collateral management failures, incomplete legal documentation, and unauthorized access given to client accounts, non-client counterparty mis-performance, and vendor disputes.
Several recent cases demonstrate that inadequate internal controls can lead to significant losses for banks. The types of control break-downs may be grouped into five categories: Lack of Control Culture - Managements inattention and laxity in control culture, insufficient guidance and lack of clear management accountability. Inadequate recognition and assessment of the risk of certain banking activities, whether on-or-off-balance sheet. Failure to recognise and assess the risks of new products and activities or update the risk assessment when significant changes occur in business conditions or environment. Many recent cases highlight the fact that control systems that function well for traditional or simple products are unable to handle more sophisticated or complex products. Absence/failure of key control structures and activities, such as segregation of duties, approvals, verifications, reconciliations and reviews of operating performance. Inadequate communication of information between levels of management within the bank upward, downward or cross-functional. Inadequate /effective audit/monitoring programs.
Measuring Operational RiskOperational risk is more difficult to measure than market or credit risk due to the non-availability of objective data, redundant data, lack of knowledge of what to measure etc. Operational risk, however, is an ill-defined inside measurement, related to the measures of internal performance, such as internal audit ratings, volume, turnover, error rates and income volatility, interaction of people, processes, methodologies, technology systems, business terminology and culture.Risk Management ToolsA robust operational risk management process consists of clearly defined steps which involveidentification of the risk events, analysis, assessment of the impact, treatment and reporting.
While sophisticated tools for measuring and managing operational risks are still to evolve, the current practices in this area are based on self-assessment. The starting point is the development of enterprise-wise generic standards for OR which includes Corporate Governance standards. It is extremely important for a robust risk management framework that the operational risks are managed where they originate. Risk management and compliance monitoring is a line management function and the risk culture has to be driven by the line Manager. It is, therefore, the line managers responsibility to develop the generic operational risk standards applicable to his line of business. The purpose of this tool is to set minimum operational risk standards for all business and functional units to establish controls and monitor risks through Control Standards and Risk Indicators. Once the standards are set, the line manager has to undertake a periodic operational risk self assessment to identify key areas of risk so that necessary risk based controls and checks can be developed to monitor and mitigate the risks. Control Standards set minimum controls and minimum requirements for self-assessment of effectiveness of controls for the key processes.
The Risk indicators identify operational risks and control weaknesses through statistical trend analysis. The Risk Indicators are reviewed periodically to ensure that they are constantly updated. Reporting is a very important tool in the management of operational risks since it ensures timely escalation and senior management overview. Reporting should include significant operational risk exceptions, corporate governance exceptions, minutes of meetings of Operations Risk Committee and real time incident reports.ConclusionOperational Risk management is one of the most complex and fastest growing areas in banking across the world. The methods to quantify the risk are evolving rapidly but though they are still far away from the desired levels. Nevertheless, it is extremely important that the significance and impact of this risk area on the overall viability of a banking enterprise is given due recognition so that there are strong incentives for banks to continue to work towards developing models to measure operational risks and to hold the required capital buffers for this risk.
What is ALM ? ALM is a comprehensive and dynamic framework for measuring, monitoring and managing the market risk of a bank. It is the management of structure of balance sheet (liabilities and assets) in such a way that the net earning from interest is maximised within the overall risk-preference (present and future) of the institutions. The ALM functions extend to liquidly risk management, management of market risk, trading risk management, funding and capital planning and profit planning and growth projection.
Benefits of ALM - It is a tool that enables bank managements to take business decisions in a more informed framework with an eye on the risks that bank is exposed to. It is an integrated approach to financial management, requiring simultaneous decisions about the types of amounts of financial assets and liabilities - both mix and volume - with the complexities of the financial markets in which the institution operates
The concept of ALM is of recent origin in India. It has been introduced in Indian Banking industry w.e.f. 1st April, 1999. ALM is concerned with risk management and provides a comprehensive and dynamic framework for measuring, monitoring and managing liquidity, interest rate, foreign exchange and equity and commodity price risks of a bank that needs to be closely integrated with the banks business strategy. Therefore, ALM is considered as an important tool for monitoring, measuring and managing the market risk of a bank. With the deregulation of interest regime in India, the Banking industry has been exposed to the market risks. To manage such risks, ALM is used so that the management is able to assess the risks and cover some of these by taking appropriate decisions.The assets and liabilities of the banks balance sheet are nothing but future cash inflows or outflows. With a view to measure the liquidity and interest rate risk, banks use of maturity ladder and then calculate cumulative surplus or deficit of funds in different time slots on the basis of statutory reserve cycle, which are termed as time buckets.
As a measure of liquidity management, banks are required to monitor their cumulative mismatches across all time buckets in their Statement of Structural Liquidity by establishing internal prudential limits with the approval of the Board / Management Committee.The ALM process rests on three pillars:ALM Information Systems Management Information Systems Information availability, accuracy, adequacy and expediency ALM Organisation Structure and responsibilities Level of top management involvement ALM Process Risk parameters Risk identification Risk measurement Risk management Risk policies and tolerance levels.
As per RBI guidelines, commercial banks are to distribute the outflows/inflows in different residual maturity period known as time buckets. The Assets and Liabilities were earlier divided into 8 maturity buckets (1-14 days; 15-28 days; 29-90 days; 91-180 days; 181-365 days, 1-3 years and 3-5 years and above 5 years), based on the remaining period to their maturity (also called residual maturity). All the liability figures are outflows while the asset figures are inflows. In September, 2007, having regard to the international practices, the level of sophistication of banks in India, the need for a sharper assessment of the efficacy of liquidity management and with a view to providing a stimulus for development of the term-money market, RBI revised these guidelines and it was provided that (a) the banks may adopt a more granular approach to measurement of liquidity risk by splitting the first time bucket (1-14 days at present) in the Statement of Structural Liquidity into three time buckets viz., next day , 2-7 days and 8-14 days. Thus, now we have 10 time buckets.
After such an exercise, each bucket of assets is matched with the corresponding bucket of the liabililty. When in a particular maturity bucket, the amount of maturing liabilities or assets does not match, such position is called a mismatch position, which creates liquidity surplus or liquidity crunch position and depending upon the interest rate movement, such situation may turnout to be risky for the bank. Banks are required to monitor such mismatches and take appropriate steps so that bank is not exposed to risks due to the interest rate movements during that period.(b) The net cumulative negative mismatches during the Next day, 2-7 days, 8-14 days and 15-28 days buckets should not exceed 5 % ,10%, 15 % and 20 % of the cumulative cash outflows in the respective time buckets in order to recognise the cumulative impact on liquidity.
The Boards of the Banks have been entrusted with the overall responsibility for the management of risks and is required to decide the risk management policy and set limits for liquidity, interest rate, foreign exchange and equity price risks.Asset-Liability Committee (ALCO) is the top most committee to oversee the implementation of ALM system and it is to be headed by CMD or ED. ALCO considers product pricing for both deposits and advances, the desired maturity profile of the incremental assets and liabilities in addition to monitoring the risk levels of the bank. It will have to articulate current interest rates view of the bank and base its decisions for future business strategy on this view.