INTRODUCTION TO BASEL - I AND BASEL II GUIDELINES FOR BANKS

2.4.1 Basel Committee:

The failure of the Bankhaus Herstatt, which affected mostly the G-10 countries, signalled a need to coordinate supervisory efforts across countries and lay down minimum banking standards. The committee's efforts over the last three decades have made Basel synonymous with the best practices and standards in banking regulation and supervision. Perhaps the most far-reaching of these initiatives was the laying down of minimum capital standards in 1988, known as the Basel Capital Accord, to ensure a level playing field in terms of capital required to be maintained by internationally active banks. Though the Basel Committee has only 13 members, the fact that its capital standards were implemented by more than 100 countries points to their near universal acceptance. The Basel Committee does not possess any formal supranational supervisory authority and its conclusions do not have any legal or binding force. It merely formulates broad-based supervisory principles or strategies. However, it recommends statements of best practice, keeping in mind that individual authorities will undertake steps to implement them through detailed arrangements in a way that suits them best. Basel I: In July 1988, the Basel Committee came out with a set of recommendations aimed at introducing minimum levels of capital for internationally active banks. These norms required the banks to maintain capital of at least 8 per cent of their risk-weighted loan exposures. Different risk weights were specified by the committee for different categories of exposure. For instance, government bonds carried risk-weight of 0 per cent, while the corporate loans had a riskweight of 100 per cent. The original accord, was quite simple and adopted a straight-forward `one size fits all approach' that does not distinguish between the differing risk profiles and risk management standards across banks.
Basel II:

To set right these aspects, the Basel Committee came up with a new set of guidelines in June 2004, popularly known as the Basel II norms. These new norms are far more complex and comprehensive compared to the Basel I norms. Also, the Basel II norms are more risk-sensitive and they rely heavily on data analysis for risk measurement and management. They have given three pillars which act as guideline for implementation of Basel II.

Figure 1: Pillars of Basel II

Pillar I: Basel II norms provide banks with guidelines to measure the

various types of risks they face - credit, market and operational risks and the capital required to cover these risks.
Pillar II (Supervisory Reviews): Ensures that not only do the banks have

adequate capital to cover their risks, but also that they employ better risk management practices so as to minimise the risks. Capital cannot be regarded as a substitute for inadequate risk management practices. This pillar requires that if the banks use asset securitisation and credit derivatives and wish to minimise their capital charge they need to comply with various standards and controls. As a part of the supervisory process, the supervisors need to ensure that the regulations are adhered to and the internal measurement systems are standardised and validated.
Pillar III (Market Discipline): This market discipline is brought through

greater transparency by asking banks to make adequate disclosures. The potential audiences of these disclosures are supervisors, bank's

customers, rating agencies, depositors and investors. Market discipline has two important components: Market signalling in form of change in bank's share prices or change in bank's borrowing rates Responsiveness of the bank or the supervisor to market signals

2.4.2 Basel I and Basel II - Relative Comparison:

BASEL I
Focus on single risk measure

NEW CAPITAL ACCORD-BASEL-II

More emphasis on bank's own internal risk management methodologies, supervisory review, and market discipline One size fits all Flexibility; menu of approaches; capital incentives for better risk management; granularity in the valuation of assets and type of businesses and in the risk profiles of their systems and operations Broad brush structure More risk sensitivity by business class and asset class; multidimensional; focus on all operational components of a bank Simplistic approach towards Factors differential risk factors in loans made to different credit risk, does not distinguish types of business, entities, markets, geographies etc. between collateralised/non collateralised
Table 2 showing comparison of Basel-I and Basel-II

Basel I concentrated on credit risk alone being the biggest risk a bank assumes and arising out of its lending/investment operations. It prescribed risk weights for different loan assets essentially on the basis of security available. Basel I did not draw a distinction for the purpose of capital allocation between loan assets based on the intrinsic risk in lending to individual counterparties. The higher probability of default in respect of a loan to, say, and a proprietorship compared to the large professionally managed corporate did not get reflected in the capital requirement. Basel II addresses this issue by factoring in the differential risk factor in loans made to different types of businesses, entities, markets, geographies, and so on, and allowing banks to have different levels of minimum capital taking into account intrinsic riskiness of the exposure. Assets are to be risk weighted based on a rational approach cleared in advance by the regulator and then aggregated to arrive at the minimum capital requirement. Higher the risk, higher the weightage, and more the capital allocation required. In addition to credit risk, Basel II recognizes the operational risks arising out of the day-to-day running of banks in the form of service quality shortcomings, nonadherence to policy and procedures, staff malfeasances, and so on, the capital charge for which is linked to operational income through a multiplier to be given by the regulator based on its assessment of the

quality of banks operational instructions, style of functioning, control of top management and audit quality.

2.4.3 Critical Analysis of Basel I guidelines:

2.4.3.1 Problems with the 1988 Accord

In January 1996, an amendment was made to the Accord to incorporate market risks. For the first time, the banks were allowed to use their own systems to measure their market risks. Due to technological developments and innovations in the financial markets, the Committee decided that more fundamental changes were required in the Accord. Therefore, in June 1999, it released a proposal to replace the 1988 Accord with a more risk-sensitive framework. This proposal was known as the First Consultative Package on the New Accord. More than 200 comments were received on it. Reflecting those comments, the Second Consultative Package was published in January 2001. The new framework intends to improve safety and soundness in the financial system by placing more emphasis on banks own internal control and management, the supervisory review process and market discipline. Despite its advantages, the 1988 Accord has been criticized for certain features. They are follows:

Figure 3: Problems with Basel-I

2.4.3.2 Progress of banks towards Basel-II in different countries and the Indian factor

It has been found that European banks are further ahead than their US and Asian counterparts. Most banks expect significant organizational and corporate governance changes to result from a combination of Basel II and other initiatives (e.g. Sarbanes-Oxley). Basel II is expected to significantly affect the competitive landscape, with increased competition in retail lending, and shake-outs in corporate lending, specialized lending and emerging markets. Banks see substantial benefit from more economically rational allocation of capital and more robust risk-based pricing as a result of Basel II. The Basel I recommendations on minimum capital requirement were accepted by most countries for adoption by the banks operating within their boundaries. Today, banks in India take pride in indicating in their balance sheets the extent to which they exceed the minimum Capital

Adequacy Requirement (CAR). Banks in India also adopted the asset classification and provisioning norms prescribed by the Basel Committee and as directed by the Reserve Bank of India. The general belief now is that the commercial banks' balance sheets are comparable with most of the banks in the developing world and many in the developed world too. Some of the opportunities at Indian hands are:

Figure 4: Opportunities for India

Even Basel I was originally meant for internationally active banks in the G-10 countries but it was soon accepted universally as a benchmark measure of a bank's solvency and was, subsequently, adopted in some form by more than 100 countries. Introduction of Basel I coincided with the initiation of financial reforms in India in the early 1990s. The prudential norms set out by Basel I came as a timely solution to the ills affecting the Indian banks, particularly the public sector banks (PSBs) after two decades of nationalization. That these banks despite the differences in their strengths and weaknesses could switch over to the international standards without much hiccups has surprised many a critic. There was so much talk of weak banks, merger of banks, and closure of overseas branches and so on when the reforms began. But the same banks in question are now posting impressive profits year after year, opening new overseas branches and are even looking for banks to take over. Evidently, it is this successful switchover that has made the country eager to adopt the Basel II framework as well.

The deadline for implementing Basel II, originally set for March 31, 2007, was extended. Foreign banks in India and Indian banks operating abroad had to meet those norms by March 31, 2008, while all other scheduled commercial banks were supposed to adhere to the guidelines by March 31, 2009. But the decision to implement the guidelines remains unchanged. This is true even though the international exposure of even the major Indian banks is still limited. Whereas some of the large banks say that they are Basel II compliant with the presence of all the requirements, which Basel II recommends. Basel II allows national regulators to specify risk weights different from the internationally recommended ones for retail exposures. The RBI had, therefore, announced an indicative set of weights for domestic corporate long-term loans and bonds subject to different ratings by international rating agencies such as Moody's Investor Services, which are slightly different from that specified by the Basel Committee.
2.4.3.3 Advantages of Basel-II

It is believed that such an international standard can help protect the international financial system from the types of problems that might arise should a major bank or a series of banks collapse. In practice, Basel II attempts to accomplish this by setting up rigorous risk and capital management requirements designed to ensure that a bank holds capital reserves appropriate to the risk the bank exposes itself to through its lending and investment practices. Possible advantages of Basel-II and their impact have been mentioned below:

Figure 5: Advantages of Basel-II

2.4.3.4 BASEL II Effects

Basel II effect can be realised on 3 grounds: internal operations, banking industry and operations. Basel II effects on internal operations: Once implemented, the BASEL II norms would greatly influence the internal operations of a bank the effects of which would be clearly visible in 2015. In this section, we analyze the extent of change brought about by the norms.

Figure 6: Effects on internal operations

BASEL II Effects on Banking Industry: The banking sector in will continue on

the growth trajectory and would further integrate into the global financial system.

Figure 7: Effects on banking industry

BASEL II Effects on Economy: The Indian households have not shown great

faith in the countrys financial systems, this is shown by the enormous gold consumption that the country has. Indians possess around $200 Billion of gold, equal to nearly half of the countrys bank deposits. The Indian government reckons that approximately $150 Billion is required over the next ten years to upgrade the countrys infrastructure. The government has proposed to use its foreign-exchange reserves to finance these investments, but this would add only $3-$5 billion annually. Domestic savings are the only plausible source of extra funding.

Figure 8: Effects on economy

Expected banking scenario: The following points provide further insight on

the expected banking scenario. Although, not direct consequences of the BASEL norms these structural changes will be a fall-out of the reforms in the banking sector.

Figure 9: Expected banking scenario

3.

TYPES OF RISKS FACED BY A BANK

Banks in the process of financial intermediation are confronted with various kinds of financial and non-financial risks viz., credit, interest rate, foreign exchange rate, liquidity, equity price, commodity price, legal, regulatory, reputation, operational, etc. These risks are highly interdependent and events that affect one area of risk can have ramifications for a range of other risk categories. Thus, top management of banks should attach considerable importance to improve the ability to identify measure, monitor and control the overall level of risks undertaken. The various risks that a bank is bound to confront is divided into two categories namely business risks and control risks. Business risk involves the risks arising out of the operations of the bank, the business it is into and the way it conducts its operations. Control risk measures the risk arising out of any lapses in the control mechanism such as the organizational structure and the management and the internal controls that exist in the bank.

Figure 10: Types of risks measured in the risk profiling templates

3.1 Business risk

Business risk measures eight risks as indicated in the figure above. Each of them is explained below:
3.1.1 Capital Risk

The Risk Profiling Template (RPT) measures the quantity and quality of capital available with a bank and rates the risk associated with it accordingly. A banks ability to gain access to further capital through say further issue of equity in the capital market enhances the capital base of the bank. Hence the shareholders perception of the bank and the support it would be able to gather through such an issue are rated in the RPT.

Objective: The objective of RPT is to determine whether the banks

capital position is adequate to support the level of current and anticipated business activities and associated risks. In order to achieve the above objective, the RPT will assess the following:

Composition and quality of capital Adequacy of capital Access to capital Shareholder Assessment Economic capital

All banks in India are expected to maintain a CRAR of 9%. CRAR stands for the Capital Funds to Risk Weighted Assets Ratio. The assets are assigned their respective risk weights as per the RBI regulations and the total capital funds to risk weighted assets ratio is found. As a measure to align our banking system towards international standards banks are currently moving over to the assessment of economic capital rather than regulatory capital. Economic capital is the amount of capital that the firm has put at risk to cover potential losses under extreme market conditions. Banks in India are now moving towards a new framework of assessing and pricing the risks involved in their operations by measuring what is known as the Risk Adjusted Return on Capital (RAROC). Under the RAROC approach decisions are made using the firms weighted-average cost of capital as the hurdle rate for investment decisions. RAROC controls for differences in risk across projects/investments thorough a decision rule that allocates capital to projects/ investments according to their risk. Also rated in the RPT is the banks ability to raise more capital, the perception of the banks shareholders and its future plans to raise capital. Capital is basically not a risk associated with the bank. It indicates the quality and quantity of available with a bank to mitigate the various risks.
3.1.2 Credit Risk

Credit risk involves inability or unwillingness of a customer or counterparty to meet commitments in relation to lending, trading, hedging, settlement and other financial transactions. The Credit Risk is generally made up of transaction risk or default risk and portfolio risk. The portfolio risk in turn comprises intrinsic and concentration risk. Credit risk may take various forms, such as, in the case of loans, repayment may not be forthcoming from the customer, in the case of letters of credit or guarantees the parties may not keep up their commitments resulting into crystallization of the liability under the contract payable to the beneficiary; in the case of treasury products,

the payment or series of payments due from the counter party under the respective contracts may not come; in the case of securities trading businesses, settlement may not be effected; in the case of cross-border exposures, the availability and free transfer of currency may be restricted or ceased. Thus credit risk may be carried in the banking book or the trading book or in the off-balance sheet items. Lending also involves a number of risks. In addition to the risks related to credit worthiness of the counterparty, the banks are also exposed to interest rate, forex and country risks. The credit risk of a bank's portfolio depends on both external and internal factors. The external factors are the state of the economy, wide swings in commodity/equity prices, foreign exchange rates and interest rates, trade restrictions, economic sanctions, Government policies, etc.

Risks in Lending

Interest Rate Risk

Forex Risk

Credit Risk

Counterpart y Risk

Country Risk

Default Risk

Portfolio Risk

Intrinsic Risk
Figure 11: Risks in lending

Concentration Risk

The internal factors may be due to business failure or commercial risk, financial management risk, corporate governance risk, project management risk, pre-settlement risk which arises in the case of forward or derivative transactions since there is an inherent risk of counterparty default prior to the settlement date resulting in a loss to the bank and settlement risk which arises due to the possibility that

settlement may not take place as per the terms of the contract due to various reasons. Country risk and Counterparty risk are other forms of credit risk.
3.1.2.1 Country Risk

It is the possibility that a country is unable to service or repay its debts to foreign lenders in time. In banking, the risk arises on account of cross-border lending and investment. The risk manifests itself either in the inability or unwillingness of the obligor in meeting the liability. Country risk comprises of the following risks:

Figure 12: Types of country risk

3.1.2.2 Counterparty Risk

Another variant of credit risk is counterparty risk. The counterparty risk arises from non-performance of the trading partners. The non-

performance may arise from counterparty's refusal/inability to perform due to adverse price movements or from external constraints that were not anticipated by the principal. The counterparty risk is generally viewed as a transient financial risk associated with trading rather than standard credit risk. Objective: The credit risk rating of a bank in the RPT is used to determine the quality of assets (both on- and off-balance sheet). In order to achieve the above objective, the RPT looks into the three important aspects of credit namely:

Composition Concentrations Provisioning

The RPT looks into the concentration of loans issued by the bank either location-wise or industry-wise or product-wise etc, which is one form of credit risk. It also looks into the fact whether the bank has distributed its advances across the various sectors as per the RBI guidelines. The RPT does not stop with the transaction testing but also looks into other aspects such as the rating of the borrowers and the migration analysis of the borrowers. The trend of NPAs and making adequate provisions for anticipated losses is also monitored to rate the banks performance in credit supervision and recovery in the case of NPAs. Off- balance sheet items are also measured along with the risk associated with them. Banks should evolve adequate framework for managing their exposure in off-balance sheet products like forex forward contracts, swaps, options, etc. as a part of overall credit to individual customer relationship and subject to the same credit appraisal, limits and monitoring procedures. Banks are expected to classify their off-balance sheet exposures into three broad categories full risk (credit substitutes) - standby letters of credit, money guarantees, etc, medium risk (not direct credit substitutes, which do not support existing financial obligations) - bid bonds, letters of credit, indemnities and warranties and low risk reverse repos, currency swaps, options, futures, etc.
3.1.3 Market Risk

Traditionally, credit risk management was the primary challenge for banks. With progressive deregulation, market risk arising from adverse changes in market variables, such as interest rate, foreign exchange rate, equity price and commodity price has become relatively more important. Even a small change in market variables causes substantial

changes in income and economic value of banks. Market risk takes any one of the forms as shown in the figure:

Market Risk

Liquidity Risk

Interest Rate Risk

Forex Risk

Equity Price Risk

Commodity Price Risk

Figure 13: Types of market risks

Objective: The objective of RPT is to determine the amount of market risk

in the trading and banking book. Hence the following parameters of the bank are rated: Composition of investment portfolio Market risk in the trading book Interest rate risk in the banking book Foreign exchange risk Equity & Commodity Price Risk Market risk exists in both the trading book and the banking book. Within the trading book, market risk is measured as changes in the value of financial instruments or currencies. Within the banking book, market risk is measured in terms of exposure to interest rate risk and/or foreign exchange risk.
3.1.3.1 Liquidity Risk

Liquidity Planning is an important facet of risk management framework in banks. Liquidity is the ability to efficiently accommodate deposit and other liability decreases, as well as, fund loan portfolio growth and the possible funding of off-balance sheet claims. The liquidity risk of banks arises from funding of long-term assets by short-term liabilities, thereby making the liabilities subject to rollover or refinancing risk. Liquidity risk in banks manifest in different dimensions:

Figure 14: Types of Liquidity risks

The first step towards liquidity management is to put in place an effective liquidity management policy, which, inter alia, should spell out the funding strategies, liquidity planning under alternative scenarios, prudential limits, liquidity reporting/reviewing, etc. Liquidity measurement is quite a difficult task and can be measured through stock or cash flow approaches. The liquidity profile of the banks could be analyzed on a static basis, wherein the assets and liabilities and offbalance sheet items are pegged on a particular day and the behavioral pattern and the sensitivity of these items to changes in market interest rates and environment are duly accounted for. Objective: The RPT estimates the liquidity profile of the bank is measured in a dynamic way by giving due importance to: Seasonality pattern of deposits/loans; Stability of the deposit base, Mismatches across various time buckets, means of funding such mismatches and cost of the funds used, Potential liquidity needs for meeting new loan demands, unavailed credit limits, loan policy, potential deposit losses, investment obligations, statutory obligations, etc. Policies for meeting liquidity crisis.
3.1.3.2 Interest Rate Risk (IRR)

The management of Interest Rate Risk should be one of the critical components of market risk management in banks. The regulatory restrictions in the past had greatly reduced many of the risks in the banking system. Deregulation of interest rates has, however, exposed them to the adverse impacts of interest rate risk. The Net Interest Income (NII) or Net Interest Margin (NIM) of banks is dependent on the

movements of interest rates. Any mismatches in the cash flows (fixed assets or liabilities) or reprising dates (floating assets or liabilities), expose banks' NII or NIM to variations. The earning of assets and the cost of liabilities are now closely related to market interest rate volatility. Interest Rate Risk (IRR) refers to potential impact on NII or NIM or Market Value of Equity (MVE), caused by unexpected changes in market interest rates.
Types of Interest Rate Risk

The investments of the bank are classified in to three categories namely Available for Sale (AFS), Held For Trading (HFT) and Held To Maturity (HTM). The securities in the first two categories are held under the Trading Book while the securities under the last category are held under the Banking Book. Trading book is mainly meant for taking advantage of short-term incentives and making profits. Investments in the banking book are held up to their maturity period and are mainly

for the purpose of obtaining a steady income. While the trading book is exposed to price risk, the banking book is exposed to interest rate risk. Interest rate risk is studied from two different perspectives namely the earnings perspective and the economic value perspective. Hence the two techniques namely maturity gap analysis and duration gap analysis.
3.1.3.3 Foreign Exchange (Forex) Risk

The risk inherent in running open foreign exchange positions have been heightened in recent years by the pronounced volatility in forex rates, thereby adding a new dimension to the risk profile of banks' balance sheets. Forex risk is the risk that a bank may suffer losses as a result of adverse exchange rate movements during a period in which it has an open position, either spot or forward, or a combination of the two, in an individual foreign currency. The banks are also exposed to interest rate risk, which arises from the maturity mismatching of foreign currency positions. Even in cases where spot and forward positions in individual currencies are balanced, the maturity pattern of forward transactions may produce mismatches. As a result, banks may suffer losses as a result of changes in the premium/discounts of the currencies concerned. In the forex business, banks also face the risk of default of the counterparties or settlement risk. While such type of risk crystallization does not cause principal loss, banks may have to undertake fresh transactions in the cash/spot market for replacing the failed transactions. Thus, banks may incur replacement cost, which depends upon the currency rate movements. Banks also face another risk called time-zone risk or Herstatt risk which arises out of time-lags in settlement of one currency in one center and the settlement of another currency in another time-zone. The forex transactions with counterparties from another country also trigger sovereign or country risk. Banks are supposed to control their forex risk by setting appropriate GAP limits for their positions at the end of each day and adhere to these limits. RBI has issued separate guidelines called the Internal Control Guidelines, which contains the steps to be taken by banks to limit the risk arising on account of their forex transactions.
3.1.3.4 Equity & Commodity Price Risk

Equity price risk arises from the possibility that equity security prices will fluctuate, affecting the value of equity securities and other instruments that derive their value from a particular stock, a defined basket of stocks, or a stock index. Commodity price risk results from the possibility that the price of the underlying commodity may rise or fall. Cash flows from commodity contracts are based on the difference

between an agreed-upon fixed price and a price that varies with changes in a specified commodity price or index. The RPT basically measures the volatility in the price of the equity and commodities held by the bank and the impact of the price variations on the bank. The growth in todays financial system has led to the creation of novel derivative instruments such as options, futures. Forwards and swaps to moderate such risks. It is in the hands of the user to effectively use these instruments to hedge their risks so that the impact of these risks on their portfolio as well as their earnings would be minimal.
3.1.4 Earnings Risk Objective: The objective is to determine the profitability and earnings

profile of the bank and evaluate the quality and reliability of banks earnings. In order to achieve the above objective, the RPT will assess the following: Profitability and earnings performance Profit plan & budget Composition and Stability of the Earnings Analysis of income and expenses The bank has various sources of earnings such as interest from loans and advances, interest from its investments and the income from its subsidiaries. The RPT rates these sources on the basis of their quality and stability. Important ratios such as ROA, ROE, and interest spread; cost income ratio (CIR) and the business and profits made per employee are calculated and compared with the peer group average in order to determine the quality of the earnings of the bank. The working of the subsidiaries and its impact on the profitability of the bank also has a role to play. Although a bank might have improved its earnings during a particular year, it should be able to continue to do so in the future also. Hence it is important to study the volatility of the earnings in order to rate the earnings quality of the bank. The provisions that a bank might have to make on account of non-performing advances and investments are also studied. The RPT also takes into account the cost of funds used by the bank as a banks reliance on high cost funds could impair its profitability. The budget prepared by the bank and the deviation of the actual from the budgeted figures is rated. This parameter basically measures the quality of the banks earnings and its reliability to alleviate the various risks.
3.1.5 Business Strategy and Environmental Risk Objective: The performance of a bank is influenced by various external

and internal factors. These factors are rated in the RPT and the various aspects could be classified as under: External environment

Strategic business initiatives Customer base & competitive differentiation Business profile Other business risks

In todays environment banks are fighting hard to survive against the tough competition. The survival of the fittest depends on the strategy that the bank plans for itself, how it implements it, the goals it sets for itself and the ways and means of achieving them. All activities of the bank starting from its product mix to the compatibility of its information systems to suit its business needs play an important role. External macroeconomic factors such as the economy of its operating environment, developments in its sector of operation and regulatory and supervisory initiatives taken up by authorities also have a role to play in the conduct of its business. Such a risk to which the bank stands exposed is covered under this category of business strategy and environmental risk.
3.1.6 Operational Risk Objective: The objective in measuring operational risk is to evaluate the

risks a bank might face on account of its people, processes and technology. The various parameters by which it is measured include: People, Process and Technology Risk Legal Risk Reputation Risk Operational loss as defined by the Basle Committee on Banking Supervision is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Operational risk includes risks arising from people, processes and technology being used. People risk could arise on account of lack of professionalism and competency of the staff in the bank and the quality of work environment they are exposed to. With the introduction of sophisticated techniques such as risk focused internal audits, banks will have to adopt a forward looking training arrangement through appropriate course designing and compilation of training materials keeping in view the best international practices and procedures. Process risk includes transaction risk arising from not adhering to regulations in executing and recording transactions and also the risk due to the lack of control of higher authorities over the activities of the staff. Technology risk shows the inadequacy of the systems being used by the bank either due to security reasons or absence of proper quality leading to failures and errors. Legal and Reputation risk faced by a bank are also included under operational risk.

Figure 15: Types of operational risk

3.1.7 Group Risk Objective: Group risk basically measures the impact of the working of the

various domestic and overseas subsidiaries of the bank on its performance. The parameters used to determine the group risk of a bank include: Financial performance of subsidiaries Risks on account of the subsidiaries Normally banks carry on other operations related to their business such as mutual funds, insurance, housing finance etc, through partly or wholly owned subsidiaries either in the domestic or in the overseas sector. Risks arising out of such operations are covered under group risk. The bank on account of its holdings in the subsidiary might be obligated to rescue it in cases of distress and may also be out of its obligations to other members in the group. Hence it is absolutely essential for the bank to keep track of the operations of its subsidiaries and take adequate measures as and when required. The Group risk arising out of a banks subsidiaries involves the capital investments that the bank makes in its subsidiaries, the return it gets, the obligations on account of loss making subsidiaries, the commonality of controls existing between the parent and subsidiary and the financial performance of the subsidiaries. The parent is also expected to

measure the risk arising out of the various businesses of the subsidiary and keep track of it and take steps to alleviate it.

3.2 Control Risk

The control risks of a bank are divided into four important categories as shown in the figure:

Internal Controls Risk

Compliance Risk

Controls Risk

Organization Risk

Management Risk
Figure 16: Types of controls risks

3.2.1 Internal Controls Risk Objective: Internal controls play a very important role in the efficient

functioning of any organization. Hence rating it would help the regulator to understand the adequacy on controls existing within the organization and take action accordingly. In order to achieve the above objective, the following parameters are assessed:

Decision making framework Risk management framework Limits and standards Information technology Staff policies Segregation of responsibilities Audit and compliance functions Money laundering controls

The sophistication of internal controls will depend on the size, complexity, and geographic diversity of a bank. Hence the RPT would identify the nature of the business to be controlled before determining whether the process controls in place are fit for purpose. The bank is bound to measure the various risks associated with its operations. Internal Controls Risk measures aspects such as whether the bank has the required Committees in place for managing risks such as credit risk, market risk and an overall integrated risk management policy. The bank is also expected to have in place an Asset and Liabilities Management Committee (ALCO) and a stringent ALM policy for nullifying the impacts of risks such as interest rate risk and liquidity risks. The RPT rates the banks on the adequacy of the banks policies and procedures on these fronts and the level of success the bank had obtained by implementing them. Today banks are confronted with activities such as money laundering which could have a harmful impact on the reputation as well as the performance of the bank. So as per frequent guidelines issued by RBI, the banks are required to take necessary steps to prevent such frauds from occurring. A new aspect also being implemented currently in banks is that of risk focused internal audit.
3.2.2 Management Risk Objective: The objective is to determine whether the Board of Directors

and management have the requisite skills, experience and integrity to manage the business. The following parameters have an important role to play in the assessment of the management risk:

Four eyes principle Fitness and propriety Board composition Adaptability of management Corporate planning and strategy and governance

Now that corporate governance is assuming significance among people from all quarter banks are no exceptions to it. It involves the Top management and the Board in setting targets for the lower levels, framing strategies and policies in order to achieve these goals, monitoring their performance, carrying out the necessary corrective action and fixing up accountability. The management should be able to able to study the impact of various risks on the performance of the bank and evolve ways to diminish their effect. Management risk also involves risks arising out of incompetent staff at the higher rungs of the organizational ladder thereby affecting the performance.

3.2.3 Organizational Risk Objective: The objective in measuring the organizational risk is to

understand the organizational structure and determine its effectiveness. In order to achieve the above objective, the RPT assesses the following:

Legal structure Relationship with other parts of the group Reporting lines

In determining adequacy of the organizational structure, the RPT considers whether the documented structure accurately reflects the real and perceived lines of control and influence within the organization. An organization is built up of various levels of staff and each of them should have a clear and well-defined role to play achieving its goals and targets. It is necessary that the competent staff should exist at all levels and proper control be exercised by the top management on the lower level. The people at the highest level should be able to keep track of the activities of the people at lower levels and help them in adapting themselves to the changing environment.
3.2.4 Compliance Risk Objective: Compliance risk basically measures the extent to which the

bank has adhered to the guidelines prescribed by the RBI or any other regulatory body and the measures taken to correct the deficiencies pointed out by the previous inspections. RPT assesses compliance risk under the following heads:

Regulatory Compliance Statutory Compliance MAP Compliance

The compliance risk measures the risk associated with any noncompliance by the bank. Compliance includes both statutory and Regulatory Compliance. The bank should not expose itself to individual/group borrowers above a certain limit as it could lead to credit risk. The management is also expected to conduct periodic reviews and any excesses are supposed to be reported to respective authorities. All these are rated in the compliance risk rating of a bank. Apart from this the banks should ensure that they abide by all the rules and regulations including the law of the land. For e.g., the banks should try to adopt those ways which do not cause any harm to environment.

4. RBI GUIDELINES ON RISK MANAGEMENT SYSTEMS IN BANKS

1.1

Risk Management: Introduction

The face of banking in India is changing rapidly. The enhanced role of the banking sector in the Indian economy, the increasing levels of deregulation along with the increasing levels of competition have facilitated globalisation of the India banking system and placed numerous demands on banks. Operating in this demanding environment has exposed banks to various challenges and risks. The Indian Financial System is tasting success of a decade of financial sector reforms. The economy is surging and has gathered the critical mass to convert it into a force to reckon with. The regulatory framework in India has sparked growth and key structural reforms have improved the asset quality and profitability of banks. Growing integration of economies and the markets around the world is making

global banking a reality. With all these operations, risk has been present always in the banking business but the discussion on managing the same has gained prominence only lately. The vicious cycle of risk can be described as given ahead:
Figure 17: Vicious cycle of risk

According to the RBI circular issued on risk management by the RBI, the broad parameters of risk management function should encompass: Organisational structure Comprehensive risk measurement approach Risk management policies approved by the Board which should be consistent with the broader business strategies, capital strength, management expertise and overall willingness to assume risk Guidelines and other parameters used to govern risk taking including detailed structure of prudential limits Strong MIS for reporting, monitoring and controlling risks Well laid out procedures, effective control and comprehensive risk reporting framework Separate risk management framework independent of operational Departments and with clear delineation of levels of responsibility for management of risk Periodical review and evaluation Market participants seek the services of banks because of their ability to provide market knowledge, transaction efficiency and funding capability. In performing these roles they generally act as a principal in the transaction. As such, they use their own balance sheet to facilitate the transaction and to absorb the risks associated with it. There are activities performed by banking firms which do not have direct balance sheet implications. Nonetheless, the overwhelming majority of the risks facing the banking firm are in on-balance-sheet businesses. It is in this area that the discussion of risk management and the necessary procedures for risk management and control has centred. Accordingly, it is here that our review of risk management procedures will concentrate. The banking industry recognizes that an institution need not engage in business in a manner that unnecessarily imposes risk upon it; nor should it absorb risk that can be efficiently transferred to other participants. Rather, it should only manage risks at the firm level that are more efficiently managed there than by the market itself or by their owners in their own portfolios. It has been argued that risks facing all financial institutions can be segmented into three separable types, from a management perspective. These are:
Risks that can be eliminated or avoided by simple business practices

Risks that can be transferred to other participants

Risks that must be actively managed at the firm level

Figure 18: Three separable types of risks

The practice of risk avoidance involves actions to reduce the chances of idiosyncratic losses from standard banking activity by eliminating risks that are superfluous to the institution's business purpose. There are also some risks that can be eliminated, or at least substantially reduced through the technique of risk transfer. Markets exist for many of the risks borne by the banking firm. Interest rate risk can be transferred by interest rate products such as swaps or other derivatives. There are two classes of assets or activities where the risk inherent in the activity must and should be absorbed at the bank level. In these cases, good reasons exist for using firm resources to manage bank level risk. The first of these includes financial assets or activities where the nature of the embedded risk may be complex and difficult to communicate to third parties. Communication in such cases may be more difficult or expensive than hedging the underlying risk. Moreover, revealing information about the customer may give competitors an undue advantage. The second case included proprietary positions that are accepted because of their risks, and their expected return.
Rationale for active risk management: It seems appropriate for any discussion

of risk management procedures to begin with why these firms manage risk. According to standard economic theory, managers of value maximizing firms ought to maximize, expected profit without regard to the variability around its expected value. There are at least four distinct rationales offered for active risk management. Any one of these justifies the firms' concern over return variability.
Non linearity of tax structure Cost of financial distress Managerial Self interest Existence of capital market imperfections

Figure 19: Rationale of active risk management

In light of the above, what are the necessary procedures that must be in place to carry out adequate risk management? In essence, what techniques are employed to both limit and manage the different types

of risk, and how are they implemented in each area of risk control? After reviewing the procedures employed by leading firms, an approach emerges from an examination of large-scale risk management systems. The management of the banking firm relies on a sequence of steps to implement a risk management system. These can be seen as containing the following four parts:

Figure 20: Steps for implementation of risk management systems

The banking industry has long viewed the problem of risk management as the need to control four of the given risks which make up most, if not all, of their risk exposure, viz., credit, interest rate, foreign exchange and liquidity risk. While they recognize counterparty and legal risks, they view them as less central to their concerns. Accordingly, the study of bank risk management processes is essentially an investigation of how they manage all these risks. In each case, the procedure outlined below is adapted to the risk considered so as to standardize, measure, constrain and manage each of these risks. Irrespective of the nature of risk, the best way for banks to protect themselves is to identify the risks, accurately measure and price it, and maintain appropriate levels of reserves and capital, in both good and bad times. However, this is often easier said than done, and more often than not, developing a holistic approach to assessing and managing the many facets of risks remains a challenging task for the financial sector. Next section highlights some of these practices.

1.2

Risk Aggregation, Capital Allocation & Stress Testing

Capital Adequacy in relation to economic risk is a necessary condition for the long-term soundness of banks. Aggregate risk exposure is estimated through Risk Adjusted Return on Capital (RAROC) and Earnings at Risk (EaR) method. Former is used by bank with international presence and the RAROC process estimates the cost of Economic Capital & expected losses that may prevail in the worstcase scenario and then equates the capital cushion to be provided for the potential loss. RAROC is the first step towards examining the

institution's entire balance sheet on a mark to market basis, if only to understand the risk return trade off that have been made. As banks carry on the business on a wide area network basis, it is critical that they are able to continuously monitor the exposures across the entire organization and aggregate the risks so than an integrated view is taken. The Economic Capital is the amount of the capital (besides the Regulatory Capital) that the firm has to put at risk so as to cover the potential loss under the extreme market conditions. In other words, it is the difference in mark-to-market value of assets over liabilities that the bank should aim at or target. As against this, the regulatory capital is the actual Capital Funds held by the bank against the Risk Weighted Assets. After measuring the economic capital for the bank as a whole, bank's actual capital has to be allocated to individual business units on the basis of various types of risks. This process can be continued till capital is allocated at transaction/customer level. Stress testing: It is another modern risk management practice which has found wide acceptability in Indian Banking System. Determining the required buffer size of capital is an important risk management issue for banks, which the Basle Committee (2002) suggests should be approached via stress testing. Stress testing permits a forward-looking analysis and a uniform approach to identifying potential risks to the banking system as a whole. Stress tests done on German banks found that, "it is not only the capital and reserves base which is crucial for the long-term stability of the banks, however. The institutions also have to make further progress in their efforts to achieve a sustained improvement in their profitability and in limiting their credit and market risks." All these dynamics are well captured by Stress Testing models. RBI has said that, "Banks should identify their major sources of risk and carry out stress tests appropriate to them. Some of these tests may be run daily or weekly, some others may be run at monthly or quarterly intervals. This stress testing would also form a part of preparedness for Pillar 2 of the Basel II framework."

1.3

Credit Risk Management

Credit risk

1.3.1

Risk is inherent in all aspects of a commercial operation and covers areas such as customer services, reputation, technology, security, human resources, market price, funding, legal, and regulatory, fraud and strategy. However, for banks and financial institutions, credit risk

is the most important factor to be managed. Credit risk management enables banks to identify, assess, manage proactively, and optimise their credit risk at an individual level or at an entity level or at the level of a country. Given the fast changing, dynamic world scenario experiencing the pressures of globalisation, liberalization, consolidation and disintermediation, it is important that banks have a robust credit risk management policies and procedures which are sensitive and responsive to these changes. Credit risk should be typically managed as shown in the diagram below:

Figure 21: Typical credit risk management organizational structure

1.3.2

Credit risk models

The credit risk models are intended to aid banks in quantifying, aggregating and managing risk across geographical and product lines. The outputs of these models also play increasingly important roles in banks' risk management and performance measurement processes, customer profitability analysis, risk-based pricing, active portfolio management and capital structure decisions. Credit risk modelling may result in better internal risk management and may have the potential to be used in the supervisory oversight of banking organizations. In the measurement of credit risk, models can be classified along three different dimensions: the techniques employed the domain of applications in the credit process and the products to which they are applied. The following are the more commonly used techniques:

Econometric Techniques such as linear and multiple discriminant analysis, multiple regression, logic analysis and probability of default, etc. Neural networks are computer-based systems that use the same data employed in the econometric techniques but arrive at the decision model using alternative implementations of a trial and error method. Optimization models are mathematical programming techniques that discover the optimum weights for borrower and loan attributes that minimize lender error and maximize profits. Rule-based or expert are characterized by a set of decision rules, a knowledge base consisting of data such as industry financial ratios, and a structured inquiry process to be used by the analyst in obtaining the data on a particular borrower. Hybrid Systems where simulation are driven in part by a direct causal relationship, the parameters of which are determined through estimation techniques.

These models are used in a variety of domains: Credit approval - Models are used on a standalone basis or in conjunction with a judgmental override system for approving credit in the consumer lending business. 2. Credit rating determination- Quantitative models are used in deriving 'shadow bond rating' for unrated securities and commercial loans. These ratings in turn influence portfolio limits and other lending limits used by the institution. 3. Risk pricing- Credit risk models may be used to suggest the risk premia that should be charged in view of the probability of loss and the size of the loss given default. Using a mark-to-market model, an institution may evaluate the costs and benefits of holding a financial asset. Unexpected losses implied by a credit model may be used to set the capital charge in pricing.
1.

Some Examples of Credit Risk: Loan Credit Risk In January of 1999, Guangdong International Trust and Investment Corporation defaulted on the repayment of $4.5 billion, half of which was owed to overseas banks. In August of 1999, Iridium, the satellite telecom company, defaulted on two syndicated loans of $1.5 billion that it had borrowed to launch the satellites, but could not repay due to unexpected low earnings. Issuer Credit Risk On August 17, 1998, Russia unilaterally rescheduled repayments on $43 billion of bonds that had been sold to western banks & investors. The investors eventually recovered a fraction of the $43 billion.

 In February 2001, PG&E, a Californian electric utility, defaulted on $726 million of short-term bonds that it had issued. However. Its default was selective, and it continued to pay interest on $8 billion of other debt. Counter party Credit Risk In 1998, Moscow International Currency Exchange and several Russian banks defaulted on currency derivatives with Credit Suisse First Boston (CSFB). The exchange rate had moved such that the banks owed $600 million to CSFB. Settlement Credit Risk In 1974, a small German bank, Bankhaus Herstatt, had a string of losses in forex dealings. It went bankrupt at the end of a trading day in Germany. Because, it was the end of the trading day in Germany, it had already received $620 million worth of forex payments from its US trading counter parties, but because the US markets were still open, Herstatt had not yet been required to deliver $620 million for its side of the trades. At the time that it went bankrupt, it stopped all payments, and US banks lost virtually all of the $620 million.

Use of credit models can be as:

1. Early

warning- Credit models are used to flag potential problems in the portfolio to facilitate early corrective action. 2. Common credit language- Credit models may be used to select assets from a pool to construct a portfolio acceptable to investors at the time of asset securitisation or to achieve the minimum credit quality needed to obtain the desired credit rating. Underwriters may use such models for due diligence on the portfolio (such as a collateralized pool of commercial loans). 3. Collection strategies- Credit models may be used in deciding on the best collection or workout strategy to pursue. If, for example, a credit model indicates that a borrower is experiencing short-term liquidity problems rather than a decline in credit fundamentals, then an appropriate workout may be devised. The credit risk models that achieved global acceptance as benchmarks for measuring stand-alone as well as portfolio credit risk are given below: 1. 2. 3. 4. 5. Altman's Z-score model, KMV model for measuring default risk, CreditMetrics, CreditRisk+ Logit and probit models

The first two models were developed to measure the default risk associated with an individual borrower. The Z-score model separates the 'bad' firms or the firms in financial distress from the set of 'good' firms who are able to service their debt obligations in time. The KMV model, on the other hand, estimates the default probability of each firm. Thus, the output of this model can be used as an input for risk based pricing mechanism and for allocation of economic capital. The other two models are the most frequently used portfolio risk models in credit risk literature. The two models are intended to measure the same risks, but impose different restrictions, make different distributional assumptions and use different techniques for calibration.
Z-Score Model

Altman's Z-score model is an application of multivariate discriminant analysis in credit risk modelling. Financial ratios measuring profitability, liquidity, and solvency appeared to have significant discriminating power to separate the firm that fails to service its debt from the firms that do not. These ratios are weighted to produce a measure (credit risk score) that can be used as a metric to differentiate the bad firms from the set of good ones. Altman started with twentytwo variables (financial ratios) and finally five of them were found to be significant. The resulting discriminant function was: Z = 0.012(X1) + 0.014(X2) + 0.033(X3) + 0.006(X4) + 0.999(X5) Where, X1=Working Capital / Total Assets, X2=Retained Earnings / Total Assets, X3=Earnings before Interest and Taxes / Total Assets, X4=Market Value of Equity / Book Value of Total Liabilities, X5=Sales / Total Assets. Altman found a lower bound value of 1.81 (failing zone) and an upper bound of 2.99 (non-failing zone) to be optimal. Any score in-between 1.81 and 2.99 was treated as being in the zone of ignorance. This original Z-score model was revised and modified several times in order to find the scoring model more specific to a particular class of firms. These resulted in the private firm's Z-score model, non-manufacturers' Z-score model and Emerging Market Scoring (EMS) model.
KMV Model

KMV Corporation has developed a credit risk model that uses information on stock prices and the capital structure of the firm to estimate its default probability. This model is based on Merton's (1973) analytical model of firm value. The starting point of this model is the proposition that a firm will default only if its asset value falls below a certain level (default point), which is a function of its liability. It estimates the asset value of the firm and its asset volatility from the market value of equity and the debt structure in the option theoretic framework. Using these two values, a metric (distance from default or DfD) is constructed that represents the number of standard deviations that the firm's asset value is away from the default point. Finally, a mapping is done between the DfD values and actual default rate, based on the historical default experience. The resultant probability is called Expected Default Frequency (EDF). Distance from default= (expected market value of assets - default point)/ {(expected market value of assets) (volatility of assets)}
CreditMetrics

In April 1997, J.P. Morgan released the CreditMetrics Technical Document that immediately set a new benchmark in the literature of portfolio risk management. This provides a method for estimating the distribution of the value of the assets in a portfolio subject to changes in the credit quality of individual borrower. A portfolio consists of different stand-alone assets, defined by a stream of future cash flows. Each asset has a distribution over the possible range of future rating class. Starting from its initial rating, an asset may end up in any one of the possible rating categories. Each rating category has a different credit spread, which will be used to discount the future cash flows. It is assumed that the asset returns are normally distributed and change in the asset returns causes the change in the rating category in the future. Finally, the simulation technique is used to estimate the value distribution of the assets. A number of scenarios are generated from a multivariate normal distribution, which is defined by the marginal rating transition distribution of the individual assets and the correlation values among them. Discounting by the appropriate credit spread, the future value of the asset is estimated. The mean asset value, asset volatility, percentile level and the marginal risk volume can summarize the output of this model.
CreditRisk+

CreditRisk+, introduced by Credit Suisse Financial Products (CSFP), is a model of default risk. Each asset has only two possible end-of-period states: default and non-default. In the event of default, the lender recovers a fixed proportion of the total exposure. The default rate is considered as a continuous random variable. Here, the default correlation is assumed to be determined by a set of risk factors. Conditional on these risk factors, default of each obligor follows a Bernoulli distribution. To get the unconditional probability generating function for the number of defaults, it assumes that the risk factors are independently gamma-distributed random variables. The final step in CreditRisk+ is to obtain the probability generating function for losses. Conditional on the number of default events, the losses are entirely determined by the exposure and the recovery rate. Thus, the distribution of asset values can be estimated from the following input data: Exposure of individual asset, Expected default rate, Default rate volatilities, Recovery rate given default and Risk sectors. The CreditRisk+ manual provides the recurrence relation used to calculate the value distribution
Probit and logit model

There are models dedicated to predicting binary events, such as defaults or non-defaults, or to scaling the probabilities that such events occur. These models include the linear probability models and the more adequate logit and probit models. In what follows, individual means individual observation, an observation relating to any type of borrower, consumer or corporate: 'Binary models' assume that individuals belong to either one of two categories only, such as defaulting firms and non-defaulting firms, depending on their characteristics. Multinomial models' accommodate several categories, such as ratings, depending on their characteristics.

The logit model uses the cumulative logistic probability distribution for the cdf. The model fits Y = a + X+ and calculates the probability of Y having a specific categorical value as: ln {P(Y) I [l - P(Y)]} = Y = a + X+

The argument of the logarithm P(Y)/ [1 -P (Y)] is the odds of belonging to one group, or the ratio of the probability of belonging to that group to the probability of not belonging to that group. The logarithm of the odds ratio is the 'logit'. The probit model performs similar functions to the logit model, but uses the normal distribution instead of the logistic distribution. The probit model considers Y as normally distributed and uses the cumulative distribution of the normal distribution. Y can take any value, negative or positive. There is a one-to-one correspondence between Y, which is unconstrained, and the probability P(Y): P(Y) = cdf(Y) = cdf(Y = a + X+) = (1/2) Y exp (-s2/2) ds Y = cdf-1(P) = a + X+ Banks can adopt any model depending on their size, complexity, risk bearing capacity and risk appetite, etc. However, the credit risk models followed by banks should, at the least, achieve the following: 1. Result in differentiating the degree of credit risk in different credit exposures of a bank. The system could provide for transaction-based or borrower-based rating or both. It is recommended that all exposures are to be rated 2. Identify concentration in the portfolios 3. Identify problem credits before they become NPAs 4. Identify adequacy/ inadequacy of loan provisions 5. Help in pricing of credit 6. Recognize variations in macro-economic factors and a possible impact under alternative scenarios 7. Determine the impact on profitability of transactions and relationship

1.3.3

Credit risk management practices worldwide

Driven by the pending Basel II accord and the level of recent credit losses, risk management has gained greater prominence among senior bank management. Greater efforts on the part of banks globally to organize and revamp data collection and decision-facilitating systems have been seen. Industry consolidation and an increased regulatory spotlight on financial institutions also have boosted the necessity for transparent and well-documented internal risk management systems. In addition, enhancing the ability to identify, monitor and report on risk management for decision-making has grown in importance. But the focus on strengthening risk management stretches beyond Basel II.

In March 2002, with the sponsorship of the International Association of Credit Portfolio Managers (IACPM), the International Association of Swaps and Derivatives Association (ISDA), and the Risk Management Association (RMA), Rutter Associates surveyed the state of credit portfolio management practices. Questionnaires were distributed to the credit portfolio management area of 71 financial institutions. Responses were received from 41 of the 71 institutions. Among the 41 firms who responded to this survey are: ABN-AMRO Bank, Bank of America, Bank of New York, Barclays Capital, BNP Paribas, Citicorp, CSFB, Deutsche Bank, Dresdner Bank, JP Morgan Chase, etc. The responses for the number of rating grades used by the firms are summarized in Exhibit below. Note that the results showed no differentiation by type of counter party large corporate, middlemarket corporate, or banks.

Non defaulted entities Range Median Mean Defaulted entities Range Median Mean
Figure 22: Number of rating grades

5-22 12 13 1-7 2 3

Sixty six percent (66%) of the respondents indicated that they employ facility ratings that are separate from the obligor rating. Identifying five borrower grades (using S&P and Moodys ratings) respondents were asked to calculate the probability of default that the firm was using for that grade in their credit portfolio modelling. Exhibit below summarizes the median probabilities of default reported by the respondents to the survey and compares these probabilities of default to the EDF that would have been obtained from KMVs Credit Monitor TM at the same time and actual default rates as reported by S&P in 2001.

Figure 23: Comparison of survey results with other probability of default measures

1.3.4

Drivers of effective credit risk management

With Basel-II, banks now are forced to provide more detailed disclosures in their annual reports. These may include information on their strategies, nature of credit risk in their activities and how credit risk arises in those activities, as well as information on how they manage credit risk. A more rigorous assessment of a banks credit risk appetite, more technical approach toward its counterparties and better portfolio risk management will be sought. However the impact of Basel II is largely dependent on the environment it is regulated under, as it is different for each region. The objective of best practices in credit risk management is to provide comprehensive guidance to better address credit risk management. The findings from a survey illustrate that credit risk management practices differ among banks, as they are dependent upon the nature and complexity of an individual banks credit activities. Sound practices should generally address the following areas: Establishing an appropriate credit risk environment. Operating under a sound credit-granting process. Maintaining an appropriate credit administration, measurement and monitoring process. Ensuring adequate controls over credit risk.

The feedback from banks demonstrates that centralization, standardization, consolidation, timeliness, active portfolio management and efficient tools for exposures are the key best practice in credit risk management. Some banks are considering having more efficient tools for what if analysis and tools to provide transparency to the business. Many of them are focusing on stress testing, concentration risk, macro hedges and capital risk market management. The drivers of CRM are:
1.

2.

3.

4.

5.

Effective credit risk management as a value-enhancing activity: If deployed correctly and effectively, credit risk management can be a value-enhancing activity that goes beyond regulatory compliance and can provide a competitive advantage to institutions that execute it appropriately. Some of the examples demonstrating the statement above include consolidating credit lines for customers in order to achieve greater business activity, efficient use of capital risk adjusted return etc. Consolidating credit lines: Consolidating credit lines allows one of the responding banks to manage capital adequacy more efficiently. For instance, all of the banks global customers, such as Ford Motor Company, have consolidated global credit lines across multiple countries, including the UK, Germany and Singapore. By deploying global credit lines, total credit is reduced thus allowing for more business activity. Efficient use of economic and regulatory capital: Having consistent, comprehensive risk architecture will make it easier for banks to calculate and manage capital. Banks mainly in the U.S. and Europe use economic capital for the following reasons: o To ensure that the bank has a safe level of capital to guard against risks and to meet regulatory requirements. o To price loans to earn attractive risk-adjusted profits. o To apply economic capitals trio of core decision making criteria (risk, capital requirements and returns) in strategic business planning and to measure return on equity (ROE) by line of business, product or customer to ensure that capital is effectively allocated among different activities in a bank to maximize shareholders value. Once the economic capital is computed across the bank, the banks actual equity capital is allocated to individual business units on the basis of risks so that shareholders wealth can be maximized. Use of derivatives to reshape credit profile: Credit portfolio management is a value-enhancing activity; some of the interviewed banks use credit derivatives to reshape their credit profiles. The use of credit derivatives in an American bank has significantly reduced its financial markets credit risk from 70-75 percent to 40-45

percent. Credit derivatives create new possibilities for risk transformation through innovative structures such as credit default swaps, basket swaps and debt obligations. Further derivative structures may involve the indexing or reinsuring of illiquid middle market and the creation of short positions in credit risk. 6. Technology: Along with credit derivatives, technology can also contribute to reshaping banks credit profile by allowing banks to know the type of exposures and price transactions they are dealing with. These elements are required to hedge exposures.

1.4

Market Risk Management

Market risk and means to manage it

1.4.1

Market risk is defined as the uncertainty in the future values of the Groups on and off balance sheet financial items, resulting from movements in factors such as interest rates, equity prices, and foreign exchange rates.
Market risk as defined by BIS: The risk that the value of on or off balance

sheet positions will be adversely affected by movements in equity and interest rate markets, currency exchange rates and commodity prices.
Market risk as defined by RBI: The possibility of loss to a bank caused by

changes in the market variables. The drivers of market risk are equity and commodities prices, foreign exchange rates, interest rates, their volatilities and correlations. Market risk can be classified into directional and non-directional risks.

Figure 24: Types of market risk

Market risk can be measured and managed through the following: 1. Maturity gap analysis 2. Duration analysis 3. Convexity: Factor sensitivities indicating a fixed income portfolio's second order (quadratic) sensitivity to the parallel shifts in the spot cure. Convexity measures the change in duration as interest rate changes. 4. Value-at-Risk (VAR): It is a category of risk measure that describes probabilistically the market risk of a trading portfolio. VAR summarizes the worst loss over a target horizon with a given level of confidence. It captures the combined effect of underlying volatility and exposure to financial risks. The greatest advantage of VAR is that it summarizes in a single, easy to understand number the downside risk of an institution due to financial market variables. 5. Stress Testing: It can be described as the process to identify and manage situations that could cause extraordinary losses. VAR quantifies potential losses under normal market conditions. It fails to identify extreme unusual situations that could cause severe losses. Hence we need to undertake stress testing to supplement VAR. 6. The Greeks: A set of factor sensitivities used for measuring risk exposures related to options or other derivatives. Each measures how the portfolio's market value should respond to a change in some variablean underlier, implied volatility, interest rate or time. There are five Greeks: a. Delta measures first order (linear) sensitivity to an underlier; b. Gamma measures second order (quadratic) sensitivity to an underlier; c. Vega measures first order (linear) sensitivity to the implied volatility of an underlier; d. Theta measures first order (linear) sensitivity to the passage of time; e. Rho measures first order (linear) sensitivity to an applicable interest rate.

1.4.2

Value-at-risk (VaR)

Value-at-risk (VaR) is a measure of the worst expected loss over a given time interval under normal market conditions at a given confidence level. Value-at-risk is widely used by banks, securities firms and other trading organizations. Such firms could track their portfolios' market risk by using historical volatility as a risk metric. Formally, VaR is the loss that would be exceeded with a given probability over a specified period of time. This definition has three important elements. They are:

Figure 25: Definition of VaR

VaR is often considered a useful summary measure of market risk for several reasons. VaR exhibits consistency as a measure of financial risk. VaR facilitates direct comparison of risk across different portfolios and distinct financial products. It allows the managers or investors to examine potential losses over a particular time horizon with which they are concerned. It is largely tactical neutral. It is calculated by examining the market risks of the individual instruments in a portfolio, not using actual historical performance.

1.4.2.1 VaR Methods

There are three different methods for calculation of VaR as explained below: -

Figure 26: VaR methods

Each of the above mentioned methods are best adapted to a different environment. Philippe Jorion (1997) concludes that: -

For large portfolios where optionality is not a dominant factor, the Delta Normal method provides a fast and efficient method for measuring VaR. For portfolios exposed to few sources of risk and with substantial option components, Delta-Gamma method provides increased precision at a low computational cost. However this method tend to perform well only when the Greeks of the options are stable. It does not perform well for options, which are near maturity or at the money. For portfolios with substantial option components (such as mortgages), a full valuation method such as Monte Carlo simulation is needed.

1.4.3

Asset Liability Management

Asset Liability Management is a tool that enables bank managements to take business decisions in a more informed framework. ALM is concerned with strategic balance sheet management involving risks caused by changes in the interest rates, exchange rates and the liquidity position of the bank. The ALM function informs the manager what the current market risk profile of the bank is, and the impact that various alternate business decisions would have on the future risk profile. Consider, for example, a situation where the chief of a banks retail deposit mobilization function wants to know the kind of deposits that the branches should be told to encourage. To answer this question correctly he needs to know, among other things, the existing cash flow profile of the bank. Let us assume that the structure of the existing assets and liabilities of the bank is such that at the aggregate, the maturity of assets is longer than the maturity of liabilities. This would expose the bank to interest rate risk. In order to reduce the risk, the bank would either have to reduce the average maturity of its assets (perhaps decreasing the holding of Government Securities), or increase the average maturities of its liabilities (perhaps by reducing its dependency on call/money market funds). Thus given the existing risk profile, the retail deposits chief knows that the bank can reduce its future risk by marketing its longer term deposits more aggressively, if necessary, even increasing the rates offered on long term deposits and/or decreasing rates on the short term deposits. ALM is thus a comprehensive and dynamic framework for measuring, monitoring and managing the market risks (primarily) of a bank.

1.4.4

Indian Scenario Why ALM in India?

In recent years in India, most of the interest rates have been deregulated; government securities are sold in auctions and banks are also, with a few exceptions free to determine the interest rates on deposits and advances. Historically, banks in India have not paid much attention to the topic of management of the interest rate mainly because all interest rates were regulated by the central bank. With the changing, scenario, the topic assumes a great deal of importance as market determined interest rates inevitably lead to volatility and hence interest rate risk. Again, with a large part of the securities portfolio now subject to mark to market valuation for compiling accounts, banks bottom lines are vulnerable to changing interest rates on this score as well, i.e., over and above the fluctuations in the net interest margin. Banks dependence on net interest margin for meeting their costs and earning profits is high as the following data evidences:

Source: Report on trend and progress in banking, 2007-08 Figure 27: Table showing the NIM of scheduled commercial banks

Clearly, protecting/improving the net interest margin in a changing interest rate scenario through proper asset liability management is important for banks.
Structure and Composition of Assets and Liabilities: The composition of assets

and liabilities can be categorized into permanent natured assets and liabilities, long cycle time, medium cycle time and short cycle time assets and liabilities, and contingent assets and liabilities. The following is an example of such regrouping: Components of Assets and Liabilities Fixed Assets Permanent Asset Machinery Mismatch Permanent Long Term Liability Capital Free reserve

Equipment Advance for lease or premises Investment in subsidiaries/joint ventures Long dated SLR investment Term loan repayable in 3 years and over Housing loan Corpus fund to subsidiaries/MFs Core cash credits Medium dated SLR investment Interest accrued Tax paid in advance Stationery Other assets Medium term loan repayable in 3 years Short dated SLR investments Loans and Advances Bills purchased and discounted Due from banks Syndicated loans Demand CCs/ODs Balance with banks RBI cash held Call deposits/CDs LCs Guarantees Forward contracts Options Swaps Swaptions
Figure 28: Table showing the grouping of assets and liabilities

Mismatch

Long cycle Time Assets Mismatch

Liabilities with Long Duration Maturities Mismatch Liabilities with Medium Duration Maturities Mismatch Liabilities with Short Duration Maturities Mismatch

Provision Recapitalization reserve Tier 2 capital Capital restructuring Loan Deposits with maturity of 3 years and above Core amount kept in suspense a/c Deposits with maturity of 1 to 3 years Core current a/c deposits Core SB deposits

Medium Cycle Time Assets Mismatch

Short Cycle Time Assets Mismatch

Short term deposits Call deposits Non-core deposits A/c deposits Non-core SB deposits Pipeline funds from operations through DD, MT, TT, TC, Gift cheques Government transactions Merchant Banking business LCs Guarantees

Contingent Assets Mismatch

Contingent Liabilities Mismatch

Forward contracts Options Swaps Swaptions

As far as commercial banks are concerned, particularly the larger Indian public sector banks, the principal source of the mismatch is their holding of fixed income long dated securities as part of their statutory liquidity portfolio. The bulk of the liabilities of commercial banks are relatively short term, while the portfolio of fixed income securities, which forms a significant portion of their total assets, often has a much longer duration of maturity. This mismatch can lead to substantial losses in the fixed income portfolio when interest rates go up. On the liability side, the fixed deposit portfolio is also a source of risk, quite

apart from the risk of depositors shifting from savings bank account to fixed deposits when the interest rates are high further adding to costs. Banks also face a risk from the options embedded in the fixed deposit portfolio through the freedom to the depositors for premature encashment. The ALM function is not simply about risk protection. It should also be about enhancing the net worth of the institution through opportunistic positioning of the balance sheet. The more leveraged an institution is, the more critical the ALM function within the enterprise. The ALM process allows an institution to take on positions, which are otherwise deemed too large without such a function. Some of the fundamental objectives that an Asset and Liability Management function must strive to include:

Figure 28: Objectives of ALM

1.4.5

Techniques of ALM

There are various techniques of risk management to address the different types of risk. ALM primarily aims at managing interest rate risk and liquidity risk. The techniques used are as follows: Interest Rate Risk Management The sensitivity to interest rate fluctuations will arise due to the mixed effect of a host of other risks that comprise the interest rate risk. The techniques used are:

Techniques of ALM for Liquidity Risk Management are:

Figure 29: Techniques of ALM: Liquidity management

Apart from these techniques various new methods of ALM have emerged. Some of these are as follows: Option-Adjusted Spread (OAS) Analysis Arbitrage-free Interest Rate Scenarios Integrated Enterprise-Wide Risk Management Integrated View of Credit Risk and Market Risk Value at Risk Methods Introduce new risk measures

 Risk-Adjusted Return Performance Measurement

Economic Capital Risk Models of Loss

Portfolio Optimization

Asset Liability Management therefore forms an essential tool for banks to achieve the correct balance between profitability and risks. The guidelines issued by RBI in February 1999 have provided the framework for the adoption of ALM by Indian banks. This study aims at identifying the issues in implementation of the guidelines and the adoption of ALM by Indian banks.

1.4.6

Market Risk management practices

In Indian market, being an emerging market, liquidity and inefficiency are the major concerns in the forex, debt and stock markets. Panic and knee jerk reactions are also common (e.g. effect on stock markets during Indo-Pak tension and the recent Government change). All these factors contribute to the market risk of the bank. To analyze the market risk management techniques, an exercise of informal discussion and unstructured questionnaire was conducted at the banks under study. Few highlights are given as:
1.

2.

3.

4.

5.

The banks have been making progress in the area of Asset Liability Management. But they are still far from achieving the level, which has been attained in banks abroad. All of the banks have set up ALM function and established the requisite organizational framework consisting of the ALCO and the support groups. The composition, scope and functions of these bodies are in accordance with the guidelines. Banks have also made an attempt to integrate ALM and management of other risks to facilitate integrated risk management. Banks are complaint with the regulatory requirements of the RBI regarding the preparation of statements. They have also laid out policies and maintain records as required by the guidelines. Many of them have also achieved 100% coverage of business by ALM. Private banks and foreign banks have made the most progress. Some of them had a head start in ALM. They have not made the progress that could possibly have been made considering that their problems are not of the magnitude of some other banks.

Factors affecting the effective implementation are:

The primary area of concern for all of the banks is the lack of timely, accurate information. Banks are far from being able to collect data on a daily basis. The highest frequency of data collection is fortnightly. This affects the decisions made as they are based on stale data. An area of concern for the public sector banks, which contributes to the problem of the lack of timely information, is the number of branches and the level of computerization. The public sector banks have achieved a good level of coverage of business through computerization. But they will require far more time and investment to achieve 100% coverage, which means that ALM will continue to be based on larger number of assumptions than in other banks. The lack of timely information also affects the ability of banks to use advanced techniques of ALM and the adoption of sophisticated ALM specific software. Such software will greatly aid in forecasting and what-if analysis. Another area of concern for all of the banks especially those with manual collection of data are the absence of a good control framework for ALM. Most of the banks have neither instituted any system to verify accuracy of data nor have established any control other than supervision by the Board. Banks have also not established any way of measuring the performance of ALM function or conducted any studies about impact of ALM. While banks may not be in a position to implement more advanced techniques, improving control and measuring performance will help raise efficiency and effectiveness. Training of staff is inadequate. It is important that staff especially those in the Treasury Department and the branches know what is to be done as part of ALM and the information requirements. Many banks are aiming at educating all of their staff about what ALM is, but this will not contribute to raising the performance of ALM. RBI guidelines envisaged certain functions of the ALCO and support groups. One such function is the articulation of the interest rate view. Given the volatile conditions of the market, this task is quite difficult. This affects the performance of the ALCO. Also while forecasting is an important part of ALM, Indian banking may not have reached a level of stability, which would help make accurate forecasts based on past data. Management support in some of the banks has been very strong. The managements have recognized that ALM can be used as a strategic tool and such banks have made the greatest progress in ALM. These banks have laid down action plans for progress in ALM. Many of the other banks have instituted ALM in order to comply with RBI guidelines and have not adopted the spirit of the guidelines.

Some of the banks have not laid down clear policies and have failed to establish a hierarchy of objectives. This factor also affects effectiveness of ALM. Some of the banks also provide their ALCO with a large amount of information rather than specific analytical reports. This may hamper the effectiveness of decision-making. The frequency of changes in interest rates on term deposits as a sequel to deregulated interest rate regime has resulted in banks accepting deposits for similar maturity at different interest rates.

1.5

Operational Risk Management

At present, there is no agreed upon universal definition of operational risk. Many banks have defined operational risk as any risk not categorised as market or credit risk and some have defined it as the risk of loss arising from various types of human or technical error. The majority of banks associate operational risk with all business lines, including infrastructure, although the mix of risks and their relative magnitude may vary considerably across businesses. Operational risk is most important in business lines with high volume, high turnover (transactions/time), high degree of structural change, and/or complex support systems. Operational risk is seen to have a high potential impact in business lines with those characteristics, especially if the businesses also have low margins, as occurs in certain transaction processing and payments-system related activities. Operational risk in trading activities was seen by several banks as high. A few banks stressed that operational risk was not limited to traditional back office activities, but encompassed the front office and virtually any aspect of the business process in banks. Since the original Basel Accord on capital adequacy of 1988, the banking world has undergone a series of important changes. For the purposes of operational risk, two key factors exist. Key factors

The first is the shift by some banks away from traditional banking towards a more tradingoriented environment. This has meant that new types of operational risk have emerged, and the likelihood of extensive

The second major change is the increasing concentration of processing risk in some banks. This is caused partly by outsourcing some functions outside the bank, but also by economies of scale created by new technology.

Figure 30: Key factors for operational risk

These two key developments mean that banks may be more vulnerable to sudden, extreme losses than before. Several recent wellknown cases, where banks have experienced large operational losses including Barings in 1995 and Sumitomo in 1996 attest to this. So it is hardly surprising that the banking industry has begun searching for ways to confront the problem. One solution has been to apply risk management techniques to operational risk. Two kinds of mathematical model are being developed. One is a simple, backward-looking parametric model, and in connection with this, some banks have also been looking to use extreme value theory to take account of the "tail-end" risks of low probability, high impact events. The other is a more ambitious dynamic causal model. Whatever the possibilities of these models, both are limited by their reliance on high-frequency, low-impact events, and both require a significant number of data observations. In addition, the theoretical and practical consideration of models has, so far, been limited by banks preoccupation with their own data problems. Indeed, the acquisition of meaningful data, cleared of market and credit factors, is providing a major stumbling block to the overall application of risk management approaches to operational risk.

OPERATIONAL RISK APPROACHES

Banks have also turned to more traditional conceptual approaches to measure and control operational risk. There has been some interest in applying portfolio theory. And some banks have tried to use an
earnings or cost-volatile approach,

sometimes with reference to analogues. A few have been looking at more ambitious
approaches, such as brand theory.

Banks have also shown themselves anxious to apply more practical approaches. In particular, self-assessment techniques have been aimed at utilising the experience of line business managers, and at securing an across-the-board approach to operational risk issues. Not least, this approach is intended to be ongoing and consensusbased.

Figure 31: Operational risk approaches

Some banks are already beginning to divide operational risk into different areas. This could mean that, in the future, operational risk could be examined according to certain categories i.e., settlement risk, custody, retail etc, with different approaches being adopted for each. In this respect some sort of benchmarking in each category could be possible, with overall consideration being taken for reputational or legal risk. So, what is the role of the regulator?
1.

Most regulators would say that, in the new risk world, the problems may be new in some respects, but the answers are traditional. The best defence against operational risk is to have effective systems and controls. These need to be appropriate to the risks and as easy as possible to understand, implement and monitor. There is a strong common interest here between the regulator and a banks senior management. An intensified interest by the latter in everyday operational losses is likely to reduce the possibility of large losses, improve general risk awareness in a company, and generally contribute to a well-run, profitable institution. At the same time, the regulator will feel that the interests of the consumer are being better safeguarded. The regulator, as well as looking to good systems and controls, also looks to capital. In this context, capital has two purposes. One is to provide a second line of defence to systems and controls, that is, a buffer for unexpected losses. The second is to encourage banks to invest in better systems and controls. Of course, there is a subtle relationship between the cost of better systems and controls, and the cost of additional capital.

2.

3.

When considering operational risk, the regulator faces a similar dilemma to the bank: where are the main risks, how can they best be controlled, and what level of capital can reasonably be required?

In future, it is likely these questions will become even more pertinent. This is not least because regulators, in line with some banks, are considering carving out capital to be held specifically against market, credit and operational risk. But it is also because regulators have come to think that operational risk may not be significantly correlated with either of the other two types of risk categories. As was the case with the original regulatory capital ratio set by the Basel Committee, the only real touchstone for this is some sort of reference to current aggregate capital. After all, this has served the world well and has, in this respect, undergone a form of stresstesting. Another option for the regulator would be to refer to benchmark loss experiences. The problem here is that the data are often not obtainable availability differs from country to country and business to business and may not be suitable for operational risk throughout the bank. In any case, any numerical approach returns us to the problem of models and their reliability for operational risk. The regulator could, alternatively, rely on internal economic capital allocation. Here the question is the extent to which economic should relate to regulatory capital, when the interests of shareholders and depositors may sometimes conflict. And how far can regulators accept this form of pre-commitment when banks themselves accept that capital allocation, either through models, portfolio theory, or self-assessment, is significantly judgmental? Perhaps what is needed most is time. This would allow banks to refine and test all these techniques, and possibly to develop others not yet considered. Meanwhile, regulators could use the current aggregate capital in the global banking system as a basis on which to apply capital allocation for operational risk.

There are more questions than answers around operational risk for both banks and regulators. Consequently, both parties will need, in the immediate future, to enter into an open and technical discussion of the way forward. For its part, the Financial Services Authority is committed to such a dialogue and is in the process of setting up the mechanics for that dialogue to take place.