RISK MANAGEMENT - AN OVERVIEW.

The history of approach to risk management by Indian banks makes an interesting reading. Till late 80s banks were practicing a health code to classify assets. Assets that were not good were provided but not in a systematic manner. But income recognition and asset classifications were not in place. Banks balance sheets did not disclose the risks transparently. Opening of banking sector for financial reforms in 1990 brought in assets classification and capital adequacy norms. Application of these standards depicted relative weakness of banks. Deregulation of markets brought forth the issue of market risk and impact that commodity and financial product prices and volatility could have on the balance sheet of companies and banks. The Risk Adjusted Capital Adequacy norm was introduced and targeted at 8% initially and increased to 9%. These steps brought about financial stability. Basel Committee for Banking Supervision (BSBS)s first report, popularly known as Basel I, introduces the concept of credit risk and market risk. It specifies that banks need to hold capital commensurate with level of risk at which it operates. The regulator (RBI) by accepting, Narasimham Committee recommendations, advised Indian banks to implement these Basel I norms.
Basel Committee Basel committee on banking supervision (BCBS) commonly known as Basel Committee is a committee of Banking supervisory authorities that was established by the central bank governors of the Group of Ten countries in 1975. Now it consists of 13 senior representatives of bank supervisory authorities and central banks from Belgium, Canada, France, Germany, Italy, Japan, Luxemburg, Netherlands, Spain, Sweden, Switzerland, United Kingdom and United States. It usually meets at the Bank for International Settlements in Basel, where its permanent secretariat is located. The committee does not posses any formal supranational supervisory authority and its conclusions do not and were never intended to, have legal force. Rather, it formulates broad supervisor standards and guidelines and recommends statements of best practices, in expectation that individual authorities will take steps to implement them through detailed arrangements statutory or otherwise- which are best suited to their own national systems. 1.2 Basel Accord I In 1988 the Basel Committee published a set of minimal capital requirements for banks, known as Basel Accord I. It focused primarily on credit risk. Assets of the banks were classified into four risk buckets with risk weights of 0, 20,50 and 100. Assets were to be classified into one of these risk buckets based on types of counter party (sovereign, banks, public sector and others). Banks were required to hold capital equal to 8% (in India presently 9%) of the risk-weighted value of assets. The accord provided definition of total capital as Total Capital = 0.08 x Risk Weighted Assets These recommendations were introduced in India through Narasimham committee recommendations. Example: Exposure in an account Risk weight assigned to the account Minimum capital requirement Capital required is = Rs. 50 Cr 100% 8% (50x100x8)/(100x100) = Rs. 4 Cr

The New Accord (Basel II) The Basel committee has issued a detailed document on capital measurement and capital standards on 26th June 2004. The framework of new accord consists of three pillars:

i.
ii. iii.

minimum capital requirements, which seeks to refine the standardized rules set forth in Accord I; Supervisory review process not only to ensure that banks have adequate capital but also to encourage banks to adopt better risk management techniques, and Market discipline with effective use of mandatory disclosure on risk management practices.

2.1 Implementation Schedule The new accord shall be applicable for implementation in member countries by year end 2006 and for advanced approach by year end 2007. However, other countries are encouraged to consider adopting accord at such time as they believe is consistent with their supervisory priorities. RBI vide its draft guidelines issued in Feb. 2005 has advised all banks in India to adopt Standardized Approach for Credit Risk and

Basic Indicator Approach for Operational Risk by 31st March 2007 The frame work of Basel II award may be summerised as below:

Three Pillars of Accord The Basel Accord II has been structured with three pillars. These are: Pillar I: Minimum Capital Requirement Pillar II: Supervisory Review Process Pillar III: Market Disciplines 3.1 Pillar I Minimum Capital Requirements There is no change in definition of capital from the existing Accord i.e. Basel I. The New Accord has proposed significant improvement in assessment of Credit Risk and additional capital charge for Operational Risk. No change is proposed in capital charge for Market Risk. A bank will have to determine the proportion of its capital that it must keep in reserve based on this calculation: Total Capital (unchanged ) = Banks Capital Ratio > 8% ( 9% in India) Credit Risk +Market Risk +Operational Risk where Credit Risk capital is for Banking Book, Market Risk Capital is for Trading Book. Operational Risk is new introduction in Basel-II norms. Different approaches to measure credit risk/ risk weighted loan assets under the New Accord are given hereunder: 3.1.1 Credit Risk Three alternative approaches for measurement of credit risk have been proposed. These are:

Standardised Approach Foundation Internal Rating Based (FIRB) Approach Advanced Internal Rating Based (AIRB ) Approach

The accord permits banks a choice between two broad methodologies for calculating the capital requirement for credit risk. One method is to measure credit risk in a standardised manner supported by external credit rating of the assets. The alternative methodology, subject to explicit approval of the banks supervisor, would allow banks to use their internal rating system for credit risk.

3.1.1.1 Standardised Approach The standardised approach is similar to the Basel-I approach. Banks are required to slot their exposures into various categories of assets based on their characteristics. Under the approach, fixed risk weights have been assigned corresponding to each supervisory category based on ratings assigned by rating agencies. The risk weights of 0%, 20%, 50%, 100% and even 150% have been proposed depending on the ratings assigned by external credit agencies, subject to certain relaxations and restrictions by national supervisors (refer last sentence of earlier paragraph) Credit Risk Mitigant: The credit exposure to a counter party (for calculation of capital requirement) shall be reduced to the extent of eligible financial collaterals subject to specified haircuts. Such collaterals are, gold, bench mark rated debt securities, equities included in main index etc.

3.1.1.2 Internal Rating Based (IRB) Approach Under the approach banks use internal assessment of key risk elements (quantitative inputs) as primary input to capital calculation. The risk weight and resultant capital charge are determined through the combination of quantitative inputs provided by the banks and formulae specified by the committee. The IRB calculation of risk weighted assets for exposure to Sovereign, Banks, Corporate and Retail category of assets will depend on the following four parameters:

Probability of Default (PD): horizon, Loss Given Default (LGD): occurs Exposure at Default (EAD): event of default. Maturity (M):

Measures the likelihood of that borrower will default over a given time Measures the proportion of the exposure that will be lost if a default Measures the amount of the facility that is likely to be drawn in the Measures the remaining effective maturity of the exposure.

Supervisor (in our case, RBI) may allow banks to adopt phased roll out of IRB approach. i.e. banks may adopt IRB approach for certain asset class and can use standardised approach for other asset class. Under IRB approach, the risk weight of each asset will be calculated with PD, LGD, EAD and maturity through a formula provided in the new accord as against the fixed risk weight under standardised approach. 3.1.2 Market Risk There is no change proposed in the amendment made by BCBS in 1996 for market risk and the capital charge calculations have remained same. RBI has issued guidelines for capital charge on market risk which provide for transition period for providing capital for market risk as under: i. Capital for securities included in held for trading category, open gold position limit, open FOREX position limit, trading provision in derivatives for trading book exposure should be provided by March 2005. ii. Capital, in addition to above, for securities included in the available for sale be provided by March 2006. 3.1.3 Operational Risk Operational risk is new inclusion in the Basel Accord II. Operational Risk is defined as the risk of loss resulting from inadequate or failed internal processes, people, and system or from external events and includes legal risk, but excludes strategic and reputational risk The operational risk identification and measurement is still in an evolutionary stage as compared to the maturity that market and credit risk measurement have achieved. There are three alternative approaches for operational risks as under: a. Basic indicator approach (charge on capital: 15% of average gross income over three years) b. Standardised approach (12 to 18% of average gross income segregated into specified eight business lines) c. Advanced measurement approach (AMA- based on internally generated measure based on internal loss of data, external loss, scenario analysis, business environment and internal control factors) Supervisor (RBI) may allow banks to use AMA for some part of its operation and Basic Indicator or Standardised

approach for the rest. Pillar 2 Supervisory Review Process This is a process of supervisory review of an institutions internal assessment process of capital and its adequacy. This part introduces two critical risk management concepts (i) use of economic capital and (ii) improved corporate governance. This pillar seeks to enhance the link between institutions (banks) risk profile, its risk management and risk mitigation systems and its capital. Banks must ensure that they have a process in place to make sure that they hold adequate capital consistent with their risk profile and strategy. The Internal Capital Adequacy Assessment Process (ICAAP) is the responsibility of the bank and they should own, develop and manage their risk management processes. 3.3 Pillar 3 Market Discipline Guiding principle for this pillar is to encourage market discipline by developing a set of disclosure requirements which will allow market participants to assess vital information on the scope of application, capital, risk exposure, risk assessment processes and hence the capital adequacy of the institution. It sets out the minimum disclosure requirements for external reporting and expects a bank to be transparent.

4. RBIs approach RBI has in its draft guidelines issued in Feb 05 has stated that at a minimum all banks in India, to begin with, will adopt standardised approach for credit risk and Basic Indicator Approach for operational risk. After development of skills both at bank and supervisory level, some banks may be allowed to migrate to IRB approach Composition of the Regulatory Capital: Tier I Capital: Share holders equity. Tier II Capital: Undisclosed Reserves, Revaluation Reserves, General Provisions / General Loan Loss Reserves ( Under IRB approach this is withdrawn from Tier II) Subordinated Debt Tier II Capital may be to the maximum extent of 50% of Tier I Capital Tier III Capital ( Short Term subordinated debt to cover market risk) Advantages of Advanced Approach Basel II provides lesser capital requirement for more efficient banks. If a bank develops capacity to adopt the advanced approach for its operations, it could improve its profitability significantly due to lesser capital requirements. Also, its cost of raising funds, especially in the international markets would be lesser. Adopting advanced approach is a challenge to Indian banking system. It warrants considerable experience in risk modeling, analytics, setting up systems and ensuring the availability of centralized data of high quality for a period of at least 5 years and above. Ensuring data integrity at all level is also most important. It is possible to achieve this standard only through computerization of operations, with sophisticated data warehousing, data mining and intelligent platforms. In India, networked computerization is recently implemented. Most banks are yet to acquire data warehousing, data mining and intelligent platforms. RBI has therefore mandated banks in India to implement Basel II under Standardised or initial approach with effect from 01.01.2008. RBI expects that at least Indian banks operating in the international markets should acquire ability to move to advanced approaches by 2011/2012.

Indian Banking scenario has undergone a sea change since 1990s. The banking sector is getting liberalized Interest rates are deregulated new players, institutions and new instruments are being introduced Prudential norms are being expanded supervision norms are strengthened at various levels Foreign Exchange rates are market driven progressive liberalization of FDI & FII norms have tended to result in minimum restriction on capital inflow or repatriation and servicing etc. In international scene, so also in India, rapid strides were seen in future and derivative markets and great innovations were seen in these segments. Information Technology has also changed the way banking business is transacted. As globalization gained momentum, risks grew in variety and volume. Internationally, there was great turmoil in financial sector

on account of many banks and corporate have failing due to various reasons. This resulted in BCBS bringing in II report, Basel-II, which emphasized on capital charge (capital adequacy) more forcefully for all risk groups. Basel II framework breaks risks into market risk (price risk), credit risk and operational risk. It also specifies methods for calculating capital requirements for each of these components. Basel-II recognizes importance of regulation and advocates a three pillar approach with a greater emphasis on regulation. Even as the banking world considered that it is safe, the sub-prime crisis boomeranged into a global financial crisis. It appears that there are yet unknown risks and financial stability calls for constant vigil. Financial sector all over the world is currently entering Basel-III. It is too early to predict what is in store in future. New capital norms specified in Basel-III will demand banks to hold top quality capital, Tier I capital, totaling 7% of their risk bearing assets. The new capital ratio represents a substantial increase from the current requirement of 2% (This is the global position. In India on the average, Tier I capital presently is at 9.3%). The new capital rules have been agreed to by global regulators on 13th September, 2010. However, its implementation is presently delayed due to strained global economy, but is scheduled for completion by Jan 2015. Banks as financial intermediaries are subject to various risks both financial and nonfinancial. These risks are in the form of: Credit risk, interest rate risk, foreign exchange risk, liquidity risk, equity price risk, commodity price risk, legal risk, regulatory risk, reputation risk, operational risk etc. One area of risk may have ramification on many other risk categories. These risks may be independent or inter dependent. The risks that could arise may be triggered by events which are domestic or international or a combination of both. It is therefore necessary for a bank, at its highest level of management, to ensure that systems are in place for proactive measures to be initiated to deal with the risks as and they are confronted with. It is said that what cannot be measured cannot be managed. In other words, in order to manage the risk in banking, banks need to ensure a system for identification, measurement, monitoring and controlling risks in banks. Internationally established methods for banks for these are provided by the Basel Committee for Banking Supervision (BSBS). It also specifies that banks need to hold capital commensurate with level of risk at which it operates. Banking risks are broadly classified into three types: Credit Risk Market Risk, and Operational Risk. This type of classification is needed to ensure that adequate capital is maintained at all times for each of these category of risks and to facilitate regulator, RBI, to verify the same. RBI issued first set of circulars banks on Risk Management in October, 1999 giving guidance to use quantitative techniques in risk modeling. Reserve Bank of India vide its circular no. DBOD.BP.(SC).BC.98/21.04.103/99 dated 07.10.1999, came out with guidelines on Risk Management System in Banks. RBI has suggested that the broad parameters of risk management function should encompass: i. Organizational Structure;

ii. iii. iv. v. vi. vii. viii.

Comprehensive risk management approach; Risk Management Policy approved by the Board, which should be consistent with the broader business strategies, capital strength, management expertise and overall willingness to assume risk; Guidelines and other parameters used to govern risk taking including detailed structure of prudential limits; Strong MIS for reporting, monitoring and controlling risks; Well laid out procedures, effective control and comprehensive risk reporting frame-work; Separate risk management frame-work independent of operational departments and with clear delineation of levels of responsibilities for management of risks; and Periodical review and evaluation.

The scope of this policy is related to the above risk management functions with particular reference to Operational Risk.

What is Risk? Risk can be defined as an unplanned event with financial consequences resulting in loss or reduced earnings. A risky proposition is one with potential profit or a looming loss or has volatility in potential outcome. Risk generates profit or loss depending on how it is managed. So risk management is the process of assessing risk, apply managerial steps (like taking out insurance, use derivatives, re-plan the whole project etc) and reduce the risk to an acceptable level. The essential components of any risk management system are: Risk identification i.e., naming and defining each type of risk associated with a transaction or product or service, Risk measurement -i.e., estimation of the size, probability and timing of potential loss under various scenarios, and Risk control i.e., framing of policies and guidelines that define the risk limits not only at the individual level but also for particular transaction. Risk Management can be defined as (a) the process of identification, assessment and prioritization of risks by an organisation and (b) involves co ordinate and prudent application of resources so as to control and minimize the risk by controlling the probability and /or impact of unexpected events. Risk taking which is also a part of management, on the other hand, is seizing opportunities. It is commonly believed that higher the risk higher the reward. Yet, a higher risk may lead to a much higher loss also. Risk can happen due to uncertainty in commodity and financial markets, project failures, legal disputes, credit failure, accidents, natural causes and disasters as well as deliberate strategies from a competitor. The strategies to manage risk include transferring the risk to another party (diversification- insurance), minimizing the risk (avoidance), controlling the downside or reducing the negative effect of the risk (hedging) and accepting some or all the consequences of a particular risk (risk retention or tolerance) There could be no ideal risk management. One may like to deal with and manage risks with greatest loss and the greatest probability of occurrence first, and risks with lower probability of occurrence and lower loss later. But it is not possible to practice the same

as the time of occurrence may not be easy to determine. Identifying risks and balancing between risks with highest probability but lower loss versus a risk with high loss potential but lower probability of occurrence can often be difficult if not impossible. Risk management consist of the following elements, performed more or less, in the following order: 1. Identify, characterize and assess risks/threats, 2. Assess the vulnerability of critical assets to specific threats, 3. Determine the risk (i.e., the expected impact/consequences of specific types of events happening on specific assets), 4. Identify ways to reduce those risks, 5. Prioritize risk reduction measures based on a strategy. Steps involved in risk management may be as under: Identify all areas of risk, Evaluate these risks (some risks like exchange rate, interest rate risks could be quantified where as some others like country risk, operational risk etc can not be quantified). Set various exposure norms Mismatches Counter parties Issue clear policy guidelines / directives Different Types of Risks 1. Credit Risks 2. Interest Rate Risk 3. Liquidity Risk 4. Foreign Exchange Risk 5. Equity Price Risk, 6. Commodity Price Risk 7. Regulatory Risks 8. Technology Risk 9. Market Risk 10. Operational Risk 11. Strategic Risk In risk management has to lay down clear cut policy guidelines, in quantifiable and precise terms, for different layers, the personal business parameters and cut off limits. In MACRO level one has to plan as what one is looking for in any new business proposition or venture and convert these expectations into MICRO level factors and field level functionaries. Only then they will be able to convert these expectations into reality. If any important assumptions made are omitted or over looked while going for micro level implementations such as, say, infra structure support etc , then there will be glaring disparities between expectation and realization. So macro level functionaries have great role to play in risk management process.

Credit Risks
Banks accept monies for the purpose of lending and investment. Borrowers may default in payment of interest and repayment the credit for a number of reasons. Default put the banker in a difficult situation as he has to honour his commitments towards his depositors.

Credit risk is the possibility that there is default in the repayment of credit availed by the borrower or non repayment or delayed repayment of interest on loans and advances. Credit is the largest portfolio in a banks balance sheet. Further, as bank invests in bonds, debentures, shares etc., it may face the possibility of default on these investments. Such defaults are also called the credit risk. As such, credit risk is most important to manage. In this back drop, it is necessary that banks must have robust credit risk management in place. Before we attempt to define credit risk, we must briefly see the process of credit sanction and disbursement. Every banker, when he lends, knows that he invites risk. Therefore he undertakes appraisal of the client and the project. Whether it is a retail loan or a corporate loan the underlying cash flows are studied in detail. The viability is estimated and in case of certain larger loans sensitivity tests are undertaken. Often the rating (credit rating of the client) is also factored in. In order to manage default well, banks collaterals and insurance as post risk cover. Yet the default happens. This awareness of risk is the pre-requisite for credit risk management. Credit Risk is defined as the possibility of loss associated with diminution in credit quality of borrowers or counterparties. In banks portfolio, losses stem from outright default due to inability or unwillingness of customer or counter party to meet commitments in relation to lending, trading, settlement & other financial transactions. Alternatively, losses result from reduction in portfolio value rising from actual or perceived deterioration in credit quality. Credit Risk emanates from a banks dealings with individual, corporate, bank, financial institution or a sovereign and may take the following forms: Principal / interest amount not repaid ( in case of direct lending) Funds not forth coming from constituents despite crystallization of liability ( in case of BG,LC etc) Payments due from counter parties not forthcoming ( in case of treasury operations) Funds/ settlements not realized ( in case of securities trading) Availability of free transfer of foreign currency funds hindered / restricted by the sovereign ( in case of cross border exposures) Default in credit occurs due to many factors and at times the default could be deliberate. The quantification of credit risk and its management therefore poses some problem. Statistical tools like probability of default, loss given default, exposure at default and maturity are extensively used to measure the credit risk. But to arrive at the probability default in the case of particular category of borrowers, enormous historical data of the behavioral patterns of borrowers is required which is proving to be a great challenge. Indian banks are now generating this data that would enable them to accurately determine the statistical probabilities. In the area of credit risk management, a very simple yet time-tested technique of minimizing the risk is setting up prudential exposure limits under various categories. This helps to limit the concentration risk and ensures health of the loan book. The prudential exposure limits are prescribed by RBI vide their circular RBI/2010-11/68/DBOD No.Dir.BC.14/13.03.00/2010-11/ dt. July 01, 2010. Other important inputs in credit risk management come from Basel II guidelines. Collaterals and insurance are traditionally seen as credit risk management tool. Collaterals, to some extent dissuade the borrower from deliberate default. Yet, mostly they become useful post crystallization of credit risk only. Measurement of Credit Risk

Quantification of credit risk is through estimating the expected loan losses ( based on past experiences over a chosen time frame- 5 years), unexpected loan losses ( the amount by which actual losses exceed expected loss and quantified through standard deviation of losses or other standard methods ) Objective of Measuring and Quantification of Risks The purpose of measuring and quantification of credit risk is to (a) contain and control the risk, (b) price the exposure on a scientific basis and (c) be able to manage and control the risk through effective loan review mechanism and portfolio management. It also enables to ascertain the amount of in relation to the risk as estimated. The need for ensuring Loan Policy: Credit is the main source of income for the bank. Credit decisions are taken at various levels across the length and breadth of the bank. Therefore banks need to have a credit policy containing the details and methods of its managements. This credit policy is formulated and updated periodically by the highest level of the bank management, a high level Credit Policy Committee, and approved by the banks board (the highest decision making authority). It should detail the credit risk management process. It will give the details of loan schemes, terms, process of sanction, appraisal and selection standards. The officers /personnel who deal with credit dispensing at every stage need to be well aware of the credit policy of the bank. Risk Based Pricing of Loans 1. Portfolio pricing: It is believed that rate of interest of credit is risk related. This is true in case of loan portfolios where interest is based on the performance of the portfolio. For eg., a bank may lend at, say, 12 % ( 1.5 % above base rate), a relatively low interest rate for retail assets because the portfolio as such may have very low default. This means that the individual defaults in the portfolio are compensated by the performance of the portfolio. 2. Pricing of individual customers: World-wide, many lenders use what is known as risk- based pricing. Wherein a customer is given an interest rate (to be charged on his loans) based on his or her credit-worthiness. In theory, this means that only those people the cleanest credit records will receive the lowest (best) interest rates. Risk-based lending allows banks and other financial lending entities to charge different loan rates to different members, based on the anticipated risk associated with the borrower. A properly implemented risk based lending program allows such lenders to assign risk adjusted rates to each risk category. In this policy, low risk members are rewarded with best possible interest rates, while higher risk members are charged higher rate of interest.. Key to successful risk based lending is to ensure that rates correctly reflect the risk & costs involved. This philosophy does not ensure that loans will be granted at high rate to bad borrowers. It assumes that reasonable safety of banks asset has to be ensured. Risk based pricing module will ensure that proper policies, procedures and pricing ranges broad enough to serve low risk, average and high risk borrowers are put in place. Subsequent to liberalization of interest rate structure by RBI, banks in India are progressively adopting differential loan pricing based on risk perception of the borrowers. The trend of risk based pricing will improve in coming years. However the main problem in India is non availability reliable data unlike the situation in developed countries where such data are made available by personal credit bureaus. In India CIBIL is one institution which provides credit information about firms and persons. It draws information from banks regarding credit habits of borrowers with respect loans and advances availed by them or

their usage of credit cards. However, mostly the ratings in India are perception based. Nowa-days, other credit rating agencies like CRICIL, SAMIRA etc have also started functioning. For high value customers, banks are now insisting that they obtain rating from these agencies and submit their findings periodically. The incentive for customers is that if they have better credit ratings, they will enjoy finer interest rates on their borrowings. The differentials rate ranges from 1% to 1.50% in India whereas it ranges between 3 to 3.5 in counties like USA and UK. Sometimes best rated customers, who are likely to repay their loans well before the due dates are penalized for such pre payment, because such prepayment causes mismatch in lenders Asset Liability Management and they are forced to look to other customers for lending for the remaining period. For illustration of risk pricing of facilities granted to risk rated borrowers please refer to prevalent credit policy of individual bank.

Capital charge for Credit Risk: Under Basel-II, three alternative approaches for measurement of credit risk and capital charge under credit risk have been proposed. These are : Standardized Approach Foundation Internal Rating Based (FIRB) Approach Advanced Internal Rating Based (AIRB ) Approach 1. Standardized Approach The standardized approach is similar to the Basel-I approach. Banks are required to slot their exposures into various categories of assets based on their characteristics. Under the approach, fixed risk weights have been assigned corresponding to each supervisory category based on ratings assigned by rating agencies. The accord permits banks a choice between two broad methodologies for calculating the capital requirement for credit risk. One method is to measure credit risk in a standardized manner supported by external credit rating of the assets. The alternative methodology, subject to explicit approval of the banks supervisor, would allow banks to use their internal rating system for credit risk. Under this approach, risks are categorized as under: Twelve types of risks such as i. claim on sovereigns, ii. Claim on public sector entities, iii. Claims on banks, iv. Claim on corporates, v. Claim recurred by commercial real estate, vii. NPAs, viii. Other assets, ix. Off balance sheet items etc. The risk weights of 0%, 20%, 50%, 100% and even 150% have been proposed depending on the ratings assigned by external credit agencies, subject to certain relaxations and restrictions by national supervisors (refer last sentence of earlier paragraph) Credit Risk Mitigant: The credit exposure to a counter party (for calculation of capital requirement) shall be reduced to the extent of eligible financial collaterals subject to specified haircuts. Such collaterals are, gold, bench mark rated debt securities, equities included in main index etc.

2. IRB Approach Under the approach banks use internal assessment of key risk
elements (quantitative inputs) as primary input to capital calculation. The risk weight and resultant capital charge are determined through the combination of quantitative

inputs provided by the banks and formulae specified by the committee. Under IRB approach, bank must categorise banking book exposure into broad classes of assets viz. Corporate, Sovereign, Banks, Retail and Equity exposures. Within corporate asset class, five sub-classes namely project finance, object finance, commodity finance, income-producing real estate and high-volatility commercial real estate. Within retail asset class the exposure is to be identified separately into three sub-classes namely exposure secured by residential properties, revolving retail exposure and other retail exposure. The IRB calculation of risk weighted assets for exposure to Sovereign, Banks, Corporate and Retail category of assets will depend on the following four parameters: Probability of Default (PD): Measures the likelihood of that borrower will default over a given time horizon, Loss Given Default (LGD): Measures the proposition of the exposure that will be lost if a default occurs Exposure at Default (EAD): Measures the amount of the facility that is likely to be drawn in the event of default. Maturity (M), Measures the remaining effective maturity of the exposure. Supervisor (in our case, RBI) may allow banks to adopt phased roll out of IRB approach. i.e. banks may adopt IRB approach for certain asset class and can use standardized approach for other asset class. Under IRB approach, the risk weight of each asset will be calculated with PD, LGD, EAD and maturity through a formula provided in the new accord as against the fixed risk weight under standardized approach. Building Block of Credit Risk Management (Risk Management Framework): An effective credit risk management frame work would have the following distinct building blocks: Policy and Strategy, Organizational Structure Operations / Systems

Policy and Strategy The Board of Directors shall be responsible for approving and periodically reviewing the credit risk policy document of the bank and strategy to implement the same. Organizational Structure A sound organizational structure is essential for successful implementation of the credit risk policy of the bank. It will consist of: Board of Directors, Risk Management Committee or Credit Risk Management Committee. (CRMC) a Board level sub- committee including the CEO and the heads of credit, market and operational risk management committees

Credit Risk Management Department

Operations / Systems Bank should have in place an appropriate credit administration, credit risk measurement and monitoring mechanism. Credit Administration process involves the following stages Relationship Management Phase -Business Development Stage. Transaction Management Phase covers the stages of risk assessment, loan pricing, structuring the facilities, internal approval, documentation, loan administration, on going monitoring and risk measurement. Portfolio Management Phase: This stage of monitoring the portfolio at a macro level and management of problem loans. On the basis of the above broad management framework banks should have in place proper credit risk measuring and monitoring procedures. Further, banks should have a Management Information System (MIS) in place to manage and measure, ongoing basis, the credit risk inherent in all on-and off- balance sheet activities. It should provide information on composition of credit portfolio, identification of any risk concentration, etc. Banks should price their loans according to the risk profile of the borrower and the risks associated with the loans.

Interest Rate Risk (IRR) Management

What is IRR? Interest Rate risk is the risk where changes in market interest rates might adversely affect a banks financial condition. The management of IRR should be one of the critical components of market risk management in banks. In the past banks interest rates were subjected to many regulatory restrictions which greatly reduced the concerned risk. Presently interest rates being deregulated, banks are now exposed to the adverse impact of interest rate risk. What is its Impact? Immediate impact of changes in interest rates is on Net Interest Income (NII). A long term impact of changing interest rates is on the banks net worth since economic value of banks assets, liabilities and off balance positions get affected due to variation in market interest rates. Banks cash flows (fixed assets or liabilities) come with fixed interest clause for different maturities (except inflow in current accounts). Interest on assets (loans and advances) are either at fixed rate or (for major part) at floating rates. Interest on fresh cash flows is affected by market conditions. Corresponding adjustment on floating rate credit has to take place from time to time. The NII or Net Interest Margin (NIM) of a bank is dependent on the movement of interest rates. Any mismatch in cash flows and re-pricing dates (floating assets or liabilities) expose banks NII or NIM to variations. Thus earning of assets and cost of liabilities are closely related to market volatility. Sources, Effects and Measurement of IRR

IRR is the exposure of a banks financial condition to adverse movements in interest rates. This risk is normal for banks and it is a source of profitability and shareholder value. However excessive risk can pose significant threat for its earnings. Changes in interest rates affects banks net interest income, other interest sensitive income and operating expenses. It will also affect the underlying value of banks assets and liabilities, present value of future cash flows and in some cases the cash flows themselves. Sources of IRR 1. Re-pricing Risk The primary and most often discussed form of IRR arises from the timing differences in maturity (for fixed rate) and pricing (for floating rate) of bank assets, liabilities and off- balance sheet (OBS) positions. Though pricing mismatch is inevitable to some extent, banks should not allow it to grow to unanticipated fluctuations as interest rates vary. For e.g. a bank that has funded its long term fixed rate loans with a short term deposit could face decline in both future income arising from the position and its underlying value if interest rates increase. 2. Yield Curve Risk pertains to risk on long term commitments and its corresponding hedging.. 3. Basis Risk arises on account of imperfect correction made by the bank in respect of market driven changes that has occurred in out flow. 4. Optionality : Risk involved in the optionality embedded in certain deposits schemes offered by the bank and its effect on banks earning due to market risk. Measuring IRR: Gap analysis is made to measure the difference between the initial expected amount of return and the present expected return due to changed market conditions. Maturity / re-pricing schedule can be recast on changing of interest rate by applying sensitivity weights to assets and liabilities of each time band. Management of IRR aims at addressing the risks arising from the maturity and re-pricing mismatches and it is measured both from the earnings and economic value perspective. (a) Earnings Perspective involves analyzing the impact of changes in interest rate on accrual or reported earnings in the near term. This is measured by NII or NIM, ie., the difference between the total interest income and total interest outgo. (b) Economic Value Perspective involves analyzing the changes in interest rate on expected net cash flows ( net of outgo on liabilities and income of assets and expected cash flow on offbalance sheet items) and its impact on net worth. It involves analyzing the impact of repricing mismatches and other interest rate sensitive positions. The economic value perspective identifies the risk arising out of long term interest rate gaps.

MARKET RISK
CONCEPT

Mr. X raised a capital of Rs 10000/- to invest in shares. He purchased 100 shares of ABC Ltd, quoted at Rs 100/=. So, now he has a portfolio valued at Rs 10000/= against his capital of Rs 10000/=. Suppose there is a fall of 5% in the share price of ABC Ltd the next day. His portfolio value will go down to Rs 9500/=, directly resulting in capital loss of Rs.500/=. The capital loss would have been more if he had leveraged his capital to borrow Rs 90000/= (9 times his capital) and used that money also to invest in the shares of ABC Ltd. His portfolio which stood at Rs 100000/- would have come down to Rs 95000/=, resulting in capital loss of Rs.5000/=. Having his capital at Rs 5000/=, Mr. X has to reduce his borrowing to Rs 45000/-, (9 times his present capital of Rs 5000/-) So, he has to sell about 500 shares of ABC Ltd. Anticipating further fall in share price of ABC Ltd, market became illiquid. Therefore he has to sell the shares at further loss facing the risk of asset liquidity. If the market is facing liquidity problem, X will also face the same problem in realizing his sale proceeds. The problem would have more had the price fallen 10% when he might have lost his entire capital and gone out of business. Thus, the market risk would meano Risk of adverse movement in price- price risk, o Risk of reduced liquidity in market for specified security- Asset Liquidity Risk, o The risk of poor market liquidity Market Liquidity Risk Of course, Mr. X might have made profits if the price of said share had moved upwards.

MARKET RISK IN BANKS The constituents of banks trading book are subjected to market risk as substantial part the assets held in trading book are held for trading. 1) A trading book consist of banks proprietary positions in financial instruments covering o Debt Securities, o Equity, o Foreign Exchange, o Commodities, o Derivatives held for trading. 2) They also include positions in financial instruments arising from matched principal broking and market making, or positions taken in order to hedge other elements of the trading book. They are held with trading intent and with intention of benefiting in the short term, from actual and/or expected differences between their buying and selling prices or hedging other elements in the trading book. A banks trading book exposure has the following risks, which arise due to adverse changes in market variables such as interest rates, currency exchange rate, equity and commodity prices, market liquidity, etc. and their volatilities impact banks earnings and capital adversity. i. Market Risk, ii. Liquidation Risk a) Asset Liquidity Risk, b) Market Liquidity Risk iii. Credit and Counterparty Risks iv. Model Risks

Market Risk Market risk is the risk of adverse deviations of mark- to market value of the trading portfolio, due to market movement, during the period required to liquidate the transactions. The period required to liquidation is critical to assess the adverse deviations. Earnings for the market portfolio are Profit and Loss arising from transaction. The P&L between the two dates is the variation of market value. Any decline in value, results in a market loss. It is possible to liquidate tradable instruments or to hedge their future changes of value at any time. Liquidation Risk Trading liquidity is ability to freely transact in professional markets at reasonable prices. It is the ability to liquidate positions without o Affecting market prices, o Attracting attention of other market participants. This enables bank to transact in the market without compromising on counterparty quality. High-liquidity or poor liquidity situations in the market create price volatility apart from normal volatility. Liquidation risk talks about volatility created on account of market liquidity in respect of particular scripts due to lack of trading liquidity. Credit and Counterparty Risks Traded debts such as bonds and debentures and commercial papers etc. are originated by issuers who are rated by credit rating agencies. So these instruments carry similar credit rating/risks. Credit risks arise for these instruments when their issuers get downgraded. In market transaction, there is one party that gives money and receives a given quantity of commercial papers. There is another party or counterparty that does the opposite. If any one of the transacting parties defaults in completing the settlement, the other party suffers. This is the counter party risk. Model Risk Models are designed to predict values of variables. Value of a specific variable would depend on one or more parameters. The parameters and the specific variable would have a relationship which may be mathematical or may be derived statistically from a set of observed data. Pricing models, risk measurement models are the most commonly and extensively used models in market risk management. However, values predicted through models and actual observations may differ. The gaps that may exist between the predicted value and the actual value is called the model risk
RISK IDENTIFICATION All products and transactions should be analyzed for risks associated with them. Standard products are analyzed and guidance given for the extent of risk taking and safeguards. For new or non-standard products guidance should be given on temporary basis. RISK MEASUREMENT Market risk measures seek to capture variations in market value arising out of uncertainties associated with various risk elements. These measures are based on o Sensitivity (using Sensitivity, Basis Point Value or Duration methods), and o Downside potential Downside risk is the most comprehensive measure of risk as it integrates sensitivity and volatility with adverse

effect of uncertainty. This measure is most relied upon by banking and financial services industry as also the regulators. Value at Risk (VaR): VaR attempts to answer the question: How much can we expect to lose? VaR is defined as the predicted worst- case loss at a specific confidence level over a certain period of time assuming normal trading conditions. Suppose a bank is having a trading portfolio of daily VaR of Rs 10.00 crore with 99% confidence level. It means that there is only one chance in hundred, under normal conditions, that a loss of greater than Rs.10 crore will occur. This summarizes the banks exposure to market risk as well as the probability of an adverse move. Shareholders and managers can decide whether they feel comfortable with this level of risk. If no, the process of that led to computation of VaR can be used to decide where to trim risk. VaR takes into account both portfolio diversification and leverage effects. There are several methods of calculation of VaR. All use historical data of 3 to 5 years. The methods differ in terms of o Distributional assumption for risk factors (normal vs. other distribution) o Linear vs. full valuation, where the former approximates the exposure to risk factors by a linear mode. The three important methods of calculation of VaR are: i. Delta method, ii. Historical method, iii. Monte Carlo method. Even though VaR method is popularly used, it should be complemented with back testing and stress testing. RISK MONITORING AND CONTROL As trading book portfolios are very large, banks have huge exposures to market risk. Having set rules and regulations for the dealers to handle the trading book portfolio, it is necessary to monitor continuously implementation of risk and business policies. Controlling the market risk means keeping the variations of the value of a given portfolio within given boundary values through actions on limits which are upper bounds imposed on risks. This is achieved through o Policy guidelines limiting roles and authority o Limit structure and approval process, o System and procedures to unbundle products and transactions to capture all risks, o Guidelines on portfolio size and mix, o Defined policy for mark to market o Limit monitoring and reporting o Performance measurement and Resource allocation RISK REPORTING Risk report should enhance risk communication across different levels of the bank, from trading desk to the CEO. Reports should be o Regular and in time, o Reasonably accurate, o Highlight portfolio risk concentration, o Include written commentary, and o concise MANAGING TRADING LIQUIDITY Risk of trading liquidity is managed by avoiding o Large market share in type of assets, o Infrequently traded instruments, o Instruments with unusual tenors, etc RISK MITIGATION Market risk arises due to volatility of financial instruments. The volatility of financial instruments is instrumental for both profits and risk. Risk mitigation in market risk i.e., reduction in market risk is achieved by adopting strategies that eliminate or reduce the volatility of the portfolio. However, there are a couple of issues that are also associated with risk mitigation measures. 1. 2. Risk mitigation measures aim to reduce downside variability in net cash flow but it also reduces upside potential simultaneously. Risk mitigation strategies which involve counterparty will always be associated with counterparty risk. Of course, where counterparty is an established exchange, counter party risk gets reduced very substantially. In OTC deals, counterparty risk would depend upon the risk level associated with party to the

contract. Risk Mitigation Strategies Volatility of individual instruments is market determined. But, volatility of two or more different financial instruments would be different. As a result, a portfolio of financial instruments can be created with desirable volatility characteristics. Strategies to achieve this are o Sensitivity measures- combine different scripts in a portfolio so that its average Basis Point Value (BPV) is within the desired limit. Similarly combine the portfolio with different duration assets. o Correlation measures two financial instruments that have negative correlation are put into one portfolio so that the combined volatility is reduced. o Market instruments financial instruments such as options provide methods to hedge market risks

OPERATIONAL RISK Operational risk is new inclusion in the Basel Accord II. Operational Risk is defined as the risk of loss resulting from inadequate or failed internal processes, people, and system or from external events and includes legal risk, but excludes strategic and reputational risk The operational risk identification and measurement is still in an evolutionary stage as compared to the maturity that market and credit risk measurement have achieved. There are three alternative approaches for operational risks as under: a. b. c. Basic indicator approach (charge on capital: 15% of average gross income over three years) Standardised approach (12 to 18% of average gross income segregated into specified eight business lines) Advanced measurement approach (AMA- based on internally generated measure based on internal loss of data, external loss, scenario analysis, business environment and internal control factors)

Supervisor (RBI) may allow banks to use AMA for some part of its operation and Basic Indicator or Standardized approach for the rest. TYPES OF OPERATIONAL RISKS People Risk Human resource risk Process Risk Governance Risk Business Operation Risk Environment IT Risk Risk Customer satisfaction risk Customer relation risk Outsourcing risk Regulatory risk Event risk Media risk Technology risk Access risk Data validity risk

Business Leadership risk processes risk Communication risk Disaster prevention & recovery risk

Resource allocation New Product risk risk Risk relating to wrongful act Risk relating to record keeping/ reporting system Product quality risk Product development risk

Budget planning risk Risk relating to product obsolescence

Economic risk

Data integrity risk

Employees error risk

Business interruption risk

Internal control risk

Risk relating to poor marketing of services/products Competition risk

Data availability and connectivity risk Data transmission risk IT infrastructure risk

Work place safety & Systems & working control risk environment risk Compliance risk Merger risk

Risk relating to inability to change Business concentration risk Risk relating to poor

MIS Relationship risk

TAXONOMY OF VARIOUS CATEGORIES OF OPERATIONAL RISKS People Risk

Human Resource Risk: Risks relating to lack of adequate skills, knowledge & experience, high attrition/turnover rate, continuous competence assessment, personal account dealing rules and its monitoring, absence of recruitment/training policies (if policies put in place, its non-adherence) etc. Resource Allocation Risk: Risks relating to poor allocation of resources at the point of need. Wrongful Act Risk: Risks arising out of wrongful acts committed by employees that may result into loss to the Bank. Record-Keeping/Reporting System related risk: Risks arising out of poor record-keeping and reporting system leading to falsifying/tampering of records, concealment of information, non-disclosure of sensitive issues etc. Employee Error risk: Risks arising out of employees mis-performance due to lack of skills leading to incorrect transactions or error in transactions. Working Environment & Workplace Safety Risk: Risk arising out of poor working environment or work place safety leading to employees personal injury such as physical injury (bodily injury, health and safety, sanitation, ambience, security etc.) or non-physical injury (libel, defamation, slander, discrimination, harassment) that may bring about fall in efficiency, motivation & productivity of personnel.

Process Risk

Business Process Risk: Risk arising out of inability to perform at required levels due to either lacuna in the processes/technology itself or due to the practices followed therein. New Product Risk: Risk arising out of introduction of new products/ processes/services/delivery channels/technology without proper market research about its acceptability, cost-benefit analysis, inherent risk assessment, laying down control measures, defining audit tools and skill up gradation of staffs through proper training/seminar/workshop etc. Product Quality Risk: Risk arising out of non-assessment of existing product/processes/services/delivery channels/technology regarding their quality, relevance and cost-benefit in the light of fast changing scenario. Product Development Risk: Risk arising out of inability to keep pace with the changes in the market and development of new products/processes/ services/delivery channels/technology without proper market research regarding customers requirement and his acceptability to the product. Business Interruption Risk: Risk arising out of interruption in the business due to disasters (natural as well as non-natural), IT failures, strike, shortage of resources etc. Systems & Control Risk: Risk arising out of inadequate systems & control, documentation of procedures/job specifications/operational limits/manuals etc. Compliance Risk: Risk arising out of non-compliance of organisational policies, Govt./RBI regulations, directions from Board or its sub-committees, laws etc. leading to fine/penalties/regulatory criticism/adverse media reactions etc. Merger Risk: Risk arising out of merger without proper due-diligence and poor implementation of merger processes.

Management Risk

Leadership Risk: Risk arising out of management lacking in direction, customer focus, motivation to perform, trust within the unit and alignment of self-objectives with corporate goal. Communication Risk: Risk that the communication from the top management is ifferent from what they wanted to convey or the line managers understand the communication differently than what is conveyed. Disaster Prevention & Recovery Risk: Risk arising out of lack of an adequate disaster prevention & recovery plan leading to an adhoc response to any unforeseen event or disaster.

Budget Planning Risk: Risk arising on account of fixing unrealistic budget and using unreliable planning information leading to wrong financial conclusion and decisions. Internal Control Risk: Risk arising on account of lack of control or inadequate control exercised by the management leading to irrepressible violation of established systems & procedures by the down the line officials.

Business Risk Customer Satisfaction Risk: Risk arising out of possibility that the Bank may not be able to meet or exceed the customer satisfaction. Customer Relation Risk: The risk of customer responding negatively to a particular event/campaign or policy of the Bank. Outsourcing Risk: Risk arising out of availing outsourced services without defining area/activities of outsourcing, proper due-diligence of vendor/3rd party, lack of effective control over vendor/3rd party and security against breach of confidentiality. Product Obsolescence Risk: Risk arising out of possible situation wherein the product may not be what the customer actually wants or the product/services is not able to adequately satisfy his needs. Marketing Risk: Risk arising out of inadequate/poor marketing of Banks products/services resulting in inadequate offtake of product/service. Competition Risk: Risk arising out of very active competition, which leads to extra resources being consumed to respond to different challenges posed by it. Rigidity Risk: Risk arising out of managements inability to keep itself abreast of changes in the competitive scenario and lack of flexibility to change the business model/processes etc. Business Concentration Risk: Risk arising out of concentration of business to a particular sector/area/particular set of products that does not optimise overall performance. MIS Risk: Risk arising out of irrelevant or unreliable information concerning current commitment that may result in new commitment, which are not in the best interest of the Bank. Relationship Risk: Risk resulting from relationship issues with customers, vendor/3rd party etc. in absence of proper documentation/contract.

Environment Risk Regulatory Risk: Risk arising on account of changing regulations/Banks guidelines impacting operations of Business Units. Event Risk: Risk of business adversely affected by catastrophe, disasters, riots, terrorism, war etc. Media Risk: Risk arising out of coverage of particular event or of the BO/ RO/ZO/Bank as a whole that would tarnish the image of the Bank in the eyes of customers, employees, general public etc. The risk could stem from positive coverage of a competitor by the media thus swinging customers sentiment in the favour of the competitor or from mis-representation of Banks stand/philosophies etc. thus swinging customers sentiment against the Bank. Economic Risk: Risk arising on account of happenings in other sectors of economy indirectly affecting branch/Bank business or the risk of impact of the status of economy as a whole on the business of the Bank

IT Risk IT Opportunity Risk: Risk arising out of inability to take advantage of advances in technology that could have either thwarted the threat posed by the existing technology or could have kept the Bank at par or ahead of a competitor who has taken advantage of advanced technology. Access Risk: Risk associated with accessibility to the confidential data without proper authorization due to loopholes in the security system. Data Validity Risk: Risk associated with the data given to the user, which is not verified and validated appropriately, thus preventing him to take effective/ meaningful decision. Data Integrity Risk: Risk associated with incomplete or inaccurate information about transactions at the entry stage and inaccurate reporting by IT systems thereafter. Data availability & Connectivity Risk: The risk that the data may not be available at the time it is needed. This may be due to lack of proper management of data, loss of connectivity or slow connectivity etc. Data transmission Risk: The risk that the data could be lost/hacked/ intercepted during transmission from one system to another. IT Infrastructure Risk: The risk relating to inadequate or inappropriate IT infrastructure consisting of networks, software, hardware, server, security system, processes, IT Professionals etc. to effectively manage and use the information system. IT Application Risk: The risk relating to deficiencies or errors in processes, controls, or projects related to the development or purchase of IT applications (software including interfaces), their maintenance and continuous

development. Building & Equipment Risk: The risk relating to deficiencies or errors in processes, controls, or projects related to the sourcing, construction, and maintenance of buildings and equipments i.e. workstation set up,, telecommunication facilities, other building & IT equipments etc.

OPERATIONAL RISK MANAGEMENT PROCESSES Management of Operational Risk mean identification, assessment, monitoring and control/mitigation of this risk.

RISK IDENTIFICATION As a principle of Sound Practice, Banks should identify and assess the operational risk inherent in all material products, activities, processes and system. As such, the Banks are expected to continuously identify operational risks inherent in all its products/processes/activities/systems (existing as well as new) by adopting Risk & Control Self Assessment (RCSA) approach for each Business line as well as analysing its historical loss data. The first step towards identifying risk events is to list out all the activities that are susceptible to operational risk. Usually this is carried out at several levels.

Level 1 lists the main business groups, corporate finance, trading and sales, retail banking, commercial banking, payment and settlement, agency services, asset management, and retail brokerage. Level 2 lists out the product teams in these business groups, e.g. transaction banking, trade finance, general banking, cash management and securities markets. Level 3 lists out the product offered in these business groups, e.g. import bills, letter of credit, and bank guarantee under trade finance. If required, a fourth level can be added.

After the products are listed, the various risk events associated with these products are recorded. A risk event is an incident/experience that has caused or has the potential to cause material loss to the bank either directly or indirectly with other incidents. Risk events are associated with the people, process and technology involved with the product. They can be recognized by: (i) (ii) (iii) (iv) (v) Experience - The event has occurred in the past Judgment - Business logic suggests that it is a risk Intuition - Events where appropriate measures saved the institution in the nick of time Linked Events - This event resulted in a loss resulting from other risk type (credit, market etc.) Regulatory requirement

Policy for mapping banking activities in eight business lines are to be approved by the Board of the respective banks . Equally important is the requirement of the banks is mapping of loss events, their categorisation, and preparation of manual on loss events and placement of the same to the Board Of Directors

CAPITAL ALLOCATION METHODOLOGIES FOR OPERATIONAL RISK There are three alternative approaches for operational risks as under: a. b. lines) c. of data, Basic indicator approach (charge on capital: 15% of average gross income over three years) Standardized approach (12 to 18% of average gross income segregated into specified eight business Advanced measurement approach (AMA- based on internally generated measure based on internal loss external loss, scenario analysis, business environment and internal control factors)

Supervisor (RBI) may allow banks to use AMA for some part of its operation and Basic Indicator or Standardised approach for the rest. The Basel Committee has put forward a framework consisting of three options (above noted three approaches) for calculating operational risk capital charges in a continuum of increasing sophistication and risk sensitivity. These methodologies are, in the order of their increasing complexity (the first one is the simplest and the last one is the most complex one and requires sophisticated and internally generated OR data set. Basic Indicator Approach (BIA) Under this BIA- approach, banks have to hold capital for operational risk @15% of Gross Income, where positive, over the previous three years. This approach is available for all banks irrespective of their level of sophistication. RBI has defined Gross Income = Net Profit +Provision & Contingency +Operating Expenses (Schedule 16) Profit on sale of HTM investments Income from Insurance Extraordinary/Irregular item of Income +Loss on sale of HTM investments. Formula for calculating Capital Charge under BIA: KBIA ={(Gi)x } / n Where KBIA = Capital charge under the Basic Indicator Approach Gi, gross annual income for previous three years i=1,2,3, where the same was positive n= number of previous three years for which gross income was +ve, and = 15%, which is set by Basel II

The Standardised Approach (TSA) Under this approach, banks activities are divided into 8 business lines against each of which, capital for operational risk is calculated by multiplying Gross Income of that business line with a fixed percentage, i (i = 1 to 8), which is different for each business line as per below: Sr. No. 1. 2. 3. 4. 5. 6. 7. 8. Business Line Corporate Finance Trading & Sales Retail Banking Commercial Banking Payment & Settlement Agency Services Asset management Retail Brokerage 1 2 3 4 5 6 7 8 Beta factor Fixed Percentage 18% 18% 12% 15% 18% 15% 12% 12%

Three year average income under each business line is multiplied by respective i (i = 1 to 8) and summed up to arrive at the Capital Requirement under the above Standardised Approach (popularly denoted as TSA). However to adopt the Standardised Approach, the Bank must satisfy RBI that: Its Board of Directors and Senior Management are actively involved in the oversight of operational risk

management framework by way of conceptually sound operational risk management system that is implanted with integrity in the major business lines as well as the control and audit areas. It has a well-documented ORM framework with clear role & responsibilities, organisation structure, policies & procedures, tools for operational risk assessment/analysis/monitoring, operational risk assessment methodology, and risk reporting system. It is systematically tracking relevant operational risk data including material losses and its output, by way of risk reporting and analysis is an integral part of the process of monitoring and controlling banks operational risk profile. Banks operational risk management processes and assessment system is internally validated and these are subject to regular independent review by the internal/external auditors and supervisors.

Alternate Standardised Approach: There is another variant of Standardised Approach for capital charge for operational risk, called the Alternative Standardised Approach, ASA, which the regulator can allow. Accordingly, RBI allows banks to adopt ASA also. Once a bank is allowed to use ASA; it will not be allowed to revert to TSA without RBIs permission. Under ASA, banks are permitted to segregate its entire business only under two business lines 1. Retail Banking, and 2. Commercial Banking with respective factors to be used for calculation of capital charge. Advanced Measurement Approach (AMA) This approach needs the bank to achieve further (sophisticated) risk maturity and required internally generated operational risk data sets. Bank will have to calculate Expected Losses (EL) and Unexpected Losses (UL) through statistical methods at 99.9% confidence level for a time horizon of one year. To qualify for this approach, RBI has set up some additional measures, over and above the qualifying criteria for TSA. As the method is complex we will not discuss the same now.

TREASURY RISK MANAGEMENT

Treasury Operations of a Bank Introduction Conventionally, the treasury function was confined to funds management-maintaining adequate cash balances to meet day to day requirements, deploying surplus funds generated in the operations and sourcing funds to bridge occasional gap in cash flow. In banks, the treasury is also responsible to meet reserve requirements, i.e., holding with RBI minimum balances as per CRR (Cash Reserve Ratio) and investing funds in approved securities as per SLR (Statutory Liquidity Ratio). Thus Treasury functions, basically, was liquidity management and Treasury was considered a service centre. However, the economic reforms and deregulation of markets during the last decade and a half increased the scope of treasury function with its own trading and investment activities. With its changed status, now the treasury department considered a profit centre. Treasury now connects the core activity of the bank (deposit taking and lending) to financial markets by continuously assessing the market for lending, borrowing, investing and trading in financial assets. Owing to the interface with markets, managing market risk for the entire bank has become an integral part of the treasury. Till recently, investment insecurities and foreign exchange business constituted separate departments. Now the treasury department undertakes the work of these departments also. As all these additional functions are integrated with conventional treasury functions, now the treasury department is being called an Integrated Treasury Department. Driving forces in Integrated Treasury are Integrated Cash flow Management, Interest Arbitrage, Investment Opportunities, Risk Management Functions of Integrated Treasury are Meeting reserve requirements, Efficient merchant services, Global cash management,

 Optimizing profit by exploring market opportunities in Forex market, Money market, and Security market, Risk management, Assisting bank management in ALM Thus, Treasury encompasses funds management, investment and trading in multi-currency environment within the framework of risk management in order to service the banks cash flow requirements, to attend needs of merchant business, as well as generate profits from such activities. It also involves in managing balance sheet risks in coordination with other departments of the bank. 7.2. Process of Globalization: This is the process of integration of domestic market with global markets characterized by free capital flows with minimum regulatory interventions. These capital flows are in addition to regular flow of FX on account of trade and corporate and individual remittances. Capital flows represent direct and indirect investments (transfer of wealth) with ultimate motive of repatriating returns on such investments. Emerging market counties (like ours) have realized that free capital flow is necessary to achieve rapid growth. In India Foreign Exchange Management Act (FEMA), 2000, controls and enables cross border movement of funds. RBI has allowed Indian banks to borrow and invest, through their overseas correspondents, in foreign currency subject to a ceiling of 25% of tier -2 capitals or USD 10 million, whichever is higher. This relaxation has placed Indian Banks treasuries in command of substantial funds which are freely convertible and which could be deployed in domestic or global markets subject to certain restrictions. This only shows the scope for treasury actions in India. 7.3. Treasury as Profit Centre: Treasury activities, in modern day scenario, afford banks to generate surpluses to supplement profits from their core banking activities. Treasury is run by a few specialist staff. Thus operational cost is low. Here transaction size is very high (generally not below Rs 50 millions).Even though margins are low; profit could be generated due to its volume. 7.4. Organization of Treasury: Treasury is generally headed by a General Manager. It usually works as a branch with a degree of autonomy. Its accounts will be maintained independently with its own P & L Account and Balance Sheet and will be under direct control of Head Office. It is usually divided into 3 departments, like (a) the Dealing Room (Front Office), the Back Office (Treasury Administration) and the Middle Office. a) The Dealing Room will be headed by Chief Dealer who will be in charge of the section. The Dealers working under him will buy and sell in the markets. Each dealer will specialize in one of the markets, i.e. foreign exchange, money market or securities market although in Integrated Treasury the dealers are generally familiar with all markets. Security Markets are generally divided into Primary Market and secondary Markets. A Securities dealer will generally participate in Secondary Market. Dealers will also participate in auctions of government securities and T Bills periodically conducted by the RBI. b) The Back Office is responsible for verification and settlement of deals concluded by the Front Office. It also takes care of book keeping, submission of periodical returns to RBI, maintenance of Nostro Accounts (foreign currency accounts with correspondent banks), funding and security accounts with RBI, Demat accounts with depository participants and settlement accounts with Clearing Corporation for rupee and foreign currencies. c) The Middle Office takes care of MIS and Risk management aspects. Investment Department will take care of primary market operations. Administrative department will take care of internal administration. 7.5. Products of Foreign Exchange Market: Foreign Exchange market is most liquid market as free currencies (USD, EUR, GBP, etc) can be readily bought and sold. This market is most transparent. Information dissemination is fast through electronic media through screens of Reuters, Money Line and Bloomberg etc.

Spot Trades: Currencies are generally bought or sold in spot trades, Spot settlements takes place in two days, i.e. on the 3rd day. Settlements could be made on the same day, today (TOD) or the next day, i.e. tomorrow (TOM) also in which case some rate discount will be available. Forward: Treasury may enter into forward contracts with customers (merchant business) or with banks (inter-bank market) as counterparties for buying or selling foreign currency on a specified future date. The exchange rate is specified today. This will enable customers and banks to safe guard against currency risk. Bank can do so purely for the purpose of making profit out of price movements.

Swap: A combination of spot and forward transactions is called a swap. Buying USD (with rupees) and selling the same amount of USD in forward market or vice versa constitutes a USD/INR swap. The swap route is generally used for funding requirements, but there is also a profit opportunity. If we have USD but we need rupee fund for investment in a commercial paper for 3 months, we may sell USD at spot rate and buy back the USD after 3 months from the proceeds of CP. If the interest earned from CP is higher than the cost of USD, the swap will result in profit. Investment of Foreign Exchange Surpluses: Banks are permitted to invest their Fx surpluses in global money markets / in short term securities in inter- bank loans (term not exceeding one year, but mostly overnight), overseas short term investments, and nastro accounts Loans and Advances: Treasury may help branches in short term lending in foreign currency for Packing Credit and negotiation of Export Bills (EBN). 7.6. Money Market Products: Money Markets refer to raising & deploying short term resources with maturity of generally not exceeding one year Inter-bank market is divided into call money- refers to overnight placements funds borrowed by banks needs to be repaid on the next

working day, Notice Money-refers to fund placement beyond overnight but a period not exceeding 14 days, Term- money market refers to placement of funds with banks for a period beyond 14 days up to 1 year. Typically, however, it ranges from 1 month to 6 months Treasury invests surplus in money market after meeting CRR requirements. Statutory minimum CRR is 3% of bank liabilities. However RBI changes this from time to time to control liquidity in the market. For balances in CRR above 3%, RBI gives interest at Reverse Repo Rate. Inter-bank market is considered safe and carries low risk next only to sovereign risk. Interest rate prevailing in interbank market is considered benchmark rate estimate liquidity position in market. The call money rate as indicated by Overnight Mumbai Inter-bank Offered Rate (O/N MIBOR) is most widely accepted benchmark rate for corporate debt paper as also for floating rate bank credit. Short-term Placements: Bank treasuries typically deal in inter-bank markets, but treasury operations also extend to short term investment papers issued by government, FIs and companies, Treasury bills are issued by RBI with 91-days or 364- days maturity (auctioned on Wednesdays), Commercial Papers (CPs) of 7 days to 1 years issued by corporates and Certificate of Deposits (CDs) issued by banks against deposit of funds, Repos (sale of securities with commitments to repurchase the same at a later date-presently government securities are dealt in) and Bill rediscounting (bills of short term-3 to6 months- discounted by other banks are again rediscounted by the treasury of another bank).

7.7. Security Market Products: Investment Business is an important part of integrated treasury and is composed of buying and selling of products available in security markets. These include Government securities ( which is necessary for banks to maintain Statutory Liquidity Ratio), corporate debt papers (non-SLR), debentures and bonds, convertible bonds, etc 7.8. Domestic & Global Markets: The products available in FX markets, money markets and security markets are not only overlapping (e.g. USD funds swapped into rupees and invested in securities or lent in inter-bank markets), but also common to domestic and global markets. We have fully convertible current account and partially convertible capital account system, now. On account of this convertibility, interactions take place between different markets and domestic and global markets. In treasury related businesses, the following are points of interaction between Domestic & Global Markets: 7.9. FII investments, ADR/GDRs(American/ Global Depository Receipts) issued by Indian companies, ECBs (External commercial Borrowing) of Indian companies, Foreign currency funds of banks, Funds under special facilities to exporters under EEFC(Export Earners Foreign Currency Account) accounts which come to treasury are in tern invested by treasury either in domestic or in global markets.

Funding and Regulatory Aspects 7.9.1 Objectives: Let us learn- how RBI controls liquidity in the market? How does RBI function as lender of last resort? How does it facilitates payment and settlement systems in the banking world? 7.9.2 Reserve Assets: CRR & SLR 7.9.3 Payment % Settlement Systems

7.10

Treasury Risk Management Treasury Risk Management is important on account of two reasons: Nature of treasury activities is such that profits are generated out of market opportunities and market risk is present at every step. Treasury is also responsible for balance sheet management,i.e., market risk generated by other operational departments 7.10.1Supervision & Control of Treasury Concern for Treasury Risk: There are mainly three concerns for Treasury Risk:a) Treasury business enjoys high leverage, i.e., large transaction can be executed with very low capital requirement. E.g. Whereas there is 9% CAR is requirement for extending credit (in India), treasury can buy and sell foreign exchange of Rs 100

crores with bare Rs. 9 lacs as capital. But adverse movement of Re.1/- in exchange rate may result in a loss of over Re.1.00 crores to the bank which is a straight loss of capital. b) Large size transactions are done at the sole discretion of the Treasurer. Once limits are delegated to the dealers, rarely do they need specific approval from the management. A single transaction may be of Rs 5.00 crore to Rs 50.00 crore or even more in a large bank. If a dealer commits an error judgment, the consequent loss to the bank may be enormous. c) Losses in treasury business materialize in very short term. Transactions once confirmed are irrevocable. Particularly in FX, market react so fast that profit or loss on trade is almost instantaneous. Hence not only the bank management but also the central banks are concerned about treasury risk management. 7.10.2Conventional Tools of Risk Management The conventional control and supervisory measures are mostly preventive in nature. They can be divided into three parts: Organizational controls, Exposure ceilings, and Limits on trading positions and stop- loss limits. Organizational controls. Treasury is divided into two/three parts- Dealing Room (Front office), Back Office /Middle Office. Back office settles the deal generated by the dealing room only after verifying its correctness of rates etc and only on getting confirmation the other party. It will also verify whether the dealer wise ceiling, exposure ceiling etc are adhered to. Where the middle office is available, it will look into the aspect of overall compliance risk management and reporting (MIS). The middle office will also monitor liquidity and interest rate risk in line with ALM guidelines, and back office will do verification of deals, settlement and accounting. Exposure ceiling limits. Exposure limits are kept to protect the bank from credit risk. Credit risk in treasury is split into default risk and counterparty risk. The first one typically rises when bank lends in money market and the borrowing bank fails repay on due date. Weak bank may suddenly become bankrupt or a run on it may render it short on liquidity. Even assuming that in a short-term lending such eventuality rarely occurs; it is not prudent for a bank treasury to lend its entire surpluses to a single bank or a handful of banks. Counterparty risk occurs when the counterparty to transaction fails to deliver/settle its part of the transaction. Ideally all deals should take place in DvP (Delivery vs. Payment) basis it may not happen in all cases. Delivery of government securities nowadays take place on DvP basis as both funding account and securities accounts are kept with RBI only and RBI will do both functions simultaneously. In other cases also this could be achieved when RTGS system becomes fully operational. Still there will be a gap in settlement involving foreign currencies. So, in order to minimize credit risk, exposure limit for counterparty is fixed by each treasury for other banks, financial institutions, mutual funds, primary dealers, FX and security brokers amount-wise and period-wise. In fact, RBI has imposed a ceiling of 5% of total business in a year with individual brokers, exception being reported and ratified. 7.10.3Market Risk & Credit Risk The treasury may face the following risks. (a) Credit Risk, the risk of losing the funds invested together with interest fully or partly, on account of the failure of the counterparty to honour its obligations. (b) Market Risk, the risk where the price of a security, interest rates or exchange rates move in such a way that the value of an asset diminishes or the liability under the existing obligations increases. The market risk is also known as price risk. Two main components of market risk are- liquidity risk and interest rate risk. Liquidity Risk implies cash flow gap which could not be bridged. Suppose a treasury purchased a 5-year government bond (to be sold the next day at profit) by borrowing

in call money market. The next day it finds that the bond market has collapsed and it could not dispose off the security. Although the bank is solvent, it faces the liquidity risk resulting in default or delay in settling the call borrowings. Treasury is usually prepared to meet the known events. However, unforeseen events like invocation of guarantee, premature refund of large deposit, etc will stain its liquidity. It needs to have contingency plan to meet any liquidity crisis. Interest Rate Risk is there when there is liquidity crunch. When liquidity problem is there, the treasury will go to borrow from the market, exposing it to interest rate risk. These two risks could be seen as two side of a coin. Treasury has to borrow when there is mismatch between assets and liabilities. Interest rate changes also trigger adverse changes in bond (security) values. Interest rate differentials also trigger changes in forward rates in exchange market. Equity markets and commodity markets also affected by economic factors like interest artes an exchange rates. Thus market risk is a confluence of liquidity risk, interest rate risk, exchange rate risk, equity risk. All free markets are highly susceptible to speculation . In fact, speculation is the essence of the Treasurys trading position. It is the perception of future changes in interest rates and exchange rates, rather than the actual changes that directs the market movements. Market risks directly affect transaction values and there by the treasury profits. It affects the balance sheet positions. As generally treasury is in charge of ALM management it is perception of market risk and market risk management is crucial for treasury management. 7.10.4Risk Measures: VaR and Duration The uncertainty associated with movement of currency prices or security prices gives rise to price risk. The treasuries should have some idea of the inherent risks. The quest for risk solutions has lead to two important measures of risk, namely, value at risk and duration. Value at Risk (VaR) is the measurement of the most probable loss that one may incur in normal conditions over a given period due to volatility of a factor, exchange rates, interest rates, or commodity rates. VaR is given at 95% confidence level or 99% confidence level over a period. Duration is measure widely used in investment business, though the concept of duration is applicable to all assets and liabilities. 7.10.5 Use of Derivatives in Risk Management Derivatives are financial contracts which derive their value based on the underlying market for a commodity or financial product. They are used to protect the treasury transactions from market risk. They are useful in managing balance sheet risk, i.e., asset liability management. For example if an assets is highly sensitive to exchange rate risk, this risk can be avoided by entering into a forward rate contract or a option contract. 7.11 DERIVATIVE PRODUCTS 7.11.1 Derivatives and the Treasury A Derivative Product as its name suggests, does not have an independent value. Its value is derived from an underlying asset/market. It could be either positively or negatively correlated with the later. The market may be financial market (dealing in products such as foreign exchange, bonds and equities) or a commodity market (dealing in commercial products ranging from oil and gold to cotton and wheat). Of late, derivative products have been developed relating to events such as rain fall or weather as they in turn affect demands for say, agro-products and utilities like air conditioner, respectively. Forward contracts for exchange rates conventionally used by exporters, importers, traders and banks are also parts of derivative family. A requirement for a derivative instrument to come into existence is the presence of a contrary view about the emerging value of the underlying asset. For e.g. if an investor is

expecting the price of a security is to fall, he pay buy a derivative instrument called Put Option that entitles the holder to sell it a predetermined price. The writer of this instrument, i.e. the party who agrees to buy the security at this price irrespective of the prevailing market price has the opinion that the price of the security is likely to move up. A derivative product is a financial contract whose value is derived from spot prices in an underlying market (which may be a financial market or a commodity market). Derivatives always refer to a future price. The following are some of the risks which can be hedged through various derivative instruments: Price risk (equity prices, commodity prices, etc.) Interest rate risk, Exchange rate risk, Credit Risk, Behavior of weather Derivative products are widely used by bank treasuries. They use derivatives to To manage risk, including ALM risks, To cater o the requirements of corporate customers, and To trade, i.e., to take trading positions in derivative products. 7.11.2 OTC & Exchange Traded Products Banks may structure a derivative product to suit the individual client- based on his risk appetite, size of transaction, its maturity etc. Derivative products that can be directly negotiated and obtained from banks and investment institutions are called Over-the-Counter (OTC) products. Some standard derivative products are traded in exchanges like, International Monetary Exchange, Chicago (IME), London Financial Future Exchange (LIFFE), Singapore Stock Exchange (SGX) etc. 7.11.3 Types of Derivative products: Options, Futures Swaps Forwards and Futures: A forward contract is a bi-partite contract to be performed in the future. It offers tremendous flexibility and could be drawn as per mutual requirements. It has relatively poor liquidity as it is an OTC instrument. On the other hand, futures contracts are standardized and are traded on the exchanges. An option is a contract that gives one party (the option holder) the right but not the obligation to perform a specified transaction with another party (the option seller or writer). A farmer may sell another party an option to purchase the produce at any time during the next year at a specified price. A corporate bond might have an option to buy back the bond from the purchaser five years prior to maturity for a specified price. Option contract may take two forms- call and put. A call option gives the holder the right to buy the underlying asset by a certain date for a certain price. The seller, under an obligation to fulfill the contract is compensated by the call option premium or price. A put option gives the right to the holder to sell the underlying asset by a certain date for a certain price. The buyer, under an obligation to fulfill the contract is compensated by the put option premium or price. The price at which the underlying assets are would be bought at a future date is the strike price. The date on which the option right can be exercised is called the Exercise (expiry or maturity) date. Market Players in derivative trading: (1) Hedgers- are not in the market to make profit. They are there to safeguard their existing positions. (2) Speculators- are there for making profit, (3) Arbitrageurs are there to make riskless profit.
RISK AND BANKING BUSINESS CONCEPT OF RISK

In most cases we observe that there is a deviation in what we achieve from what we had planned or what we had expected. This unpredictability of the future is due to uncertainties associated with the steps that we undertake in the process or various external factors that influence the processes that are necessary to achieve our planned objective. Let us take an example. Let us suppose that you have to keep an appointment that is very important and have to reach a specified place at a specified time. You can list out the process and the uncertainties /risks involved in the said process. We may define risks as uncertainties resulting adverse outcome, adverse in relation to planned objective or expectations. Financial Risks are uncertainties resulting in adverse variation of profitability or outright losses. Insofar as profit or loss of business depend upon the net result of all cash inflows and cash outflows, uncertainties in cash inflows and/or outflows also create uncertainties in net cash flow or profit. Factors that are responsible for creating uncertainties in cash outflows and cash inflows are the risk elements. If you consider the case of a trader, his business involves purchase of goods and selling them. Purchase of goods, transportation and his administration involves outflow of funds and sales result in inflow of funds. Variation in sales volume and unit price realization create uncertainties in cash inflows. Similarly, uncertainties in cash outflow arise on account of changes in purchase price, transportation and administration costs. Uncertainties both in outflow and inflow result in uncertainties in net cash flows or profit. If sales price and/ or volume are more than what was expected or the purchase price decline or other expenses incurred are less, it will result in higher profits. The contrary situation may lead to lesser profit or even to outright losses. Risk in business would lie where profits are adversely affected. This can happen due to uncertainties associated with sales volume, sales price, purchase price and administrative and transport prices. So, these uncertainties could be called as the risk factors or risk elements in a business. The uncertainties associated with the risk elements impact the net cash flow of any business or investment. The variations in net cash flow could be favourable or unfavourable. The possible unfavourable impact is the risk of the business. In the above example, suppose that the trader is engaged in a commodity where the demand fluctuates widely and/ or price also changes substantially over a short period, say, like trading in shares. In such cases, the trader may earn high profit over short periods if everything moves favourably, or he may even incur losses in the reverse situation. In other words, in such a trading, variations in the net cash flow would be high. Favourable conditions will yield high net cash flow and high profit. In the reverse situation when the net cash flow is less, it may result in a loss. So, in the said business, we can see that even though there is likelihood of good profit but the risk of loss is high. On the other hand, if the trader limits himself to trading in bonds, the variation in net cash flow would be limited and accordingly the risk of loss is less. Lower risk implies lower variability in net cash flow with lower upside and lower downside potential. Higher risk would imply higher upside and downside potential. Zero risk means no variation in net cash flow. An example of zero risk could be a retired person investing in RBI bond of 5 year maturity of 6.50% interest payable half yearly. It will give him very low yield, but he will not have any risk of interest or principal. He had ample opportunities in the market to earn more, but as he does not want to take risk he preferred RBI bond. RISK, CAPITAL AND RETURN The above discussions have shown us what the key drivers in managing a business. How it is linked to the capital requirement of a business. Any business is linked to variation of its cash flows. The minimum capital required to run a business is that which should be able meet the maximum loss that happen to it in order to avoid bankruptcy. Profit or loss of a business is linked to variations in its net cash flows which again are linked to the risks undertaken by the entity. Capital is required for running a business is to ensure that it can meet the possibilities of losses. The possibilities of losses are linked to the variation in net cash flows which we know is linked to the risks involved in such business. This shows us the basic linkage between risk and capital. Business with large variation in net cash flow would be a business with higher risk. The profit potential and loss possibilities would be higher. Its capital requirement will be higher. Risks would have a cost too. We call it risk premium or cost of risk. Let us consider the example of two investment opportunities for Rs 50000/- for a period of 5 years: Rs. In 000s Cash Flow from Year1 Year2 Year3 Year4 Year5 Total Investment 1 6 6 6 6 6 30 Investment 2 3 9 5 -2 15 30 Both options will yield 12% simple return at the end of 5th year. But the 1st option gives steady stream of cash flow. In the 2nd option cash flow is very erratic with high variation ranging Rs 15000/- to -2000/- . People will not accept

2nd option even though ultimately both options yield same net cash flow. If people have to accept the 2nd option, there should be some rate difference, say at least 2% p.a. (total 14% simple). This 2% additional return is called the risk premium or cost of risk. When we compare two investment options, comparing the returns alone will not enable one to take investment decision. This is because each option has different risk elements associated with it. It would be desirable to account for risk elements also. Or for comparison, one has to net the risk in business or investment against the return from it. This is called Risk Adjusted Return on Investment. The Risk Adjusted Return happens to be the key factor in investment decisions. Therefore, key driver in managing a business is seeking enhancement in Risk-adjusted Return on Capital (RAROC). Higher the RAROC, higher is the reward to investors/ shareholders and more preferable such investment would be in the market. Since both capital requirement and RAROC are risk dependent; risk management assumes a critical role in the management processes of any organization.

RISK IN BANKING BUSINESS The banking industry has a wide array of business lines. A fair idea of banking business line may be had from the following table (Source: Document on International Convergence of Capital Measurement and Capital Standards- A revised frame work from Basel Committee on Banking Supervision): Business Lines Sub-groups Activities Corporate Finance Corporate Finance Mergers & Acquisitions, Municipal/Government Finance Underwriting, Privatizations, Merchant Banking Securitizations, Research, Advisory Services Govt. debts, debt & equity syndication, IPO, Secondary private placements. Trading and Sales Sales, Market making, Proprietary positions, Treasury Fixed income, Equity, Foreign exchanges, Commodities, Credit funding, Own position securities, lending and repos, brokerage, debt, prime brokerage. Retail lending & deposits, banking services, trust and sales Private lending and deposits, banking services, trust and estates, investment advice Merchant/ commercial/ corporate cards, private labels and retail Project finance, real estate, export finance, trade finance, factoring, leasing, lending, guarantees, ills of exchange Payments & Collections, funds transfer, clearing and settlement Escrow, depository services, securities lending, corporate action issuer and paying agents Pooled, segregated, retail, institutional, closed, open Execution and full services

Retail Banking

Retail Banking Private Banking Card Services

Commercial Banking

Commercial Banking

Payment and Settlement Agency Services Asset Management Retail Brokerage

External clients Custody Corporate Agency Corporate Trust Discretionary and nondiscretionary fund management Retail Brokerage

As seen above, banking business lines are many and varied. Commercial banking, corporate finance, retail banking, trading and investment banking and various financial services form the main lines of banks. Within each lines of business there are various sub groups and different activities there on. Banking may differ for each segment for the similar services. E.g., lending may extend from retail

banking to specialized finance. Again specialized finance may extend from specific fields with standard practices such as exports and commodities financing to structured financing implying specific structuring and customization for making large and risky finances feasible, such as project financing or corporate acquisitions. Banks also assemble financial products and derivatives and deliver them as a package to its clients. Banks also offer market products such as fixed income securities, shares, foreign exchange trading and derivatives like standard swaps and options. The key driver in managing all the business lines are enhancing risk adjusted expected return. This is the common factor for all business lines. But management practices vary across business lines sub groups-activities as profitability of various business lines/ activities differ and so does the risk factors associated with them. From risk management point of view banking business lines may be grouped broadly under the following major heads: The banking Book The Trading Book, and Off-Balance Sheet Exposures Let us discuss the risk associated with each of these groups. The Banking Book The banking book includes all advances, deposits and borrowings, which usually arise from commercial and retail banking operations. All these assets and liabilities have the following characteristics: a. They are normally held until maturity, and b. Accrual system of accounting is applied The banking book is mainly exposed to i. Liquidity Risk, ii. Interest Rate Risk iii. Default Risk or Credit Risk (for Asset side), and iv. Operation Risk The Trading Book Trading book includes all the assets that are marketable, i.e., assets which can be traded in the market. Contrary to the characteristics of assets held in banking book, these assets are a. Normally not held until maturity and positions are liquidated in the market after holding it for a period, and b. Mark to market system is followed, and the difference between market price and book value is taken to profit and loss account. Trading book mostly comprises of fixed income securities, equities, foreign exchange holdings, commodities, etc. held by the bank on its own account. Derivatives that are held for trading in the market or over the counter (OTC) and for hedging exposures under trading book would also form the part of trading book. Trading book is subject to adverse movements in the market prices until they are liquidated. This is termed as market risk. Trading book may have market overseas as well if it is so permitted by laws of the land. This adds to the demand and hence adds to the market liquidity. Instruments having lower demand, i.e., have lower trading volume are exposed to liquidation risk where trading may trigger adverse price movement. Trading book is also exposed to Credit Risk or Default Risk which arises due to failure of the counter party to keep its commitment. It may also be exposed to Operational Risk that arise due to human failures of omission or commission, deficiency of information system and system failure, inadequacy or non adherence to internal processes, external events, etc. Off-Balance Sheet Exposures Off- balance sheet exposure are contingent in nature. Where banks issue guarantees, committed or back up credit lines, letter of credits, etc. banks face payment obligations contingent upon some events such as failure to meet payment obligations by the customers. These contingencies add to the revenue generation of banks. Banks may have contingencies receivables where banks may be

beneficiaries subject to certain contingencies. Derivatives like swaps, futures, forward contracts, foreign exchange contracts, options also form a part of off- balance sheet market exposures. Contingent exposures may become fund based liabilities. In such case they become a part of the banking book or trading book depending upon the nature of exposure. Therefore, off balance sheet exposures may have liquidity risk, interest rate risk, market risk, default risk and operations risk. BANKING RISKS -DEFINITIONS i. Liquidity Risk,- funding risk, time risk, call risk ii. Interest Rate Risk gap or mismatch risk, yield curve risk, basis risk, embedded option risk, reinvestment risk, net interest position risk iii. Market Risk forex risk, market liquidity risk iv. Default Risk or Credit Risk (for Asset side) counter party risk, country risk v. Operation Risk- transaction risk, compliance risk, strategic risk, reputation risk RISK DIVERSIFICATION AND PORTFOLIO RISK In order to understand the concept of risk diversification, let us take an example. Let us say Mr. X has a business, business A which had the following net cash inflow (all cash inflows net of all cash outflows) in the last 5 years: Rs in 000s Cash flow Year Year 2 Year 3 Year 4 Year 5 Total Mean Standard Standard from 1 Deviatio Deviatio n n to mean Business A 10 3 4 8 11 36 7.20 3.56 0.49 The business had variations in net cash flow and therefore risks. The risk may be measured using mean and standard deviation of the past performance. The ratio of standard deviation to mean is a measure of comparing risks associated with similar cash flows. The said ratio in case of Business A is 0.49 or 49% But Mr. X, say has other four businesses the net cash flows from those businesses are shown in the following table. Rs in 000s Cash flow Year 1 Year 2 Year 3 Year 4 Year 5 Total Mean Standar Standar from d d Deviatio Deviatio n n to mean Business 10 3 4 8 11 36 7.20 3.56 0.49 A Business 3 8 1 6 4 22 4.40 2.70 0.61 B Business 12 8 9 2 4 35 7.00 4.00 0.57 C Business 6 9 2 3 5 25 5.00 2.74 0.55 D Business 7 12 5 8 6 38 7,60 2.70 0.36 E Total 38 40 21 27 30 156 31.20 7.85 0.25 Portfolio If we study the ratio of standard deviation to mean of all these businesses, we see that it ranges between 36% and 61%. If we take the case of total portfolio, its ratio is only 25%, which is less than the minimum observed in case of individual businesses (set of similar assets can be called as portfolio). The reason may be attributed to the following fact: The net cash flows arising out of these businesses are not unidirectional. While net cash flows in the year 2 had decreased businesses A and C over that in Year 1, the same had increased in case of businesses B, D and E. As a result, variation net cash flow of the portfolio has been less. This is called diversification of risk. In fact the risk associated with a portfolio is always less than the weighted average of risks of individual items in the portfolio. The portfolio approach helps in diversification of

risk. In banking business also this concept prevails. Suppose a branch has taken a credit exposure on a borrower that has risks at level 2 (according to some measure of risk). That branch and several other branches have taken level 2 risk credit exposures in another 99 borrowers. Now that bank has a portfolio of 100 accounts with level 2 risk. The portfolio risk level would be less than level 2. This is due to the effect of diversification, as all 100 accounts will not have unidirectional risk behavior. This is true in all businesses. MANAGEMENT OF RISKS Management of risks begins with identification of risk and its quantification. Then we may decide if we accept the risk or accept it at a reduced level by undertaking steps to mitigate them either fully or partially. In addition, there will be the question of pricing the transaction in accordance with its risk contents. Hence management of risk may be sub-divided into following five processes: Risk Risk Risk Risk Risk Identification, Measurement, Pricing, Monitoring and Control, Mitigation

Further, approach to manage at transaction level- branch level- and at aggregate level- sum total of all transactions at all branches- differs. This is because risk diversification that takes place at aggregate level. The aggregate risk of the organization as a whole is called Portfolio Risk. Risks at transaction level as well as portfolio level need to be managed :Take a closer look at the profit and loss account statement of a bank. The cash inflow in case of banking business come from interest earnings (from all performing advances accounts, investments and various forms of market lending), exchange, commission, fees earned, profit on sale of assets and investments. Take one such item, say, cash flow arising from interest. It is sum total of interest earned by millions of advances and other accounts spread over thousands of branches. This is true for other items of cash in- flows also. Similarly, cash outflow occurs on account of interest payment (on various deposits and borrowings, etc.) and operating expenses. The net cash flow of the bank is total of cash inflows net of out flows, arising out of millions of transactions. Cash flow that arises from each transaction has risks associated with it albeit (i.e., even though) a few exceptions. As individual cash flow has impact over total cash flow, risk at transaction level needs to be managed. Like in case of any other business, risks in banking business would depend upon the variability of its net cash flow at the aggregate level. Therefore, managing variability in aggregate cash flow is equally important and portfolio risks also need to be managed. Thus, risk management in banks is directed at transaction level as well as aggregate level (portfolio level). RISK IDENTIFICATION Nearly all transactions undertaken have one or more of the major risks i.e., liquidity risk, interest rate risk, market risk, default or credit risk and operational risk with their manifestation in different dimensions. Although all these risks are contracted at transaction level certain risks like liquidity risk and interest rate risk are managed at the aggregate or portfolio level. Risks such as credit risk, operational risk and market risk arising from individual transactions are taken cognizance at transaction level as well as at the portfolio level. At corporate level or aggregated level, banks need to identify and manage risks for the following purposes: To determine capital needs. To determine the risk adjusted return level for the bank. It is the key parameter that evaluates a banks performance.

To determine enterprise-wide risk preference To impart guidance for risk taking at transaction levels To approve banks products with due screening procedures and appropriate safe guards and fix limits on exposure, product wise and amount wise Any deviation from the set limits add to the risk content of exposure and needs clearance at corporate level

In essence, risk identification consists of identifying various risks associated with risk taking at transaction level and examining its impact on the portfolio and capital requirement. Risk content of a transaction is also instrumental in pricing the exposure as risk adjusted return is the key driving force in management of banks. A case of risk identification: Take a case of Branch B which has extended a loan of Rs 1.00 crore to a party for a period of 5 years in accordance with banks corporate policy. The rate of interest is 1 % over BPLR (Base Prime Lending Rate), BPLR being 10% . The loan is to be repaid in 20 qly installment, after a moratorium of one year. Funding of the loan is done by a deposit of same amount for 3 years obtained at 6% interest. What are the risks associated with the transaction without taking into account CRR/SLR requirements? The deposit would become payable at the end of 3 years whereas, assuming that there is no default, loan would stand repaid to the extent of 50% only (?). At the end of 3 years, it will face funding risk. In case of default, time risk will also be there. These would be liquidity risk associated with the transaction. Interest on loan is linked to BPLR whereas deposit carries fixed rate. If BPLR goes down, bank will face risk. After 3 years, funding risk will arise; deposit may be or may not be renewed. Then Gap or mismatch risk will be there. Again if deposit is renewed, it will be done at current rate only. Further loan repayment proceeds have to be deployed elsewhere. The interest rate at which it will be deployed may not be the same as the original. This will amount to reinvestment risk. Further there is possibility that the loan may be prepaid or the deposit may be prematurely withdrawn which may lead to embedded option risk. All these risks are parts of interest rate risk. In addition, there would be default risk and operational risks in the transaction. Further, this transaction would also impact risks at the aggregate level, although the incremental risk in the portfolio may be less than the risks taken at the transaction level RISK MEASUREMENT Risk management relies on quantitative measure of risk. Risk measures seek to capture variation in earnings, market value, losses due to default etc., arising out of uncertainties associated with various risk elements. Quantitative measures of risks can be classified into three categories, namely, Based on Sensitivity, Based on Volatility, and Based on Downside Potential The downside risk has two components potential losses and probability of occurrence. Potential losses may be estimated but difficulty lies in estimating probabilities. Hence, downside risk measures require prior modeling of probability distribution of potential losses. Worst case scenario serves to quantify extreme losses but has low probability of occurrence. Downside risk is the most comprehensive measure of risk as it integrates sensitivity as well as volatility along with the adverse effect of uncertainty. The banking and financial service industry and also the regulators mostly rely on this measure. The value at risk (VaR) is a downside risk measure. The risk measures are essentially forward looking. They estimate possible future losses that may arise within certain confidence level based on historical data. RISK PRICING Risks in banking transactions impact banks in two ways. Firstly, banks have to maintain necessary capital as per regulatory requirements. Capital comes at a cost. For capital raised from the market

needs to be paid by way of dividend. Both for this as well as internal generation of capital, banks need to earn sufficient profits. So, while pricing a transaction bank has to take note of this. Secondly, the probability of loss associated with all risks. This also needs to be factored into pricing. This aspect may be explained through an example. Suppose a bank has 100 credit accounts with say level 2 risks according to some measure. Say, historical observation indicates that there is an average loss of 2% on level 2 accounts. This loss is the cost associated with such risk. This cost is to be factored into in pricing. The intention is to defray the possible losses across similar transactions. In this case risk premium of 2% may be added in pricing. Risk pricing implies factoring risks into pricing through capital charge and loss possibilities. This would be in addition to the actual costs incurred in the transaction. The actual costs incurred are cost of funds that has gone into the transaction, costs incurred in giving the services, which are incurred by way of maintaining the infrastructure, employees and other relevant expenses. Thus pricing should take into account: i. Cost of deployable funds, ii. Operating expenses, iii. Loss probabilities, iv. Capital charge It may be noted that cost of funds should correspond to the term for which it is deployed. For e.g. 5 year funds may have different cost than one year fund due to time value of money. Pricing is transaction based. This is one of the key reasons for risk measurement at transaction level. RISK MONITORING AND CONTROL As stated earlier, the key driver in managing a business is seeking enhancement in risk- adjusted return on capital (RAROC). The approach to risk management cannot be in isolation or in stand- alone mode. Risk management must be simultaneously in consistent with business policies. Modern best practices consist of setting risk limits based on economic measure of risk while ensuring best risk adjusted return keeping in view the capital that has been deployed in business. It is a question of taking a balanced view on risks and returns and that within the constraints of available capital In order to achieve the above objective, banks put in place the following: i. An organizational structure, ii. Comprehensive risk measurement approach, iii. Risk management policies adopted at the corporate level, which is consistent with the broader business strategies, capital strength, management expertise and risk appetite, iv. Guidelines and other parameters used to govern risk taking including detailed structure of prudential limits, discretionary limits and risk taking functions. It is not enough to put up an organizational structure for risk management. It is important to ensure that it functions in the manner it has been planned. Therefore it is necessary to have a feed back on its functioning and on the basis of feedback it is necessary to ensure that there is no divergence from the planned target, and if at all divergence could not be avoided such divergence is kept at the level that is acceptable. For this banks need to establish adequate system for monitoring and reposting risk exposures and assessing banks changing risk profile. It requires: i. ii. iii. iv. Strong Management Information System (MIS) for reporting, monitoring and controlling risk, Well laid out procedures, effective control and comprehensive risk reporting framework, Separate risk management framework independent of operations departments with clear delineation of responsibility for management of risk, and Periodical review and evaluation.

The banks senior management or the board of directors should, on regular basis, receive reports on banks risk profile and capital needs. These reports should enable the senior management to: o Evaluate the level and trend of risks and their effect on capital levels, o Evaluate the sensitivity and reasonableness of key assumptions, o Assess banks risk profile on continuous basis and make necessary adjustments to banks

strategic plan accordingly. The banks internal control structure is essential to the process. Effective control of the process includes independent review and, where appropriate, the involvement of internal or external audits. Periodic review of risk management process to ensure its integrity, accuracy and reasonableness has to be conducted by the bank. Identification of large exposures and risk concentrations, accuracy and completeness of data inputs into the banks assessment process and stress testing and analysis of assumptions and inputs are all parts of control and monitoring processes. The banks board of directors has a responsibility to ensure that management establishes a system for assessing various risks, develops a system to relate risk to banks capital level, and establishes a method for monitoring compliance with internal policies. The board should regularly verify whether its system of internal controls is adequate to ensure well-ordered and prudent conduct of business. RISK MITIGATION Risks arise from uncertainties associated with the risk elements. So risk reduction could be achieved by adopting strategies that eliminate or reduce the uncertainties associated with the risk elements. This process is called Risk Mitigation. In case of trading, as a risk mitigation measure, one may enter into sale and purchase contract. Since a sale contract would specify volume and price, uncertainty associated them are mitigated. Similarly, the purchase contract. Likewise, the trader may have contract with transport service provider to eliminate risks pertaining to transport of goods. This may result in another type of risk called the counter party risk. In banking, we come across a variety of financial instruments and number of techniques that can be used to mitigate some of the risks as under: Risk type Credit Risk Mitigation Techniques Collateralization by first priority claims with cash or securities or landed properties, Third party guarantees Buying credit derivatives, etc Interest swaps, forward rate agreements, financial futures, etc Forex forward contracts, options, futures, etc Equity options

Interest rate risk Foreign Exchange Risk Equity price risk

Risk mitigation would involve counter party and it will always be associated with counter party risk. Modern financial markets have responded to this by introducing exchanges such as stock exchange, commodity exchange, future and option exchanges. Such exchanges take up the role of counter party and have introduced rules for risk minimization. Banks enter into contracts with exchanges as counterparty. Thus counter party risks get reduced substantially. Risk mitigation measures aim to reduce variability in net cash flow. But it will also reduce upside potential on account of underlying contracts.