Submitted by: Rochak Agarwal

08PGDM048

Acknowledgement I sincerely thank Union Bank of India for giving me this opportunity to undertake my summer project with them. It has been a wonderful experience to work in this esteemed organisation and with the people of amazing calibre. I sincerely offer my thanks to Mr. G K Bharadwaj who was my mentor for this project and currently is in the role of Chief Manager Risk Management Department for Union Bank of India. I would also like to thank Ms Monika Chauhan without whose help and support it would not have been such a learning experience. Last but not the least, this acknowledgement would not be complete without thanking Mr Unikrishnan who provided us with an opportunity to work on a challenging project and provided timely guidance in his own unique way.

Union Bank of India: Introduction Union Bank of India was founded and registered on November 11, 1919. The registered Office of the Bank was inaugurated by Mahatma Gandhi, father of the Nation in the year 1921. Along with 13 other banks, Union Bank of India was nationalized in the year 1969 in the first phase. Union Bank has the distinction of making profits consistently for the last 89 years since inception. Union Bank has offered vast and varied services to its entire valuable clientele taking care of their needs. Today, with its efficient customer service, consistent profitability & growth, adoption of new technologies and value added services, Union Bank truly lives up to the image of, Good People to bank with. Anticipative banking is an integral ingredient of value-based services. This ability to gauge the customer's needs long before he realizes, best reduces the gap between expectance and deliverance The Bank is a Public Sector Unit with 55.43% Share Capital held by the Government of India. The Bank came out with its Initial Public Offer (IPO) in August 20, 2002 and Follow on Public Offer in February 2006. Presently 44.57 % of Share Capital is presently held by Institutions, Individuals and Others. Business: Union Bank has huge and varied customer base approximating to 24 millions. The business of the bank is principally divided into three main areas: Corporate financial services Retail financial services and Agricultural financial services, along with other allied services.

In addition it also provides fee-based services including distribution of third party products. The banking operations for corporate and commercial customers include a range of products and services for large corporate customers as well as for small and medium-sized businesses.
3

Its loan products include term loans for project funding, including the creation or improvement of assets, as well as short-term loans, cash credit, export credit and other working capital financing and industry and trade related products. The bank also provides credit substitutes such as letters of credit and guarantees. In addition, it provides fee-based products and services such as cash management services.

As part of its corporate banking business, Union Bank provides financial services to Small and Medium Enterprises (SMEs) and Small Scale Industries (SSIs). Its products for these sectors are intended to facilitate the establishment, expansion and modernisation of businesses, including the acquisition of fixed assets, plant and machinery and meeting working capital needs. It generally stipulates flexible security requirements to SME and SSI borrowers to help make credit more accessible to them.

The retail banking business of Union Bank provides financial products and services to its retail customers. The products include housing, retail trade, automobile, consumer, education and other personal loans and deposit services, such as demand, savings and fixed deposits. In addition, it distributes products such as global debit cards and global credit cards. It also provides utility services such as bill payment. The bank also distributes thirdparty products, including mutual fund products and general and life insurance policies.

Union Bank has also maintained its focus on addressing the needs of agricultural customers and offers specialised products and services to the agricultural sector. It offers direct financing to farmers for production and investment, as well as indirect financing for infrastructure development and credit to suppliers of agricultural inputs.

Bank has opened 198 Village Knowledge Centres to provide information to the local community on better agriculture practices, commodities, marketing facilities and financial education. Bank also offers third party products like life and general insurance, mutual funds, on-line trading, wealth management services through tie- up with other FIs. Bank has
4

initiated a large scale transformation process named Nav Nirman to address two critical aspects of growth-instilling the drive of sales & marketing across bank staff and reconfiguration of banks business model. The transformation process focuses on four key initiatives:

Retail Asset ( marketing & processing) SME marketing & processing) Branch sales and services( improving the customer experience in the branch) Centralisation of key processes

Bank has brought all its branches under Core banking solutions. Union Bank is the first large bank to achieve 100% CBS roll out. Bank has taken lead to establish alternate delivery channels in the form of ATMs, internet banking, phone banking and Mobile Banking. Bank has introduced many technology based services like RTGS, online NEFT free of cost, on line application for products and services and online redressal of grievances.

Network and distribution The business is grouped under various Verticals and well defined Business Strategic Units were formed, which will drive the growth. Bank has a network of more than 2500 service outlets which includes specialized branches for MSME (SME SARALS), corporate credit, Union Loan points for Retail Products etc. Bank has representative offices in Abu Dhabi and Shanghai and is in the process of opening its office in Sydney, Australia. A fully fledged overseas branch was opened in Hong Kong. To serve the varied banking needs of the NRIs, Bank has placed number of Marketing Officials at various centres in UAE and Shanghai. As at March 31, 2009, Union Bank Indian branch network comprised 762 rural, 625 semi-urban, 607 urban and 564 metropolitan branches

Diversification Union Bank in partnership with Bank of India and Dai-Ichi of Japan has formed a subsidiary for distribution of Life insurance products, which has started selling the products. Bank has signed an agreement with Belgian KBC group for setting up a joint
5

venture AMC in India. Union Bank has signed MoU with NSIC for training and setting up Incubation cum Training centres to promote first generation entrepreneurs in MSME segment. Bank has entered into MoU with NCMSL for financing against warehouse receipts for agri commodities kept at NCMSL warehouses. Bank has announced opening 100 specialised Business Banking branches across the country to focus exclusively on MSME sector with turnaround time of 2 weeks for sanction of proposals. Bank has launched mobile banking facility Umobile which facilitates limited transactions and other services through mobile phones. Branch Mix for Union Bank of India

Vision To become the bank of first choice in our chosen areas by building beneficial and lasting relationship with customers through a process of continuous improvement.

Mission A logical extension of the Vision Statement is the Mission of the Bank, which is to gain market recognition in the chosen areas. To build a sizeable market shares in each of the chosen areas of business through effective strategies in terms of pricing, product packaging and promoting the product in the market. To facilitate a process of restructuring of branches to support a greater efficiency in the retail banking field. To sustain the mission objective through harnessing technology driven banking and delivery channels. To promote confidence and commitment among the staff members, to address the expectations of the customers efficiently and handle technology banking with ease. The brand and the promises Bank has adopted a simple new logo for universal appeal and to aid top of mind recall. The new logo symbolizes the qualities and values we stand for- Blue standing for the commitment and the Red for the passion the Bank brings to the work. Union bank has promised 4 key deliverables to customers based on the strength built in: o Value for money o Committed turnaround time for delivery of products and services o Choice of banking channels for customers and o Transparency in product offerings and prices

Structure Bank has a lean three-tier structure. The delegated powers have been enhanced. The decentralised power structure has accelerated decision making process and thereby Bank

quickly responds to changing needs of the customers and has also been able to adjust with the changing environment. Bank has five General Manager Offices at Ahmedabad, Pune, Lucknow, Delhi, Bangalore, Bhopal, Mumbai, Calcutta and Chennai which function as an extended arm of corporate office. It also has two Zonal Offices at Bhopal and Pune. Tier 3 comprises of 53 Regional Offices at various geographical centre of the country.

Board of Directors SHRI M.V.NAIR (Chairman & Managing Director) SHRI T.Y. PRABHU (Executive Director) SHRI S.RAMAN (Executive Director) SHRI K.V. EAPEN (Government of India Nominee ) SHRI K. SIVARAMAN (Government of India nominee on the recommendation of RBI. ) K.S. SREENIVASAN (Chartered Accountant Director ) SHRI N. SHANKAR (Workmen Director) DEBASIS GHOSH (Director representing Officer Employees ) SMT. RANI SATISH (Government Nominee Director under General Category) SHRI ASHOK SINGH (Government Nominee Director under General Category ) PROF. M.S. SRIRAM (Shareholder Director ) R. R. NAIR (Shareholder Director ) PROF. NANDLAL L. SARDA (Shareholder Director )

Growth & Performance:

Operating Profit

Net Profit

Net Interest Income

10

NPAs

Capital Adequacy Ratio

11

*Capital Adequacy Ratio is at 13.27% as of 31.03.2009 as per Basel II. Porters five Forces Framework

12

Bargaining Power of suppliers: In the banking industry, it is more of services industry and doesnt hold any suppliers. But RBI is the major regulator of banks and their working environment and can pressurize them to alter their operations in the desired manner i.e. for the benefit for the country. Bargaining Power of Customers: It is a customer driven industry i.e. customer can demand for tailor made products and thus has a high bargaining power but due to lack of proper information and knowledge banks are still enjoying good margins. Threat of new Entrants: With the Basel -2 norms being implemented in the country by 2009, more foreign players are expected to enter the Indian Banking industry and so threat of new entrants is high. Threat of New Products: The Non Banking Financial Institutions are coming up fast in the country and are poised to give stiff competition to existing players in certain segments of the industry. Competitive Rivalry within an Industry: There are many public, private and foreign players existing in the Industry and in addition to that there are a number of small players confined to particular regions in the country. Indian Banking Sector Currently banking in India is generally fairly mature in terms of supply, product range and reach, even though reach in rural India still remains a challenge for the private sector and foreign banks. With the growth in the Indian economy expected to be strong for quite some time-especially in its services sector-the demand for banking services, especially retail banking, mortgages and investment services are expected to be strong. One may also expect M&A's, takeovers, and asset sales.

13

Currently, India has 88 scheduled commercial banks (SCBs) - 28 public sector banks (that is with the Government of India holding a stake), 29 private banks (these do not have government stake; they may be publicly listed and traded on stock exchanges) and 31 foreign banks. They have a combined network of over 53,000 branches and 17,000 ATMs. According to a report by ICRA Limited, a rating agency, the public sector banks hold over 73 percent of total assets of the banking industry, with the private and foreign banks holding 19.2% and 7.5% respectively. Banking Sector in India Features A free & open banking sector where most businesses are now covered at the market-determined rates Full banking license system Highly Stable Sector despite a series of Exogenous Shocks like the Asian Crisis, Sanctions due to Nuclear Explosions, Record High Oil Prices and Large Corrections in Stock Markets Significant improvement in the Asset Quality: Net NPAs (%) have decreased from 8.1% at end-March 1997 to 2.0% at end-March 2006 despite tightening of prudential norms Capital Adequacy Ratio (%) of the banking sector has increased from 10.4% at endMarch 1997 to 12.8% at end-March 2006 Operating Expenses of SCBs have declined from 2.1% of Total Assets in 1992 to 1.8% in 2005 indicative of improved efficiency Intermediation costs of SCBs have declined from 2.9% in 1995-96 to 2.1% in 2005-06 CURRENT INDIAN BANKING SCENARIO Strong Regulatory & Supervisory system
14

 RBI has strengthened prudential norms with respect to income recognition, disclosures and capital adequacy India complies with BIS 26 norms of best practices of supervisory criteria, country risk & convertibility Indian banks are well on road towards BASEL II compliance Credit Deposit Ratio is increasing PSB : 66.2%, Pvt. Banks : 76.3% Bank credit is growing by about 30% Indian banks compare favourably with its Asian peers in asset quality Indian banking sector grew by 6 times in the last decade from Rs. 5,984 bn in 1995 to Rs. 36,105 bn. KYC norms and Anti Money Laundering regulations in force Indian banks are serving the Two Faces of India the Underprivileged, the Progressive & the Opulent with equal aplomb. About 70000 strong branch network More than 60% presence in Rural areas Consistent growth in profitability Spread is getting healthier from 3.1% in 200405 to 3.2% in 2005-06 NPL Ratios compare favourably with global trends Consistently out-performing stock indices Total Return to Shareholders continues to be attractive Indian Banks are on a high growth track Overall banking sector is growing by 18% Retail Sector (CAGR 5 years) Housing Loan : 50 %
15

Consumer Durables Credit Card Two Wheeler Loan Car Loans Other Personal Loans Opportunity spectrum for banks

: 16% : 45% : 31% : 26% : 38%

Low penetration of consumer finance at 13% of GDP Supported by structural drivers of rising income levels and growing consuming class Robust industrial and infrastructure investment pipeline estimated at over US$ 500 billion Internationalisation of Indian industry Potential for acquisition and trade finance Vast Indian Diaspora spanning the globe Potential for credit and liability products and transaction services Low penetration of insurance and asset management

Changing face of Indian Banking Industry The significant transformation of the banking industry in India is clearly evident from the changes that have occurred in the financial markets, institutions and products. While deregulation has opened up new vistas for banks to argument revenues, it has entailed greater competition and consequently greater risks. Cross- border flows and entry of new products, particularly derivative instruments, have impacted significantly on the domestic banking sector forcing banks to adjust the product mix, as also to effect rapid changes in their processes and operations in order to remain competitive to the globalized environment. These developments have facilitated greater choice for consumers, who have become more discerning and demanding compelling banks to offer a broader range of products through diverse distribution channels. The traditional face of banks as mere
16

financial intermediaries has since altered and risk management has emerged as their defining attribute. The last decade has seen many positive developments in the Indian banking sector. The policy makers, which comprise the Reserve Bank of India (RBI), Ministry of Finance and related government and financial sector regulatory entities, have made several notable efforts to improve regulation in the sector. The sector now compares favourably with banking sectors in the region on metrics like growth, profitability and non-performing assets (NPAs). Currently, the most important factor shaping the world is globalization. The benefits of globalization have been well documented and are being increasingly recognized. There is a growing realization that the ability of countries to conduct business across national borders and the ability to cope with the possible downside risks would depend, on the soundness of the financial system. This has consequently meant the adoption of a strong and transparent, prudential, regulatory, supervisory, technological and institutional framework in the financial sector on par with international best practices. Several structural changes have taken place in the financial sector since 1992. The operating environment has undergone a vast change bringing to fore the critical importance of managing a whole range of financial risks. The key elements of this transformation process have been: 1. The deregulation of coupon rate on Government securities. 2. Substantial liberalization of bank deposit and lending rates. 3. A gradual trend towards disintermediation in the financial system in the wake of increased access of corporates to capital markets. 4. Blurring of distinction between activities of financial institutions. 5. Greater integration among the various segments of financial markets and their increased order of globalisation, diversification of ownership of public sector banks. 6. Emergence of new private sector banks and other financial institutions, and, 7. The rapid advancement of technology in the financial system.

17

What is Risk? Risk means different things to different people. For some it is "financial (exchange rate, interest-call money rates), mergers of competitors globally to form more powerful entities and not leveraging IT optimally" and for someone else "an event or commitment which has the potential to generate commercial liability or damage to the brand image". Since risk is accepted in business as a tradeoff between reward and threat, it does mean that taking risk bring forth benefits as well. In other words it is necessary to accept risks, if the desire is to reap the anticipated benefits. Need for Risk Management: Risk management is a discipline for dealing with the possibility that some future event will cause harm. It provides strategies, techniques, and an approach to recognizing and confronting any threat faced by an organization in fulfilling its mission. Risk management may be as uncomplicated as asking and answering three basic questions: What can go wrong? What will we do (both to prevent the harm from occurring and in the aftermath of an "incident")? If something happens, how will we pay for it? Risk management does not aim at risk elimination, but enables the organization to bring their risks to manageable proportions while not severely affecting their income. This balancing act between the risk levels and profits needs to be well-planned. Apart from bringing the risks to manageable proportions, they should also ensure that one risk does not get transformed into any other undesirable risk. This transformation takes place due to the inter-linkage present among the various risks. The focal point in managing any risk will be to understand the nature of the transaction in a way to unbundle the risks it is exposed to.

Objectives of Risk Management Function

18

Two distinct viewpoints emerge One which is about managing risks, maximizing profitability and creating opportunity out of risks And the other which is about minimising risks/loss and protecting corporate assets. The management of an organization needs to consciously decide on whether they want their risk management function to 'manage' or 'mitigate' Risks. Managing risks essentially is about striking the right balance between risks and controls and taking informed management decisions on opportunities and threats facing an organization. Both situations, i.e. over or under controlling risks are highly undesirable as the former means higher costs and the latter means possible exposure to risk. Mitigating or minimising risks, on the other hand, means mitigating all risks even if the cost of minimising a risk may be excessive and outweighs the cost-benefit analysis. Further, it may mean that the opportunities are not adequately exploited.

Risks in Banking Risks manifest themselves in many ways and the risks in banking are a result of many diverse activities, executed from many locations and by numerous people. As a financial intermediary, banks borrow funds and lend them as a part of their primary activity. This intermediation activity, of banks exposes them to a host of risks. The volatility in the operating environment of banks will aggravate the effect of the various risks.

Based on the origin and their nature, risks are classified into various categories. The most prominent financial risks to which the banks are exposed to taking into consideration practical issues including the limitations of models and theories, human factor, existence of frictions such as taxes and transaction cost and limitations on quality and quantity of information, as well as the cost of acquiring this information, and more.

19

FINANCIAL RISKS

MARKET RISK

LIQUIDITY RISK

OPERATIONAL RISK

HUMAN FACTOR RISK

CREDIT RISK

LEGAL & REGULATORY RISK

FUNDING LIQUIDITY RISK

TRADING LIQUIDITY RISK

TRANSACTION RISK

PORTFOLIO CONCENTRATION

ISSUE RISK

ISSUER RISK

COUNTERPARTY RISK 20

EQUITY RISK

INEREST RATE RISK

CURRENCY RISK

COMMODITY RISK

TRADING RISK

GAP RISK

GENERAL MARKET RISK

SPECIFIC RISK

1. MARKET RISK

Market risk is that risk that changes in financial market prices and rates will reduce the value of the banks positions. Market risk for a fund is often measured relative to a benchmark index or portfolio, is referred to as a risk of tracking error market risk also includes basis risk, a term used in risk management industry to describe the chance of a breakdown in the relationship between price of a product, on the one hand, and the price of the instrument used to hedge that price exposure on the other. The market-Var methodology attempts to capture multiple component of market such as directional risk, convexity risk, volatility risk, basis risk, etc. Market Risk may be defined as the possibility of loss to a bank caused by changes in the market variables. The Bank for International Settlements (BIS) defines market risk as the risk that the value of 'on' or 'off' balance sheet positions will be adversely affected by movements in equity and interest rate markets, currency exchange rates and commodity prices". Thus, Market Risk is the risk to the bank's earnings and capital due to changes in the market level of interest rates or prices of securities, foreign exchange and equities, as well as the volatilities of those changes. Besides, it is equally concerned about the bank's ability to meet its obligations as and when they fall due. In other words, it should be ensured that the bank is not exposed to Liquidity Risk. Thus, focus on the management of Liquidity Risk and Market Risk, further categorized into interest rate risk, foreign exchange risk,
21

commodity price risk and equity price risk. An effective market risk management framework in a bank comprises risk identification, setting up of limits and triggers, risk monitoring, models of analysis that value positions or measure market risk, risk reporting, etc.

Types of market risk Interest rate risk: Interest rate risk is the risk where changes in market interest rates might adversely affect a bank's financial condition. The immediate impact of changes in interest rates is on the Net Interest Income (NII). A long term impact of changing interest rates is on the bank's net worth since the economic value of a bank's assets, liabilities and off-balance sheet positions get affected due to variation in market interest rates. The interest rate risk when viewed from these two perspectives is known as 'earnings perspective' and 'economic value' perspective, respectively. Management of interest rate risk aims at capturing the risks arising from the maturity and repricing mismatches and is measured both from the earnings and economic value perspective. Earnings perspective involves analyzing the impact of changes in interest rates on accrual or reported earnings in the near term. This is measured by measuring the changes in the Net Interest Income (NII) or Net Interest Margin (NIM) i.e. the difference between the total interest income and the total interest expense. Economic Value perspective involves analyzing the changes of impact on interest on the expected cash flows on assets minus the expected cash flows on liabilities plus the net cash flows on off-balance sheet items. It focuses on the risk to net worth arising from all repricing mismatches and other interest rate sensitive positions. The economic value perspective identifies risk arising from long-term interest rate gaps. The management of Interest Rate Risk should be one of the critical components of market risk management in banks. The regulatory restrictions in the past had greatly reduced many of the risks in the banking system. Deregulation of interest rates has, however, exposed them to the adverse impacts of interest rate risk. The Net Interest Income (NII) or Net
22

Interest Margin (NIM) of banks is dependent on the movements of interest rates. Any mismatches in the cash flows (fixed assets or liabilities) or repricing dates (floating assets or liabilities), expose bank's NII or NIM to variations. The earning of assets and the cost of liabilities are now closely related to market interest rate volatility Generally, the approach towards measurement and hedging of IRR varies with the segmentation of the balance sheet. In a well functioning risk management system, banks broadly position their balance sheet into Trading and Banking Books. While the assets in the trading book are held primarily for generating profit on short-term differences in prices/yields, the banking book comprises assets and liabilities, which are contracted basically on account of relationship or for steady income and statutory obligations and are generally held till maturity. Thus, while the price risk is the prime concern of banks in trading book, the earnings or economic value changes are the main focus of banking book. Equity price risk: The price risk associated with equities also has two components General market risk refers to the sensitivity of an instrument / portfolio value to the change in the level of broad stock market indices. Specific / Idiosyncratic risk refers to that portion of the stocks price volatility that is determined by characteristics specific to the firm, such as its line of business, the quality of its management, or a breakdown in its production process. The general market risk cannot be eliminated through portfolio diversification while specific risk can be diversified away. Foreign exchange risk: Foreign Exchange Risk maybe defined as the risk that a bank may suffer losses as a result of adverse exchange rate movements during a period in which it has an open position, either spot or forward, or a combination of the two, in an individual foreign currency. The banks are also exposed to interest rate risk, which arises from the maturity mismatching of foreign currency positions. Even in cases where spot and forward positions in individual currencies are balanced, the maturity pattern of forward transactions may produce mismatches. As a result, banks may suffer losses as a result of changes in premia/discounts of the currencies concerned.
23

In the forex business, banks also face the risk of default of the counterparties or settlement risk. While such type of risk crystallization does not cause principal loss, banks may have to undertake fresh transactions in the cash/spot market for replacing the failed transactions. Thus, banks may incur replacement cost, which depends upon the currency rate movements. Banks also face another risk called time-zone risk or Herstatt risk which arises out of time-lags in settlement of one currency in one center and the settlement of another currency in another time-zone. The forex transactions with counterparties from another country also trigger sovereign or country risk. The three important issues that need to be addressed in this regard are: 1. Nature and magnitude of exchange risk 2. Exchange managing or hedging for adopted be to strategy> 3. The tools of managing exchange risk Commodity price risk: The price of the commodities differs considerably from its interest rate risk and foreign exchange risk, since most commodities are traded in the market in which the concentration of supply can magnify price volatility. Moreover, fluctuations in the depth of trading in the market (i.e., market liquidity) often accompany and exacerbate high levels of price volatility. Therefore, commodity prices generally have higher volatilities and larger price discontinuities. Treatment of Market Risk in the Proposed Basel Capital Accord The Basle Committee on Banking Supervision (BCBS) had issued comprehensive guidelines to provide an explicit capital cushion for the price risks to which banks are exposed, particularly those arising from their trading activities. The banks have been given flexibility to use in-house models based on VaR for measuring market risk as an alternative to a standardized measurement framework suggested by Basle Committee. The internal models should, however, comply with quantitative and qualitative criteria prescribed by Basle Committee.

24

Reserve Bank of India has accepted the general framework suggested by the Basle Committee. RBI has also initiated various steps in moving towards prescribing capital for market risk. As an initial step, a risk weight of 2.5% has been prescribed for investments in Government and other approved securities, besides a risk weight each of 100% on the open position limits in forex and gold. RBI has also prescribed detailed operating guidelines for Asset-Liability Management System in banks. As the ability of banks to identify and measure market risk improves, it would be necessary to assign explicit capital charge for market risk. While the small banks operating predominantly in India could adopt the standardized methodology, large banks and those banks operating in international markets should develop expertise in evolving internal models for measurement of market risk. The Basle Committee on Banking Supervision proposes to develop capital charge for interest rate risk in the banking book as well for banks where the interest rate risks are significantly above average ('outliers'). The Committee is now exploring various methodologies for identifying 'outliers' and how best to apply and calibrate a capital charge for interest rate risk for banks. Once the Committee finalizes the modalities, it may be necessary, at least for banks operating in the international markets to comply with the explicit capital charge requirements for interest rate risk in the banking book. As the valuation norms on banks' investment portfolio have already been put in place and aligned with the international best practices, it is appropriate to adopt the Basel norms on capital for market risk. In view of this, banks should study the Basel framework on capital for market risk as envisaged in Amendment to the Capital Accord to incorporate market risks published in January 1996 by BCBS and prepare themselves to follow the international practices in this regard at a suitable date to be announced by RBI. The Proposed New Capital Adequacy Framework The Basel Committee on Banking Supervision has released a Second Consultative Document, which contains refined proposals for the three pillars of the New Accord - Minimum Capital Requirements, Supervisory Review and Market Discipline. It may be recalled that the Basel Committee had released in June 1999 the first Consultative Paper on a New Capital Adequacy Framework for comments. However, the proposal to provide explicit capital
25

charge for market risk in the banking book which was included in the Pillar I of the June 1999 Document has been shifted to Pillar II in the second Consultative Paper issued in January 2001. The Committee has also provided a technical paper on evaluation of interest rate risk management techniques. The Document has defined the criteria for identifying outlier banks. According to the proposal, a bank may be defined as an outlier whose economic value declined by more than 20% of the sum of Tier 1 and Tier 2 capital as a result of a standardized interest rate shock (200 bps.) The second Consultative Paper on the New Capital Adequacy framework issued in January, 2001 has laid down 13 principles intended to be of general application for the management of interest rate risk, independent of whether the positions are part of the trading book or reflect banks' non-trading activities. They refer to an interest rate risk management process, which includes the development of a business strategy, the assumption of assets and liabilities in banking and trading activities, as well as a system of internal controls. In particular, they address the need for effective interest rate risk measurement, monitoring and control functions within the interest rate risk management process. The principles are intended to be of general application, based as they are on practices currently used by many international banks, even though their specific application will depend to some extent on the complexity and range of activities undertaken by individual banks. Under the New Basel Capital Accord, they form minimum standards expected of internationally active banks. The principles are given in Annexure II. 2. CREDIT RISK Credit risk is that risk that a change in the credit quality of a counterparty will affect the value of a banks position. Default, whereby a counterparty is unwilling or unable to fulfil its contractual obligations, is the extreme case; however banks are also exposed to the risk that the counterparty might downgraded by a rating agency. Credit risk is only an issue when the position is an asset, i.e., when it exhibits a positive replacement value. In that instance if the counterparty defaults, the bank either loses all of the market value of the position or, more commonly, the part of the value that it cannot recover following the credit event. However, the credit exposure induced by the
26

replacement values of derivative instruments is dynamic: they can be negative at one point of time, and yet become positive at a later point in time after market conditions have changed. Therefore the banks must examine not only the current exposure, measured by the current replacement value, but also the profile of future exposures up to the termination of the deal. Credit risk is defined as the possibility of losses associated with diminution in the credit quality of borrowers or counterparties. In a bank's portfolio, losses stem from outright default due to inability or unwillingness of a customer or counterparty to meet commitments in relation to lending, trading, settlement and other financial transactions. Alternatively, losses result from reduction in portfolio value arising from actual or perceived deterioration in credit quality. Credit risk emanates from a bank's dealings with an individual, corporate, bank, financial institution or a sovereign. Credit risk may take the following forms In the case of direct lending: principal/and or interest amount may not be repaid; In the case of guarantees or letters of credit: funds may not be forthcoming from the constituents upon crystallization of the liability; In the case of treasury operations: the payment or series of payments due from the counter parties under the respective contracts may not be forthcoming or ceases; In the case of securities trading businesses: funds/ securities settlement may not be effected; In the case of cross-border exposure: the availability and free transfer of foreign currency funds may either cease or the sovereign may impose restrictions. Types of Credit Rating Credit rating can be classified as: External credit rating. Internal credit rating

External credit rating:

27

A credit rating is not, in general, an investment recommendation concerning a given security. In the words of S&P, A credit rating is S&P's opinion of the general creditworthiness of an obligor, or the creditworthiness of an obligor with respect to a particular debt security or other financial obligation, based on relevant risk factors. In Moody's words, a rating is, an opinion on the future ability and legal obligation of an issuer to make timely payments of principal and interest on a specific fixed-income security. Since S&P and Moody's are considered to have expertise in credit rating and are regarded as unbiased evaluators, there ratings are widely accepted by market participants and regulatory agencies. Financial institutions, when required to hold investment grade bonds by their regulators use the rating of credit agencies such as S&P and Moody's to determine which bonds are of investment grade. The subject of credit rating might be a company issuing debt obligations. In the case of such issuer credit ratings the rating is an opinion on the obligors overall capacity to meet its financial obligations. The opinion is not specific to any particular liability of the company, nor does it consider merits of having guarantors for some of the obligations. In the issuer credit rating categories are a) Counterparty ratings b) Corporate credit ratings c) Sovereign credit ratings The rating process includes quantitative, qualitative, and legal analyses. The quantitative analysis is mainly financial analysis and is based on the firms financial reports. The qualitative analysis is concerned with the quality of management, and includes a thorough review of the firms competitiveness within its industry as well as the expected growth of the industry and its vulnerability to technological changes, regulatory changes, and labour relations. Internal credit rating: A typical risk rating system (RRS) will assign both an obligor rating to each borrower (or group of borrowers), and a facility rating to each available facility. A risk rating (RR) is
28

designed to depict the risk of loss in a credit facility. A robust RRS should offer a carefully designed, structured, and documented series of steps for the assessment of each rating. The following are the steps for assessment of rating: a) Objectivity and Methodology: The goal is to generate accurate and consistent risk rating, yet also to allow professional judgment to significantly influence a rating where it is appropriate. The expected loss is the product of an exposure (say, Rs. 100) and the probability of default (say, 2%) of an obligor (or borrower) and the loss rate given default (say, 50%) in any specific credit facility. In this example, The expected loss = 100*.02*.50 = Rs. 1 A typical risk rating methodology (RRM) a. Initial assign an obligor rating that identifies the expected probability of default by that borrower (or group) in repaying its obligations in normal course of business. b. The RRS then identifies the risk loss (principle/interest) by assigning an RR to each individual credit facility granted to an obligor. The obligor rating represents the probability of default by a borrower in repaying its obligation in the normal course of business. The facility rating represents the expected loss of principal and/ or interest on any business credit facility. It combines the likelihood of default by a borrower and conditional severity of loss, should default occur, from the credit facilities available to the borrower. Credit Risk Management In this backdrop, it is imperative that banks have a robust credit risk management system which is sensitive and responsive to these factors. The effective management of credit risk is a critical component of comprehensive risk management and is essential for the long term success of any banking organization. Credit risk management encompasses identification, measurement, monitoring and control of the credit risk exposures.

29

Building Blocks of Credit Risk Management: In a bank, an effective credit risk management framework would comprise of the following distinct building blocks: Policy and Strategy Organizational Structure Operations/ Systems Policy and Strategy The Board of Directors of each bank shall be responsible for approving and periodically reviewing the credit risk strategy and significant credit risk policies.

Credit Risk Policy 1. Every bank should have a credit risk policy document approved by the Board. The document should include risk identification, risk measurement, risk grading/ aggregation techniques, reporting and risk control/ mitigation techniques, documentation, legal issues and management of problem loans. 2. Credit risk policies should also define target markets, risk acceptance criteria, credit approval authority, credit origination/ maintenance procedures and guidelines for portfolio management. 3. The credit risk policies approved by the Board should be communicated to branches/controlling offices. All dealing officials should clearly understand the bank's approach for credit sanction and should be held accountable for complying with established policies and procedures. 4. Senior management of a bank shall be responsible for implementing the credit risk policy approved by the Board.</P< LI> Credit Risk Strategy

30

1. Each bank should develop, with the approval of its Board, its own credit risk strategy or plan that establishes the objectives guiding the bank's credit-granting activities and adopt necessary policies/ procedures for conducting such activities. This strategy should spell out clearly the organizations credit appetite and the acceptable level of risk-reward trade-off for its activities. 2. The strategy would, therefore, include a statement of the bank's willingness to grant loans based on the type of economic activity, geographical location, currency, market, maturity and anticipated profitability. This would necessarily translate into the identification of target markets and business sectors, preferred levels of diversification and concentration, the cost of capital in granting credit and the cost of bad debts. 3. The credit risk strategy should provide continuity in approach as also take into account the cyclical aspects of the economy and the resulting shifts in the composition/ quality of the overall credit portfolio. This strategy should be viable in the long run and through various credit cycles. 4. Senior management of a bank shall be responsible for implementing the credit risk strategy approved by the Board. Organizational Structure Sound organizational structure is sine qua non for successful implementation of an effective credit risk management system. The organizational structure for credit risk management should have the following basic features: 1. The Board of Directors should have the overall responsibility for management of risks. The Board should decide the risk management policy of the bank and set limits for liquidity, interest rate, foreign exchange and equity price risks. The Risk Management Committee will be a Board level Sub committee including CEO and heads of Credit, Market and Operational Risk Management Committees. It will devise the policy and strategy for integrated risk management containing various risk exposures of the bank including the credit risk. For this purpose, this Committee should effectively coordinate
31

between the Credit Risk Management Committee (CRMC), the Asset Liability Management Committee and other risk committees of the bank, if any. It is imperative that the independence of this Committee is preserved. The Board should, therefore, ensure that this is not compromised at any cost. In the event of the Board not accepting any recommendation of this Committee, systems should be put in place to spell out the rationale for such an action and should be properly documented. This document should be made available to the internal and external auditors for their scrutiny and comments. The credit risk strategy and policies adopted by the committee should be effectively

Operations / Systems Banks should have in place an appropriate credit administration, credit risk measurement and monitoring processes. The credit administration process typically involves the following phases: 1. Relationship management phase i.e. business development. 2. Transaction management phase covers risk assessment, loan pricing, structuring the facilities, internal approvals, documentation, loan administration, monitoring and risk measurement. 3. Portfolio management phase entails monitoring of the portfolio at a macro level and the management of problem loans 4. On the basis of the broad management framework stated above, the banks should have the following credit risk measurement and monitoring procedures: 5. Banks should establish proactive credit risk management practices like annual / half yearly industry studies and individual obligor reviews, periodic credit calls that are documented, periodic visits of plant and business site, and at least quarterly management reviews of troubled exposures/weak credits Credit Risk Models A credit risk model seeks to determine, directly or indirectly, the answer to the following question: Given our past experience and our assumptions about the future, what is the
32

ongoing

present value of a given loan or fixed income security? A credit risk model would also seek to determine the (quantifiable) risk that the promised cash flows will not be forthcoming. The techniques for measuring credit risk that have evolved over the last twenty years are prompted by these questions and dynamic changes in the loan market. The increasing importance of credit risk modeling should be seen as the consequence of the following three factors: 1. Banks are becoming increasingly quantitative in their treatment of credit risk. 2. New markets are emerging in credit derivatives and the marketability of existing loans is increasing through securitization/ loan sales market." 3. Regulators are concerned to improve the current system of bank capital requirements especially as it relates to credit risk.

Importance of Credit Risk Models Credit Risk Models have assumed importance because they provide the decision maker with insight or knowledge that would not otherwise be readily available or that could be marshaled at prohibitive cost. In a marketplace where margins are fast disappearing and the pressure to lower pricing is unrelenting, models give their users a competitive edge. The credit risk models are intended to aid banks in quantifying, aggregating and managing risk across geographical and product lines. The outputs of these models also play increasingly important roles in banks' risk management and performance measurement processes, customer profitability analysis, risk-based pricing, active portfolio management and capital structure decisions. Credit risk modeling may result in better internal risk management and may have the potential to be used in the supervisory oversight of banking organizations.

Techniques for Measuring Credit Risk In the measurement of credit risk, models may be classified along three different dimensions:

33

1. the techniques employed, 2. the domain of applications in the credit process and 3. The products to which they are applied. Techniques The following are the more commonly used techniques: 1. Econometric Techniques such as linear and multiple discriminate analysis, multiple regression, logic analysis and probability of default, etc. 2. Neural networks are computer-based systems that use the same data employed in the econometric techniques but arrive at the decision model using alternative implementations of a trial and error method. 3. Optimization models are mathematical programming techniques that discover the optimum weights for borrower and loan attributes that minimize lender error and maximize profits. 4. Rule-based or expert are characterized by a set of decision rules, a knowledge base consisting of data such as industry financial ratios, and a structured inquiry process to be used by the analyst in obtaining the data on a particular borrower. 5. Hybrid Systems. In these systems simulation are driven in part by a direct causal relationship, the parameters of which are determined through estimation techniques. RBI Guidelines on Credit Risk New Capital Accord: Implications for Credit Risk Management The Basel Committee on Banking Supervision had released in June 1999 the first Consultative Paper on a New Capital Adequacy Framework with the intention of replacing the current broad-brush 1988 Accord. The Basel Committee has released a Second Consultative Document in January 2001, which contains refined proposals for the three pillars of the New Accord - Minimum Capital Requirements, Supervisory Review and Market Discipline. The Committee proposes two approaches, for estimating regulatory capital. 1. Standardized and
34

2. Internal Rating Based (IRB) Under the standardized approach, the Committee desires neither to produce a net increase nor a net decrease, on an average, in minimum regulatory capital, even after accounting for operational risk. Under the Internal Rating Based (IRB) approach, the Committee's ultimate goals are to ensure that the overall level of regulatory capital is sufficient to address the underlying credit risks and also provides capital incentives relative to the standardized approach, i.e., a reduction in the risk weighted assets of 2% to 3% (foundation IRB approach) and 90% of the capital requirement under foundation approach for advanced IRB approach to encourage banks to adopt IRB approach for providing capital.

RBI Guidelines for Credit Risk Management Credit Rating Framework A Credit-risk Rating Framework (CRF) is necessary to avoid the limitations associated with a simplistic and broad classification of loans/exposures into a "good" or a "bad" category. The CRF deploys a number/ alphabet/ symbol as a primary summary indicator of risks associated with a credit exposure. Such a rating framework is the basic module for developing a credit risk management system and all advanced models/approaches are based on this structure. In spite of the advancement in risk management techniques, CRF is continued to be used to a great extent. These frameworks have been primarily driven by a need to standardize and uniformly communicate the "judgment" in credit selection procedures and are not a substitute to the vast lending experience accumulated by the banks' professional staff. Broadly, CRF can be used for the following purposes: 1. Individual credit selection, wherein either a borrower or a particular exposure/ facility is rated on the CRF 2. Pricing (credit spread) and specific features of the loan facility. This would largely constitute transaction-level analysis. 3. Portfolio-level analysis. 4. Surveillance, monitoring and internal MIS

35

Assessing the aggregate risk profile of bank/ lender would be relevant for portfolio-level analysis. For instance, the spread of credit exposures across various CRF categories, the mean and the standard deviation of losses occurring in each CRF category and the overall migration of exposures would highlight the aggregated credit-risk for the entire portfolio of the bank.

The Board of Directors of Union Bank of India has the overall responsibility of ensuring that adequate structures, policies and procedures are in place for risk management and that they are properly implemented. Board approves Union Bank of India risk management policies and also sets limits by assessing Union Bank of India risk appetite, skills available for managing risk and Union Bank of India risk bearing capacity.

Board has delegated this responsibility to a sub-committee: the Supervisory Committee of Directors on Risk Management & Asset Liability Management. This is the Apex body / Committee is responsible for supervising the risk management activities of the Bank.

Further, Bank has the following separate committees of top executives and dedicated Risk Management Department:

Credit Risk Management Committee (CRMC): This Committee deals with issues relating to credit policies and procedure and manages the credit risk on a Bank-wide basis.
36

Asset Liability Management Committee (ALCO): This Committee is the decision-making unit responsible for balance sheet planning and management from the angle of risk-return perspective including management of market risk. ALCO carries out the day-to-day ALM functions in Union Bank of India. ALCO is supported by ALM Desk at Central Office, which is headed by General Manager (Risk Management). The present composition of ALCO is as under: Chairman and Managing Director Executive Director General Manager (Risk Management) General Manager (Treasury) General Manager (Credit) General Manager (Planning and Support Services) General Manager (International Banking) General Manager (Retail Banking) General Manager (DIT) General Manager (Central Accounts )

GM (Risk Management) is convener of ALCO Meetings. Functions of ALCO as detailed in the RBI circular on ALM are as follows:

Fixation of interest rate on deposits and advances Management of Liquidity risk Management of Interest Rate Risk Funding plan Determining the mix of resUnion Bank of Indiaces to be raised Capital Planning Articulation of Interest Rate View

Operational Risk Management Committee (ORMC): This Committee is responsible for overseeing Banks operational risk management policy and process.
37

Risk Management Department of the Bank at C.O. provides support functions to the risk management committees mentioned above through analysis of risks and reporting of risk positions and making recommendations as to the level and degree of risks to be assumed. The department has the responsibility of identifying, measuring and monitoring the various risk faced the bank, assist in developing the policies and verifying the models that are used for risk measurement from time to time. Independent Risk Management Cells have been set up in all Regional/Zonal/ FGM offices to carry out the day to day functions.

Credit Risk Management Credit Risk Management Policy of the Bank dictates the Credit Risk Strategy. These Polices spell out the target markets, risk acceptance / avoidance levels, risk tolerance limits, preferred levels of diversification and concentration, credit risk measurement, monitoring and controlling mechanisms. Credit Rating Credit Risk Rating is tool used in Credit Risk Management. It depicts the present assets quality and predicts the default. It is also used in individual credit selection, pricing and deciding on the terms that can be offered on a credit facility, surveillance, monitoring and internal MIS, portfolio level analysis at operating/ control units, assessing the aggregate risk profile of bank.

Standardized Credit Approval Process with well-established methods of appraisal and rating is the pivot of the credit management of the bank. Bank has comprehensive credit rating / scoring models being applied in the spheres of retail and non-retail portfolios of the bank. It is broadly Union Bank of India models. Model I : for advances above Rs.2.00 lacs and up to rs.10.00 lacs. Model II: for advances above Rs.10.00 lacs and up to Rs.1.00 crore. Model III: for advances above Rs. 1.00 crores and up to Rs.10.00 crores. Model IV: for advances above Rs.10.00 crores.

38

There are two rating models for Union Trade borrowers i.e., from Rs.2.00 lacs to rs.50.00 lacs and above Rs.50.00 lacs to Rs.5.00 crores. There is also a separate rating model for NBFC borrowers.

The Credit rating system of the Bank has eight borrower grades for standard accounts and three grades for defaulted borrowers. Proactive credit risk management practices in the form of studies of rating-wise distribution, rating migration, probability of defaults of borrowers, Portfolio Analysis of retail lending assets, periodic industry review, Review of Country, Currency, Counter-party and Group exposures are only some of the prudent measures, the bank is engaged in mitigating risk exposures.

The current focus is on augmenting the banks abilities to quantify risk in a consistent, reliable and valid fashion, which will ensure advanced level of sophistication in the Credit Risk Measurement and Management in the years ahead.

All borrowers having fund based/ non fund based exposure of more than Rs.2.00 lacs except in case of direct agriculture advances (excluding allied activities), gold loans, union Rent, Union Cash, Union smile, union mortgage, union rent, Union Home, Union comfort, Union miles, Union education advance against deposits, shares, NSCs, LIC polices, loans to intermediaries for onward lending, loan to SHGs, bridge loans for approved purposes etc are rated.

Different rating assigned to standard assets is following:

Under investment grade CR-1 (low risk) CR-2 (minimal risk) CR-3 (moderate Risk) CR-4 (satisfactory risk) CR-5 ((acceptable risk). Under non-investment grade: CR-6 (watch list) CR-7 (risk prone) CR-8 (high risk).

Tools and Imputes used for Rating:

39

Financial Statements of the borrower including Auditors report, Directors report/ responsibility statement etc., process notes, industry risk rating from CRISIL analysis from intranet (UBI NET).

The parameters followed for rating a borrower are: Borrower rating Facility rating Covering financial industrial and Management aspects. Covering compliance part, operations in the accounts and repayment experience. Risk Mitigators Covering value and quality of collaterals. In case of borrowers having exposure of above rs.10.00 crores Risk mitigators is replaced with Cash flow related parameters under Financial aspects. Business Aspects Covering Relations ship & income value.

40

Portfolio of risk in different segments: As a prudential measure aimed at better risk management and avoidance of concentration of risk, RBI has advised banks to fix limits on their exposure to individual/ group of borrowers and sensitive sectors. Fixing exposure limits to different industries/ sectors has been left to the discretion of individual banks. Each bank needs to fix its own exposure limits based on its experience and risk perception. RBI has fixed norms for exposure to single/ group borrowers as under:

Category of borrower

Ceiling as % of banks capital funds ( Tier I & Tier II) as per the audited financial statement of the previous year.

Individual borrower Individual borrower for infrastructure Group borrower Group projects. borrower for

15% 20% 40% infrastructure 50%

41

COMPOSITION OF RETAIL ASSETS Product-wise composition of Retail assets Portfolio March 09

Following are the major functions of Risk Manager : Independent Credit Rating assignment. Participation in Credit Approval Grid meetings. Doing Portfolio analysis. Tracking credit spurt at branches. Preparation of Risk Profile Templates for ROs/ ZOs. Conducting mini ORMC/CRMCs. Participating in Asset Quality Management Meeting. Incident Reporting under OR loss data. Loan Review of selected loan sanctions at Branches. Analysis of high-risk branches.

42

Follow up of installation and data feeding at branch level for DAA and preparation of RDAA. Compiling quarterly data on Rating migration and probability of default in respect of advances of Rs.1.00 crores and above. Miscellaneous assignments by RMD, C.O., from time to time like testing of Rating models, customer profitability etc. External rating Independent Rating of borrowal accounts are done for Union Bank of India internal purposes for fixing of prices and collation of long term data on rating migration and probability of default etc. However as per RBI norms regarding implementation of Basel II norms banks have been asked to comply with Standardized Approach for credit Risk. In terms of Standardized Approach for credit Risk, the risk weights for corporate /whole sale credit exposure is calculated based on the Rating of the assets by external credit rating agencies accredited by the Central Bank. Accordingly it has been decided to get the borrowal accounts with exposure of above Rs.5.00 crores rated by external Rating agencies approved by RBI. All borrowal accounts having fund based and non fund based exposure of rs.50.00 crores and above are to be rated by approved external agencies by June08 and accounts with exposure of Rs.10.00 crores and above before 2008-09. Union Bank of India has entered in to MOU with all the four approved agencies(CARE,CRISIL Ltd.,FITCH RATINGS ,ICRA Ltd.) for getting Union Bank of India borrwal accounts rated at concessional fees.

DISTRIBUTION OF RATINGS LARGE & MID CORPORATESThe Bank is having a portfolio of Rs.49442 crore(No. of Accounts 340) of more than Rs. 50 crore, out of which 216 Accounts with exposure of Rs. 31806 Crore are rated. Rating of the Accounts is as under:

43

3. LIQUIDITY RISK Liquidity risk comprises both Funding liquidity risk Trading-related liquidity risk. Funding liquidity risk relates to a financial institutions ability to raise the necessary cash to roll over its debt, to meet the cash, margin, and collateral requirements of counterparties, and (in the case of funds) to satisfy capital withdrawals. Funding liquidity risk is affected by various factors such as the maturities of the liabilities, the extent of reliance of secured sources of funding, the terms of financing, and the breadth of funding sources, including the ability to access public market such as commercial paper market. Funding can also be achieved through cash or cash equivalents, buying power and available credit lines. Trading-related liquidity risk, often simply called as liquidity risk, is the risk that an institution will not be able to execute a transaction at the prevailing market price because there is, temporarily, no appetite for the deal on the other side of the market. If the transaction cannot be postponed its execution my lead to substantial losses on position. This risk is generally very hard to quantify. It may reduce an institutions ability to manage and hedge market risk as well as its capacity to satisfy any shortfall on the funding side through asset liquidation.

4. OPERATIONAL RISK Operational risk is the risk associated with operating a business. Operational risk covers such a wide area that it is useful to subdivide operational risk into two components:
44

Operational failure risk. Operational strategic risk. Operational failure risk arises from the potential for failure in the course of operating the business. A firm uses people, processes and technology to achieve the business plans, and any one of these factors may experience a failure of some kind. Accordingly, operational failure risk can be defined as the risk that there will be a failure of people, processes or technology within the business unit. A portion of failure may be anticipated, and these risks should be built into the business plan. But it is unanticipated, and therefore uncertain, failures that give rise to key operational risks. These failures can be expected to occur periodically, although both their impact and their frequency may be uncertain. The impact or severity of a financial loss can be divided into two categories: An expected amount An unexpected amount. The latter is itself subdivided into two classes: an amount classed as severe, and a catastrophic amount. The firm should provide for the losses that arise from the expected component of these failures by charging expected revenues with a sufficient amount of reserves. In addition, the firm should set aside sufficient economic capital to cover the unexpected component, or resort to insurance. Operational strategic risk arises from environmental factors, such as a new competitor

that changes the business paradigm, a major political and regulatory regime change, and earthquakes and other such factors that are outside the control of the firm. It also arises from major new strategic initiatives, such as developing a new line of business or reengineering an existing business line. All business rely on people, processes and technology outside their business unit, and the potential for failure exists there too, this type of risk is referred to as external dependency risk.

Operational risk is often thought to be limited to losses that can occur in operating or processing centers. This type of operational risk, sometimes referred as operations risk, is an important component, but it by no means covers all of the operational risks facing the firm.

45

Our definition of operational risk as the risk associated with operating the business means significant amounts of operational risk are also generated outside the processing centers. Risk begins to accumulate even before the design of the potential transaction gets underway. It is present during negotiations with the client (regardless of whether the negotiation is a lengthy structuring exercise or a routine electronic negotiation.) and continues after the negotiation as the transaction is serviced. A complete picture of operational risk can only be obtained if the banks activity is analyzed from beginning to end. Several things have to be in place before a transaction is negotiated, and each exposes the firm to operational risk. The activity carried on behalf of the client by the staff can expose the institution to people risk. People risk is not only in the form of risk found early in a transaction. But they further rely on using sophisticated financial models to price the transaction. This creates what is called as Model risk which can arise because of wrong parameters like input to the model, or because the model is used inappropriately and so on. Once the transaction is negotiated and a ticket is written, errors can occur as the transaction is recorded in various systems or reports. An error here may result in the delayed

settlement of the transaction, which in turn can give rise to fines and other penalties. Further an error in market risk and credit risk report might lead to the exposures generated by the deal being understated. In turn this can lead to the execution of additional transactions that would otherwise not have been executed. These are examples of what is often called as process risk The system that records the transaction may not be capable of handling the transaction or it may not have the capacity to handle such transactions. If any one of the step is out-sourced, then external dependency risk also arises. However, each type of risk can be captured either as people, processes, technology, or an external dependency risk, and each can be analyzed in terms of capacity, capability or availability

Who Should Manage Operational Risk? The responsibility for setting policies concerning operational risk remains with the senior management, even though the development of those policies may be delegated, and
46

submitted to the board of directors for approval. Appropriate policies must be put in place to limit the amount of operational risk that is assumed by an institution. Senior

management needs to give authority to change the operational risk profile to those who are the best able to take action. They must also ensure that a methodology for the timely and effective monitoring of the risks that are incurred is in place. To avoid any conflict of interest, no single group within the bank should be responsible for simultaneously setting policies, taking action and monitoring risk.

Policy Setting The authority to take action generally rests with business management, which is responsible for controlling the amount of operational risk taken within each business line. The

infrastructure and the governance groups share with business management the responsibility for managing operational risk. The responsibility for the development of a methodology for measuring and monitoring operational risks resides most naturally with group risk management functions. The risk management function also needs to ensure the proper operational risk/ reward analysis is performed in the review of existing businesses and before the introduction of new initiatives and products. In this regard, the risk management function works very closely
47

with, but independent from, business management, infrastructure, and other governance group Senior management needs to know whether the responsibilities it has delegated are actually being tended to, and whether the resulting processes are effective. The internal audit function within the bank is charged with this responsibility.

Key to Implementing Bank-wide Operational Risk Management: The eight key elements are necessary to successfully implement a bank-wide operational risk management framework. They involve setting policy and identifying risk as an outgrowth of having designed a common language, constructing business process maps, building a best measurement methodology, providing exposure management, installing a timely reporting capability, performing risk analysis inclusive of stress testing, and allocating economic capital as a function of operational risk. EIGHT KEY ELEMENTS TO ACHIEVE BEST OPERATIONAL RISK MANAGEMENT.
1. Policy 8. Economic Capital 2. Risk Identification

7. Risk Analysis

3. Business Process

Best Practice
6. Reporting

4. Measuring Methodology 5. Exposure Management

48

1. Develop well-defined operational risk policies. This includes explicitly articulating the desired standards for the risk measurement. One also needs to establish clear guidelines for practices that may contribute to a reduction of operational risk. 2. Establish a common language of risk identification. For e.g., the term people risk includes a failure to deploy skilled staff. Technology risk would include system failure, and so on. 3. Develop business process maps of each business. For e.g., one should create an operational risk catalogue which categories and defines the various operational risks arising from each organizational unit in terms of people, process, and technology risk. This catalogue should be tool to help with operational risk identification and assessment.

Types of Operational Failure Risk 1. People Risk 1. Incompetency. 2. Fraud. 2. Process Risk Model Risk 1. Model/ methodology error 2. Mark-to-model error. TR 1. Execution error. 2. Product complexity. 3. Booking error. OCR 4. Settlement error. 1. Exceeding limits. 2. Security risk. 3. Volume risk. 3. Technology Risk 1. System failure. 2. Programming error. 3. Information risk. 4. Telecommunications failure.

49

4. Develop a comprehensible set of operational risk metrics. Operational risk assessment is a complex process. It needs to be performed on a firm-wide basis at regular intervals using standard metrics. In early days, business and infrastructure groups performed their own assessment of operational risk. Today, self-assessment has been discredited. Sophisticated financial institutions are trying to develop objective measures of operational risk that build significantly more reliability into the quantification of operational risk. 5. Decide how to manage operational risk exposure and take appropriate action to hedge the risks. The bank should address the economic question of the cost-benefit of insuring a given risk for those operational risks that can be insured. 6. Decide how to report exposure. 7. Develop tools for risk analysis, and procedures for when these tools should be deployed. For e.g., risk analysis is typically performed as part of a new product process, periodic business reviews, and so on. Stress testing should be a standard part of risk analysis process. The frequency of risk assessment should be a function of the degree to which operational risks are expected to change over time as businesses undertake new initiatives, or as business circumstances evolve. This frequency might be reviewed as operational risk measurement is rolled out across the bank a bank should update its risk assessment more frequently. Further one should reassess whenever the operational risk profile changes significantly. 8. Develop techniques to translate the calculation of operational risk into a required amount of economic capital. Tools and procedures should be developed to enable businesses to make decisions about operational risk based on risk/reward analysis.

Four-Step Measurement Process For Operational Risk Clear guiding principle for the operational risk measurement process should be set to ensure that it provides an appropriate measure of operational risk across all business units throughout the bank. This problem of measuring operational risk can be best achieved by

50

means of a four-step operational risk process. The following are the four steps involved in the process: 1. Input. 2. Risk assessment framework. 3. Review and validation. 4. Output. 1. Input: The first step in the operational risk measurement process is to gather the information needed to perform a complete assessment of all significant operational risks. A key source of this information is often the finished product of other groups. For example, a unit that supports the business group often publishes report or documents that may provide an excellent starting point for the operational risk assessment.

Sources of Information in the Measurement Process of Operational Risk: The Inputs (for Assessment) Likelihood of Occurrence Audit report Regulatory report Management report Expert opinion Business Recovery Plan Business plans Budget plans Operations plans Severity Management interviews Loss history

For example, if one is relying on audit documents as an indication of the degree of control, then one needs to ask if the audit assessment is current and sufficient. Have there been any significant changes made since the last audit assessment? Did the audit scope include the area of operational risk that is of concern to the present risk assessment? As one diligently

51

works through available information, gaps often become apparent. These gaps in the information often need to be filled through discussion with the relevant managers. Typically, there are not sufficient reliable historical data available to confidently project the likelihood or severity of operational losses. One often needs to rely on the expertise of business management, until reliable data are compiled to offer an assessment of the severity of the operational failure for each of the risks. The time frame employed for all aspects of the assessment process is typically one year. The one-year time horizon is usually selected to align with the business planning cycle of the bank. 2. Risk Assessment Framework The input information gathered in the above step needs to be analyzed and processed through the risk assessment framework. Risk assessment framework includes: 1. Risk categories: The operational risk can be broken down into four headline risk categories like the risk of unexpected loss due to operational failure in people, process and technology deployed within the business Internal dependencies should each be reviewed according to a set of factors. We examine these 9nternal dependencies according to three key components of capability, capacity and availability. External dependencies can also be analyzed in terms of the specific type of external interaction. 2. Connectivity and interdependencies The headline risk categories cannot be viewed in isolation from one another. One needs to examine the degree of interconnected risk exposures that cut across the headline operational risk categories, in order to understand the full impact of risk. 3. Change, complexity, compliancy: One may view the sources that drive the headline risk categories as falling under the broad categories of Change refers to such items as introducing new technology or new products, a merger or acquisition, or moving from internal supply to outsourcing, etc. Complexity refers to such items as complexity of products, process, or technology. Complacency refers to ineffective management of the business. 4. Net likelihood assessment

52

The likelihood that an operational failure might occur within the next year should be assessed, net of risk mitigants such as insurance, for each identified risk exposure and for each of the four headline risk categories. Since it is often unclear how to quantify risk, this assessment can be rated along five point likelihood continuum from very low, low, medium, high and very high. 5. Severity assessment Severity describes the potential loss to the bank given that an operational risk failure has occurred. It should be assessed for each identified risk exposure. 6. Combined likelihood and severity into the overall Operational Risk Assessment Operational risk measures are constrained in that there is not usually a defensible way to combine the individual likelihood of loss and severity assessments into overall measure of operational risk within a business unit. To do so, the likelihood of loss would need to be expressed in numerical terms. This cannot be accomplished without statistically significant historical data on operational losses. 7. Defining Cause and Effect: Loss data are easier to collect than data associated with the cause of loss. This complicates the measurement of operational risk because each loss is likely to have several causes. This relationship between these causes, and the relative importance of each, can be difficult to assess in an objective fashion. 8. Sample of a risk assessment report. Risk Assessment Report Risk Category Cause Effect Source of Probability & Magnitude Data People Loss of key staff, due Variance in revenue / to defection to competitor. a profit Delphic technique based business assessment.
53

of

Loss

on

Process

Declining productivity volume grows

Variance

in

process

Historical variance. Suppliers estimates Industry benchmarking

as costs from predicted levels, excluding

process malfunctions

Technology

Year 2000 upgrade Variance in technology expenditure running costs from

Historical variance. Suppliers estimates Industry benchmarking

predicted levels

3. Review and validation: Once the report is generated, first the centralised operational risk management group (ORMG) reviews the assessment results with senior business unit management and key officers, in order to finalize the proposed operational risk rating. Second, one may want an operational risk rating committee to review the assessment a validation process similar to that followed by credit rating agencies. This takes the form of review of the individual risk assessments by knowledgeable senior committee personnel to ensure that the framework has been consistently applied across businesses, that there has been sufficient scrutiny to remove any imperfections, and so on. The committee should have representation from business management, audit, and functional areas, and be chaired by risk management unit. 4. Output The final assessment of operational risk will be formally reported to business management, the centralised risk-adjusted return on capital (RAROC) group, and the partners in corporate governance such as internal audit and compliance. The output of the assessment process has two main uses: 1. The assessment provides better operational risk information to management for use in improving risk management decisions.
54

2. The assessment improves the allocation of economic capital to better reflect the extent of the operational riskier, being taken by a business unit. 3. The overall assessment of the likelihood of operational risk & severity of loss for a business unit can be shown as:

Mgmt. Attention
Medium Risk High Risk

Severity of Loss ($)

Low Risk

Medium Risk

Likelihood of Loss ($)

A business unit may address its operational risks in several ways. First, one can invest in business unit. Second, one can avoid the risk by withdrawing from business activity. Third, one can accept and manage risk through effective monitoring and control. Fourth, one can transfer risk to another party. Of course, not all-operational risks are insurable, and in that case of those that are insurable the required premium may be prohibitive. The strategy and eventually the decision should be based on cost benefit analysis.

55

Banking environment in India is continuously changing. Indian banks have moved from an insulted environment of regulation to uncertainties in risks. From an insulted environment by financial institutions world-wide began to recognise operational risk in the 1990s. In that sense, the term operational risk is a recent phenomenon in the context of banking and financial institutions. Heightened regulatory interest in operational risk, particularly since the late 1990s, after a series of high profile incidents and losses (Barings, Allied Irish, Daiwa and others) finally culminated in an overt treatment of operational risk under the Basel Accord (2004). Also, the Basel Committees interest in making the New Basel Capital Accord more risk sensitive and the realization that risks other than credit and market could be substantial, led to the explicit recognition of operational risk in the capital adequacy framework. Operational Risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk, *Basel Committee (2004)+.

The definition is a causative one, in as much as it talks about the causes of operational risk 1. People 2. Policies 3. Procedures and systems 4. External events.

5. LEGAL RISK Legal risk arises for a whole of variety of reasons. For example, counterparty might lack the legal or regulatory authority to engage in a transaction. Legal risks usually only become apparent when counterparty, or an investor, lose money on a transaction and decided to sue the bank to avoid meeting its obligations. Another aspect of regulatory risk is the potential impact of a change in tax law on the market value of a position. 6. HUMAN FACTOR RISK Human factor risk is really a special form of operational risk. It relates to the losses that may result from human errors such as pushing the wrong button on a computer,

56

inadvertently destroying files, or entering wrong value for the parameter input of a model.

Key Learnings I got an opportunity to work in a branch for 1 weeks time. There I got an exposure into the back-end operations of the bank relating to opening of new accounts, issuing drafts, receipt and disbursement of cash, accounting for locker rents, issuing ATM cards etc. I got better understanding of analysis of financial statements of the firms from the point of view of the banker. I got an opportunity to do the credit rating for firms who applied for loans. It gave me an insight into the different models adopted by the bank and also adjustments to be made in the financial statements for the same. I got the understanding of the various risks faced by the banks like credit risk, market risk, operational risk, etc. and the various measures adopted by the banks to face them. I made a summary of Risk profile template of the north zone of Union Bank of India to be submitted to Head office at Delhi. It is a quarterly report prepared by every zone so that the Head office may have constant update of the risk levels of each zone. I prepared the report on overdue export bill portfolio for the month ended Apr09 to be presented to the general manager.
57

I also made a report for the ALCO agenda for Mar09 on the analysis of maturity buckets of deposits (both residual and contractual) vis-a-vis maturity bucket of advances.

References:
1. www.indiastat.com 2. www.unionbankofindia.co.in/ 3. www.rbi.org.in/scripts/BS_SpeechesView.aspx?Id=304 4. www.icai.org/resource_file/11490p841-851.pdf 5. www.mckinseyquarterly.com/Better_operationalrisk_management_for_banks _1835 6. papers.ssrn.com/sol3/papers.cfm?abstract_id=882027

58