ACKNOWLEDGEMENT

The satisfaction and euphoria that accompany the successful completion of any work would
be incomplete unless we mention some of the persons, as an expression of gratitude, which
made it possible, whose constant guidance and encouragement served as a beckon light and
crowned the efforts and success.

We take this opportunity of expressing our gratitude to Mr. Satyabrata Dash (Dy manager
fin.) who has always been of immense help during the making of this research, which helped
us a great deal in enhancing our knowledge by virtue of practical application. His guidance
and support carried us all through the preparation of this project.

We regret any inadvertent omissions.

 Abstract

As we know risk and return are the two sides of the coin so for each and every business there
must be the risk which leads towards return. In current scenario of banking activities and
practice in the field of Indian banking sector where virtually the scope of economy is rising to
be vast likewise the scope of money market is going to be rise which leads to existence of
number of banks. Risk management activities in banking industry will be more pounced in
future banking because of liberalization, deregulation and global-integration of financial-
market. Especially these global-factors would be adding more vigorous depth and dimension
to the banking risks. As the risks are very correlated in nature, exposé to one risk mat lead to
another risk. Therefore management of risk in a proactive, efficient and integrated manner
will be the strength of successful banks. Evidence from across the world suggests that a
sound and evolved banking system is the reason for sustain-economic development.

India has better banking system in comparison to banking system of other developing
country. But there are certain important issues are still left that need to be addressed and
ironed out properly. The pivotal issue is risk-management. As their functional scope of area is
increasing day by day, risk management is also simultaneously becoming important
obligation for that sector .This project has given a birds’ eye view about enterprise risk
management or integrated risk management as a tool for managing risk factor which will lead
to major explanation as well as alteration in various functional area of Indian-banking sector.
As a student of mgt we will have to demystify about the steps involved in the enterprise risk
management and how the executing of these steps will leads towards risk management which
is now treaded as a most competitive strategy for each and every investing institution and
banking sector.

This is the time of retrieval of economy so each banking organization should concentrate on
it by which again we may not face this type of credit crunch crisis in near future. In this
project we have shown the various types of bank risks faced by banking institution and their
management steps taken by this tool of entire risk management which indirectly leads to
expand the scope of Indian money market and strategy against global foreign market.
CONTENTS

SL NO. PAGE NO.

 INTRODUCTION
Risk is inherent in any commercial activity and banking is no exception to this rule. Rising
global competition, increasing deregulation, introduction of innovative products and delivery
channels have pushed risk management to the forefront of today’s financial landscape.
Ability to gauge the risks and take appropriate position will be the key to success. It can be
said that risk takers will survive, effective risk managers will prosper and risk averse are
likely to perish. In the regulated banking environment, banks had to primarily deal with
credit or default risk. As we move into a perfect market economy, we have to deal with a
whole range of market related risks like exchange risks, interest rate risk, etc. Operational
risk, which had always existed in the system, would become more pronounced in the coming
days as we have technology as a new factor in today’s banking. Traditional risk
management techniques become obsolete with the growth of derivatives and off-balance
sheet operations, coupled with diversifications. The expansion in E-banking will lead to
continuous vigilance and revisions of regulations.

Building up a proper risk management structure would be crucial for the banks in the future.
Banks would find the need to develop technology based risk management tools. The
complex mathematical models programmed into risk engines would provide the foundation
of limit management, risk analysis, computation of risk-adjusted return on capital and active
management of banks’ risk portfolio. Measurement of risk exposure is essential for
implementing hedging strategies.

Under Basel II accord, capital allocation will be based on the risk inherent in the asset. The
implementation of Basel II accord will also strengthen the regulatory review process and,
with passage of time, the review process will be more and more sophisticated. Besides
regulatory requirements, capital allocation would also be determined by the market forces.
External users of financial information will demand better inputs to make investment
decisions. More detailed and more frequent reporting of risk positions to banks’ shareholders
will be the order of the day. There will be an increase in the growth of consulting services
such as data providers, risk advisory bureaus and risk reviewers. These reviews will be
intended to provide comfort to the bank managements and regulators as to the soundness of
internal risk management systems.
 Risk management functions will be fully centralized and independent from the business
profit centers. The risk management process will be fully integrated into the business
process. Risk return will be assessed for new business opportunities and incorporated into
the designs of the new products. All risks – credit, market and operational and so on will be
combined, reported and managed on an integrated basis. The demand for Risk Adjusted
Returns on Capital (RAROC) based performance measures will increase. RAROC will be
used to drive pricing, performance measurement, portfolio management and capital
management.

Risk management has to trickle down from the Corporate Office to branches or operating
units. As the audit and supervision shifts to a risk based approach rather than transaction
orientation, the risk awareness levels of line functionaries also will have to increase.
Technology related risks will be another area where the operating staff will have to be more
vigilant in the coming days.

Banks will also have to deal with issues relating to Reputational Risk as they will need to
maintain a high degree of public confidence for raising capital and other resources. Risks to
reputation could arise on account of operational lapses, opaqueness in operations and
shortcomings in services. Systems and internal controls would be crucial to ensure that this
risk is managed well.

The legal environment is likely to be more complex in the years to come. Innovative
financial products implemented on computers, new risk management software, user interfaces
etc., may become patentable. For some banks, this could offer the potential for realizing
commercial gains through licensing.

Advances in risk management (risk measurement) will lead to transformation in capital and
balance sheet management. Dynamic economic capital management will be a powerful
competitive weapon. The challenge will be to put all these capabilities together to create,
sustain and maximize shareholders’ wealth. The bank of the future has to be a total-risk-
enabled enterprise, which addresses the concerns of various stakeholders’ effectively.

Risk management is an area the banks can gain by cooperation and sharing of experience
among themselves. Common facilities could be considered for development of risk
measurement and mitigation tools and also for training of staff at various levels. Needless to
add, with the establishment of best risk management systems and implementation of
prudential norms of accounting and asset classification, the quality of assets in commercial
banks will improve on the one hand and at the same time, there will be adequate cover
through provisioning for impaired loans. As a result, the NPA levels are expected to come
down significantly.

Objective of study:
The objective of present study is to find out:

1. To know about the theoretical aspect of risk management approach

2. To know about the implementation of this approach in Indian banking sector
3. To evaluate and analyze the effectiveness of each of these approach in mitigating
the different types of risk faced by Indian banking sector.
4. Study about the strength and weakness of Indian banking sector and its prediction
5. To analyze the effect of various designed tool and technique in managing the risk
factor as a result to curb- down any cripple sorts of risk effect on Indian banking
system and its banking activities.

RISK MANAGEMENT PROCESS

The process of financial risk management is an ongoing one. Strategies need to be
implemented and refined as the market and requirements change. Refinements may reflect
changing expectations about market rates, changes to the business environment, or changing
international political conditions, for example. In general, the process can be summarized as
follows:

• Identify and prioritize key financial risks.

• Determine an appropriate level of risk tolerance.
• Implement risk management strategy in accordance with policy.
• Measure, report, monitor, and refine as needed.

Risk management needs to be looked at as an organizational approach, as management of

risks independently cannot have the desired effect over the long term. This is especially
necessary as risks result from various activities in the firm and the personnel responsible for
the activities do not always understand the risk attached to them. The steps in risk
management process are:

1. Determining objectives: - determination of objectives is the first step in the risk

management function. The objective may be to protect profits, or to develop competitive
advantage. The objective of risk management needs to be decided upon by the management.
So that the risk manager may fulfil his responsibilities in accordance with the set objectives.

2. Identifying Risks :- Every organization faces different risks, based on its business, the
economic, social and political factors, the features of the industry it operates in – like the
degree of competition, the strengths and weakness of its competitors, availability of raw
material, factors internal to the company like the competence and outlook of the
management, state of industry relations, dependence on foreign markets for inputs, sales or
finances, capabilities of its staff and other innumerable factors.

3. Risk Evaluation: - Once the risks are identified, they need to be evaluated for ascertaining
their significance. The significance of a particular risk depends upon the size of the loss that
it may result in, and the probability of the occurrence of such loss. On the basis of these
factors, the various risks faced by the corporate need to be classified as critical risks,
important risks and not-so-important risks. Critical risks are those that may result in
bankruptcy of the firm. Important risks are those that may not result in bankruptcy, but may
cause severe financial distress.

4. Development of policy: - Based on the risk tolerance level of the firm, the risk
management policy needs to be developed. The time frame of the policy should be
comparatively long, so that the policy is relatively stable. A policy generally takes the form
of a declaration as to how much risk should be covered.

5. Development of strategy: - Based on the policy, the firm then needs to develop the
strategy to be followed for managing risk. A strategy is essentially an action plan, which
specifies the nature of risk to be managed and the timing. It also specifies the tools,
techniques and instruments that can be used to manage these risks. A strategy also deals with
tax and legal problems. Another important issue that needs to be specified by the strategy is
whether the company would try to make profits out of risk management or would it stick to
covering the existing risks.

6. Implementation: - Once the policy and the strategy are in place, they are to be
implemented for actually managing the risks. This is the operational part of risk management.
It includes finding the best deal in case of risk transfer, providing for contingencies in case of
risk retention, designing and implementing risk control programs etc.

7. Review: - The function of risk management needs to be reviewed periodically, depending

on the costs involved. The factors that affect the risk management decisions keep changing,
thus necessitating the need to monitor the effectiveness of the decisions taken previously.

RISK MANAGEMENT IN INDIAN BANK

Risk faced by the bank can be segmented into three separable types from the management
perspective viz.
a. Risks that can be eliminated or avoided by simple business practices
b. Risks that can be transferred to other business participants (e.g. Insurance policy) and
c. Risks that can be actively managed at the Bank level.

Risk is any real or potential event, action or omission, internal or external, which will have an
adverse impact on the achievement of Bank’s defined objectives. Risk is inherent in every
business. Risk cannot be totally eliminated but is to be managed. Risks are to be categorised
into high risk, medium risk and low risk and then managed.
Risks can be classified into three broad categories:
 BASEL: II

Three Basic Pillars

Minimum Supervisory Market

Capital Review Discipline
Requirement process

Risk Weighted Definition of

Assets (RWA) Capital

Credit risk Market risk Operational risk

Standardized Internal
Approach (SA) Ratings Based Basic The Advanced
Approaches Indicator Standardized Measureme
Approach Approach nt
(BIA) (TSA) Approach
Foundation Advanced (AMA)
Approach Approach
(FIRB) (AIRB)
STRUCTURE OF BASEL II
Pillar 1- minimum capital requirement:-

 CREDIT RISK:-

Commercial Banks have faced difficulties over the years for a multitude of reasons, the major
cause of serious banking problems continues to be directly related to lax credit standards for
borrowers and counter-parties, poor portfolio risk management, or a lack of attention to
changes in economic or other circumstances that can lead to a deterioration in the credit
standing of bank’s counter-parties. This experience is common in both G-10 and non-G-10
countries.

a) Credit Risk is most simply defined as the potential that a bank borrower or counter party
will fail to meet its obligations in accordance with agreed terms. The goal of credit risk
management is to maximize a bank’s risk adjusted rate of return by maintaining credit risk
exposure within acceptable parameters. Banks need to manage the credit risk inherent in the
entire portfolio as well as the risk in individual credits or transactions. Banks should also
consider the relationships between credit risk and other risks. The effective management of
credit risk is a critical component of a comprehensive approach to risk management and
essential to the long-term success of any banking organization.

b) For most banks, loans are the largest and most obvious source of credit risk; however,
other sources of credit risk exist throughout the activities of a bank, including in the banking
book and in the trading book, and both on and off the balance sheet. Banks are increasingly
facing credit risk (counter party risk) in various financial instruments other than loans,
including acceptances, inter bank transactions, trade financing, foreign exchange transactions,
financial futures, swaps, bonds, equities, options and in the extension of commitments and
guarantees, and the settlement of transactions.

c) Since exposure to credit risk continues to be the leading source of problems in banks
worldwide, banks and their supervisors should be able to draw useful lessons from past
experiences. Banks should now have a keen awareness of the need to identify, measure,
monitor and control credit risk as well as to determine that they hold adequate capital against
these risks and that they are adequately compensated for risks incurred.

Basel Committee on Credit Risk:

a) The Basel Committee on Banking Supervision has unveiled a new Capital Accord (Basel-
II), which would be applicable to all international banks. This issue is under discussion
among banks and bank regulators and Basel II norms are expected to become effective by
March 2007. Although Basel-II is centered on all three aspects of risks- credit risk, market
risk and operational risk, issues associated with estimation of risk capital for credit risk are
complex in nature. Basel II has suggested Standardized Approach (SA) and the Internal
Ratings Based Approach (IRB). Under SA, risk weights are intimately related with external
ratings of various categories of borrowers. The applicability of external ratings suffers from
several limitations. Therefore, banks are expected to move to IRB.
b) The Basel Committee has enunciated 4 principles for the Management of
Credit Risk, viz.

1. Establishing an appropriate credit risk environment,

2. Operating under a sound credit granting process,
3. Maintaining an appropriate credit administration, measurement and monitoring
process; and
4. Ensuring adequate controls over credit risk.

c) Implications of Basel II Agreement:

1. Enhanced safety and soundness of the banking system

2. Regulatory Capital is brought closer to economic capital
3. Opportunity for banks to use their own methodologies.

Approaches to Credit Risk:

While the exact approach chosen by individual supervisors will depend on a host of factors,
including their on-site and off-site supervisory techniques and the degree to which external
auditors are also used in the supervisory function, all members of the Basel Committee
agreed that the principles set out should be used in evaluating a bank’s credit risk
management system. Supervisory expectations for the credit risk management approach used
by individual banks should be commensurate with the scope and sophistication of the bank’s
activities. For smaller or less sophisticated banks, supervisors need to determine that the
credit risk management approach used is sufficient for their activities and that they have
instilled sufficient risk-return discipline in their credit risk management process.

RBI on Basel Committee:

The Reserve Bank of India (RBI) had forwarded its comments on the Second Consultative
Paper (CP2) of the New Basel Capital Accord to the Basel Committee on Banking
Supervision in May 2001. Some of the highlights of its comments, relevant to Credit Risk
Management, are summarized hereunder:
a) Scope of Application: RBI is of the view that all Banks with cross-border
business exceeding say 20 or 25% of their total business may be defined as
internationally active banks.
b) Cross Holding of Capital: RBI reiterates its view that the Basel Committee may
consider prescribing a material limit (10% of the total capital) up to which cross-
holdings of capital and other regulatory investments could be permitted and any
excess investments above the limit would be deducted from total capital.
c) Claims on Sovereigns: RBI reiterates that the ratings of any those ECAs (Export
Credit Agencies) should be eligible for use in assigning preferential risk weights
which I) disclose publicly their risk scores, rating process and the procedures; ii)
subscribe to the publicly disclosed OECD methodology and iii) are recognized by
national supervisors.

d) External Credit Assessments: RBI feels that while the internationally active
banks in emerging economies may be initially required to follow the Standardized
 Approach, they may be allowed to use the Internal Ratings for assigning
preferential risk weights, on certain types of exposures, after validation of the
internal rating systems by the national supervisors.
e) Internal Rating Based Approach: RBI reiterates that national supervisors may
have discretion and flexibility in defining the exposure classes, such as corporate,
retail, sovereign and project finance.
f) Trading Book Issues: RBI reiterates that the capital charge for specific risk in the
banking and trading books be consistent to avoid regulatory arbitrages.

It can be observed from the foregoing that RBI is fully committed to implement the best
international practices.

Steps initiated by RBI:

A seminar for the Chief Executives of select banks was conducted by RBI in July 2004 to
sensitize banks on the framework, opportunities and challenges emerging out of Basel II
norms. Banks were also advised to undertake a self assessment of their existing risk
management systems taking into account the three major risks covered under Basel I and to
concurrently initiate appropriate measures to upgrade them to match up to the minimum
standards prescribed under Basel II. Further, in view of the complexities involved in
migrating to Basel II, a Steering Committee comprising members from Banks, IBA and RBI
has been constituted. The Steering Committee would form sub-groups for purpose of
assisting it on various matters. On the basis of the inputs received from the Steering
Committee, RBI would prepare draft guidelines for implementation of Basel II norms and
place them in the public domain.

Credit Risk Management:

Credit Risk Management encompasses identification, measurement, monitoring and

control of the credit risk exposures. The effective management of credit risk is a
critical component of comprehensive risk management and is essential for the long-
term success of any banking organization.
Expected Benefits:

a. Minimize future regulatory capital requirements - It is expected that Basel II

compliance will increase the return on equity by 10-20% annually.

b. Use enhanced economic capital frameworks to proactively manage

relationship with FSA on setting “buffer” capital requirements.

c. Create best practice risk management framework.

d. Capturing cost efficiency of integrated risk scoring in the lending business.

e. CPM is more tightly aligned with Risk Management Process - access risk
adjusted performance.
 f. Improve risk-adjusted profits via disciplined internal capital allocation.

g. Use embedded value metrics for business risk to help size economic capital
requirements.

h. Implement risk- adjusted pricing at the consumer level.

i. Use customer embedded value models to help steer strategic planning.

j. Incorporate risk in customer segmentation for selling, servicing, monitoring,

collection and recoveries.

Major Tasks for Commercial Banks: - Credit Risk Management involves the following
macro level tasks:

 Credit Policy and Procedures

 Risk Assessment Systems
 Monitoring Concentrations
 Portfolio Management Model
 Implementation of Systems.

Limitations / Challenges:

a) Since considerable amount of resources are being spent by each bank in

building various Credit Risk Management models, these banks may be rather
reluctant to part with the information / data, the availability of which would be
essential for meaningful analysis.
b) Many potential problems in complying with Basel II credit requirements can
be categorized as “operational risks”. Credit compliance needs to be closely co-
ordinate with operational risk compliance.

c) As of now, the RBI has only issued broad guidelines and as the time for
implementation of Basel II accord (March 2007) approaches, Committees / Sub-
committees of Banks may be formed to bring out Credit Risk Assessment models
appropriate to Indian Banking. In essence, the present situation is quite fluid and
several administrative / regulatory changes could be expected in the times to
come.

d) In as much as several commercial banks with variations in genesis,

incorporation, constitution, customer base, capital funds, market segmentation,
extent of foreign business, etc. it would be rather difficult to evolve a uniform
Credit Risk Management model. Therefore, it would be incumbent to design
 credit risk management models specific to suit each commercial banks, which is
not an easy task in itself.

e) Building Credit Risk Models essentially, presupposes availability of the past

operational data / loss data with commercial banks – collated preferably on
computers, which would facilitate further analysis and drawing inferences. This is
going to pose one of the biggest challenges / greatest limitations among
commercial banks in India since many commercial banks have not yet created
electronic based data bases of their customer-related past operations.

CREDIT RISK MITIGATION:-

Credit risk mitigation is an essential part of credit risk management. This refers to the
process through which credit risk is reduced or it is transferred to a counter party.
Strategies for risk is reduction at transaction level differ from that at portfolio level.
At transaction level banks use a number of techniques to mitigate the credit risks to
which they are exposed. They are mostly traditional techniques and need no
elaboration. They are, for example, exposures collateralized by first priority claims,
either in whole or in part, with cash or securities, or an exposure guaranteed by a third
party. Recent techniques include buying a credit derivative to offset credit risk at
transaction level.
At portfolio level, asset securitization, credit derivatives, etc., are used to mitigate risk
in the portfolio. They are also used to achieve desired diversification in portfolio as
also to develop a portfolio with desired characteristic. It must be noted that while the
use of CRM techniques reduces or transfers credit risk, it simultaneously may
increase other risks such as legal, operational, liquidity and market risks. Therefore, it
is imperative that banks employ robust procedures and processes to control these risks
as well. In fact, advantages of risk mitigation must be weighed against the risks
acquired and it’s interaction with the bank’s overall risk profile.

MARKET RISK IN BANK

Bank has also several activities and undertakes transactions that result in Market
exposure. They are not immune to these risks. They face it too. All such transactions are
reflected in the trading book.

1. A trading book consists of bank’s property positions in financial instruments covering

 Debt Securities
 Equity
 Foreign exchange
 Commodities
 Derivatives held for trading
2. They also include positions in financial instruments arising from match principal
brokering and market making, or positions taken in order to hedge other elements of
the trading book.
 They are held with trading intent and with the intention of benefiting in the
short-term, from actual and/or expected differences between their buying and selling
prices or hedging other elements in the trading books.
A bank’s trading book exposure has the following risks, which arise due
to adverse changes in market variables such as interest rates, currency exchange rate,
commodity prices, market liquidity, etc. and their volatilities and impact bank’s
earnings and capital adversely.
1. Market Risk
2. Liquidation Risk
a. Asset liquidity risk
b. Market liquidity risk
3. Credit and Counterparty risks
1. Market Risk

Market risk is the risk of adverse deviation of the market-to-market value of the trading
portfolio, due to market movements, during the period required to liquidate the transactions.
If it gets longer, so do the deviations from the current market value. Earning for the market
portfolio are profit and loss (P&L) arising from transaction. The P& L between two dares in
the variation of the market value. Any decline in value, results in market loss.

However, it is possible to liquidate tradable instruments or to hedge their future changes of

value at any time. This is the rational for limited market risk to the liquidation period. In
general, the liquidation period varies with the type of instruments. It could be short (1 day)
for foreign exchange and much longer exotic derivatives.

2. Liquidation risk

Trading liquidity is ability to freely transact in professional markets at reasonable prices.

Trading liquidity is ability to liquidate positions without

 Affecting market prices

 Attracting the attention of other market participants

Trading liquidity allow one to transact without compromise on counter party quality.
Liquidation involves asset and market liquidity risks. Price volatility is not the same in high
liquidity and poor liquidity situations. When liquidity is high the adverse deviations of prices
are much lower than in a poor liquidity environment, within a given horizon. Pure market risk
generated by exchange of market parameters differs from market liquidity risk.

Asset liquidation risk refers to a situation where a specific asset faces lack of trading
liquidity.
Market liquidation risk refers to a situation when there is a general liquidity crunch in the
market and it affects trading liquidity adversely.

3. Credit and Counterparty Risks

Markets value the credit risk of issuers and borrowers and it reflects in prices. Credit risk of
traded debts such as bonds and debentures and commercial papers etc., are indicated by
Credit Rating which is indicated by rating agencies. Credit rating indicates risk level
associated with the instruments and is factored into as add- ones to the risk- free rate of the
corresponding maturity. Lower the risk level lower the spread risk free rate.

Credit risk may arises either of account of default of the issue/ borrower or because of rating
migration. When rating of a financial instrument is lowered, the spread over the risk free rate
increase as market demands higher yield on a higher risk instrument. This results in price of
instrument. Where a default, either in payment of installment or interest, takes place, market
price of market instrument arises. Here adverse impact on price of financial instrument arises
because of deterioration of credit quality of the instrument.

Derivatives are over the counter instruments not liquid as market instruments.
Theoretically, banks hold these assets until maturity, and bear credit risk since they exchange
flow of funds with counterparties subject to default risk. For derivatives, credit risk interacts
with market risk in that the market to market value depends upon market movements. It is
present value of all future flows at market rates.

In the market transaction, there is one party that pays money and receives a given
quantity of financial paper. The other party or the counterparty does the opposite. The
counterparty receives the money and parts with given quantity of financial papers. If any one
of the transacting parties defaults in completing the settlement, the other party suffers. This
is known as settlement risk. This is a risk may lead to systemic risk and therefore monetary
authorities usually takes steps to put in place a risk free risk settlement system to obviate the
risk. In India reserve bank of India has since put in place ‘real-time gross settlement system’
for the purpose.

RISK MEASUREMENT

Market risk measures based on

 Sensitivity
 Downside potential

1. Sensitivity

Sensitivity captures deviation of market price due to unit movement of a single market
parameter. Supply-demand position, interest rate, market liquidity, inflation, exchange
rate etc., are the market parameters, which drive market values.
 Sensitivity is measured as change in market value due to unit change in the variable.
For example, where market value of a portfolio of bonds changes by Rs. 100,000 for 1%
change in the rate of interest, interest rate sensitivity of the portfolio is Rs. 100,000. This
gives us a measure of risk associated with the portfolio vis-à-vis change in rate of interest.
This measure suffers from the fact that it does not consider impact of other parameters, which
may also change simultaneously. Secondly, the measure does not remain constant for all the
values of the variable. Say, the interest rate sensitivity of a bond is Rs. 100 when the yield on
the bond is 5%. If the yield on the bond rises to 8%, its interest rate sensitivity would not
remain at Rs. 100.

Nevertheless, sensitivity is relied upon as a measure, particularly those that are based
on changes in interest rates. Two of them, Basis Point Value (BPV) and Duration that are
used quite frequently, are discussed below.

Downside Potential

Risk materializes only when earnings deviate adversely. Downside potential only
captures possible losses ignoring profit potential. Downside risk is the most comprehensive
measure of risk as it integrates sensitivity and volatility with the adverse effect of uncertainty.
This is the measure that is most relied upon by banking and financial service industry as also
the regulators.

RISK MONITORING AND CONTROL

Risk monitoring and control calls for implementation of risk and business policies
simultaneously. It consists of market risk limits or controlling market risk, based on
economic measures of risk while ensuring best risk adjusted return. Controlling market risk
means keeping the variations of the value of a given portfolio within given boundary values
through actions on limits, which are upper bounds imposed on risks. This is achieved through
the following.

1. Policy guidelines limiting roles and authority.

2. Limits structure and approval process

3. System and procedures to unbundled products and transactions to capture all risks.

4. Guidelines on portfolio size and mix.

5. System for estimating portfolio risk under normal and stressed situations.

6. Defined policy for mark to market.

7. Limit monitoring and reporting

8. Performance Measurement and Resource Allocation.

Risk measurement has a critical role in controlling and monitoring of market risk.
Role of risk measurement in controlling and monitoring involves setting up of limits and
triggers and monitoring them. Risk positions should also be reported to designated authority.
Further, models are used for risk measurement, valuations and mark to market of portfolio.
This calls for a system to monitor the models as well.

Limits and Triggers

Approved market risk limits for factor sensitivities and Value at Risk duly set by designated
authority (usually by the Risk Policy Committee). The approval is based on unit’s capacity
and capability to perform within those limits, effectiveness of controls, and trading revenues.

 Sensitivity and Value at Risk limits for trading portfolios and accrual portfolios are
measured daily. Where market risk is not measured daily, Risk Taking Units must
have procedures that monitor activity to ensure that they remain within approved
limits at all time.
 Approved management triggers or stop-loss for all mark to market risk taking
activities.
 Appropriate market risk limits or basis risk for the products wherever applicable in
the Market Risk Product Programmed.
Risk Monitoring

 A monitoring process to ensure that all transactions are executed and revalued at
prevailing market rates; rates used at inception or for periodic marking to market for
risk management or accounting purposes must be independently verified.
 Financial Models used for revaluations for income recognition purposes or to measure
or monitor Price Risk must be independently tested and certified.
 Stress tests must be performed preferably quarterly with predetermined changes in the
underlying assumptions of the model/market conditions.
RISK MITIGATION

Market risk arises due to volatility of financial instrument. The volatility of financial
instruments is instrumental for both profits and risk. Risk mitigation in market risk i.e.,
reduction in market risk is achieved by adopting strategies that eliminate or reduce the
volatility of the portfolio. However, there are couples of issues that are also associated with
risk mitigation measures.

1. Risk mitigation measures aim to reduce downside variability in net cash flow but it
also reduces upside potential or profit potential simultaneously.

2. In addition, risk mitigation strategies, which involve counterparty, will always be

associated with counterparty risk. Of course, where counterparty is an established
‘Exchange’, counterparty risk gets reduced very substantially. In OTC deals, counterparty
risk would depend upon the risk level associated with party to the contract.

OPERATIONAL RISK MANAGMENT

Operational Risk Management (ORM) is emerging as an important component of sound

integrated risk management in the wake of phenomenal increase in the volume of financial
transactions, high degree of structural changes and complex technological support systems.
The Basel Committee on Banking Supervision, as part of the New Basel II Accord
(hereinafter referred to as Basel II), has underscored the importance of operational risk,
which represents broad spectrum of risks related to banking which are distinct from credit
and market risks. Experience suggests that risks other than those related to credit and market
can be significant.

Basel II has outlined a set of principles that provides guidance for effective management and
supervision of operational risk. Based on these principles, Reserve Bank of India (RBI) has
brought out guidelines on various aspects of Operational Risk Management. RBI has advised
banks to have a well defined operational risk management policy in place.

The Bank’s Board had approved in 2003 an ORM Policy. In the light of the Basel II and RBI
guidelines, the existing Policy has since been reviewed. The revised Operational Risk
Management Policy of the Bank intends to establish a risk framework that will guide the
Bank in management of operational risk and allocation of capital for potential losses. This
policy requires that all functional areas, departments and business units of the Bank identify,
assess, mitigate, monitor, measure and report on their significant operational risks in a
consistent manner across the Bank. This policy applies to all business and functional areas
within the Bank. Operational risk management policy will be supplemented by operational
systems, procedures and guidelines, which would be developed and issued by the Bank.
These systems, procedures and guidelines would formally document delegations of authority
and/or responsibility, and the process for authorizing specific exceptions to the policy, if any.
Through improved risk management and consequent reduction in loss rates, operational risk
management is expected to protect and enhance shareholder value, customer confidence and
stakeholders’ trust.

Scope

The purpose of this policy is to establish explicit and consistent Operational Risk
Management framework in the Bank that would result in the systematic and proactive
identification, assessment, measurement, monitoring, mitigation and reporting of the
operational risks. This Policy would be applicable to all branches/offices of the Bank and is
to be read in conjunction with related operational guidelines to be issued in this regard.

Objectives of Operational Risk Management Policy

The specific objectives of the Bank’s operational risk management policy are as follows.

 To Reduce Impact and Probability of Loss Events – Through the introduction of sound
practices for operational risk, reduce the probability and potential impact of losses,
proactively and cost effectively.
 To Improve Controls and Mitigate Risks – Help functional areas improve controls
towards mitigation of significant operational risks throughout the Bank.
 To Have Better Capital Management – Help in meeting the capital adequacy
requirements set out by RBI including providing Capital for unexpected losses from
operational risks. .
 To Create Awareness – Develop a common understanding of Operational Risk across
the Bank involving every employee at all levels.
 To Assign Risk Ownership – Ensure that there is clear ownership for each element of
operational risk and assign clear responsibility for risk management and mitigation.
 To Comply with Regulation – Meet the regulatory requirements emanating from the
relevant pronouncements of RBI and Basel II. Foreign offices / branches shall have to
comply with the regulatory requirements of the Home Country Supervisor (RBI) and also
that of the Host Country in which they operate.
 To Reward Better Risk Management – Create awareness of the level of risk undertaken
and ensure that product pricing compensates for the same. Explore the range of
alternatives for risk mitigation and choose the most cost effective solution to address the
operational risk incurred.
 To Improve Quality of Services/Products/Processes –Apply proven risk management
techniques to improve the overall quality of Bank’s products, processes, and services.

Various contributing factors for operational risk

 People Risk
Placement, competency, work environment, motivation, turnover / rotation etc.

 Process Risk
o Transaction Risk- Transaction guidelines, errors in execution of transaction,
product complexity, competitive disadvantage, documentation/contract risk etc.
o Operational Control Risk –violation of controls, operational disruptions,
exceeding of limits, money laundering, fraud etc.
o Model Risk- mark to model error, model methodology error etc.
 Systems Risk
o Technology Risk- system failure, system security, programming error,
communications failure etc.
o MIS Risk.
 Legal and Regulatory Risk
It can be defined as failure, to comply with laws and regulations, (e.g. company,
industry, environment, data protection, taxation, money laundering) to protect fully
organization’s legal rights and to observe contractual commitments. It also includes
but not limited to exposure to fines, penalties or punitive damages resulting from
supervisory actions as well as private settlements.

 Event Risk
Operating Environment Risk (external factors risk) unanticipated changes in external
environment other than macro economic factors.

Operational Risk Loss Events

The Bank shall classify the operational risk events having the potential to result in substantial
losses based on Basel II and RBI guidelines, as under:
 Internal fraud
 External fraud
 Employment practices and workplace safety
  Clients, products and business practices
 Damage to physical assets
 Business disruption and system failures
 Execution, delivery and process management
The following tools, among others, will be used for identifying and assessing operational risk
in the Bank:
 Self Risk Assessment: Bank shall assess its operations and activities under various
business lines against a menu of potential operational risk vulnerabilities. This
process is internally driven involving operating functionaries at different levels.
 Risk Mapping: In this process, various business units, organizational functions or
process flows are mapped by risk type. This exercise, when undertaken, is expected
to reveal areas of weakness and help priorities subsequent management action.
 Key Risk Indicators: Key risk indicators are statistics and/or metrics, often
financial, which can provide insight into a bank’s risk profile. These indicators
should be so identified and reviewed on a periodic basis.

Monitoring of Operational Risk

The Bank shall develop and implement an appropriate process to regularly monitor and
periodically report operational risk profiles and material exposure to losses to the Senior
Management and Board. This will be in addition to the existing control and monitoring
systems. Each Strategic Business Unit and other departments concerned will be responsible
for control and monitoring of operational risk in their areas of operation.

Control and Mitigation of Operational Risk

The basic objectives of the Operational Risk Management Policy are to control and mitigate
operational risks. The following measures, which are being used by the Bank for this
purpose, will be strengthened to suit Basel II and RBI requirements:
 Internal Controls and Systems
 Training
 Reward System
 Placement and Rotation of Staff
 Fraud Monitoring
 Disciplinary Proceedings System
Measurement of Operational Risk
A key component of risk management is measuring the level of Bank’s risk exposure in
various business lines. Measuring operational risk would cover both estimating the
probability of a loss event and the potential size of the loss. Operational Risk assessment
would address the frequency of a potential risk event and the severity of the effect. This
would also help in identifying the risk events and creating metrics for risk indicators. All risk
events would be categorized under four categories: High Frequency High Severity, High
Frequency Low Severity, Low Frequency High Severity and Low Frequency Low Severity
events. Besides quantitative analysis of operational risk, qualitative assessment such as
scenario analysis will be an integral part of measuring Bank’s operational risk. Data on
Bank’s historical loss experience could provide meaningful information for assessing the
Bank’s exposure to operational risk. The Bank would therefore put in place a framework for
systematically tracking and recording the frequency, severity and other relevant information
on individual loss events. Based on this information a data base will be constructed.

The internal loss data would also cover actual loss, potential loss, near misses, attempted
frauds etc. For the purpose of internal data collection, RBI has advised the banks to have an
appropriate gross loss threshold limit (say Rs.10,000) so that the data captured would cover at
least 95 % of the Bank’s total loss due to operational risks. Taking into account our Bank’s
position, a threshold limit of Rs.1,00,000/- is proposed for internal collection of Loss Data.
Bank would also collect external loss data to the extent possible and will determine the
methodologies to be used to incorporate the data.

Capital Allocation for Operational Risk

Basel II has put forward a framework consisting of three options for calculating operational
risk capital charges in a ‘continuum’ of increasing sophistication and risk sensitivity. These
options are, in the order of their increasing complexity: (i) the Basic Indicator Approach (ii)
the Standardised Approach and (iii) Advanced Measurement Approaches.

Basic Indicator Approach

As per the Prudential Guidelines on Capital Adequacy issued by RBI, the Bank shall adopt
Basic Indicator Approach with effect from March 31, 2007. Accordingly using this method
the Bank shall provide 15% of average gross income for the preceding 3 years as capital for
Operational Risk.

Standardised Approach

Under the Standardised Approach, the Bank’s activities would be divided into the 8 business
lines (vide Para 4) against each of which, a broad indicator is specified to reflect the size or
volume of banks’ activities in that area.

Within each business line, the capital charge is calculated by multiplying the indicator by a
factor (beta) assigned to that business line. Under this approach, the gross income is
measured for each business line and not for the Bank as a whole. However, the summation of
the gross income for the eight business lines should aggregate to the gross income of the bank
as computed under the Basic Indicator Approach. The total capital charge for the Bank as a
whole under the Standardised Approach is calculated as the simple summation of the
regulatory capital charges across each of the business lines.

Advance Measurement Approaches (AMA)

Under Advance Measurement Approaches, the regulatory capital will equal the risk capital
measured by Bank’s internal operational risk measurement system using Bank specific
statistical models in due course as per regulatory guidelines in the time frame to be prescribed
by RBI. The Bank shall initiate and chart out the action plan for the purpose of quantification
of operational risk under AMA so that Bank can migrate smoothly and in a time bound
manner to AMA for regulatory capital requirements.

Principles and Sound Practices for Operational Risk Management

Basle II has evolved internationally accepted sound practices for management and
supervision of operational risks in banks, which shall be adopted by the Bank. These are
detailed below:

1. The Board of Directors of the Bank will be kept informed of all major aspects of the
bank’s operational risk profile as a distinct risk category that needs to be managed.
They would approve and periodically review the Bank’s ORM Policy and framework.
2. The Board of Directors of the Bank would ensure that the Bank’s operational risk
management framework is subject to effective and comprehensive internal audit by
 Inspection and Management Audit department (I&MA) in order to receive assurance
regarding its effective application.
3. Operational Risk Management Department / Cell would be responsible for
implementing and maintaining the ORM framework as approved by the Board of
Directors. The framework shall be consistently implemented throughout the Bank.
Employees at all levels would be provided with training to gain an understanding of
their responsibilities in respect of operational risk management.
4. The Bank would develop and communicate enabling policies, processes and
procedures for managing operational risk in all of the Bank’s products, activities,
processes and systems.
5. Operational Risk Management Department / Cell would ensure implementation of
processes to support the proactive identification and assessment of the significant
operational risks inherent in all products, activities, processes and systems. The
operational risk inherent in new products, activities, processes and systems should be
proactively assessed and remedied before they are introduced or implemented.
6. Operational Risk Management Department / Cell in coordination with business units
would implement processes to regularly and proactively monitor operational risk
profiles and potential material exposures to losses and report pertinent information on
a timely basis to Senior Management, ORMC and the Board of Directors.
7. The Bank would develop contingency arrangements and business continuity plans to
ensure continuity of operations in the event of a disaster and to restrict direct and
indirect loss that could be incurred in the event of severe business disruption.

PILLAR 2-SUPERVISORY REVIEW PROCESS:-

Pillar 2 introduces two critical risk management concepts: the use of economic capital,
and the enhancement of corporate governance, encapsulated in the following four
principles:

Principle 1

Bank should have a process for assessing their overall capital adequacy in relation to their
risk profile and a strategy for maintaining their capital levels the key elements of this
rigorous process are

 Board and senior management attention.

 Sound capital assessment of risks.
 Comprehensive assessment of risks.
 Monitoring and reporting
  Internal control review.

Principle 2

Supervisors should review and evaluate bank’s internal capital adequacy assessments and
strategies, as well as their ability to monitor and ensure their compliance with regulatory
capital ratios. Supervisors should take appropriate supervisory action if they are not
satisfied with the result of this process. This could be achieved through:

 On- site examinations or inspections

 Off-site review
 Discussion with bank management
 Review of work done by external auditors
 Periodic reporting

Principle 3

Supervisors should expect banks to operate above the minimum regulatory capital ratios and
should have the ability to require banks to banks to hold capital in excess of the medium.

Principle 4

Supervisors should seek to intervene at an early stage to prevent capital from falling below
the minimum levels required to support the risk characteristics of a particular bank and
should required repaid remedial action if capital is not maintained or restored.

Participations under pillar 2 seek to address the residual risk not adequately covered under
pillar 1, such as a concentration risk, interest rate risk in banking book, business risk and
strategic risk. ‘Stress testing’ is recommended to capture event risk. Pillar 2 also seeks to
ensure that internal risk management process in the banks is robust enough. The combination
of pillar 1 and pillar 2 attempt to align regulatory capital with economic capital.

PILLAR3-MARKET DISCIPLINE:-
The focus of pillar 3 on market discipline is designed to complement the minimum capitals
requirement pillar 1 and the supervisory review process. pillar 2 with this, the basal
committee seeks to enable market participants to assess key information about a bank’s risk
profile and level of capitalization there by encouraging market discipline through increased
disclosure. public disclosure assumes greater importance in helping banks and supervisors to
manage risk and improve stability under the new provisions, which place reliance on internal
methodologies providing banks with greater discretion in determining their capital needs.

It has been agreed that such disclosures will depend on the legal authority and accounting
standards existing in each country. Efforts are in progress to harmonies these disclosures
with internal financial reporting standards .
RISK MANAGMENT SCENARIO IN THE FURTURE
OF BANKING SECTOR-
Risk management activities will be more pronounced in future banking because of
Liberalization, deregulation and global integration of financial markets. This would be adding
depth and dimension to the banking risks. As the risks are correlated , exposure to one risk
may lead to another risk, therefore management of risks in a proactive, efficient & integrated
manner will be the strength of the successful banks. The standardized approach would be
implemented by 31st March 2007, and the forward-looking banks would be in the process of
placing their MIS for the collection of data required for the calculation of Probability of
Default (PD), Exposure at Default (EAD) and Loss Given Default (LGD). The banks are
expected to have at a minimum PD data for five years and LGD and EAD data for seven
years. Presently most Indian banks do not possess the data required for the calculation of their
LGDs. Also the personnel skills, the IT infrastructure and MIS at the banks need to be
upgraded substantially if the banks want to migrate to the IRB Approach.
GROWING IN BANKING:
India's banking sector is booming at a great pace in spite of its relatively small size in
Comparison of its counterparts in other leading economies. Indian banking sector has been
found lucrative by eminent players from the international world. For e.g., In India, Citibank
and Standard Chartered Bank has more than half of all credit card receivables and personal
loans, which has generated more than Rs. 200 crore of profit for both banks. In 2003, Oriental
Bank of Commerce was listed by Forbes magazine in its 'Global 200 Best Companies' list. In
1990s, after a long gap of more than 20 years, the apex bank, Reserve Bank of India (RBI)
has issued licenses to 9 new private banks. In this, Times Bank got merged with the HDFC
Bank. The RBI also allowed Kotak Mahindra Finance Company to become a bank. These
banks have shown their edge over each others with the introduction of new products and
technologies. Most of the banks paid their focus on the retail sector and provide internet
banking, phone banking and mobile banking services to their customers and have cornered
one of the largest segments of the India's banking sector by targeting the India's growing
middle income class. The Indian banking sector has seen a proliferation of new services
which has shown an improvement in customer service.

FINDING:
Best practices that companies can use as a reference when implementing banking risk.
Engage senior management and board of directors that set “the tone from the top” and
provide organizational support and resources. Independent banking risk management
functions under the leadership of chief risk officer, who reports directly to the manager with a
dotted line to the board. Established risk management framework that incorporates all of the
company’s key risks: strategic risk, business risk, operational risk, market risk, and credit
risk. A risk-aware culture fostered by a common language, training, and education, as well as
risk-adjusted measures of success and incentives. Written policies with specific risk limits
and business boundaries, which collectively represent the risk appetite of the company. An
ERM dashboard technology and reporting capability that integrates key quantitative risk
metrics and qualitative risk assessments. Robust risk analytics to measure risk concentrations
and interdependencies, such as scenario and simulation models. Integration of banking in
strategic planning, business processes, and performance measurement. Optimization of the
company’s risk-adjusted profitability via risk-based product pricing, capital management, and
risk-transfer strategies. In summary, risk management is essential in today’s business
environment, as a holistic approach where companies are required to disclose risk factors in
the financial reports and the board of directors regularly questions top management about the
company’s risk.”

Conclusion
India's growth potential over the next 10 years sets the country at the forefront of the
developing world. The authors firmly believe that Indian banks would capitalize on the
opportunity available to them and the continuations of the reforms initiated over one decade
ago will unleash their potential and bring India to a more advanced stage of development.
 
Risk management underscores the fact that the survival of an organization depends heavily on its
capabilities to anticipate and prepare for the change rather than just waiting for the change and react to
it. The objective of risk management is not to prohibit or prevent risk taking activity, but to ensure
that the risks are consciously taken with full knowledge, clear purpose and understanding so that it
can be measured and mitigated. It also prevents an institution from suffering unacceptable loss
causing an institution to fail or materially damage its competitive position. Functions of risk
management should actually be bank specific dictated by the size and quality of balance sheet,
complexity of functions, technical/ professional manpower and the status of MIS in place in that bank.
There may not be one-size-fits-all risk management module for all the banks to be made applicable
uniformly. Balancing risk and return is not an easy task as risk is subjective and not quantifiable
where as return is objective and measurable. If there exist a way of converting the subjectivity of the
risk into a number then the balancing exercise would be meaningful and much easier.

Banking is nothing but financial inter-mediation between the financial savers on the one hand
and the funds seeking business entrepreneurs on the other hand. As such, in the process of
providing financial services, commercial banks assume various kinds of risks both financial
and non-financial. Therefore, banking practices, which continue to be deep routed in the
philosophy of securities based lending and investment policies, need to change the approach
and mindset, rather radically, to manage and mitigate the perceived risks, so as to ultimately
improve the quality of the asset portfolio. As in the international practice, a committee
approach may be adopted to manage various risks. Risk Management Committee, Credit
Policy Committee, Asset Liability Committee, etc are such committees that handle the risk
management aspects. While a centralized department may be made responsible for
monitoring risk, risk control should actually take place at the functional departments as it is
generally fragmented across Credit, Funds, Investment and Operational areas. Integration of
systems that includes both transactions processing as well as risk systems is critical for
implementation. In a scenario where majority of profits are derived from trade in the market,
one can no longer afford to avoid measuring risk and managing its implications thereof.
Crossing the chasm will involve systematic changes coupled with the characteristic
uncertainty and also the pain it brings and it may be worth the effort. The engine of the
change is obviously the evolution of the market economy abetted by unimaginable advances
in technology, communication, transmission of related uncontainable flow of information,
capital and commerce throughout the world. Like a powerful river, the market economy is
widening and breaking down barriers. Government’s role is not to block that flow, but to
accommodate it and yet keep it sufficiently under control so that it does not overflow its
banks and drown us with the associated risks and undesirable side effects. To the extent the
bank can take risk more consciously, anticipates adverse changes and hedges accordingly, it
becomes a source of competitive advantage, as it can offer its products at a better price than
its competitors. What can be measured can mitigation is more important than capital
allocation against inadequate risk management system. Basel proposal provides proper
starting point for forward-looking banks to start building process and systems attuned to risk
management practice. Given the data-intensive nature of risk management process, Indian
Banks have a long way to go before they comprehend and implement Basel II norms, in to-to.
The effectiveness of risk measurement in banks depends on efficient Management
Information System, computerization and net working of the branch activities. The data
warehousing solution should effectively interface with the transaction systems like core
banking solution and risk systems to collect data. An objective and reliable data base has to
be built up for which bank has to analyze its own past performance data relating to loan
defaults, trading losses, operational losses etc., and come out with bench marks so as to
prepare themselves for the future risk management activities. Any risk management model is
as good as the data input. With the onslaught of globalization and liberalization from the last
decade of the 20th Century in the Indian financial sectors in general and banking in
particular, managing Transformation would be the biggest challenge, as transformation and
change are the only certainties of the future.