KATHMANDU UNIVERSITY SCHOOL OF MANAGEMENT

KUSOM

Risk Management Report of NICA

Submitted to
Mr. Balaji Devrajan
Faculty, Risk Management
KUSOM

Submitted by
Group – 2
21323 Alish Rai
21326 Jenish Shahi
21335 Himal Thapa
 Acknowledgements
We would like to express our sincerest gratitude to respected instructor Mr. Balaji Devrajan for
providing us with the opportunity to conduct a detailed Risk Management report for one of the
class A financial institutes of Nepal.
We thank him for continuous guidance, timely feedback and immense support during the entire
course, which was pivotal for the completion of the report. This report has been a guide for us
putting the knowledge into the real setting regarding risk management in Nepalese financial
sector. We are also extremely thankful to Kathmandu University School of Management for
making this course available, which has helped us to gain deep insight which shall be beneficial
to us for future endeavors. We are also extremely grateful to our friends and other group
members for providing constructive feedback throughout the project.
Lastly, this project could not have been completed without our family members, who remained
with us and supported through our thick and thins.
Table of Contents
Introduction ................................................................................................................................ 1
Vision ......................................................................................................................................... 1
Mission....................................................................................................................................... 1
Risk Management ...................................................................................................................... 1
Organizational Structure ............................................................................................................ 2
Capital structure of NIC Asia .................................................................................................... 3
Risk weighted assets .................................................................................................................. 5
Risk Management Function ....................................................................................................... 5
Risk Management Committee.................................................................................................... 6
Risk Governance .................................................................................................................... 6
Internal Control ...................................................................................................................... 6
Credit Risk ................................................................................................................................. 7
Market Risk................................................................................................................................ 7
Liquidity Risk ............................................................................................................................ 8
Operational Risk ........................................................................................................................ 8
Camel Analysis .......................................................................................................................... 8
Capital Adequacy ................................................................................................................... 9
Assets Quality ........................................................................................................................ 9
Management ......................................................................................................................... 10
Earning Quality .................................................................................................................... 10
Liquidity ............................................................................................................................... 10
Key Financial Indicators ...................................................................................................... 11
Non-Performing Assets of NICA (4 Quarter) ...................................................................... 12
Identified Issues ....................................................................................................................... 12
Low Core Capital Adequacy ................................................................................................ 12
High Interest premium ......................................................................................................... 13
Data Security and Safety ...................................................................................................... 14
Proposed Suggestions for NIC Asia Bank ............................................................................... 15
Conclusion ............................................................................................................................... 16

i
Introduction
NIC Bank, which was founded on July 21, 1998, served as the foundation for NIC ASIA
Bank. After NIC Bank and Bank of Asia Nepal merged on June 30, 2013, the bank was
renamed NIC ASIA Bank. In terms of capital base, balance sheet size, number of branches,
ATM network, and customer base, NIC ASIA Bank is currently among the biggest private-
sector commercial banks in the nation. With a network that spans all of Nepal's major
financial hubs, the Bank has 359 branches, 105 extension counters, 81 branchless banking
locations, and 473 ATMs.

Vision
To ensure the creation of optimum values for all the stakeholders.

Mission
To be a Bank of 1st Choice for all the stakeholders.

Risk Management
Risk management is the process of identifying, assessing, and prioritizing risks to an
organization's capital and earnings, and taking appropriate actions to minimize, monitor, and
control the impact of those risks. It involves analysing the potential impact of various risks on
the organization's financial and operational performance, and then implementing strategies to
mitigate or manage those risks. A risk management idea has emerged that will operate as a
roadmap or set of principles for a financial institution to lower the risk factor.

Banks typically take on various types of risks, including credit risk (the risk of a borrower
defaulting on a loan), interest rate risk (the risk that changes in interest rates will adversely
affect the bank's financial condition), and operational risk (the risk of loss resulting from
inadequate or failed internal processes, systems, human errors, or external events). This helps
organizations to make informed decisions and to be better prepared to respond to unexpected
events.

The risk profile shows the continuous process which defines risk appetite, identification of
risk, its assessment, treatment, monitoring, and reporting process to make specific and
rational decisions.

1
The primary objectives of risk management are as follows:

1. To identify and evaluate potential risks to the bank's financial health and stability, and
to implement strategies to mitigate or manage those risks.
2. To assess the bank's exposure to credit, market, operational, and other types of risks,
as well as implement policies and procedures to minimize potential losses.
3. To involve monitoring and reporting on risk exposures, and ensuring compliance with
relevant regulations and laws. Overall, the goal of risk management in banks is to
protect the bank's assets and ensure its long-term financial stability.
4. To ensure that the organization’s overall risk tolerance is aligned with its overall
business objectives and strategies.
5. To ensure that the organization is in compliance with any relevant laws, policies,
regulations and standards.

By achieving these objectives, risk management helps organizations to make informed

decisions, to be better prepared to respond to unexpected events, and to ultimately protect and
enhance the organization’s value.

Organizational Structure

The organizational structure of a bank typically includes several layers, including a board of
directors, executive management, and various departments such as retail banking,

2
commercial banking, and risk management. The structure may also include regional and
divisional levels of management. The specific structure will vary depending on the size and
type of bank, but generally the structure is designed to ensure that the bank is able to
effectively serve its customers and manage its operations.

Capital structure of NIC Asia

Capital structure refers to the way a bank finances its assets through a combination of equity,
debt, and other securities. Capital adequacy refers to a bank's ability to meet its financial
obligations, including the ability to absorb unexpected losses. Banks are typically required to
maintain a certain level of capital adequacy, as determined by regulatory bodies. This is
known as the Basel III capital adequacy framework.

The Board is in charge of determining the Bank's present and future capital requirements in
connection to its strategic goals. In order to develop a strong risk management framework
that specifies control mechanisms to address each risk element, the management must

3
examine and comprehend the nature and extent of the numerous risks that the Bank is
exposed to during the course of various business activities.

The capital structure and capital adequacy of NIC Asia Bank is shown below:

Total qualifying capital obtained by the accumulation of Core Capital NPR. 23,770 million and
Supplementary Capital NPR 10,898 million amounts to NRP 34,668 million. Moreover, The Capital
Adequacy ratio of the Bank as of 17th Oct 2022 stood at 13.05%.

4
Risk weighted assets

The risk weighted exposure for credit risk and market risk is seen increasing in the current
quarter and decreasing for operational risk in the same period. The total risk weighted
exposures in the current quarter is NPR 265,623 million.

Risk Management Function

The Bank's risk management framework has established a distinct division between business
and risk management functions. As a result, the Bank established a distinct Integrated Risk
Management Department (IRMD), which is one of the highest-level jobs in the Bank, and is
led by a Chief Risk Officer (CRO). The Risk Management Department (IRMD) is in charge
of overseeing global, macro, micro, and departmental level risks that emerge from routine
business operations as well as on occasion. Senior Management, the Risk Management
Committee, and the Board are in charge of reviewing the reports on these risks and issuing
instructions as necessary.

5
Risk Management Committee
The Bank's Board of Directors is its highest authority and is charged with developing and
putting into practice a solid set of policies and guidelines to ensure that it complies with all
regulations and instructions given by the regulatory body. For successful risk management
inside the Bank, the BOD ensures that the strategies, policies, and procedure are in line with
the risk appetite/tolerance limit. The board is aware of the bank's risk profile and routinely
evaluates reports on risk management from the Risk Management Committee and the Asset-
Liabilities Management Committee, which include topics including policies and standards,
stress testing, liquidity, and capital adequacy.

The Bank formed a Risk Management Committee with clearly defined terms of purpose in
accordance with the NRB rule on corporate governance. A minimum of g meetings are held
year, however this number may rise depending on demand. The committee oversees the
Bank's overall risk management, which it generally divides into four categories: credit risk,
market risk, and liquidity risk.

Risk Governance
By developing an ownership attitude, capacity building programs, clearly defined job duties,
and a good ethical culture, the bank has developed and put into practice policies and
procedures to limit the risk at the enterprise level that arises to the bank. The responsibility
for keeping risk inside the bank's risk blanket is cascaded down from the board to the relevant
functional, client business, senior management, and committees, according to the bank's risk
governance structure. The business, functional, senior management, and committees all share
information on significant risk issues and adherence to rules and regulations.

Internal Control
The Bank must have an effective internal control system in place to support the fulfillment of
its strategy and goals, and this responsibility falls to the Board. In order to optimize lucrative
business prospects, minimize or eliminate risks that might result in loss or harm to the Bank's
reputation, maintain compliance with relevant laws and regulations, and improve
responsiveness to external events, the Bank's many tasks should be examined.

In accordance with the NRB directions, the Board has established policies and processes for
risk identification, risk evaluation, risk mitigation, and control/monitoring, and has
successfully implemented the same at the Bank. The Board, its Committees, Management,
and Internal Audit department routinely assess the efficiency of the Company's internal
control system.

Through routine audits, specialized audits, information system audits, off-site reviews,
AML/CFT/KYC audits, ISO audits, and the Risk-based Internal Audit (RBIA) approach, the

6
Internal Audit keeps an eye on adherence to policies and standards as well as the efficiency of
internal control structures throughout the Bank.

Credit Risk
Credit risk is the likelihood that a counterparty will not fulfill its contractual commitments to
pay the Bank in line with predetermined conditions, resulting in the loss of principal and any
related rewards. The Credit Risk Monitoring and Reporting System was created with the goal
of reducing the Bank's credit risk via the establishment of an effective monitoring and
reporting framework.

Limit credit exposures to certain activities or types of products, a single counterparty or

groups of connected counterparties, certain industries and/or economic sectors, types of
collateral, related parties, and geographic regions are ensured in order to diversify risk and
limit concentration risk.

The bank has put in place a number of systems, policies, procedures, and guidelines to
manage credit risk effectively. The following activities were completed with the goal of
assessing the bank's credit risk:

• Current system/policies/procedures/guidelines formulated were gone through;

• Actual Exposure of credit limit product wise, segment wise were checked against
Risk Appetite, tolerance limit mentioned in Respective Product Paper Guidelines,
Credit Policy and Credit Risk Management Policy;
• Review of various reports prepared by the Departments such as Account Monitoring
Report, Loan Overdue Report, Loan Report, NRB reports and Margin Monitoring
Reports
The Board of Directors is ultimately in charge of credit risk management. Therefore, the
board must periodically examine both the general strategy and key policies. Furthermore,
Senior Management is in charge of carrying out the bank's credit risk management plans and
policies and making sure that the necessary controls are in place for credit risk and portfolio
quality.

Market Risk
Market risk is the possibility of suffering losses as a result of changes in market value that
have a negative impact on the value of financial institutions' on-and-off balance sheet
holdings. Market risk is the chance that shifts in market prices may induce changes in a
financial instrument's fair value or future cash flows. Foreign exchange rates (also known as
currency risk), market interest rates (sometimes known as interest rate risk), and market
prices are the three categories of market risk (price risk).

a) Currency risk

7
 b) Interest rate risk
c) Equity Price Risk

Liquidity Risk
The possibility of losing money or losing the bank's economic value as a result of
unfavorable changes in the market's level of interest rates or the prices of securities (equity),
fluctuating foreign exchange rates, and commodity prices, as well as the volatilities of those
prices, is known as market risk. Effective liquidity risk management ensures the bank's ability
to meet its obligations as they become due without negatively affecting the bank's financial
condition and lowers the likelihood of developing an adverse situation. Liquidity risk is the
likelihood that a bank will fail to meet obligations as they become due.

Management has built up multiple funding sources in addition to its primary deposit base in
order to reduce this risk. It has also developed a policy of managing assets with liquidity in
mind and continuously assessing future cash flows and liquidity. To manage liquidity risk,
the Bank has created internal control procedures and backup plans. This takes into account an
evaluation of projected cash flows as well as the presence of high-caliber collateral that might
be utilised to obtain additional finance if needed.

Operational Risk
Operational risk is described as the possibility of suffering a loss due to deficient or
ineffective internal systems, procedures, or personnel, as well as from the effects of outside
circumstances, such as legal hazards to the bank. Operational risk permeates all of the Bank's
operations and is impacted by all of the resources the Bank uses to carry out those duties,
including its human resources, systems, and procedural designs.

Both internal and external factors, including fraud, business interruptions, system failures,
physical infrastructure damage, execution and service delivery failures, inherent risks in
products and customers, insufficient procedures or flawed process designs, and business
practices, can result in operational risk. Any business function or the functions that support a
firm can be at danger.

The Bank uses key control standards, key control self-assessments, and key risk indicators as
toolkits to identify, assess, monitor, and control operational risk events through timely
acknowledgment of emerging threats and underlying vulnerabilities in an effort to reduce
exposure to operational risk.

Camel Analysis
The term "CAMELS" stands for the six elements of a well-known bank rating methodology
that was created in the US. The six factors are: adequate capital, good assets, strong
8
management, enough earnings, adequate liquidity, and sensitivity to market risk. For this
report, the sixth factor, sensitivity to market risk has been excluded and the analysis is
conducted for five factors only.

S. N CAMEL Ratio NICA

criteria
1 Capital CAR 13.05%
Adequacy
CCAR 8.93%
2 Assets NPL to Total Loans 0.49%
Quality
Loss Loan provision to NPL 309.87%
3 Management Business per employee 6,744,068.37
Number of Employee 3,792.00
Profit per employee 950,579.70
Total Income to Total Expense 126.48%
4 Earnings Operating Profit to Total Assets 1.46%
Interest Income to Total Income 92.11%
Financial Assets to Assets 97.23%
EPS 45.28
5 Liquidity CDR (Total Loan Advance to Total 86.26%
Deposit)
Customer deposits to Total Assets 84.56%

Capital Adequacy
For capital adequacy assessment, CAR (Capital Adequacy Ratio) and CCAR (Core Capital
Adequacy Ratio) are assessed. The CAR for NICA was 13.05% and CCAR was observed
8.93%. NRB regulation requires the minimum CAR to be 11% and CCAR of 6%. We
observe that NICA has maintained the minimum requirements for the CAR and CCAR.

Assets Quality
The major asset for the banks are financial assets and to assess the asset quality of the NICA,
we observed NPL to total loans at 0.49% and Loan loss provision to NPL at 306.87%. High
Loan loss provision indicates that NICA has undertaken quite risky assets in its portfolio, on
the other hand the proportion of NPA to total loans indicates quite generic scenario, as some
loans does undergo non-performing situation.

9
Management
The management factor was assessed through metrics like business per employee which
stood at NRs. 6,744,068.37, which indicates a significant administrative cost. Similarly,
number of employees at 3,792 indicated a large workforce compared to other similar
institutes. Likewise, Profit per employee was NRs. 950,579.7 and Total income to total
expense was 126.48, which signifies the bank is expanding its operation at a rapid pace and
the major income was generated from interest, as it should be.

Earning Quality
The earnings quality measures robustness of the stream of revenues and assesses the quality
of return it is generating to the stakeholders. The operating profit to total assets for NICA was
1.46% which shows the bank has a significant amount of assets in the form of both financial
assets and non-financial assets. Interest income to total income stood strong at 92.11%, which
highlights the majority of income the bank is generating from interests. Finally, financial
assets to total assets were 97.23% shows that NICA is holding lesser non-financial assets like
land, building and hence, lower operating leverage and the EPS was strong at NRs. 45.28
which is the leading figure in industry.

Liquidity

Regarding the liquidity, NICA is underperforming with CD ratio 86.26%, where the NRB
regulation requires a minimum CD ratio of 90%. Customer deposit to Total assets was
84.56%, indicating that the liability of the bank towards the customers could be covered with
the underlying assets the bank was holding within its ownership.

10
 Key Financial Indicators

Rs in Million Jan-22 Apr-22 Jul-22 Oct-22

Industry Industry
Industry Total Industry Total
NICA NICA NICA Total (Amt) | NICA Total (Amt) |
(Amt) | Avg. (Amt) | Avg.
Avg. Avg.
Particulars
Core Capital
(Amt) 20436 431883 21676 443782 22863 462682 23770 466399
Solvency

Total Capital
Fund 32553 560955 33293 571818 34573 588847 34668 599540

CCAR
(In %) 7.8 10.04 8.54 10.32 8.93 10.45 8.95 10.26

CAR
(In %) 12.43 13.04 13.11 13.29 13.51 13.29 13.05 13.19

Total Deposit 299338 3739035 302810 3794845 294977 3921116 308176 3924340

Total Loan 273458 3581882 274743 3615598 268236 3586694 273103 3638511

CD
Ratio* 88.98 90.84 85.95 90.96 86.26 86.34 83.84 87.42
(In %)
Liquidity

Net
Liquidity 18.92 21.33 20.07 21.22 20.3 25.38 21.85 23.53
(In %)
SLR
15.62 17.79 19.1 16.86 19.7 19.37 21.38 20.63
(In %)

Base Rate
(In %)
9.44 8.59 9.39 9.33 9.25 9.71 10.67 10.51

Spread
(In %)
3.61 2.91 4.4 3.62 4.4 4.18 4.39 4.03
NPL
(In %)
0.47 0.99 0.51 1.1 0.49 1.09 0.59 1.74

Where,
CCAR = Core Capital to total risk weighted exposures. (%)
CAR = Total Capital Fund to Risk Weighted Exposure (%)
CD Ratio %=Total Credit to Total Deposit (should be within 90% )
Net Liquidity % = Net Liquid Assets to Total Deposits. Minimum Required 20%
SLR%= Statutory Liquidity Reserve and minimum requirement 10%
NPL% = Non Performing Loan to Total Loan

The above table summarizes key financial indicator and Capital adequacy Ratios for the year
2022 (quarter basis) of NIC Asia Bank as reported in the annual report of the bank. From this
information, we can find that the Core Capital (Tier I) capital of the bank is below the

11
industry average of 10% for all four quarter in the year 2022. Likewise, the bank has
moderate Net liquidity available. The CD ratio of the bank is also below the industry average.
Thus, we can infer that the bank is vulnerable to unforeseeable shocks as the bank has
maintained capital at minimum requirement level prescribed by the central bank. However,
the non performing asset of the bank is low against industry average.

Non-Performing Assets of NICA (4 Quarter)

NICA Non Performing Assets NPAs (In Millions)
Particulars Oct-22 Jul-22 Apr-22 Jan-22
Restructured / Reschedule Loans 59 60 64 69
Sub Standard Loans 380 5 304 118
Doubtful Loans 1 3 13 162
Loss 0 0 0 0
Total NPAs 381 68 380 349
Net NPA to net advances (%) 0.14 0.03 0.14 0.13

The above table captures the non performing assets of the bank for the year 2022 on quarterly
reported basis. The Net NPA to advances had dropped significantly in 2nd quarter but has
remained at around 0.13% for the remaining quarters in the year 2022.

Identified Issues
Low Core Capital Adequacy
NIC Asia has been on the news for last two fiscal years regarding its low Tier I capital
adequacy as per the requirement of BASEL and NRB Regulations. The Ccentral bank of
Nepal (NRB) has consequently cancelled the Banks decision to pay out dividends to its
shareholders as per the clause pertaining minimum requirement of Tier I core capital of
Banks and financial Institution. The required Core capital to risk weighted Exposure of Asset
of Commercial banks is minimum 8.5%. Some of the Highlights regarding this issue as
published in the newspaper and investors forums are enlisted in snippet from webpage as
below:

12
The investor’s wealth maximization objective has been compromised as due to the low core
capital, the bank could not provide the proposed divided as per the decisions made on AGM.

High Interest premium

The NIC Asia Bank has been accused of charging higher interest premium to its borrowers in
practice which violates the NRB rules and instruction to the commercial banks. NRB has
issued enforcement action to NIC Asia Bank time and again regarding the interest rate
charged above the central bank’s limit. As per the regulation the interest premium rate should
not be higher than the Bank’s Base rate. The following snippet highlights such incident

In addition, the NIC Asia bank was also in the News Highlights when the bank tried to lure
Depositor with a promise to pay the Interest at the beginning of the saving for fixed Deposits,
which should have been paid only after the maturity as per the standard tariff of charges
norms. With Interest paid at beginning, the bank had the opportunity to exploit the loophole
to pay higher interest to its customer than its competitor as the maximum Interest rate on

13
Deposit was capped by the central Bank. The interest paid at the beginning would increase
the real rate due to the time value factor. In Nepalese Banking Industry, the Bankers
Association has significant role in deciding the rate caps which is also generally called
“gentlemen’s Agreement”. The following snippet highlights the issue:

Data Security and Safety

Banking Industry is highly regulated and monitored as it involves monetary transaction and
people trust with their hard earned savings to be placed at the banks. Thus, any fraudulent
incidents and breaches of Data might result in general distress among public as well as reduce
the perceived trustworthiness of the banks. NIC Asia Bank has been a victim of such events
including ATM Hack, employee fraud and Data breaches. In 2017, unidentified
cybercriminals had hacked into the SWIFT system of NIC Asia Bank to steal money of
around 460 millions, exposing vulnerability in the information technology system of the
banks. As per the report of the incident A cyber attack on NIC Asia Bank was imminent as
the bank had allowed Information Technology (IT) Department staff to use computers
deployed for SWIFT transaction to perform tasks like checking personal e-mails. Likewise, in
January 2022, four people including Banks staff were caught by Nepal Police accused for
robbery of around 1.6 million cash at NIC Asia Baneshwor Branch.

14
Proposed Suggestions for NIC Asia Bank
Firstly, the major concern identified for the bank is low capital adequacy ratios which mainly
contribute to the declining rating of the bank from the perspective of the investors and related
stakeholders as it indicates reducing ability of the bank to absorb economic shocks. For
example, as the central bank hiked the minimum requirement of capital, NIC Asia would face
hard time to manage the capital requirement. Also, with that, NIC Asia could not provide
dividend to its shareholders. Thus, the bank needs to manage adequate capital adequacy in
proportion to their risk assets to cushion its solvency in the event of losses arising from
credit, operation and market risks.

Secondly, we found that the bank has adopted strategy to focus on retail and SME segments
with market penetration strategy. The aggressive expansion of its business to cover maximum
geographical location with its wide spanning branch network in accelerated time period has
also created pressure on business performance and compromised risk measures. As
highlighted above, the incidents relating to weak safety and system vulnerabilities arise from
technical and human errors. The bank had to face losses in term of reputation as well as
monetary. To prevent such incidents, the bank should focus on operation Excellency and
quality control as well as enhance the knowledge of its human resources through
development and training programs. One of the employees had posted in reddit community
regarding how the bank builds pressure on its employee to meet targets and creates stressful
work environment. Thus the bank should also make the work environment more conducive
rather than hostile.

Thirdly, the bank’s high concentration on retail and SME segment rather than corporate
sector with a view of risk management has exposed the portfolio of the bank to externalities
such as COVID pandemic to some great extend. Thus we recommend the bank to diversify its
high concentration portfolio that is directly affected by COVID to maintain its asset quality as
the pandemic has higher impact on SMEs segment and the borrower have relatively lower
financial flexibility and untested repayment ability in these sector as the bank strategy
remained on aggressive and expansionary to retail and SME sector rather than corporate
sector.In addition, with relatively high base rate and high volatility in interest rate, the bank
also requires more advancement in asset liquidity management as the high credit growth,
unseasoned credit portfolio and environmental externalities such as Covid could pose major
asset quality concerns to the bank.

And lastly, the bank has also been involved in fraudulent activities and unethical practices
such as interest rate hike for existing customers and going against the understanding of
industry and association. Such events negatively affect the reputation of the bank and might
also affect on customers perceived value and trust. Thus the bank should strongly adhere to

15
good practices and focus on quality rather than extra profit at the expense of hurting
customers and eroding healthy relationship with other industry members.

Conclusion
Risk management is a core competency of the banks and financial institution as the banks are
the backbone of any economy and any vulnerability in the banking sector has a massive spill
over effect on the entire economy. We have witnessed the Global Recession in 2008, which
mainly accounted for the consequences due to the poor risk management measures to monitor
the risk exposures of the banks. While the profit making incentive of bank is valid, the banks
should not undertake risks that might result in catastrophic events and erode value of
investors, depositors and the well being of overall economy. Therefore, risk management
measures should be thoroughly followed and implemented. The regulatory institutions have
imposed certain limits and clauses towards the banks which might build stress to the
performance of banks, but more importantly the banking should maintain an ability to
cushions against such ups and down in the economy and build resilience against such adverse
events and risks.

16