INTRODUCTION

The significant transformation of the banking industry in India is

clearly evident from the changes that have occurred in the financial markets,
institutions and products. While deregulation has opened up new vistas for
banks to argument revenues, it has entailed greater competition and
consequently greater risks. Cross- border flows and entry of new products,
particularly derivative instruments, have impacted significantly on the
domestic banking sector forcing banks to adjust the product mix, as also to
effect rapid changes in their processes and operations in order to remain
competitive to the globalized environment. These developments have
facilitated greater choice for consumers, who have become more discerning
and demanding compelling banks to offer a broader range of products
through diverse distribution channels. The traditional face of banks as mere
financial intermediaries has since altered and risk management has emerged
as their defining attribute.

Currently, the most important factor shaping the world is

globalization. The benefits of globalization have been well documented and
are being increasingly recognized. Integration of domestic markets with
international financial markets has been facilitated by tremendous
advancement in information and communications technology. But, such an
environment has also meant that a problem in one country can sometimes
adversely impact one or more countries instantaneously, even if they are
fundamentally strong.

1
 There is a growing realization that the ability of countries to conduct
business across national borders and the ability to cope with the possible
downside risks would depend, interalia, on the soundness of the financial
system. This has consequently meant the adoption of a strong and
transparent, prudential, regulatory, supervisory, technological and
institutional framework in the financial sector on par with international best
practices. All this necessitates a transformation: a transformation in the
mindset, a transformation in the business processes and finally, a
transformation in knowledge management. This process is not a one shot
affair; it needs to be appropriately phased in the least disruptive manner.

The banking and financial crises in recent years in emerging

economies have demonstrated that, when things go wrong with the financial
system, they can result in a severe economic downturn. Furthermore,
banking crises often impose substantial costs on the exchequer, the
incidence of which is ultimately borne by the taxpayer. The World Bank
Annual Report (2002) has observed that the loss of US $1 trillion in banking
crisis in the 1980s and 1990s is equal to the total flow of official
development assistance to developing countries from 1950s to the present
date. As a consequence, the focus of financial market reform in many
emerging economies has been towards increasing efficiency while at the
same time ensuring stability in financial markets.

Since 1992, significant changes have been introduced in the Indian

financial system. These changes have infused an element of competition in
the financial system, marking the gradual end of financial repression

2
characterized by price and non-price controls in the process of financial
intermediation. While financial markets have been fairly developed, there
still remains a large extent of segmentation of markets and non-level playing
field among participants, which contribute to volatility in asset prices. This
volatility is exacerbated by the lack of liquidity in the secondary markets.
The purpose of this paper is to highlight the need for the regulator and
market participants to recognize the risks in the financial system, the
products available to hedge risks and the instruments, including derivatives
that are required to be developed/introduced in the Indian system.

The financial sector serves the economic function of intermediation

by ensuring efficient allocation of resources in the economy. Financial
intermediation is enabled through a four-pronged transformation mechanism
consisting of liability-asset transformation, size transformation, maturity
transformation and risk transformation.

Risk is inherent in the very act of transformation. However, prior to

reform of 1991-92, banks were not exposed to diverse financial risks mainly
because interest rates were regulated, financial asset prices moved within a
narrow band and the roles of different categories of intermediaries were
clearly defined. Credit risk was the major risk for which banks adopted
certain appraisal standards.

Several structural changes have taken place in the financial sector since
1992.

1. The deregulation of coupon rate on Government securities.

3
 2. Substantial liberalization of bank deposit and lending rates.
3. A gradual trend towards disintermediation in the financial system in
the wake of increased access of corporates to capital markets.

4. Blurring of distinction between activities of financial institutions.

5. Greater integration among the various segments of financial markets

and their increased order of globalisation, diversification of ownership
of public sector banks.
6. Emergence of new private sector banks and other financial
institutions, and,
7. The rapid advancement of technology in the financial system.

DEFINITION OF RISK

 What is Risk?

"What is risk?" And what is a pragmatic definition of risk? Risk

means different things to different people. For some it is "financial
(exchange rate, interest-call money rates), mergers of competitors globally to
form more powerful entities and not leveraging IT optimally" and for
someone else "an event or commitment which has the potential to generate
commercial liability or damage to the brand image". Since risk is accepted in
business as a trade off between reward and threat, it does mean that taking
risk bring forth benefits as well. In other words it is necessary to accept
risks, if the desire is to reap the anticipated benefits.

4
 Risk in its pragmatic definition, therefore, includes both threats that
can materialize and opportunities, which can be exploited. This definition of
risk is very pertinent today as the current business environment offers both
challenges and opportunities to organizations, and it is up to an organization
to manage these to their competitive advantage.

 What is Risk Management - Does it eliminate risk?

Risk management is a discipline for dealing with the possibility that

some future event will cause harm. It provides strategies, techniques, and an
approach to recognizing and confronting any threat faced by an organization
in fulfilling its mission. Risk management may be as uncomplicated as
asking and answering three basic questions:

1. What can go wrong?

2. What will we do (both to prevent the harm from occurring and in the
aftermath of an "incident")?
3. If something happens, how will we pay for it?

Risk management does not aim at risk elimination, but enables the
organization to bring their risks to manageable proportions while not
severely affecting their income. This balancing act between the risk levels
and profits needs to be well-planned. Apart from bringing the risks to
manageable proportions, they should also ensure that one risk does not get
transformed into any other undesirable risk. This transformation takes place
due to the inter-linkage present among the various risks. The focal point in

5
managing any risk will be to understand the nature of the transaction in a
way to unbundle the risks it is exposed to.
Risk Management is a more mature subject in the western world. This
is largely a result of lessons from major corporate failures, most telling and
visible being the Barings collapse. In addition, regulatory requirements have
been introduced, which expect organizations to have effective risk
management practices. In India, whilst risk management is still in its
infancy, there has been considerable debate on the need to introduce
comprehensive risk management practices.

 Objectives of Risk Management Function

Two distinct viewpoints emerge –
 One which is about managing risks, maximizing profitability and
creating opportunity out of risks
 And the other which is about minimizing risks/loss and protecting
corporate assets.
The management of an organization needs to consciously decide on
whether they want their risk management function to 'manage' or 'mitigate'
Risks.
 Managing risks essentially is about striking the right balance between
risks and controls and taking informed management decisions on
opportunities and threats facing an organization.
 Both situations, i.e. over or under controlling risks are highly
undesirable as the former means higher costs and the latter means
possible exposure to risk.

6
  Mitigating or miinimizing risks, on the other hand, means mitigating
all risks even if the cost of miinimizing a risk may be excessive and
outweighs the cost-benefit analysis. Further, it may mean that the
opportunities are not adequately exploited.
In the context of the risk management function, identification and
management of Risk is more prominent for the financial services sector and
less so for consumer products industry. What are the primary objectives of
your risk management function? When specifically asked in a survey
conducted, 33% of respondents stated that their risk management function is
indeed expressly mandated to optimize risk.

 Risks in Banking

Risks manifest themselves in many ways and the risks in banking are
a result of many diverse activities, executed from many locations and by
numerous people. As a financial intermediary, banks borrow funds and lend
them as a part of their primary activity. This intermediation activity, of
banks exposes them to a host of risks. The volatility in the operating
environment of banks will aggravate the effect of the various risks. The case
discusses the various risks that arise due to financial intermediation and by
highlighting the need for asset-liability management; it discusses the Gap
Model for risk management.

7
 TYPES OF RISK
1. MARKET RISK
Market risk is that risk that changes in financial market prices and
rates will reduce the value of the bank’s positions. Market risk for a fund is
often measured relative to a benchmark index or portfolio, is referred to as a
“risk of tracking error” market risk also includes “basis risk,” a term used in
risk management industry to describe the chance of a breakdown in the
relationship between price of a product, on the one hand, and the price of the
instrument used to hedge that price exposure on the other. The market-Var
methodology attempts to capture multiple component of market such as
directional risk, convexity risk, volatility risk, basis risk, etc.

2. CREDIT RISK
Credit risk is that risk that a change in the credit quality of a
counterparty will affect the value of a bank’s position. Default, whereby
counterparty is unwilling or unable to fulfill its contractual obligations, is the
extreme case; however banks are also exposed to the risk that the
counterparty might downgraded by a rating agency.
Credit risk is only an issue when the position is an asset, i.e., when it
exhibits a positive replacement value. In that instance if the counterparty
defaults, the bank either loses all of the market value of the position or, more
commonly, the part of the value that it cannot recover following the credit

8
event. they can be negative at one point of time, and yet become positive at a
later point in time after market conditions have changed.
3. LIQUIDITY RISK
Liquidity risk comprises both
 Funding liquidity risk
 Trading-related liquidity risk.
Funding liquidity risk relates to a financial institution’s ability to raise
the necessary cash to roll over its debt, to meet the cash, margin, and
collateral requirements of counterparties, and (in the case of funds) to satisfy
capital withdrawals. Funding liquidity risk is affected by various factors
such as the maturities of the liabilities, the extent of reliance of secured
sources of funding, the terms of financing, and the breadth of funding
sources, including the ability to access public market such as commercial
paper market. Funding can also be achieved through cash or cash
equivalents, “buying power,” and available credit lines.
Trading-related liquidity risk, often simply called as liquidity risk, is
the risk that an institution will not be able to execute a transaction at the
prevailing market price because there is, temporarily, no appetite for the deal
on the other side of the market. If the transaction cannot be postponed its
execution my lead to substantial losses on position. This risk is generally
very hard to quantify. It may reduce an institution’s ability to manage and
hedge market risk as well as its capacity to satisfy any shortfall on the
funding side through asset liquidation.

9
 4. OPERATIONAL RISK
It refers to potential losses resulting from inadequate systems,
management failure, faulty control, fraud and human error. Many of the
recent large losses related to derivatives are the direct consequences of
operational failure. Derivative trading is more prone to operational risk than
cash transactions because derivatives are, by heir nature, leveraged
transactions. This means that a trader can make very large commitment on
behalf of the bank, and generate huge exposure in to the future, using only
small amount of cash. Very tight controls are an absolute necessary if the
bank is to avoid huge losses.
Operational risk includes” fraud,” for example when a trader or other
employee intentionally falsifies and misrepresents the risk incurred in a
transaction. Technology risk, and principally computer system risk also fall
into the operational risk category.

5. LEGAL RISK
Legal risk arises for a whole of variety of reasons. For example,
counterparty might lack the legal or regulatory authority to engage in a
transaction. Legal risks usually only become apparent when counterparty, or
an investor, lose money on a transaction and decided to sue the bank to
avoid meeting its obligations. Another aspect of regulatory risk is the
potential impact of a change in tax law on the market value of a position.

10
 6. HUMAN FACTOR RISK
Human factor risk is really a special form of operational risk. It relates
to the losses that may result from human errors such as pushing the wrong
button on a computer, inadvertently destroying files, or entering wrong value
for the parameter input of a model.

7. MARKET RISK
Market Risk may be defined as the possibility of loss to a bank caused
by changes in the market variables. The Bank for International Settlements
(BIS) defines market risk as “the risk that the value of 'on' or 'off' balance
sheet positions will be adversely affected by movements in equity and
interest rate markets, currency exchange rates and commodity prices". Thus,
Market Risk is the risk to the bank's earnings and capital due to changes in
the market level of interest rates or prices of securities, foreign exchange and
equities, as well as the volatilities of those changes. Besides, it is equally
concerned about the bank's ability to meet its obligations as and when they
fall due. In other words, it should be ensured that the bank is not exposed to
Liquidity Risk. Thus, focus on the management of Liquidity Risk and
Market Risk, further categorized into interest rate risk, foreign exchange
risk, commodity price risk and equity price risk. An effective market risk
management framework in a bank comprises risk identification, setting up of
limits and triggers, risk monitoring, models of analysis that value positions
or measure market risk, risk reporting, etc.

11
  Types of market risk

 Interest rate risk:

Interest rate risk is the risk where changes in market interest rates
might adversely affect a bank's financial condition. The immediate impact of
changes in interest rates is on the Net Interest Income (NII). A long term
impact of changing interest rates is on the bank's networth since the
economic value of a bank's assets, liabilities and off-balance sheet positions
get affected due to variation in market interest rates. The interest rate risk
when viewed from these two perspectives is known as 'earnings perspective'
and 'economic value' perspective, respectively.

Management of interest rate risk aims at capturing the risks arising

from the maturity and reprising mismatches and is measured both from the
earnings and economic value perspective.

Earnings perspective involves analyzing the impact of

changes in interest rates on accrual or reported earnings in the near
term. This is measured by measuring the changes in the Net Interest
Income (NII) or Net Interest Margin (NIM) i.e. the difference between
the total interest income and the total interest expense.

Economic Value perspective involves analyzing the changes

of impact on interest on the expected cash flows on assets minus the
expected cash flows on liabilities plus the net cash flows on off-
balance sheet items. It focuses on the risk to net worth arising from all

12
 reprising mismatches and other interest rate sensitive positions. The
economic value perspective identifies risk arising from long-term
interest rate gaps.

The management of Interest Rate Risk should be one of the critical

components of market risk management in banks. The regulatory restrictions
in the past had greatly reduced many of the risks in the banking system.
Deregulation of interest rates has, however, exposed them to the adverse
impacts of interest rate risk. The Net Interest Income (NII) or Net Interest
Margin (NIM) of banks is dependent on the movements of interest rates.
Any mismatches in the cash flows (fixed assets or liabilities) or repricing
dates (floating assets or liabilities), expose bank's NII or NIM to variations.
The earning of assets and the cost of liabilities are now closely related to
market interest rate volatility

Generally, the approach towards measurement and hedging of IRR

varies with the segmentation of the balance sheet. In a well functioning risk
management system, banks broadly position their balance sheet into
Trading and Banking Books. While the assets in the trading book are held
primarily for generating profit on short-term differences in prices/yields, the
banking book comprises assets and liabilities, which are contracted basically
on account of relationship or for steady income and statutory obligations and
are generally held till maturity. Thus, while the price risk is the prime
concern of banks in trading book, the earnings or economic value changes
are the main focus of banking book.

13
 8. EQUITY PRICE RISK:
The price risk associated with equities also has two components”
General market risk” refers to the sensitivity of an instrument / portfolio
value to the change in the level of broad stock market indices.” Specific /
Idiosyncratic” risk refers to that portion of the stock’s price volatility that is
determined by characteristics specific to the firm, such as its line of
business, the quality of its management, or a breakdown in its production
process. The general market risk cannot be eliminated through portfolio
diversification while specific risk can be diversified away.

9. FOREIGN EXCHANGE RISK:

Foreign Exchange Risk maybe defined as the risk that a bank may
suffer losses as a result of adverse exchange rate movements during a period
in which it has an open position, either spot or forward, or a combination of
the two, in an individual foreign currency. The banks are also exposed to
interest rate risk, which arises from the maturity mismatching of foreign
currency positions. Even in cases where spot and forward positions in
individual currencies are balanced, the maturity pattern of forward
transactions may produce mismatches. As a result, banks may suffer losses
as a result of changes in premia/discounts of the currencies concerned.In the
forex business; banks also face the risk of default of the counterparties or
settlement risk. While such type of risk crystallization does not cause
principal loss, banks may have to undertake fresh transactions in the
cash/spot market for replacing the failed transactions. Thus, banks may incur
replacement cost, which depends upon the currency rate movements.

14
 Banks also face another risk called time-zone risk or Herstatt risk
which arises out of time-lags in settlement of one currency in one center and
the settlement of another currency in another time-zone. The forex
transactions with counterparties from another country also trigger sovereign
or country risk (dealt with in details in the guidance note on credit risk).

The three important issues that need to be addressed in this regard are:

1. Nature and magnitude of exchange risk

2. Exchange managing or hedging for adopted be to strategy>
3. The tools of managing exchange risk

10.COMMODITY PRICE RISK:

The price of the commodities differs considerably from its interest
rate risk and foreign exchange risk, since most commodities are traded in the
market in which the concentration of supply can magnify price volatility.
Moreover, fluctuations in the depth of trading in the market (i.e., market
liquidity) often accompany and exacerbate high levels of price volatility.
Therefore, commodity prices generally have higher volatilities and larger
price discontinuities.

Treatment of Market Risk in the Proposed Basel Capital Accord

The Basle Committee on Banking Supervision (BCBS) had issued
comprehensive guidelines to provide an explicit capital cushion for the price
risks to which banks are exposed, particularly those arising from their
trading activities. The banks have been given flexibility to use in-house

15
models based on VaR for measuring market risk as an alternative to a
standardized measurement framework suggested by Basle Committee. The
internal models should, however, comply with quantitative and qualitative
criteria prescribed by Basle Committee.

Reserve Bank of India has accepted the general framework suggested

by the Basle Committee. RBI has also initiated various steps in moving
towards prescribing capital for market risk. As an initial step, a risk weight
of 2.5% has been prescribed for investments in Government and other
approved securities, besides a risk weight each of 100% on the open position
limits in forex and gold. RBI has also prescribed detailed operating
guidelines for Asset-Liability Management System in banks. As the ability
of banks to identify and measure market risk improves, it would be
necessary to assign explicit capital charge for market risk. While the small
banks operating predominantly in India could adopt the standardized
methodology, large banks and those banks operating in international markets
should develop expertise in evolving internal models for measurement of
market risk.

The Basle Committee on Banking Supervision proposes to develop

capital charge for interest rate risk in the banking book as well for banks
where the interest rate risks are significantly above average ('outliers'). The
Committee is now exploring various methodologies for identifying 'outliers'
and how best to apply and calibrate a capital charge for interest rate risk for
banks. Once the Committee finalizes the modalities, it may be necessary, at
least for banks operating in the international markets to comply with the

16
explicit capital charge requirements for interest rate risk in the banking
book. As the valuation norms on banks' investment portfolio have already
been put in place and aligned with the international best practices, it is
appropriate to adopt the Basel norms on capital for market risk. In view of
this, banks should study the Basel framework on capital for market risk as
envisaged in Amendment to the Capital Accord to incorporate market risks
published in January 1996 by BCBS and prepare themselves to follow the
international practices in this regard at a suitable date to be announced by
RBI.
 The Proposed New Capital Adequacy Framework

The Basel Committee on Banking Supervision has released a Second

Consultative Document, which contains refined proposals for the three
pillars of the New Accord - Minimum Capital Requirements, Supervisory
Review and Market Discipline. It may be recalled that the Basel Committee
had released in June 1999 the first Consultative Paper on a New Capital
Adequacy Framework for comments. However, the proposal to provide
explicit capital charge for market risk in the banking book which was
included in the Pillar I of the June 1999 Document has been shifted to Pillar
II in the second Consultative Paper issued in January 2001. The Committee
has also provided a technical paper on evaluation of interest rate risk
management techniques. The Document has defined the criteria for
identifying outlier banks. According to the proposal, a bank may be defined
as an outlier whose economic value declined by more than 20% of the sum
of Tier 1 and Tier 2 capital as a result of a standardized interest rate shock
(200 bps.)

17
 The second Consultative Paper on the New Capital Adequacy
framework issued in January, 2001 has laid down 13 principles intended to
be of general application for the management of interest rate risk,
independent of whether the positions are part of the trading book or reflect
banks' non-trading activities. They refer to an interest rate risk management
process, which includes the development of a business strategy, the
assumption of assets and liabilities in banking and trading activities, as well
as a system of internal controls. In particular, they address the need for
effective interest rate risk measurement, monitoring and control functions
within the interest rate risk management process. The principles are intended
to be of general application, based as they are on practices currently used by
many international banks, even though their specific application will depend
to some extent on the complexity and range of activities undertaken by
individual banks. Under the New Basel Capital Accord, they form minimum
standards expected of internationally active banks. The principles are given
in Annexure II.

11.CREDIT RISK

Credit risk is defined as the possibility of losses associated with

diminution in the credit quality of borrowers or counterparties. In a bank's
portfolio, losses stem from outright default due to inability or unwillingness
of a customer or counterparty to meet commitments in relation to lending,
trading, settlement and other financial transactions. Alternatively, losses
result from reduction in portfolio value arising from actual or perceived
deterioration in credit quality. Credit risk emanates from a bank's dealings

18
with an individual, corporate, bank, financial institution or a sovereign.
Credit risk may take the following forms

 In the case of direct lending: principal/and or interest amount may not

be repaid;

 In the case of guarantees or letters of credit: funds may not be

forthcoming from the constituents upon crystallization of the liability;

 In the case of treasury operations: the payment or series of payments

due from the counter parties under the respective contracts may not be
forthcoming or ceases;

 In the case of securities trading businesses: funds/ securities

settlement may not be effected;

 In the case of cross-border exposure: the availability and free transfer

of foreign currency funds may either cease or the sovereign may
impose restrictions.

 Credit Risk Management

In this backdrop, it is imperative that banks have a robust credit risk
management system which is sensitive and responsive to these factors. The
effective management of credit risk is a critical component of
comprehensive risk management and is essential for the long term success of
any banking organization. Credit risk management encompasses

19
identification, measurement, monitoring and control of the credit risk
exposures.

Building Blocks of Credit Risk Management:

In a bank, an effective credit risk management framework would
comprise of the following distinct building blocks:

 Policy and Strategy

 Organizational Structure

 Operations/ Systems
 Policy and Strategy
The Board of Directors of each bank shall be responsible for
approving and periodically reviewing the credit risk strategy and significant
credit risk policies.

Credit Risk Policy

1. Every bank should have a credit risk policy document approved by the
Board. The document should include risk identification, risk
measurement, risk grading/ aggregation techniques, reporting and risk
control/ mitigation techniques, documentation, legal issues and
management of problem loans.

20
 2. Credit risk policies should also define target markets, risk acceptance
criteria, credit approval authority, credit origination/ maintenance
procedures and guidelines for portfolio management.

3. The credit risk policies approved by the Board should be

communicated to branches/controlling offices. All dealing officials
should clearly understand the bank's approach for credit sanction and
should be held accountable for complying with established policies
and procedures.

4. Senior management of a bank shall be responsible for implementing

the credit risk policy approved by the Board.

Credit Risk Strategy

1. Each bank should develop, with the approval of its Board, its own
credit risk strategy or plan that establishes the objectives guiding the
bank's credit-granting activities and adopt necessary policies/
procedures for conducting such activities. This strategy should spell
out clearly the organization’s credit appetite and the acceptable level
of risk-reward trade-off for its activities.

2. The strategy would, therefore, include a statement of the bank's

willingness to grant loans based on the type of economic activity,
geographical location, currency, market, maturity and anticipated
profitability. This would necessarily translate into the identification of
target markets and business sectors, preferred levels of diversification

21
 and concentration, the cost of capital in granting credit and the cost of
bad debts.

3. The credit risk strategy should provide continuity in approach as also

take into account the cyclical aspects of the economy and the resulting
shifts in the composition/ quality of the overall credit portfolio. This
strategy should be viable in the long run and through various credit
cycles.

4. Senior management of a bank shall be responsible for implementing

the credit risk strategy approved by the Board.
 Organizational Structure
Sound organizational structure is sine qua non for successful
implementation of an effective credit risk management system. The
organizational structure for credit risk management should have the
following basic features:

1. The Board of Directors should have the overall responsibility for

management of risks. The Board should decide the risk management
policy of the bank and set limits for liquidity, interest rate, foreign
exchange and equity price risks.

The Risk Management Committee will be a Board level Sub

committee including CEO and heads of Credit, Market and Operational Risk
Management Committees. It will devise the policy and strategy for
integrated risk management containing various risk exposures of the bank
including the credit risk. For this purpose, this Committee should effectively

22
coordinate between the Credit Risk Management Committee (CRMC), the
Asset Liability Management Committee and other risk committees of the
bank, if any. It is imperative that the independence of this Committee is
preserved. The Board should, therefore, ensure that this is not compromised
at any cost. In the event of the Board not accepting any recommendation of
this Committee, systems should be put in place to spell out the rationale for
such an action and should be properly documented. This document should
be made available to the internal and external auditors for their scrutiny and
comments. The credit risk strategy and policies adopted by the committee
should be effectively
 Operations / Systems
Banks should have in place an appropriate credit administration, credit
risk measurement and monitoring processes. The credit administration
process typically involves the following phases:

1. Relationship management phase i.e. business development.

2. Transaction management phase covers risk assessment, loan pricing,

structuring the facilities, internal approvals, documentation, loan
administration, on going monitoring and risk measurement.

3. Portfolio management phase entails monitoring of the portfolio at a

macro level and the management of problem loans

4. On the basis of the broad management framework stated above, the

banks should have the following credit risk measurement and
monitoring procedures:

23
 5. Banks should establish proactive credit risk management practices
like annual / half yearly industry studies and individual obligor
reviews, periodic credit calls that are documented, periodic visits of
plant and business site, and at least quarterly management reviews of
troubled exposures/weak credits

 Credit Risk Models

A credit risk model seeks to determine, directly or indirectly, the

answer to the following question: Given our past experience and our
assumptions about the future, what is the present value of a given loan or
fixed income security? A credit risk model would also seek to determine the
(quantifiable) risk that the promised cash flows will not be forthcoming. The
techniques for measuring credit risk that have evolved over the last twenty
years are prompted by these questions and dynamic changes in the loan
market.

The increasing importance of credit risk modeling should be seen as

the consequence of the following three factors:

1. Banks are becoming increasingly quantitative in their treatment of

credit risk.

2. New markets are emerging in credit derivatives and the marketability

of existing loans is increasing through securitization/ loan sales
market."

24
 3. Regulators are concerned to improve the current system of bank
capital requirements especially as it relates to credit risk.
 Importance of Credit Risk Models
Credit Risk Models have assumed importance because they provide
the decision maker with insight or knowledge that would not otherwise be
readily available or that could be marshalled at prohibitive cost. In a
marketplace where margins are fast disappearing and the pressure to lower
pricing is unrelenting, models give their users a competitive edge. The credit
risk models are intended to aid banks in quantifying, aggregating and
managing risk across geographical and product lines. The outputs of these
models also play increasingly important roles in banks' risk management and
performance measurement processes, customer profitability analysis, risk-
based pricing, active portfolio management and capital structure decisions.
Credit risk modeling may result in better internal risk management and may
have the potential to be used in the supervisory oversight of banking
organizations.
 RBI Guidelines on Credit Risk New Capital Accord:
Implications for Credit Risk Management
The Basel Committee on Banking Supervision had released in June
1999 the first Consultative Paper on a New Capital Adequacy Framework
with the intention of replacing the current broad-brush 1988 Accord. The
Basel Committee has released a Second Consultative Document in January
2001, which contains refined proposals for the three pillars of the New
Accord - Minimum Capital Requirements, Supervisory Review and Market

25
Discipline. The Committee proposes two approaches, for estimating
regulatory capital. Viz.

1. Standardized and
2. Internal Rating Based (IRB)

Under the standardized approach, the Committee desires neither to

produce a net increase nor a net decrease, on an average, in minimum
regulatory capital, even after accounting for operational risk. Under the
Internal Rating Based (IRB) approach, the Committee's ultimate goals are
to ensure that the overall level of regulatory capital is sufficient to address
the underlying credit risks and also provides capital incentives relative to the
standardized approach, i.e., a reduction in the risk weighted assets of 2% to
3% (foundation IRB approach) and 90% of the capital requirement under
foundation approach for advanced IRB approach to encourage banks to
adopt IRB approach for providing capital.
The minimum capital adequacy ratio would continue to be 8% of the
risk-weighted assets, which cover capital requirements for market (trading
book), credit and operational risks. For credit risk, the range of options to
estimate capital extends to include a standardized, a foundation IRB and an
advanced IRB approaches.

 RBI Guidelines for Credit Risk Management Credit Rating

Framework
A Credit-risk Rating Framework (CRF) is necessary to avoid the
limitations associated with a simplistic and broad classification of

26
loans/exposures into a "good" or a "bad" category. The CRF deploys a
number/ alphabet/ symbol as a primary summary indicator of risks
associated with a credit exposure. Such a rating framework is the basic
module for developing a credit risk management system and all advanced
models/approaches are based on this structure. In spite of the advancement
in risk management techniques, CRF is continued to be used to a great
extent. These frameworks have been primarily driven by a need to
standardize and uniformly communicate the "judgment" in credit selection
procedures and are not a substitute to the vast lending experience
accumulated by the banks' professional staff.

12.OPERATIONAL RISK
Operational risk is the risk associated with operating a business. Operational
risk covers such a wide area that it is useful to subdivide operational risk
into two components:
 Operational failure risk.
 Operational strategic risk.
Operational failure risk arises from the potential for failure in the course of
operating the business. A firm uses people, processes and technology to
achieve the business plans, and any one of these factors may experience a
failure of some kind. Accordingly, operational failure risk can be defined as
the risk that there will be a failure of people, processes or technology within
the business unit. A portion of failure may be anticipated, and these risks
should be built into the business plan. But it is unanticipated, and therefore

27
uncertain, failures that give rise to key operational risks. These failures can
be expected to occur periodically, although both their impact and their
frequency may be uncertain.
The impact or severity of a financial loss can be divided into two
categories:
 An expected amount
 An unexpected amount.
The latter is itself subdivided into two classes: an amount classed as severe,
and a catastrophic amount. The firm should provide for the losses that arise
from the expected component of these failures by charging expected
revenues with a sufficient amount of reserves. In addition, the firm should
set aside sufficient economic capital to cover the unexpected component, or
resort to insurance.
Operational strategic risk arises from environmental factors, such as a
new competitor that changes the business paradigram, a major political and
regulatory regime change, and earthquakes and other such factors that are
outside the control of the firm. It also arises from major new strategic
initiatives, such as developing a new line of business or re-engineering an
existing business line. All business rely on people, processes and technology
outside their business unit, and the potential for failure exists there too, this
type of risk is referred to as external dependency risk.

Operational Risk

Operational failure risk Operational strategic risk

(Internal operational risk) (External operational risk)
28
The risk encountered in pursuit The risk of choosing an
of a particular strategy due to: inappropriate strategy in
The figure above summarizes the relationship between operational failure
risk and operational strategic risk. These two principal categories of risk are
also sometimes defined as “internal” and “ external” operational risk.

Operational risk is often thought to be limited to losses that can occur

in operating or processing centers. This type of operational risk, sometimes
referred as operations risk, is an important component, but it by no means
covers all of the operational risks facing the firm. Our definition of
operational risk as the risk associated with operating the business means
significant amounts of operational risk are also generated outside the
processing centers.
Risk begins to accumulate even before the design of the potential
transaction gets underway. It is present during negotiations with the client
(regardless of whether the negotiation is a lengthy structuring exercise or a
routine electronic negotiation.) and continues after the negotiation as the
transaction is serviced.

29
 A complete picture of operational risk can only be obtained if the
bank’s activity is analyzed from beginning to end. Several things have to be
in place before a transaction is negotiated, and each exposes the firm to
operational risk. The activity carried on behalf of the client by the staff can
expose the institution to “people risk”. “People risk” are not only in the form
of risk found early in a transaction. But they further rely on using
sophisticated financial models to price the transaction. This creates what is
called as Model risk which can arise because of wrong parameters like input
to the model, or because the model is used inappropriately and so on.
Once the transaction is negotiated and a ticket is written, errors can
occur as the transaction is recorded in various systems or reports. An error
here may result in the delayed settlement of the transaction, which in turn
can give rise to fines and other penalties. Further an error in market risk and
credit risk report might lead to the exposures generated by the deal being
understated. In turn this can lead to the execution of additional transactions
that would otherwise not have been executed. These are examples of what is
often called as “process risk”
The system that records the transaction may not be capable of
handling the transaction or it may not have the capacity to handle such
transactions. If any one of the step is out-sourced, then external dependency
risk also arises. However, each type of risk can be captured either as people,
processes, technology, or an external dependency risk, and each can be
analyzed in terms of capacity, capability or availability

 Who Should Manage Operational Risk?

30
 The responsibility for setting policies concerning operational risk
remains with the senior management, even though the development of those
policies may be delegated, and submitted to the board of directors for
approval. Appropriate policies must be put in place to limit the amount of
operational risk that is assumed by an institution. Senior management
needs to give authority to change the operational risk profile to those who
are the best able to take action. They must also ensure that a methodology
for the timely and effective monitoring of the risks that are incurred is in
place. To avoid any conflict of interest, no single group within the bank
should be responsible for simultaneously setting policies, taking action and
monitoring risk.

Internal Audit

Senior
Management

Business Management Risk Management

Legal Insurance
Operations Finance
Information
Technology

31
Policy Setting
The authority to take action generally rests with business
management, which is responsible for controlling the amount of operational
risk taken within each business line. The infrastructure and the governance
groups share with business management the responsibility for managing
operational risk.
The responsibility for the development of a methodology for
measuring and monitoring operational risks resides most naturally with
group risk management functions. The risk management function also needs
to ensure the proper operational risk/ reward analysis is performed in the
review of existing businesses and before the introduction of new initiatives
and products. In this regard, the risk management function works very
closely with, but independent from, business management, infrastructure,
and other governance group
Senior management needs to know whether the responsibilities it has
delegated are actually being tended to, and whether the resulting processes
are effective. The internal audit function within the bank is charged with this
responsibility.

EIGHT KEY ELEMENTS TO ACHIEVE BEST OPERATIONAL

RISK MANAGEMENT.

1. Policy

32
 2.Risk Identification
8. Economic Capital

7. Risk Analysis Best Practice 3. Business Process

6. Reporting
4. Measuring Methodology

5. Exposure Management

1. Develop well-defined operational risk policies. This includes

explicitly articulating the desired standards for the risk measurement.
One also needs to establish clear guidelines for practices that may
contribute to a reduction of operational risk.
2. Establish a common language of risk identification. For e.g., the term
“people risk” includes a failure to deploy skilled staff. “Technology
risk” would include system failure, and so on.
3. Develop business process maps of each business. For e.g., one should
create an “operational risk catalogue” which categories and defines
the various operational risks arising from each organizational unit in
terms of people, process, and technology risk. This catalogue should
be tool to help with operational risk identification and assessment.
4. Develop a comprehensible set of operational risk metrics. Operational
risk assessment is a complex process. It needs to be performed on a

33
 firm-wide basis at regular intervals using standard metrics. In early
days, business and infrastructure groups performed their own
assessment of operational risk. Today, self-assessment has been
discredited. Sophisticated financial institutions are trying to develop
objective measures of operational risk that build significantly more
reliability into the quantification of operational risk.
5. Decide how to manage operational risk exposure and take appriate
action to hedge the risks. The bank should address the economic
question of th cost-benefit of insuring a given risk for those
operational risks that can be insured.
6. Decide how to report exposure.
7. Develop tools for risk analysis, and procedures for when these tools
should deploped. For e.g., risk analysis is typically performed as part
of a new product process, periodic business reviews, and so on. Stress
testing should be a standard part of risk analysis process. The
frequency of risk assessment should be a function of the degree to
which operational risks are expected to change over time as
businesses undertake new initiatives, or as business circumstances
evolve. This frequency might be reviewed as operational risk
measurement is rolled out across the bank a bank should update its
risk assessment more frequently. Further one should reassess
whenever the operational risk profile changes significantly.
8. Develop techniques to translate the calculation of operational risk into
a required amount of economic capital. Tools and procedures should

34
 be developed to enable businesses to make decisions about
operational risk based on risk/reward analysis.

An Idealized Bank of The Future

The efficient bank of the future will be driven by a single analytical
risk engine that draws its data from a single logical data repository. This
engine will power front-, middle-, and back-office functions, and supply
information about enterprise-wide risk. The ability to control and manage
risk will be finely tuned to meet specific business objectives. For example,
far fewer significantly large losses, beyond a clearly articulate tolerance for
loss, will be incurred and the return to risk profile will be vastly improved.
With the appropriate technology in place, financial trading across all
asset classes will move from the current vertical, product-oriented
environment (e.g., swaps, foreign exchange, equities, loans, etc.) to a
horizontal, customer-oriented environment in which complex combinations
of asset types will be traded.
There will be less need for desks that specialize in single product
lines. The focus will shift to customer needs rather than instrument types.

35
The management of limits will be based on capital, set in such a manner so
as to maximize the risk-adjusted return on capital for the firm.
The firm’s exposure will be known and disseminated in real time.
Evaluating the risk of a specific deal will take into account its effect on the
firm’s total risk exposure, rather than simply the exposure of the individual
deal.
Banks that dominate this technology will gain a tremendous
competitive advantage. Their information technology and trading
infrastructure will be cheaper than today’s by orders of magnitude.
Conversely, banks that attempt to build this infrastructure in-house will
become trapped in a quagmire of large, expensive IT departments-and
poorly supported software.
The successful banks will require far fewer risk systems. Most of
which will be based on a combination of industry standard, reusable, robust
risk software and highly sophisticated proprietary analytics. More
importantly, they will be free to focus on their core business and offer
products more directly suited to their customers’ desired return to risk
profiles.

36
Study of Operational Risk at Punjab National Bank

 About Punjab National Bank

Established in 1895 at Lahore, undivided India, Punjab National Bank
(PNB) has the distinction of being the first Indian bank to have been started
solely with Indian capital.The bank was nationalised in July 1969 along with
13 other banks. From its modest beginning, the bank has grown in size and
stature to become a front-line banking institution in India at present. It is a
professionally managed bank with a successful track record of over 110
years.
It has the largest branch network in India - 4525 Offices including 432
Extension Counters spread throughout the country. With its presence
virtually in all the important centres of the country, Punjab National Bank
offers a wide variety of banking services which include corporate and
personal banking, industrial finance, agricultural finance, financing of trade

37
and international banking. Among the clients of the Bank are Indian
conglomerates, medium and small industrial units, exporters, non-resident
Indians and multinational companies. The large presence and vast resource
base have helped the Bank to build strong links with trade and industry.

 Operational Risk
Punjab National Bank is exposed to many types of operational risk.
Operational risk can result from a variety of factors, including:

1. Failure to obtain proper internal authorizations,

2. Improperly documented transactions,
3. Failure of operational and information security procedures,
4. Computer systems,
5. Software or equipment,
6. Fraud,
7. Inadequate training and employee errors.
PNB attempts to mitigate operational risk by maintaining a comprehensive
system of internal controls, establishing systems and procedures to monitor
transactions, maintaining key back–up procedures and undertaking regular
contingency planning.
I. Operational Controls and Procedures in Branches
PNB has operating manuals detailing the procedures for the processing of
various banking transactions and the operation of the application software.

38
Amendments to these manuals are implemented through circulars sent to all
offices.
When taking a deposit from a new customer, PNB requires the new
customer to complete a relationship form, which details the terms and
conditions for providing various banking services.
Photographs of customers are also obtained for PNB’s records, and
specimen signatures are scanned and stored in the system for online
verification. PNB enters into a relationship with a customer only after the
customer is properly introduced to PNB. When time deposits become due
for repayment, the deposit is paid to the depositor. System generated
reminders are sent to depositors before the due date for repayment. Where
the depositor does not apply for repayment on the due date, the amount is
transferred to an overdue deposits account for follow up.
PNB has a scheme of delegation of financial powers that sets out the
monetary limit for each employee with respect to the processing of
transactions in a customer's account. Withdrawals from customer accounts
are controlled by dual authorization. Senior officers have delegated power to
authorize larger withdrawals. PNB’s operating system validates the check
number and balance before permitting withdrawals. PNB’s banking software
has multiple security features to protect the integrity of applications and
data.
II. Operational Controls and Procedures for Internet Banking
In order to open an Internet banking account, the customer must provide
PNB with documentation to prove the customer's identity, including a copy
of the customer's passport, a photograph and specimen signature of the

39
customer. After verification of the same, PNB opens the Internet banking
account and issues the customer a user ID and password to access his
account online.
III. Operational Controls and Procedures in Regional Processing
Centers & Central Processing Centers
To improve customer service at PNB’s physical locations, PNB handles
transaction processing centrally by taking away such operations from
branches. PNB has centralized operations at regional processing centers
located at 15 cities in the country. These regional processing centers process
clearing checks and inter-branch transactions, make inter-city check
collections, and engage in back office activities for account opening,
standing instructions and auto-renewal of deposits.
PNB has centralized transaction processing on a nationwide basis for
transactions like the issue of ATM cards and PIN mailers, reconciliation of
ATM transactions, monitoring of ATM functioning, issue of passwords to
Internet banking customers, depositing post-dated cheques received from
retail loan customers and credit card transaction processing. Centralized
processing has been extended to the issuance of personalized check books,
back office activities of non-resident Indian accounts, opening of new bank
accounts for customers who seek web broking services and recovery of
service charges for accounts for holding shares in book-entry form.
IV. Operational Controls and Procedures in Treasury
PNB has a high level of automation in trading operations. PNB uses
technology to monitor risk limits and exposures. PNB’s front office, back
office and accounting and reconciliation functions are fully segregated in

40
both the domestic treasury and foreign exchange treasury. The respective
middle offices use various risk monitoring tools such as counterparty limits,
position limits, exposure limits and individual dealer limits. Procedures for
reporting breaches in limits are also in place.
PNB’s front office treasury operation for rupee transactions consists of
operations in fixed income securities, equity securities and inter-bank money
markets. PNB’s dealers analyze the market conditions and take views on
price movements. Thereafter, they strike deals in conformity with various
limits relating to counterparties, securities and brokers. The deals are then
forwarded to the back office for settlement.
The inter-bank foreign exchange treasury operations are conducted through
Reuters dealing systems. Brokered deals are concluded through voice
systems. Deals done through Reuters systems are captured on a real time
basis for processing. Deals carried out through voice systems are input in the
system by the dealers for processing. The entire process from deal
origination to settlement and accounting takes place via straight through
processing. The processing ensures adequate checks at critical stages. Trade
strategies are discussed frequently and decisions are taken based on market
forecasts, information and liquidity considerations. Trading operations are
conducted in conformity with the code of conduct prescribed by internal and
regulatory guidelines.
The Treasury Middle Office Group, monitors counterparty limits, evaluates
the mark-to-market impact on various positions taken by dealers and
monitors market risk exposure of the investment portfolio and adherence to
various market risk limits set up by the Risk, Compliance and Audit Group.

41
PNB’s back office undertakes the settlement of funds and securities. The
back office has procedures and controls for minimizing operational risks,
including procedures with respect to deal confirmations with counterparties,
verifying the authenticity of counterparty checks and securities, ensuring
receipt of contract notes from brokers, monitoring receipt of interest and
principal amounts on due dates, ensuring transfer of title in the case of
purchases of securities, reconciling actual security holdings with the
holdings pursuant to the records and reports any irregularity or shortcoming
observed.

V. Audit
The Internal Audit Group undertakes a comprehensive audit of all business
groups and other functions, in accordance with a risk-based audit plan. This
plan allocates audit resources based on an assessment of the operational risks
in the various businesses. The Internal Audit group conceptualizes and
implements improved systems of internal controls, to minimize operational
risk. The audit plan for every fiscal year is approved by the Audit
Committee of PNB’s board of directors. The Internal Audit group also has a
dedicated team responsible for information technology security audits.
Various components of information technology from applications to
databases, networks and operating systems are covered under the annual
audit plan.

42
 CONCLUSION

 The Banks should review Basel II components and develop a vision,

strategy and action plan for what is expected to be a suitable
framework based on how the banking system evolves over time.
 The Banks need regular engagement for sustained support. A qualified
long-term advisor would be preferable.
 A workshop should be planned to produce a road map to Basel II
Compliance.
 Training and additional assistance to make it easier for the banking
system to comply with new guidelines on market and operational risk.
 Data Privacy and security needs more attention

43
  RBI has decided to follow a consultative process while implementing
Basel II norms and move in a gradual, sequential and co-ordinate
manner.
 For this purpose, dialogue has already been initiated with the
stakeholders. As envisaged by the Basel Committee, the accounting
profession too, will make a positive contribution in this respect to
make Indian banking system still stronger.

BIBILOGHAPHY

 www.rbi.org
 www.bis.com

 www.iib.org

 www.pnbindia.com
 www.google.co.in

44
45