Dipu

RIS
K MANAGEMENT IN BANKS
TOPIC
“Risk Management in Banks”
SUBMITTED BY
DEEPIKA.N.PATEL
PROJECT GUIDE
MR.GURUNATHAN PILLAI
T.Y.B.C.B.C.I. (V SEMESTER)
SUBMITTED TO
UNIVERSITY OF MUMBAI
RAJASTHANI SAMMELAN’ S
Ghanshyamdas Saraf College
Affiliated to University of Mumbai
ACCREDITED BY NAAC WITH ‘A’ GRADE
&
Durgadevi Saraf Junior College
(ARTS & COMMERCE)
S.V. Road, Malad (W)
Mumbai: 400 064
Year: 2010 -2011

RIS
DECLARATION
I Miss DEEPIKA .N. PATEL of Ghanshyamdas Saraf College of

Arts and Commerce, Malad (W) of T.Y.B.B.I (Semester V) has
completed project on “RISK MANAGEMENT IN BANKS” in the
academic year 2010-11. This information submitted is true and
original to the best of my knowledge.
Date: Signature of student
RAJASTHANI SAMMELAN’ S
RIS
Ghanshyamdas Saraf College
Affiliated to University of Mumbai
ACCREDITED BY NAAC WITH ‘A’ GRADE
&
Durgadevi Saraf Junior College
(ARTS & COMMERCE)
S.V. Road, Malad (W)
Mumbai: 400 064
CERTIFICATE
I Mr. Gurunathan Pillai hereby certify that Ms.Deepika.N.Patel.
A student of Ghanshyamdas Saraf College of T.Y.B.C.B.I
(Semester V) has completed Project on “RISK MANAGEMENT IN
BANKS “in the Academic Year 2010 -2011. This information
submitted is true and Original to the best of my Knowledge.
Project co- co-ordinator

Principal
Date:
College Seal
External examiner
Date
RIS
ACKNOWLEDGEMENT
I would like to thank the University of Mumbai and my

college for giving me this opportunity for taking such a
challenging project, which has enhanced my knowledge about
“RISK MANAGEMENT IN BANKS”
It’s my duty to acknowledge with gratitude the help

rendered to me by these individuals,
Executive Summary
RIS
Risk is inherent in any walk of life in general and in

financial sectors in particular. Risk is the potential that events and
actions may have an adverse effect on capital or earnings till recently,
due to regulate environment, banks could not afford to
take risks. But of late, banks are exposed to same
competition and hence are compeled to encounter
various types of financial and non-financial risks. Risks
and uncertainties form an integral part of banking which
by nature entails taking risks.
There are three main categories of risks; Credit Risk,
Market Risk & Operational Risk Various tools and
techniques to manage Credit Risk, Market Risk and
Operational Risk and its various components, are also
discussed in detail. Risk Aggregation & Capital Allocation
and Risk Based Supervision (RBS), in managing risks in
banking sector.
RIS
SR NO TOPIC PG NO
1 INTRODUCTION.
2 TYPE OF RISK
3 CREDIT RISK
4 MARKET RISK
5 OPERATIONAL RISK
7 RISK MANAGEMENT IN BANKS
8 NEW PRODUCTS RISK
WHAT TO DO ABOUT RISK?
CONCLUSION
BIBLIOGRAPHY
RIS
RIS
RISK
MANAGEMENT IN
BANKS
INTRODUCTION
RIS
Banks in the process of financial intermediation are confronted with various kinds
of financial and non-financial risks viz., credit, interest rate, foreign exchange rate,
liquidity, equity price, commodity price, legal, regulatory, reputational, etc. These
risks are highly interdependent and events that affect one area of risk can have
ramifications for a range of other Risk categories. Thus, top management of banks
should attach considerable importance to improve the ability to identify measure,
monitor and control the overall level of risks undertaken.
RISK DEFINED
“Risk is the possibility of loss or damage”.

“Risk is the measure of profitability and severity of adverse effects”.
“Risk is the potential for realization of unwanted negative consequences of an
event”.
In any transaction, when there is a possibility of loss or peril, it may be termed

as a risky transaction As discussed above, risks are inherent in financial
intermediation and cannot be eliminated. However, they cannot only be managed
and controlled but even be turned into opportunities.
THE BROAD PARAMETERS OF RISK MANAGEMENT

FUNCTION SHOULD ENCOMPASS
RIS
(i) Organizational structure;
(ii) Comprehensive risk measurement approach;
(iii) Risk management policies approved by the Board which should be

consistent with the broader business strategies, capital strength,
management expertise and overall willingness to assume risk;
(iv) Guidelines and other parameters used to govern risk taking

including detailed structure of prudential limits;
(v) Strong MIS for reporting, monitoring and controlling risks;
(vi) Well laid out procedures, effective control and comprehensive risk
reporting
(vii) Separate risk management framework independent of operational

Departments and with clear delineation of levels of responsibilities
for management of risk; and
(viii) Periodical review and evaluation
THE PROCESS OF RISK MANAGEMENT INVOLVES

THE FOLLOWING
RIS
 Recognition and understanding,
 Measurement and
 Monitoring and control
For effective risk management, a comprehensive risk management policy has

to be formulated incorporating a detailed structure of limits and guidelines to be
followed, and a strong management information system built up for continuous
monitoring and reporting of risk exposures.
Risk management is a process, by which an organization, say a bank,

identifies, measures, monitors and controls its risk exposures. Risk management is
a continuous process and not a onetime activity.
Diagrammatically risk management process can be presented as under.
By this process, the bank ensures that:
 There is a common understanding of risks across the organizations.
 Risks are within the tolerances established by the board of directors.
 Risk taking decisions are consistent with strategic business objectives.
 Appropriate processes facilitate explicit and clear risk-taking decisions.
 Expected return compensates for the risk taken and
 Capital allocation is consistent with risk exposures.

RIS
TYPES OF RISKS
As per the RESERVE BANK OF INDIA guidelines issued in October 1999,

there are three major types of risks encountered by the banks and these CREDIT
RISK, MARKET RISK AND OPERATIONAL RISK. In the article, we will see
what the components of these three major risks are. In August 2001, a discussion
paper on move towards Risk based Supervision was published. Further, in
September 2001 a guidance note on Credit Risk Management was sent to all the
banks. Recently in March 2002, a guidance note on Market Risk Management was
also circulated to all the banks and this was followed by a discussion paper on
Country Risk released in May 2002.
Risk is the potentiality that both the expected and unexpected events may have
as adverse impact on the bank’s capital or earnings. The expected loss is to be
borne by the borrower and hence is taken care of by adequately pricing the
products through risk premium and reserves created out of the earnings. It is the
amount expected to be lost due to changes in credit quality resulting in default.
Whereas, the unexpected loss on account of the individual exposure and the
whole portfolio in entirety is to be borne by the bank itself and hence is to be taken
care of by the capital. Thus, the expected losses are covered by reserves and
provisions and the unexpected losses require capital allocation. Hence, the need for
sufficient Capital Adequacy Ratio is felt. Each type of risk is measured to
determine both the expected and unexpected losses using VaR (Value at Risk) or
worst-case type analytical model.
TYPES OF FINANCIAL RISK

RIS
[I] CREDIT RISKS:-

RIS
In course of banks lending involves a number of risks. In addition to the risks

related to creditworthiness of the counterparty, the banks are also exposed to
interest rate, forex and country risks.
Unlike market risks, where the measurement, monitoring, control etc. are to a
great extent centralized. Credit risks management is a decentralized function or
activity. This is to say that credit risk taking activity is spread across the length and
breadth of the network of branches, as lending is a decentralized function. Proper a
sufficient care has to be taken for appropriate management of credit risk.
Credit risk or default risk involves inability or unwillingness of a customer or

counterparty to meet commitments in relation to lending, trading, hedging,
settlement and other financial transactions. The objective of credit risk
management is to minimize the risk and maximize banks risk adjusted rate of
return by assuming and maintaining credit exposure within the acceptable
parameters.
The Credit Risk is generally made up of transaction risk or default risk and
portfolio risk. The portfolio risk in turn comprises intrinsic and concentration risk.
The credit risk of a bank’s portfolio depends on both external and internal factors.
The external factors are the state of the economy, rates and interest rates, trade
restrictions, economic sanctions, wide swings in commodity/equity prices, foreign
exchange rates and interest rates, trade restrictions, economic sanctions,
Government policies, etc. The internal factors are deficiencies in loan
policies/administration, absence of prudential credit concentration limits,
inadequately defined lending limits for Loan Officers/Credit Committees,
deficiencies in appraisal of borrowers financial position, excessive dependence on
collaterals and inadequate risk pricing, absence of loan review mechanism and post
sanction surveillance, etc.
Another variant of credit risk is counterparty risk. The counterparty risk

arises from non-performance of the trading partners. The nonperformance may
arise from counterparty’s refusal/inability to perform due to adverse price
movements or from external constraints that were not anticipated by the principal.
The counterparty risk is generally viewed as a transient financial risk associated
with trading rather than standard credit risk.
RIS
Importance of Credit Risk Management

The credit risk management is of utmost importance for the banks and other
financial institutions that have been the chief sources of credit for many years. It
has been observed that the financial institutions that are able to manage their credit
risks properly are functioning well.
Situations of Credit Risk Management

There are a variety of problems related to credit risk management that have been
important in this context.
However, the most important factor in this case has been the absence of proper
credit rules for the debtors. At times it has also been noticed that the companies
have not been able to manage their portfolios in a proper way.
The banks and other financial institutions that are dealing in credit services have
not always been able to take into account the various economic factors that have
contributed to a decline in the credit capabilities of the borrowers.
Aim of Credit Risk Management

The most basic aim of the process of credit risk management is to minimize the
levels of credit risk that a particular institutional creditor like a bank faces when it
lends money to a particular borrower. The system of credit risk management
accomplishes that by keeping the levels of the risk faced by a bank within certain
acceptable standards.
The management of credit risk should receive the top management’s

attention and the process should encompass:
Measurement of risk through credit rating/scoring:-
(a) Quantifying the risk through estimating expected loan losses i.e. the amount
of loan losses that bank would experience over a chosen time horizon
(through tracking portfolio behavior over 5 or more years) and
unexpected loss (through standard deviation of losses or the difference
RIS
between expected loan losses and some selected target credit loss
quantile);
(b) Risk pricing on a scientific basis; and
(c) Controlling the risk through effective Loan Review Mechanism and
portfolio management.
The credit risk management process should be articulated in the bank’s Loan
Policy, duly approved by the Board. Each bank should constitute a high level
Credit Policy Committee, also called Credit Risk Management Committee or
Credit Control Committee etc. to deal with issues relating to credit policy and
procedures and to analyze, manage and control credit risk on a bank wide basis.
The Committee should be headed by the Chairman/CEO/ED, and should

comprise heads of Credit Department, Treasury, Credit Risk Management
Department (CRMD) and the Chief Economist.
The Committee should, inter alia, formulate clear policies on standards for
presentation of credit proposals, financial covenants, rating standards and
benchmarks, delegation of credit approving powers, prudential limits on large
credit exposures, asset concentrations, standards for loan collateral, portfolio
management, loan review mechanism, risk concentrations, risk monitoring and
evaluation, pricing of loans, provisioning, regulatory/legal compliance, etc.
Concurrently, each bank should also set up Credit Risk Management

Department (CRMD), independent of the Credit Administration Department.
The CRMD should enforce and monitor compliance of the risk parameters and
prudential limits set by the CPC.
The CRMD should also lay down risk assessment systems, monitor quality of
loan portfolio, identify problems and correct deficiencies, develop MIS and
undertake loan review/audit.
RIS
Large banks may consider separate set up for loan review/audit. The CRMD
should also be made accountable for protecting the quality of the entire loan
portfolio. The Department should undertake portfolio evaluations and conduct
comprehensive studies on the environment to test the resilience of the loan
portfolio.
CREDIT RISK may be defined as the risk of default on the part of the
borrower. The lender always faces the risk of the counter party not repaying the
loan or not making the due payment in time. This uncertainty of repayment by the
borrower is also known as default risk.
Some of the commonly used methods to measure credit risk

are:
a. Ratio of non performing advances to total advances;
b. Ratio of loan losses to bad debt reserves;
c. Ratio of loan losses to capital and reserves;
d. Ratio of loan loss provisions to impaired credit;
e. Ratio of bad debt provision to total income; etc.
Managing credit risk has been a problem for the banks for centuries. As had
been observed by JOHN MEDLIN, 1985 issue of US banker.
“Balancing the risk equation is one of the most difficult aspects of banking. If
you lend too liberally, you get into trouble. If you don’t lend liberally you get
criticized”.
RIS
Over the tears, bankers have developed various methods for containing credit
risk. The credit policy of the banks generally prescribes the criteria on which the
bank extends credit and, inter alia, provides for standards.
TOOLS OF CREDIT RISK MANAGEMENT.
The instruments and tools, through which credit risk management are carried
out, are detailed below:
1. Portfolio management.
2. Loan review mechanism.
 PORTFOLIO MANAGEMENT.
Stipulate quantitative ceiling on aggregate exposure on specific rating

Categories, distribution of borrowers in various industries, business group rapid
portfolio reviews. The existing framework of tracking the non-performing loans
around the balance sheet date does not signal the quality of the entire loan book.
There should be a proper and regular on-going system for identification of credit
weakness well in advance. Initiative steps to preserve the desired the portfolio
quality and integrate portfolio reviews with credit decision making process.
Credit portfolio management emanated from the potential adverse impact of

concentration of exposures and the necessity to optimize the benefit associated
with diversification.
[II] MARKET RISK:-

RIS
Traditionally, credit risk management was the primary challenge for banks.
With progressive deregulation, market risk arising adverse changes in market
variables, such as interest rate, foreign exchange rate, equity price and commodity
price has become relatively more important. Even a small change in market
variables causes substantial changes in income and value of banks.
MARKET RISK may be defined as the possibility of loss to a bank caused

by the changes in the market variables. It is the risk that the value of on/off-balance
sheet positions will be adversely affected by movements if equity and interest rate
markets, currency exchange rates and commodity prices.
Market risk is the risk to the bank’s earnings and capital due to changes in the
market level of interest rates or prices of an securities, foreign exchange and
equities, as well as the volatilities of those prices. Market Risk management
provides a comprehensive and dynamic framework for measuring, monitoring and
managing liquidity, interest rate, foreign exchange and equity as well as
commodity price risk of a bank that needs to be closely integrated with the banks
business strategy.
Uses of Market Risk Management

The process of market risk management has a number of applications in the
context of today's global market. Its most basic use lies in the fact that it furnishes
the business concerns with a particular risk structure. This risk structure comes in
handy especially when a particular company is operating either in its closing or
opening phase.
Main Characteristics of Market Risk Management

Following are the principal characteristics of the system of market risk
management:
• World limit management: This process is at the base of the various trading
plans that are used across the world as well as their applications. This
process also makes sure that the amount of loss that may be faced by a
particular company while carrying out business transactions is not more than
what is being expected by that organization.
RIS
• The various market risk management systems make sure that the various
information related to the market are relevant as far as the parameters of
input in case of the market risk calculations are concerned.
• Indicators: These are applicable only in the case of banks and certain
businesses. These are normally used in order to find out the problems that
may be related to market risks.
Scenario analysis and stress testing is yet another tool used to asses areas of
potential problems in a given portfolio. Identification of future changes in
economic conditions like-
ECONOMIC / INDUSTRY OVERTURNS.
MARKET RISK EVENTS.
LIQUIDITY CONDITIONS.
That could have unfavorable effect on banks portfolio is a condition

precedent for carrying out stress testing. As the underlying assumption keeps
changing from time to time, out-put of the test should be reviewed periodically.
Market risk arises out of the dynamics of market forces, which, for the
banking industry, may include interest rate fluctuations, maturity mismatches,
exchange rate fluctuations, market competition in terms of services and products,
changing customer preferences and requirements resulting in product obsolescene,
coupled with changes national and international politico-economic scenario. These
risks are like perils of the sea, which can be caused by any change-taking place
anywhere in the national and international arena.
Market risks affect banks in two ways:

RIS
i. The customer requirements are changing because of the changing economics

scenario. Hence banks have to fine-tune/modify their products to make them
customer friendly, otherwise the obsolescene of products will divert the customers
to other banks thereby reducing the business and profits of the bank concerned.
ii. The macro-economic changes in the national and international polotico-
economic scenario affect the risk element in different business activities
differently. This aspect has assumed greater importance in the modern age, because
of the increasing integration of global markets.
Since both these aspects are dynamic in nature, with change being the only
constant factor, market risks need to be monitored on a continuous basis and
appropriate strategies evolved to keep these risks within manageable limits. Again,
given that one can manage only what one can measure, measurement of risks on a
continuous basis deserves immediate attention.
Market risk can be defined as the risk of losses in on and off balance sheet
positions arising from adverse movement of market variables.
Market Risk Management
Management of market risk should be the major concern of top management

of banks. The Boards should clearly articulate market risk management policies,
procedures, prudential risk limits, review mechanisms and reporting and auditing
systems. The policies should address the bank’s exposure on a consolidated basis
and clearly articulate the risk measurement systems that capture all material
sources of market risk and assess the effects on the bank. The operating prudential
limits and the accountability of the line management should also be clearly
defined. The Asset-Liability Management Committee (ALCO) should function as
the top operational unit for managing the balance sheet within the performance/risk
parameters laid down by the Board. The banks should also set up an independent
Middle Office to track the magnitude of market risk on a real time basis. The
RIS
Middle Office should comprise of experts in market risk management, economists,

statisticians and general bankers and may be functionally placed directly under the
ALCO. The Middle Office should also be separated from Treasury Department and
should not be involved in the day to day management / ALCO / Treasury about
adherence to prudential / risk parameters and also aggregate the total market risk
exposures assumed by the bank at any point of time.
MARKET RISK TAKES THE FORM OF:-
1) Liquidity Risk
2) Interest Rate Risk
3) Commodity Price Risk and
4) Equity Price Risk
A concise definition of each of the above Market Risk factors and how they
are managed is described below:
LIQUIDITY RISK/MATURITY GAP RISK:-
Liquidity Planning is an important facet of risk management

framework in banks. Liquidity is the ability to efficiently accommodate deposit
and other liability decreases, as well as, fund loan portfolio growth and the possible
funding of off balance sheet claims. A bank has adequate liquidity when sufficient
funds can be raised, either by increasing liabilities or converting assets, promptly
and at a reasonable cost. It encompass the potential sale of liquid assets and
borrowings from money, capital and forex markets. Thus, liquidity should be
considered as a defence mechanism from losses on fire sale of assets.
RIS
Liquidity risk is the potential inability of a bank to meet its payment

obligations in a timely and cost effective manner. It arises when the bank is unable
to generate cash to cope with a decline in deposits/liabilities or increase in assets.
The cash flows are placed in different time buckets based on future behavior of
assets, liabilities and 0ff-balance sheet items.
LIQUIDITY may be defined as the ability to meet commitments and/or

undertake new transactions. The most obvious form of liquidity risk is the inability
to honour desired withdrawals and commitments, that is, the risk of cash shortages
when it is needed which arises due to maturity mismatch.
BANKING can also be described as a business of maturity transformation.

Usually banks, lend for a longer period than for which they borrow.
Therefore, they generally have a mismatched balance sheet in so far as their

short-term liabilities are greater than short-term assets and long-term assets are
greater than long term liabilities.
1. Liquidity risk is measured by preparing a maturity profile of assets and

liabilities, which enables the management to form a judgement on liquidity
mismatch. As the basic problem for a bank is to ascertain whether it will be able to
meet maturing obligations on the date they fall due, it must prepare a projected
cash-flow statement and estimate the probability of facing any liquidity crisis.
Liquidity measurement is quite a difficult task and can be measured through

stock or cash flow approaches. The key ratios, adopted across the banking system
are: the other methods of measuring liquidity risk are:
RIS
 To manage liquidity risk, banks should keep the maturity profile of liabilities
compatible with those of assets.
 The behavioral maturity profile of various components of on/off balance

sheet items is being analysed and variance analysis is been undertaken
regularly.
 Efforts are also being made by some banks to track the impact of repayment
of loans and premature closure of deposits to estimate realistically the cash
flow profile.
 Banks are closely monitoring the mismatches in the category of 1-14 days
and 15-28 days time bands and tolerance levels on mismatches are being
fixed for various maturities, depending on asset-liability profile, stand
deposit base nature of cash flows, etc.
Liquidity Risk means, the bank is not in a position to make its repayments,
withdrawal, and other commitments in time. For EXAMPLE two Canadian banks,
Northland Bank and Continental Bank of Canada suffered a run on deposits
because of a credit crisis at Canadian commercial bank.
Liquidity risk consists of FUNDING RISK, TIME RISK, and CALL

RISK.
The liquidity risk in banks manifest in different dimensions:
 Funding Risk – It is the need to replace net outflows due to unanticipated

withdrawals/non-renewal of deposits (wholesale and retail)
RIS
 Time Risk – It is the need to compensate for non-receipt of expected

inflows of funds, i.e. performing assets turning into non-performing assets;
and
 Call Risk – It happens due to crystallization of contingent liabilities and
unable to undertake profitable business opportunities when desirable.
The Asset Liability Management (ALM) is a part of the overall risk

management system in the banks. It implies examination of all the assets and
liabilities simultaneously on a continuous basis with a view to ensuring a proper
balance between funds mobilization and their deployment with respect to their
maturity: (a) profiles, (b) cost, (c) yield, (d) risk exposures, etc. It includes product
pricing for deposits as well as advances, and the desired maturity profile of assets
and liabilities.
Tolerance levels on mismatches should be fixed for various maturities

depending upon the asset liability profile, deposit mix, nature of cash flow etc.
Bank should track the impact of pre-payment of loans and premature closure of
deposits so as to realistically estimate the cash flow profile.
The first step towards liquidity management is to put in place an effective

liquidity management policy, which, inter alia, should spell out the funding
strategies, liquidity planning under alternative scenarios, prudential limits, liquidity
reporting/reviewing, etc.
While the liquidity ratios are the ideal indicator of liquidity of banks operating
in developed financial markets, the ratios do not reveal the intrinsic liquidity
profile of Indian banks which are operating generally in an illiquid market.
Experiences show that assets commonly considered as liquid like Government
securities, other money market instruments, etc. have limited liquidity as the
market and players are unidirectional. Thus, analysis of liquidity involves tracking
of cash flow mismatches. For measuring and managing net funding requirements,
the use of maturity ladder and calculation of cumulative surplus or deficit at
selected maturity dates is recommended as a standard tool.
The format prescribed by RBI in this regard under ALM System should be
adopted for measuring cash flow mismatches at different time bands. The cash
RIS
flows should be placed in different time bands based on future behavior of assets,
liabilities and off-balance sheet items.
In other words, banks should have to analyze the behavioral maturity profile
of various components of on / off- balance sheet items on the basis of assumptions
and trend analysis supported by time series analysis. Banks should also undertake
variance analysis, at least, once in six months to validate the assumptions. The
assumptions should be fine-tuned over a period which facilitates near reality
predictions about future behavior of on/off-balance sheet items.
Thus, cash outflows can be ranked by the date on which liabilities fall due, the
earliest date a liability holder could exercise an early repayment option or the
earliest date contingencies could be crystallized.
The difference between cash inflows and outflows in each time period, the
excess or deficit of funds becomes a starting point for a measure of a bank’s future
liquidity surplus or deficit, at a series of points of time. The banks should also
consider putting in place certain prudential limits to avoid liquidity crisis:
1. Cap on inter-bank borrowings, especially call borrowings;
2. Purchased funds vis-à-vis liquid assets;
3. Core deposits vis-à-vis Core Assets i.e. Cash Reserve Ratio, Liquidity
reserve Ratio and Loans;
4. Duration of liabilities and investment portfolio;
5. Maximum Cumulative outflows. Banks should fix cumulative mismatches

across all time bands;
6. Swapped Funds Ratio, i.e. extent of Indian Rupees raised out of foreign
currency sources.
RIS
Banks should also evolve a system for monitoring high value deposits (other
than inter-bank deposits) say Rs.1 crore or more to track the volatile liabilities.
Further the cash flows arising out of contingent liabilities in normal situation and
the scope for a n increase in cash flows during periods of stress should also e
estimated. It is quite possible that market crisis can trigger substantial increase in
the amount of draw from cash credit/overdraft accounts, contingent liabilities like
letters of credit, etc.
ALTERNATIVE SCENARIOS
RIS
The liquidity profile of banks depends on the market conditions, which

influence the cash flow behavior. Thus, banks should evaluate liquidity profile
under different conditions, viz. normal situation, bank specific crisis and market
crisis scenario. The banks should establish benchmark for normal situation; cash
flow profile of on / off balance sheet items and manages net funding requirements.
Estimating liquidity under bank specific crisis should provide a worst-case

benchmark. It should be assumed that the purchased funds could not be easily
rolled over; some of the core deposits could be prematurely closed; a substantial
share of assets have turned into non-performing and thus become totally illiquid.
These developments would lead to rating down grades and high cost of liquidity.
The banks should evolve contingency plans to overcome such situations.
The market crisis scenario analyses cases of extreme tightening of liquidity

conditions arising out of monetary policy stance of Reserve Bank, general
perception about risk profile of the banking system, severe market disruptions,
failure of one or more of major players in the market, financial crisis, contagion,
etc. Under this scenario, the rollover of high value customer deposits and
purchased funds could extremely be difficult besides flight of volatile deposits /
liabilities. The banks could also sell their investment with huge discounts, entailing
severe capital loss.
Interest Risk Rates (IRR):

RIS
The management of Interest Rate Risk should be one of the critical

components of market risk management in banks. The regulatory restrictions in the
past had greatly reduced many of the risks in the banking system. Deregulation of
interest rates has, however, exposed them to the adverse impacts of interest rate
risk.
Interest Rate Risk is the potential negative impact on the Net Interest Income
and it refers to the vulnerability of an institutions financial condition to the
movement in interest rates. Changes in interest rate affect earnings, value of assets,
liability, off-balance sheet items and cash flow. Hence, the objective
of interest rate risk management is to maintain earnings, improve the capability,
ability to absorb potential loss and to ensure the adequacy of the compensation
received for the risk taken and effect risk return trade-off.
Management of interest rate risk aims at capturing the risks arising from the
maturity and re-pricing mismatches and is measured both from the earnings and
economic value perspective.
The Net Interest Income (NII) or Net Interest Margin (NIM) of banks is
dependent on the movements of interest rates. Any mismatches in the cash flows
(fixed assets or liabilities) or repricing dates (floating assets or liabilities), expose
bank’s NII or NIM to variations. The earning of assets and the cost of liabilities are
now closely related to market interest rate volatility.
RIS
Earnings perspective involves analyzing the impact of changes in interest

rates on accrual or reported earnings in the near term. This is measured by
measuring the changes in the NET INTEREST INCOME (NII) equivalent to the
difference between total interest income and total interest expense.
Economic Value perspective involves analyzing the expected cash inflows on

assets minus expected cash outflows on liabilities plus the net cash flows or off-
balance sheet items. The economic value perspective identifies risk arising from
long-term interest rate gaps.
In detail Interest Rate Risk is the risk due to changes in market interest rates,
which might adversely affect the bank’s financial condition. The immediate impact
of change in interest rates is on the bank’s earnings through fall in Net Interest
Income (NII). Ultimately the impact of the potential long-term effects of changes
in interest rates is on the underlying economic value of bank’s assets, liabilities and
off-balance sheet positions. The interest rate risk when viewed from these two
perspective is called as “Earning’s Perspective” and Economic Value Perspective”,
respectively.
In simple terms, high proportion of fixed income assets would mean that any
increase in interest rate will not result in higher interest income (due to fixed nature
of interest rate) and likewise reduction interest rate will not decrease interest
income. Low proportion of fixed assets will have the opposite effect.
Banks have laid down policies with regard to VOLUME, MINIMUM

MATURITY, HOLDING PERIOD, DURATION, STOP LOSS, RATING
STANDARDS, etc., for classifying securities in the trading book. The statement of
interest rate sensitivity is being prepared by banks. Prudential limits on gaps with a
bearing on total assets, earning assets or equity have been set up.
Interest rate will be explained with the help of examples:-

RIS
For instances, a bank has accepted long-term deposits @ 13% and deployed in
cash credit @ 17%. If the market interest rate falls by 1%, it will have to reduce
interest rate on cash credit by 1% as cash credit is repriced quarterly. However, it
will not be able to reduce interest on term deposits. Thus, the net interest income of
the bank will go down by 1%.
Or suppose a bank has 90 days deposit @ 9% deployed in one year bond @

12%. If the market interest rate arises by 1%, the bank will have to renew the
deposits after 90 days at a higher rate. However it will continue to get interest rate
at the old rate from the bond. In this case too, the net interest income will go down
by 1%.
The various types of interest rate risks are identified as follows:-
Price Risk:-
Price risk occurs when assets are sold before their stated maturities. In the
financial market, bond prices and yields are inversely related. The price risk is
closely associated with the trading book, which is created for making profit out of
short-term movements in interest rates. Banks which have an active trading book
should, therefore, formulate policies to limit the portfolio size, holding period,
duration, defeasance period, stop loss limits, marking to market, etc.
Reinvestment Risk:-
Uncertainty with regard to interest rate at which the future cash flows could be
reinvested is called reinvestment risk. Any mismatches in cash flows would expose
the banks to variations in NII as the market interest rates move in different
directions.
MATURITY GAP ANALYSIS

RIS
The simplest analytical techniques for calculation of IRR exposure begins with
maturity Gap analysis that distributes interest rate sensitive assets, liabilities and
off-balance sheet positions into a certain number of pre-defined time-bands
according to their maturity (fixed rate) or time remaining for their next repricing
(floating rate). Those assets and liabilities lacking definite repricing intervals
(savings bank, cash credit, overdraft, loans, export finance, refinance from RBI
etc.) or actual maturities vary from contractual maturities (embedded option in
bonds with put/call options, loans, cash credit/overdraft, time deposits, etc.) are
assigned time bands according to the judgments, empirical studies and past
experience of banks.
A number of time bands can be used while constructing a gap report.

Generally, most of the banks focus their attention on near-term periods, viz.
monthly, quarterly, half-yearly or one year. It is very difficult to take a view on
interest rate movements beyond a year. Banks with large exposures in the short-
term should test the sensitivity of their assets and liabilities even at shorter
intervals like overnight, 1-7 days, 8-1 4 days etc.
In order to evaluate the earnings exposure, interest Rate Sensitive Assets

(RSAs) in each time band are netted with the interest Rate Sensitive Liabilities
(RSLs) to produce a repricing ‘Gap’ for that time band.
The positive Gap indicates that banks have more RSAs than RSLs. A positive or
assets sensitive Gap means that an increase in market interest rates could cause an
increase in NII.
Conversely, a negative or liability sensitive Gap implies that the banks NII
could decline as a result of increase in market interest rates. The negative gap
indicates that banks have more RSLs than RSAs. Gap is the difference between a
bank’s assets and liabilities maturing or subject to repricing over a designated
period of time.
RIS
The Gap is used as a measure of interest rate sensitivity. The Positive or

Negative Gap is multiplied by the assumed interest rate changes to derive the
Earnings at Risk (EaR). The EaR method facilitates to estimate how much the
earnings might be impacted by an adverse movement in interest rates. The changes
in interest could be estimated on the basis of past trends, forecasting of interest
rates, etc. the banks should fix EaR which could be based on last/current year’s
income and a trigger point at which the line management should adopt on-or off-
balance sheet hedging strategies may be clearly defined.
The Gap calculations can be augmented by information on the average

coupon on assets and liabilities in each time band and the same could be used to
calculate estimates of the level of NII from positions maturing or due for repricing
within a given time-band, which would then provide a scale to assess the changes
in income implied by the gap analysis.
In case banks could realistically estimate the magnitude of changes in market

interest rates of various assets and liabilities (basic risk) and their past behavioral
pattern (embedded option risk), they could standardize the gap by multiplying the
individual assets and liabilities by how much they will change for a given change
in interest rate. Thus, one or several assumptions of standardized gap seem more
consistent with real world than the simple gap method. With the Adjusted Gap,
banks could realistically estimate the EaR.
DURATION GAP ANALYSIS
Duration is a measure of change in the value of the portfolio due to change in

interest rates. Duration of an asset or a liability is computed by calculating the
weighted average value of all the cash-flows that it will produce with each cash-
RIS
flow weighted by the time at which it occurs. It is expressed in time periods.

Duration of high coupon bond is always shorter than duration of low coupon bonds
because of larger cash inflow from higher interest payments. With zero coupon
bonds, the duration would be equal to maturity. By calculating the duration of the
entire asset and liability portfolio, the duration gap can be calculated, that is, the
mismatch in asset and liability duration and, if necessary, corrective action may be
taken to create a duration match.
Measuring the duration Gap is more complex than the simple gap model. The
attraction of duration analysis is that it provides a comprehensive measure of IRR
for the total portfolio. The duration analysis also recognizes the time value of
money. Duration measure is addictive so that banks can match total assets and
liabilities rather than matching individual accounts. However, Duration Gap
analysis assumes parallel shifts in yield curve. For this reason, it fails to recognize
basis risk.
EQUITY PRICE RISK:-
Equity Price Risk is the risk of loss in value of the bank’s equity Investments
and/or equity derivative instruments arising out of change in equity prices.
COMMODITY PRICES RISK:-
The risk of loss in value of commodity held/traded by the bank, arising out of
changes in prices, basis mismatch, forward p
[III] OPERATIONAL RISK:-
“Operational Risk is defined as the risk of direct or indirect loss resulting from
inadequate or failed internal processes, people and system or from external
events.”
RIS
Generally, operational risk is defined as any risk, which is not categorized as

market or credit risk, or the risk of loss arising from various types of human or
technical error. It is also synonymous with settlement or payments risk and
business interruption, administrative and legal risks. Operational risk has some
form of link between credit and market risks. An operational problem with a
business transaction could trigger a credit or market risk.
Indeed, so significant has operational risk become that the bank for
International Settlement (BIS) has proposed that, as of 2006, banks should be made
to carry a Capital cushion against losses from this risk.
Managing operational risk is becoming an important feature of sound risk

management practices in modern financial markets in the wake of phenomenal
increase in the volume of transactions, high degree of structural changes and
complex support systems.
The most important type of operational risk involves breakdowns in internal

controls and corporate governance. Such breakdowns can lead to financial loss
through error, fraud, or failure to perform in a timely manner or cause the interest
of the bank to be compromised.
Important Advantages of Operational Risk Management

Following are the most important advantages of operational risk management:
• Decrease in losses arising from operations

• Reduced auditing/compliance expenses
• Decreased vulnerability to risks in the future
• Early sensing of illegitimate functions
Types of Operational Risk

According to the Basel Committee on Banking Supervision, the events, which lead
to operational risks, can be categorized into the following types:
RIS
• External Fraud: Risk arising from fraudulent activities from a third party,
for example, robbery, theft, phishing or hacking.
• Internal Fraud: Risk arising from fraudulent activities from internal

parties.
• Products, Customers and Business Practices: Risk resulting from
inadvertent or careless failure to satisfy a professional responsibility to
particular customers (involving fiducial and appropriateness necessities) or
from the characteristics of configuration of a commodity.
• Workplace safety and employment practices: Risk arising from non-

compliance with health, employment, or safety acts or from disbursal of
claims related to personal injury or from inequality/unfair treatment
• System failure and business interruptions: Risk resulting from

interruptions of business operations or system breakdown. These include
telecommunication, computer software, or computer hardware failure and
equipment failure.
• Damages to tangible properties: Risk resulting from damages or losses of

tangible properties due to natural calamity or other occurrences.
• Execution, supply and process management: Risk arising from failure in

process management or transaction processing due to poor association with
vendors and commercial service providers. These involve the following:
•
o performance & maintenance miscommunication
o Transaction seizure
o Missed responsibility or deadline
o Data entry, preservation or loading fault
o Accounting mistake
o System/Model malfunctioning
o Failure in delivery
o Entity assignment fault
o Failure in reference data preservation
o Failure from collateral management
o Unsuccessful compulsory reporting liability
o Reporting & monitoring failure
o Client Intake & Paperwork
o Erroneous external report (incurring loss)
o Incomplete or misplaced legal documents
RIS
o Overlooked client disclaimers/permissions

o Unauthorized access offered to accounts
o Client/Customer Account Management
o Careless damage or loss of customer assets
o Inappropriate customer records (incurring loss)
o Failure on behalf of commercial partners and non-client vendors and
vendor disagreements
Operational Risk Management Software:
At the present time, a number of software products have been introduced for the
purpose of operational risk management according to the Sarbanes-Oxley Act.
With the help of this software, financial audit can be performed at cheaper
expenses. Forrester Research has recognized 115 Risk and Compliance and
Governance marketers, which deal with operational risk management program
The objectives of Operational Risk Management is to reduce the expected

operational losses that focuses on systematic removal of operational risk sources
and uses a set of key risk indicators to measure and control risk on continuous
basis. The ultimate objective of operational risk management is to enhance the
shareholder’s value by being ready for risk based capital allocation.
There is no uniformity of approach in measurement of Operational Risk in the

banking system at present
The bank’s operational risks can be classified into following six exposure classes
• People
• Process
• Management
• System
• Business and
• External
RIS
Bank has also identified 5 business lines viz…..
• Corporate finance
• Retail banking
• Commercial banking
• Payment and Settlement and
• Trading and Sales (Treasury operations) also
To each of this exposure classes within each business line are attached certain
risk categories under which the bank can incur losses or potential losses.
Bank collected information at first instance for a 5 year period and is being
updated on a six monthly basis June and December. These date help in qualifying
the overall potential / actual loss on account of Operational Risk and initiate
measure for plugging these risk areas.
Bank may suitably at a latter date move to appropriate models for measuring
and managing Operational Risk also after receipt of RBIs Guidance Note.
MEASUREMENT
There is no uniformity of approach in measurement of operational risk in the

banking system. Besides, the existing methods are relatively simple and
experimental, although some of the international banks have made considerable
progress in developing more advanced techniques for allocating capital with regard
to operational risk.
Measuring operational risk requires both estimating the probability of an

operational loss event and the potential size of the loss. It relies on risk factor that
provides some indication of the likelihood of an operational loss event occurring.
The process of operational risk assessment needs to address the likelihood (or
frequency) of a particular operational risk occurring, the magnitude (or severity) of
the effect of the operational risk on business objectives and the options available to
RIS
manage and initiate actions to reduce/mitigate operational risk. The set of risk
factors that measure risk in each business unit such as audit ratings, operational
data such as volume, turnover and complexity and data on quality of operations
such as error rate or measure of business risks such as revenue volatility, could be
related to historical loss experience. Banks can also use different analytical or
judgmental techniques to arrive at an overall operational risk level. Some of the
international banks have already developed operational risk rating matrix, similar
to bond credit rating. The operational risk assessment should be bank-wide basis
and it should be reviewed at regular intervals. Banks, over a period, should develop
internal systems to evaluate the risk profile and assign economic capital within the
RAROC framework Indian Banks have so far not evolved any scientific methods
for quantifying operational risk. In the absence any sophisticated models, banks
could evolve simple benchmark based on an aggregate measure of business activity
such as gross revenue, fee income, operating costs, managed assets or total assets
adjusted for off-balance sheet exposures or a combination of these variables.
At present, scientific measurement of operational risk has not been evolved.

Hence, 20% charge on the Capital Funds is earmarked for operational risk.
RISK MANAGEMENT IN BANKS
The history of banking is full of major and minor failures. It is now argued that
many of these failures were due to the fact that the risks were not identified and
managed properly. The reserve bank of India has issued elaborate guidelines on
asset liability management and risk management to banks in India. Banks have
been making vigorous in following these guidelines.
RISK MANAGEMENT STRUCTURE
A major issue in establishing an appropriate risk management organization

structure is choosing between a centralized and decentralized structure. The global
trend is towards centralizing risk management with integrated treasury
RIS
management function to benefit from information on aggregate exposure, natural

netting of exposures, economies of scale and easier reporting to top management.
The primary responsibility of understanding the risks run by the bank and
ensuring that the risks are appropriately managed should clearly be vested with the
Board of Directors. The Board should set risk limits by assessing the bank’s risk
and risk-bearing capacity.
At organizational level, overall risk management should be assigned to an

independent Risk Management Committee or Executive Committee of the top
Executives that reports directly to the Board of Directors. The purpose of this top
level committee is to empower one group with full responsibility of evaluating
overall risks faced by the bank and determining the level of risks which will be in
the best interest of the bank.
The function of Risk Management Committee should essentially be to

identify, monitor and measure the risk profile of the bank. The Committee should
also develop policies and procedures, verify the models that are used for pricing
complex products, review the risk models a development takes place in the markets
and also identify new risks.
Internationally, the trend is towards assigning risk limits in terms of portfolio

standards or Credit at Risk (credit risk) and Earnings at Risk and Value at
Risk (market risk).
A prerequisite for establishment of an effective risk management system is the

existence of a robust MIS, consistent in quality. The existing MIS, however,
requires substantial up gradation and strengthening of the data collection
machinery to ensure the integrity and reliability of data.
The risk management is a complex function and it requires specialized skills

and expertise. Banks have been moving towards the use of sophisticated models
for measuring and managing risks. Large banks and those operating in
RIS
international markets should develop internal risk management models to be able

to compete effectively with their competitors.
As the domestic market integrates with the international markets, the banks
should have necessary expertise and skill in managing various types of risks in a
scientific manner. At a more sophisticated level, the core staff at Head Offices
should be trained in risk modeling and analytical tools. It should, therefore, be the
endeavor of all banks to upgrade the skills of staffs.
Given the diversity of balance sheet profile, it is difficult to adopt a uniform

framework for management of risks in India. The design of risk management
functions should be bank specific, dictated by the size, complexity of functions, the
level of technical expertise and the quality of MIS. The proposed guidelines only
provide broad parameters and each bank may evolve their own systems compatible
to their risk management architecture and expertise.
Internationally, a committee approach to risk management is being adopted.

While the Asset-Liability Management Committee (ALCO) deals with different
types of market risk, the Credit Policy Committee (CPC) oversees the
credit/counterparty risk and country risk.
Banks could also set up a single Committee for integrated management of

credit and market risks. Generally, the policies and procedures for market risk are
articulated in the ALM policies and credit risk is addressed in Loan Policies and
procedures.
Currently, while market variables are held constant for qualifying credit risk,
credit variables are held constant in estimating market risk. The economic crises in
some of the countries have revealed a strong correlation between unhedged market
risk and credit. Forex exposures, assumed by corporate which have no natural
hedges, will increase the credit risk which banks run vis-à-vis their counterparties.
The volatility in the prices of collateral also significantly affects the quality of the
RIS
loan book. Thus, there is a need for integration of the activities of both the ALCO
and the CPC and consultation process be established to evaluate the impact of
market and credit risks on the financial strength of banks. Banks may also consider
integrating market risk elements into their credit risk assessment process.
PROCESS OF RISK MANAGEMENT

According to the standard ISO 31000 "Risk management -- Principles and
guidelines on implementation," the process of risk management consists of several
steps as follows:
Establishing the context
Establishing the context involves:
1. Identification of risk in a selected domain of interest

2. Planning the remainder of the process.
3. Mapping out the following:
 the social scope of risk management
 the identity and objectives of stakeholders
 the basis upon which risks will be evaluated, constraints.
4. Defining a framework for the activity and an agenda for
identification.
5. Developing an analysis of risks involved in the process.
6. Mitigation or Solution of risks using available technological, human
and organizational resources.
 Identification
After establishing the context, the next step in the process of managing risk is to
identify potential risks. Risks are about events that, when triggered, cause
problems. Hence, risk identification can start with the source of problems, or with
the problem itself.
 Source analysis Risk sources may be internal or external to the system that
is the target of risk management.
Examples of risk sources are: stakeholders of a project, employees of a company or

the weather over an airport.
RIS
 Problem analysis Risks are related to identified threats. For example: the
threat of losing money, the threat of abuse of privacy information or the threat
of accidents and casualties. The threats may exist with various entities, most
important with shareholders, customers and legislative bodies such as the
government.
When either source or problem is known, the events that a source may trigger or
the events that can lead to a problem can be investigated. For example:
stakeholders withdrawing during a project may endanger funding of the project;
privacy information may be stolen by employees even within a closed network;
lightning striking a Boeing 747 during takeoff may make all people onboard
immediate casualties.
The chosen method of identifying risks may depend on culture, industry practice
and compliance. The identification methods are formed by templates or the
development of templates for identifying source, problem or event. Common risk
identification methods are:
 Objectives-based risk identification Organizations and project teams have

objectives. Any event that may endanger achieving an objective partly or
completely is identified as risk.
 Scenario-based risk identification In scenario analysis different scenarios
are created. The scenarios may be the alternative ways to achieve an objective,
or an analysis of the interaction of forces in, for example, a market or battle.
Any event that triggers an undesired scenario alternative is identified as risk -
see Futures Studies for methodology used by Futurists.
 Taxonomy-based risk identification The taxonomy in taxonomy-based
risk identification is a breakdown of possible risk sources. Based on the
taxonomy and knowledge of best practices, a questionnaire is compiled. The
answers to the questions reveal risks.
 Common-risk checking In several industries, lists with known risks are
available. Each risk in the list can be checked for application to a particular
situation.
 Risk charting This method combines the above approaches by listing
resources at risk, Threats to those resources Modifying Factors which may
increase or decrease the risk and Consequences it is wished to avoid. Creating
RIS
a matrix under these headings enables a variety of approaches. One can begin
with resources and consider the threats they are exposed to and the
consequences of each. Alternatively one can start with the threats and examine
which resources they would affect, or one can begin with the consequences and
determine which combination of threats and resources would be involved to
bring them about.
Assessment
Once risks have been identified, they must then be assessed as to their potential
severity of loss and to the probability of occurrence. These quantities can be either
simple to measure, in the case of the value of a lost building, or impossible to
know for sure in the case of the probability of an unlikely event occurring.
Therefore, in the assessment process it is critical to make the best educated guesses
possible in order to properly prioritize the implementation of the risk management
plan.
The fundamental difficulty in risk assessment is determining the rate of occurrence
since statistical information is not available on all kinds of past incidents.
Furthermore, evaluating the severity of the consequences (impact) is often quite
difficult for immaterial assets. Asset valuation is another question that needs to be
addressed. Thus, best educated opinions and available statistics are the primary
sources of information. Nevertheless, risk assessment should produce such
information for the management of the organization that the primary risks are easy
to understand and that the risk management decisions may be prioritized. Thus,
there have been several theories and attempts to quantify risks. Numerous different
risk formulae exist, but perhaps the most widely accepted formula for risk
quantification is Rate of occurrence multiplied by the impact of the
event equals risk.
RISK OPTIONS
Risk mitigation measures are usually formulated according to one or more of the
following major risk options, which are:
1. Design a new business process with adequate built-in risk control and
containment measures from the start.
RIS
2. Periodically re-assess risks that are accepted in ongoing processes as a normal

feature of business operations and modify mitigation measures.
3. Transfer risks to an external agency (e.g. an insurance company)
4. Avoid risks altogether (e.g. by closing down a particular high-risk business area)
Later research has shown that the financial benefits of risk management are less
dependent on the formula used but are more dependent on the frequency and how
risk assessment is performed.
In business it is imperative to be able to present the findings of risk assessments in
financial terms. Robert Courtney Jr. (IBM, 1970) proposed a formula for
presenting risks in financial terms.The Courtney formula was accepted as the
official risk analysis method for the US governmental agencies. The formula
proposes calculation of ALE (annualised loss expectancy) and compares the
expected loss value to the security control implementation costs (cost-benefit
analysis).
Potential risk treatments

Once risks have been identified and assessed, all techniques to manage the risk fall
into one or more of these four major categories:
 Avoidance (eliminate, withdraw from or not become involved)

 Reduction (optimize - mitigate)
 Sharing (transfer - outsource or insure)
 Retention (accept and budget)
Ideal use of these strategies may not be possible. Some of them may involve trade-
offs that are not acceptable to the organization or person making the risk
management decisions. Another source, from the US Department of
Defense, Defense Acquisition University, calls these categories ACAT, for Avoid,
Control, Accept, or Transfer. This use of the ACAT acronym is reminiscent of
another ACAT (for Acquisition Category) used in US Defense industry
procurements, in which Risk Management figures prominently in decision making
and planning.
RIS
Risk avoidance
This includes not performing an activity that could carry risk. An example would
be not buying a property or business in order to not take on the legal liability that
comes with it. Another would be not be flying in order to not take the risk that
the airplane were to be hijacked. Avoidance may seem the answer to all risks, but
avoiding risks also means losing out on the potential gain that accepting (retaining)
the risk may have allowed. Not entering a business to avoid the risk of loss also
avoids the possibility of earning profits.
Hazard Prevention
Hazard prevention refers to the prevention of risks in an emergency. The first and
most effective stage of hazard prevention is the elimination of hazards. If this takes
too long, is too costly, or is otherwise impractical, the second stage is mitigation.
Risk reduction
Risk reduction or "optimisation" involves reducing the severity of the loss or the
likelihood of the loss from occurring. For example, sprinklers are designed to put
out a fire to reduce the risk of loss by fire. This method may cause a greater loss by
water damage and therefore may not be suitable. Halon fire suppression systems
may mitigate that risk, but the cost may be prohibitive as a strategy.
Acknowledging that risks can be positive or negative, optimising risks means
finding a balance between negative risk and the benefit of the operation or activity;
and between risk reduction and effort applied. By an offshore drilling contractor
effectively applying HSE Management in its organisation, it can optimise risk to
achieve levels of residual risk that are tolerable.
Modern software development methodologies reduce risk by developing and
delivering software incrementally. Early methodologies suffered from the fact that
they only delivered software in the final phase of development; any problems
encountered in earlier phases meant costly rework and often jeopardized the whole
project. By developing in iterations, software projects can limit effort wasted to a
single iteration.
Outsourcing could be an example of risk reduction if the outsourcer can
demonstrate higher capability at managing or reducing risks. For example, a
company may outsource only its software development, the manufacturing of hard
goods, or customer support needs to another company, while handling the business
RIS
management itself. This way, the company can concentrate more on business
development without having to worry as much about the manufacturing process,
managing the development team, or finding a physical location for a call center.
Risk sharing
Briefly defined as "sharing with another party the burden of loss or the benefit of
gain, from a risk, and the measures to reduce a risk."
The term of 'risk transfer' is often used in place of risk sharing in the mistaken
belief that you can transfer a risk to a third party through insurance or outsourcing.
In practice if the insurance company or contractor go bankrupt or end up in court,
the original risk is likely to still revert to the first party. As such in the terminology
of practitioners and scholars alike, the purchase of an insurance contract is often
described as a "transfer of risk." However, technically speaking, the buyer of the
contract generally retains legal responsibility for the losses "transferred", meaning
that insurance may be described more accurately as a post-event compensatory
mechanism. For example, a personal injuries insurance policy does not transfer the
risk of a car accident to the insurance company. The risk still lies with the policy
holder namely the person who has been in the accident. The insurance policy
simply provides that if an accident (the event) occurs involving the policy holder
then some compensation may be payable to the policy holder that is commensurate
to the suffering/damage.
Some ways of managing risk fall into multiple categories. Risk retention pools are
technically retaining the risk for the group, but spreading it over the whole group
involves transfer among individual members of the group. This is different from
traditional insurance, in that no premium is exchanged between members of the
group up front, but instead losses are assessed to all members of the group.
Risk retention
Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self
insurance falls in this category. Risk retention is a viable strategy for small risks
where the cost of insuring against the risk would be greater over time than the total
losses sustained. All risks that are not avoided or transferred are retained by
default. This includes risks that are so large or catastrophic that they either cannot
be insured against or the premiums would be infeasible. War is an example since
most property and risks are not insured against war, so the loss attributed by war is
retained by the insured. Also any amount of potential loss (risk) over the amount
RIS
insured is retained risk. This may also be acceptable if the chance of a very large
loss is small or if the cost to insure for greater coverage amounts is so great it
would hinder the goals of the organization too much.
Create a risk management plan
Select appropriate controls or countermeasures to measure each risk. Risk
mitigation needs to be approved by the appropriate level of management. For
instance, a risk concerning the image of the organization should have top
management decision behind it whereas IT management would have the authority
to decide on computer virus risks.
The risk management plan should propose applicable and effective security
controls for managing the risks. For example, an observed high risk of computer
viruses could be mitigated by acquiring and implementing antivirus software. A
good risk management plan should contain a schedule for control implementation
and responsible persons for those actions.
According to ISO/IEC 27001, the stage immediately after completion of the risk
assessment phase consists of preparing a Risk Treatment Plan, which should
document the decisions about how each of the identified risks should be handled.
Mitigation of risks often means selection of security controls, which should be
documented in a Statement of Applicability, which identifies which particular
control objectives and controls from the standard have been selected, and why.
Implementation
Implementation follows all of the planned methods for mitigating the effect of the
risks. Purchase insurance policies for the risks that have been decided to be
transferred to an insurer, avoid all risks that can be avoided without sacrificing the
entity's goals, reduce others, and retain the rest.
Review and evaluation of the plan
Initial risk management plans will never be perfect. Practice, experience, and
actual loss results will necessitate changes in the plan and contribute information to
allow possible different decisions to be made in dealing with the risks being faced.
Risk analysis results and management plans should be updated periodically. There
are two primary reasons for this:
RIS
1. to evaluate whether the previously selected security controls are still

applicable and effective, and
2. to evaluate the possible risk level changes in the business
environment. For example, information risks are a good example of rapidly
changing business environment.
RISK IS A SERIOUS BUSINESS
Why do organizations take risks? The apt answer would be-to make some
handsome gains. Banks, the world over, generally, it is said that “NO RISK-NO
GAIN”, but sometimes, taking risk becomes disastrous for the organizations.
It is evident from above that if risk are not managed properly, even the
survival of the bank may become under threat, risk management has, therefore,
become an important area, which needs to be looked into with great concern and
care.
RISK MANAGEMENT STRATEGY
A risk management strategy delineates in what manner the risks are going to be
handled. Risk management strategy acts as a major device for the higher
management of a company because with the formulation of a risk management
strategy, a number of risks can be averted easily.
About Risk Management Strategy

RIS
Risk management strategy delineates a technique for analyzing and handling

various types of risks. The principles of risk management can be applicable for a
number of situations. The risk strategy and the plan, which is backing it up should
recognize the real and probable threats to the productive delivery of a project and
ascertain the functions that are necessary to reduce or get rid of the risks. The risk
plan should have the capacity to consolidate or co-ordinate with the project plan.
One important issue is the suitable conveyance of risk information specifically
where escalation is necessary.
Summary Risk Profile (SRP)
The summary risk profile or SRP is an elementary device to enhance risk visibility.
It is basically represented in the form of a chart containing information, which is
usually obtained from a risk register. The graph has to be modified according to the
risk register at fixed intervals. A graphical analysis demonstrates risks according to
probability and the degree of influence accompanied by the consequences of
mitigation functions taken into consideration.
The SRP is frequently delineated in the form of a probability/impact matrix. Every

risk usually has a figure or any other indicator and substantiating details. The
location of the risk tolerance line is dependent on the company and the project.
Application of Risk Management Strategy

The risk management strategy can be utilized to analyze a company's preparation
for handling risk.
Components of Risk Management Strategy

Following are the principal components of Risk Management Strategy:
• Risk Analysis: This process includes the detection and description of risks
along with the analysis of influence and resultant action.
• Risk Management: This involves the functions of formulating, supervising,

and regulating the operations that would deal with the risks.
These two stages should be handled distinctly to assure that decisions are taken
prudently on the basis of crucial details. However, risk management and risk
analysis are interconnected and accomplished repetitively. The official
documentation of details is a significant factor in risk management strategy. This
offers the base that backs up the risk management process.
RIS
Risk management analysis is very helpful in examining the risks and following a
well planned process to hedge the risk. At the same time, the effectiveness of the
process and the financial factors related to the process are also discussed through
this analysis.
The business sector always faces some kind of risk. The risk management
initiatives are becoming all the more important with the growing competition in the
global market. In the highly competitive global market there is hardly any scope to
afford any kind of loss. As a result of this, the concept of risk management has
gained considerable importance over the passage of time. The risk management
analysis is very important for proper application of the risk management policies.
This analysis is necessary because the demand of the market and the trends are
changing constantly and only proper analysis of risks can help the businesses to
achieve the set targets.
There are a number of risks that can be handled through the risk management
analysis. Different factors are related to the process of risk management analysis.
These are the following:
Discovering the Risk: The first step of risk management analysis is to mark the
areas where risk factors are related and causing major threats to the businesses or
the organizations. These risks are of different types like financial risk, political
risk, technical risk, risk related to the operations or reputation of the business and
many more. People related to the business may provide some kinds of threats.
Estimating the Risk Factor: It is the second step of risk management analysis and
starts after the identification of the risk factors. In this step, the possible losses and
their impacts on the business are decided. At the same time, necessary finances for
the prevention or recovery process are also decided.
Managing the Risk Factor: After the impacts of the risk are decided, the
company can look for the proper ways of managing these risks. Once the strategies
are set, the process starts working. One of the most important factors is to select
RIS
such a strategy that can be economical and can provide effective services to the
business. Risk management can be done through different processes. The existing
assets of the particular company can be used or new resources can be developed
for the purpose. It can be done through contingency planning or through business
continuity planning.
Regular Monitoring of the Applied Strategy: This is very necessary for the
success of the risk management strategy because if the strategy does not work
properly, it can be detected through the monitoring process and a new strategy can
be applied.
NEW PRODUCTS AND RISK.
With the introduction of new products like plastic cards (credit, debit, smart
cards etc.) the risk of frauds have increased manifold. According to estimation, in
an active issuing Bank, card fraud is likely to claim the lion’s share of fraud being
experienced in general, and could well dominate average operating losses as a
whole. Worldwide, frauds occurred due to loss or steal of plastic cards that cause
the greatest losses. The second largest source and fastest growing source of loss is
RIS
use of counterfeit cards. Emerging areas of E-commerce and internet banking are
also a matter of concern.
WHAT TO DO ABOUT RISK?
Once the risks have been identified, the million dollar question is – What to do
about the Risks? The suitable answer to this question would be to manage the risks
in an efficient and effective manner so that the organization incurs minimum loss.
The resource available to banks could be:-
• If the risk is at prospective stage, try to avoid it.
• If the risk is likely to occur, and it is unavoidable, accept the risk and retain
it on an economically justifiable basis.
• Try to execute some effective actions as to reduce or eliminate the loss likely
to be incurred due to happening of the particular risky incident.
• Try to diversify within a portfolio of risks with a view to shortening the loss.
• For risky business areas, introduction of prudent exposure norms, in

advances, may help in minimizing the loss.
• Sound risks management procedures and information systems, if put in place

in the right perspective, will help in taking timely decisions for avoidance of
risks.
• If suitable, hedge the risk artificially i.e. counterbalance and neutralize the
risk to a certain degree, by use of derivative instruments. This, in itself, is a
very risky option.
• Monitor various categories of risks on continuous basis and report to

appropriate authority so that risks can be overcome in future.
• Liquidate the risk by transfer without resources to other party.

RIS
• Put in place the comprehensive internal control and audit systems with a
view to controlling risks.
The effective Risk Management Process in Bank’s. which does not result in
getting rid of risks, will help in minimizing the losses
CONCLUSION
The objective of risk management is not to prohibit or prevent risk taking, but
to ensure that the risks are consciously taken with full knowledge, clear purpose
and understanding so that it can be measured and mitigated. The purpose of
managing risk is to prevent an institution from suffering unacceptable loss causing
an institution to fail or materially damage its competitive position.
RIS
Functions of risk management should actually be bank specific dictated by the

size and quality of balance sheet, complexity of functions, technical/professional
manpower and the status of MIS in place in that bank. There may not be one-size-
fits-all risk management module for all the banks to be made applicable
uniformity.
As in the international practice, a committee approach may be adopted to

manage various risks. Risk Management Committee, Credit Policy Committee,
Asset Liability Management Committee, etc., are such committee that handles the
risk management aspects.
The effectiveness of risk management depends on efficient Management

Information System, computerization and net working of the branch activities. An
objective and reliable data base has to be built up for which bank has to analyse its
own past performance data relating to loan defaults, trading losses, operational
losses, etc., and come out with bench ,marks so as to prepare themselves for the
future risk management activities.
A large project involves certain risks, and that is true of banking projects. The
Risk Management is an emerging area that aims to address the problem of
identifying and managing the risks associated with the banking industry. The Risk
Management helps banks in preventing problems even before they occur. In
managing the risks, the Board of Directors and Senior Management will have to
play an effective role by formulating clear and comprehensive policies.
The Risk Management System, which integrates:-
• Prudent risk limits,
• Sound risk management procedures and information systems

RIS
• Continuous risk monitoring and frequent reporting is said to be efficient one.

The keen interest taken by the Reserve Bank of India in this context needs to
be appreciated and supported at all levels.
Most of the risks arise as a result of mismatch of assets and liabilities. If the
Assets of a bank exactly matched its liabilities of identical maturity, interest rate
conditions, and currency, then liquidity risk, interest rate risk, and currency risk
could have been avoided. However, in practice it is near impossible to have such a
perfectly matched balance sheet. A banker therefore has, to keep different types of
risk within acceptable limits. It requires the ability to forecast future changes in the
environment and formulate suitable action plans to protect the net worth of the
organization from the impact of these risks.
It is by no means an easy task. If he is proved wrong in his judgment, the

process of risk management may go haywire. Few would disagree with the
statement that “being a banker is like being a country hound dog. If you stand still,
you get kicked. If you run, they throw rocks at you”.
QUESTIONNAIRE
 What is Risk Management in Banks?

RIS
 What are the types of Risks? Explain in short.
 What is Portfolio Management?
 How Market Risk affects the banks?
 What do you mean by Interest Risk Rates?
 What are the major Risk Options?

Dipu

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Dipu

Diunggah oleh

Hak Cipta:

Format Tersedia

RIS

Ghanshyamdas Saraf College

Affiliated to University of Mumbai

ACCREDITED BY NAAC WITH ‘A’ GRADE

Durgadevi Saraf Junior College

(ARTS & COMMERCE)

S.V. Road, Malad (W)

Mumbai: 400 064

Year: 2010 -2011

I Miss DEEPIKA .N. PATEL of Ghanshyamdas Saraf College of

Date: Signature of student

Ghanshyamdas Saraf College

Affiliated to University of Mumbai

ACCREDITED BY NAAC WITH ‘A’ GRADE

Durgadevi Saraf Junior College

(ARTS & COMMERCE)

S.V. Road, Malad (W)

Mumbai: 400 064

Project co- co-ordinator

I would like to thank the University of Mumbai and my

It’s my duty to acknowledge with gratitude the help

Risk is inherent in any walk of life in general and in

7 RISK MANAGEMENT IN BANKS

8 NEW PRODUCTS RISK

WHAT TO DO ABOUT RISK?

“Risk is the possibility of loss or damage”.

In any transaction, when there is a possibility of loss or peril, it may be termed

THE BROAD PARAMETERS OF RISK MANAGEMENT

(i) Organizational structure;

(ii) Comprehensive risk measurement approach;

(iii) Risk management policies approved by the Board which should be

(iv) Guidelines and other parameters used to govern risk taking

(v) Strong MIS for reporting, monitoring and controlling risks;

(vii) Separate risk management framework independent of operational

(viii) Periodical review and evaluation

THE PROCESS OF RISK MANAGEMENT INVOLVES

 Recognition and understanding,

 Monitoring and control

For effective risk management, a comprehensive risk management policy has

Risk management is a process, by which an organization, say a bank,

Diagrammatically risk management process can be presented as under.

By this process, the bank ensures that:

 There is a common understanding of risks across the organizations.

 Risks are within the tolerances established by the board of directors.

 Risk taking decisions are consistent with strategic business objectives.

 Appropriate processes facilitate explicit and clear risk-taking decisions.

 Expected return compensates for the risk taken and

 Capital allocation is consistent with risk exposures.

As per the RESERVE BANK OF INDIA guidelines issued in October 1999,

TYPES OF FINANCIAL RISK

[I] CREDIT RISKS:-

In course of banks lending involves a number of risks. In addition to the risks

Credit risk or default risk involves inability or unwillingness of a customer or

Another variant of credit risk is counterparty risk. The counterparty risk

Importance of Credit Risk Management

Situations of Credit Risk Management

Aim of Credit Risk Management

The management of credit risk should receive the top management’s

Measurement of risk through credit rating/scoring:-

(b) Risk pricing on a scientific basis; and

The Committee should be headed by the Chairman/CEO/ED, and should

Concurrently, each bank should also set up Credit Risk Management

Some of the commonly used methods to measure credit risk