K MANAGEMENT IN BANKS
TOPIC
“Risk Management in Banks”
SUBMITTED BY
DEEPIKA.N.PATEL
PROJECT GUIDE
MR.GURUNATHAN PILLAI
T.Y.B.C.B.C.I. (V SEMESTER)
SUBMITTED TO
UNIVERSITY OF MUMBAI
RAJASTHANI SAMMELAN’ S
&
DECLARATION
RAJASTHANI SAMMELAN’ S
RIS
K MANAGEMENT IN BANKS
&
CERTIFICATE
I Mr. Gurunathan Pillai hereby certify that Ms.Deepika.N.Patel.
A student of Ghanshyamdas Saraf College of T.Y.B.C.B.I
(Semester V) has completed Project on “RISK MANAGEMENT IN
BANKS “in the Academic Year 2010 -2011. This information
submitted is true and Original to the best of my Knowledge.
Date:
College Seal
External examiner
Date
RIS
K MANAGEMENT IN BANKS
ACKNOWLEDGEMENT
Executive Summary
RIS
K MANAGEMENT IN BANKS
SR NO TOPIC PG NO
1 INTRODUCTION.
2 TYPE OF RISK
3 CREDIT RISK
4 MARKET RISK
5 OPERATIONAL RISK
CONCLUSION
BIBLIOGRAPHY
RIS
K MANAGEMENT IN BANKS
RIS
K MANAGEMENT IN BANKS
RISK
MANAGEMENT IN
BANKS
INTRODUCTION
RIS
K MANAGEMENT IN BANKS
Banks in the process of financial intermediation are confronted with various kinds
of financial and non-financial risks viz., credit, interest rate, foreign exchange rate,
liquidity, equity price, commodity price, legal, regulatory, reputational, etc. These
risks are highly interdependent and events that affect one area of risk can have
ramifications for a range of other Risk categories. Thus, top management of banks
should attach considerable importance to improve the ability to identify measure,
monitor and control the overall level of risks undertaken.
RISK DEFINED
(vi) Well laid out procedures, effective control and comprehensive risk
reporting
Measurement and
TYPES OF RISKS
Risk is the potentiality that both the expected and unexpected events may have
as adverse impact on the bank’s capital or earnings. The expected loss is to be
borne by the borrower and hence is taken care of by adequately pricing the
products through risk premium and reserves created out of the earnings. It is the
amount expected to be lost due to changes in credit quality resulting in default.
Whereas, the unexpected loss on account of the individual exposure and the
whole portfolio in entirety is to be borne by the bank itself and hence is to be taken
care of by the capital. Thus, the expected losses are covered by reserves and
provisions and the unexpected losses require capital allocation. Hence, the need for
sufficient Capital Adequacy Ratio is felt. Each type of risk is measured to
determine both the expected and unexpected losses using VaR (Value at Risk) or
worst-case type analytical model.
Unlike market risks, where the measurement, monitoring, control etc. are to a
great extent centralized. Credit risks management is a decentralized function or
activity. This is to say that credit risk taking activity is spread across the length and
breadth of the network of branches, as lending is a decentralized function. Proper a
sufficient care has to be taken for appropriate management of credit risk.
The Credit Risk is generally made up of transaction risk or default risk and
portfolio risk. The portfolio risk in turn comprises intrinsic and concentration risk.
The credit risk of a bank’s portfolio depends on both external and internal factors.
The external factors are the state of the economy, rates and interest rates, trade
restrictions, economic sanctions, wide swings in commodity/equity prices, foreign
exchange rates and interest rates, trade restrictions, economic sanctions,
Government policies, etc. The internal factors are deficiencies in loan
policies/administration, absence of prudential credit concentration limits,
inadequately defined lending limits for Loan Officers/Credit Committees,
deficiencies in appraisal of borrowers financial position, excessive dependence on
collaterals and inadequate risk pricing, absence of loan review mechanism and post
sanction surveillance, etc.
However, the most important factor in this case has been the absence of proper
credit rules for the debtors. At times it has also been noticed that the companies
have not been able to manage their portfolios in a proper way.
The banks and other financial institutions that are dealing in credit services have
not always been able to take into account the various economic factors that have
contributed to a decline in the credit capabilities of the borrowers.
(a) Quantifying the risk through estimating expected loan losses i.e. the amount
of loan losses that bank would experience over a chosen time horizon
(through tracking portfolio behavior over 5 or more years) and
unexpected loss (through standard deviation of losses or the difference
RIS
K MANAGEMENT IN BANKS
between expected loan losses and some selected target credit loss
quantile);
(c) Controlling the risk through effective Loan Review Mechanism and
portfolio management.
The credit risk management process should be articulated in the bank’s Loan
Policy, duly approved by the Board. Each bank should constitute a high level
Credit Policy Committee, also called Credit Risk Management Committee or
Credit Control Committee etc. to deal with issues relating to credit policy and
procedures and to analyze, manage and control credit risk on a bank wide basis.
The Committee should, inter alia, formulate clear policies on standards for
presentation of credit proposals, financial covenants, rating standards and
benchmarks, delegation of credit approving powers, prudential limits on large
credit exposures, asset concentrations, standards for loan collateral, portfolio
management, loan review mechanism, risk concentrations, risk monitoring and
evaluation, pricing of loans, provisioning, regulatory/legal compliance, etc.
The CRMD should enforce and monitor compliance of the risk parameters and
prudential limits set by the CPC.
The CRMD should also lay down risk assessment systems, monitor quality of
loan portfolio, identify problems and correct deficiencies, develop MIS and
undertake loan review/audit.
RIS
K MANAGEMENT IN BANKS
Large banks may consider separate set up for loan review/audit. The CRMD
should also be made accountable for protecting the quality of the entire loan
portfolio. The Department should undertake portfolio evaluations and conduct
comprehensive studies on the environment to test the resilience of the loan
portfolio.
CREDIT RISK may be defined as the risk of default on the part of the
borrower. The lender always faces the risk of the counter party not repaying the
loan or not making the due payment in time. This uncertainty of repayment by the
borrower is also known as default risk.
Managing credit risk has been a problem for the banks for centuries. As had
been observed by JOHN MEDLIN, 1985 issue of US banker.
“Balancing the risk equation is one of the most difficult aspects of banking. If
you lend too liberally, you get into trouble. If you don’t lend liberally you get
criticized”.
RIS
K MANAGEMENT IN BANKS
Over the tears, bankers have developed various methods for containing credit
risk. The credit policy of the banks generally prescribes the criteria on which the
bank extends credit and, inter alia, provides for standards.
The instruments and tools, through which credit risk management are carried
out, are detailed below:
1. Portfolio management.
PORTFOLIO MANAGEMENT.
Traditionally, credit risk management was the primary challenge for banks.
With progressive deregulation, market risk arising adverse changes in market
variables, such as interest rate, foreign exchange rate, equity price and commodity
price has become relatively more important. Even a small change in market
variables causes substantial changes in income and value of banks.
Market risk is the risk to the bank’s earnings and capital due to changes in the
market level of interest rates or prices of an securities, foreign exchange and
equities, as well as the volatilities of those prices. Market Risk management
provides a comprehensive and dynamic framework for measuring, monitoring and
managing liquidity, interest rate, foreign exchange and equity as well as
commodity price risk of a bank that needs to be closely integrated with the banks
business strategy.
• World limit management: This process is at the base of the various trading
plans that are used across the world as well as their applications. This
process also makes sure that the amount of loss that may be faced by a
particular company while carrying out business transactions is not more than
what is being expected by that organization.
RIS
K MANAGEMENT IN BANKS
• The various market risk management systems make sure that the various
information related to the market are relevant as far as the parameters of
input in case of the market risk calculations are concerned.
• Indicators: These are applicable only in the case of banks and certain
businesses. These are normally used in order to find out the problems that
may be related to market risks.
Scenario analysis and stress testing is yet another tool used to asses areas of
potential problems in a given portfolio. Identification of future changes in
economic conditions like-
LIQUIDITY CONDITIONS.
Market risk arises out of the dynamics of market forces, which, for the
banking industry, may include interest rate fluctuations, maturity mismatches,
exchange rate fluctuations, market competition in terms of services and products,
changing customer preferences and requirements resulting in product obsolescene,
coupled with changes national and international politico-economic scenario. These
risks are like perils of the sea, which can be caused by any change-taking place
anywhere in the national and international arena.
Since both these aspects are dynamic in nature, with change being the only
constant factor, market risks need to be monitored on a continuous basis and
appropriate strategies evolved to keep these risks within manageable limits. Again,
given that one can manage only what one can measure, measurement of risks on a
continuous basis deserves immediate attention.
Market risk can be defined as the risk of losses in on and off balance sheet
positions arising from adverse movement of market variables.
1) Liquidity Risk
A concise definition of each of the above Market Risk factors and how they
are managed is described below:
The cash flows are placed in different time buckets based on future behavior of
assets, liabilities and 0ff-balance sheet items.
To manage liquidity risk, banks should keep the maturity profile of liabilities
compatible with those of assets.
Efforts are also being made by some banks to track the impact of repayment
of loans and premature closure of deposits to estimate realistically the cash
flow profile.
Banks are closely monitoring the mismatches in the category of 1-14 days
and 15-28 days time bands and tolerance levels on mismatches are being
fixed for various maturities, depending on asset-liability profile, stand
deposit base nature of cash flows, etc.
Liquidity Risk means, the bank is not in a position to make its repayments,
withdrawal, and other commitments in time. For EXAMPLE two Canadian banks,
Northland Bank and Continental Bank of Canada suffered a run on deposits
because of a credit crisis at Canadian commercial bank.
While the liquidity ratios are the ideal indicator of liquidity of banks operating
in developed financial markets, the ratios do not reveal the intrinsic liquidity
profile of Indian banks which are operating generally in an illiquid market.
Experiences show that assets commonly considered as liquid like Government
securities, other money market instruments, etc. have limited liquidity as the
market and players are unidirectional. Thus, analysis of liquidity involves tracking
of cash flow mismatches. For measuring and managing net funding requirements,
the use of maturity ladder and calculation of cumulative surplus or deficit at
selected maturity dates is recommended as a standard tool.
The format prescribed by RBI in this regard under ALM System should be
adopted for measuring cash flow mismatches at different time bands. The cash
RIS
K MANAGEMENT IN BANKS
flows should be placed in different time bands based on future behavior of assets,
liabilities and off-balance sheet items.
In other words, banks should have to analyze the behavioral maturity profile
of various components of on / off- balance sheet items on the basis of assumptions
and trend analysis supported by time series analysis. Banks should also undertake
variance analysis, at least, once in six months to validate the assumptions. The
assumptions should be fine-tuned over a period which facilitates near reality
predictions about future behavior of on/off-balance sheet items.
Thus, cash outflows can be ranked by the date on which liabilities fall due, the
earliest date a liability holder could exercise an early repayment option or the
earliest date contingencies could be crystallized.
The difference between cash inflows and outflows in each time period, the
excess or deficit of funds becomes a starting point for a measure of a bank’s future
liquidity surplus or deficit, at a series of points of time. The banks should also
consider putting in place certain prudential limits to avoid liquidity crisis:
3. Core deposits vis-à-vis Core Assets i.e. Cash Reserve Ratio, Liquidity
reserve Ratio and Loans;
6. Swapped Funds Ratio, i.e. extent of Indian Rupees raised out of foreign
currency sources.
RIS
K MANAGEMENT IN BANKS
Banks should also evolve a system for monitoring high value deposits (other
than inter-bank deposits) say Rs.1 crore or more to track the volatile liabilities.
Further the cash flows arising out of contingent liabilities in normal situation and
the scope for a n increase in cash flows during periods of stress should also e
estimated. It is quite possible that market crisis can trigger substantial increase in
the amount of draw from cash credit/overdraft accounts, contingent liabilities like
letters of credit, etc.
ALTERNATIVE SCENARIOS
RIS
K MANAGEMENT IN BANKS
Interest Rate Risk is the potential negative impact on the Net Interest Income
and it refers to the vulnerability of an institutions financial condition to the
movement in interest rates. Changes in interest rate affect earnings, value of assets,
liability, off-balance sheet items and cash flow. Hence, the objective
of interest rate risk management is to maintain earnings, improve the capability,
ability to absorb potential loss and to ensure the adequacy of the compensation
received for the risk taken and effect risk return trade-off.
Management of interest rate risk aims at capturing the risks arising from the
maturity and re-pricing mismatches and is measured both from the earnings and
economic value perspective.
The Net Interest Income (NII) or Net Interest Margin (NIM) of banks is
dependent on the movements of interest rates. Any mismatches in the cash flows
(fixed assets or liabilities) or repricing dates (floating assets or liabilities), expose
bank’s NII or NIM to variations. The earning of assets and the cost of liabilities are
now closely related to market interest rate volatility.
RIS
K MANAGEMENT IN BANKS
In detail Interest Rate Risk is the risk due to changes in market interest rates,
which might adversely affect the bank’s financial condition. The immediate impact
of change in interest rates is on the bank’s earnings through fall in Net Interest
Income (NII). Ultimately the impact of the potential long-term effects of changes
in interest rates is on the underlying economic value of bank’s assets, liabilities and
off-balance sheet positions. The interest rate risk when viewed from these two
perspective is called as “Earning’s Perspective” and Economic Value Perspective”,
respectively.
In simple terms, high proportion of fixed income assets would mean that any
increase in interest rate will not result in higher interest income (due to fixed nature
of interest rate) and likewise reduction interest rate will not decrease interest
income. Low proportion of fixed assets will have the opposite effect.
For instances, a bank has accepted long-term deposits @ 13% and deployed in
cash credit @ 17%. If the market interest rate falls by 1%, it will have to reduce
interest rate on cash credit by 1% as cash credit is repriced quarterly. However, it
will not be able to reduce interest on term deposits. Thus, the net interest income of
the bank will go down by 1%.
Price Risk:-
Price risk occurs when assets are sold before their stated maturities. In the
financial market, bond prices and yields are inversely related. The price risk is
closely associated with the trading book, which is created for making profit out of
short-term movements in interest rates. Banks which have an active trading book
should, therefore, formulate policies to limit the portfolio size, holding period,
duration, defeasance period, stop loss limits, marking to market, etc.
Reinvestment Risk:-
Uncertainty with regard to interest rate at which the future cash flows could be
reinvested is called reinvestment risk. Any mismatches in cash flows would expose
the banks to variations in NII as the market interest rates move in different
directions.
The simplest analytical techniques for calculation of IRR exposure begins with
maturity Gap analysis that distributes interest rate sensitive assets, liabilities and
off-balance sheet positions into a certain number of pre-defined time-bands
according to their maturity (fixed rate) or time remaining for their next repricing
(floating rate). Those assets and liabilities lacking definite repricing intervals
(savings bank, cash credit, overdraft, loans, export finance, refinance from RBI
etc.) or actual maturities vary from contractual maturities (embedded option in
bonds with put/call options, loans, cash credit/overdraft, time deposits, etc.) are
assigned time bands according to the judgments, empirical studies and past
experience of banks.
The positive Gap indicates that banks have more RSAs than RSLs. A positive or
assets sensitive Gap means that an increase in market interest rates could cause an
increase in NII.
Conversely, a negative or liability sensitive Gap implies that the banks NII
could decline as a result of increase in market interest rates. The negative gap
indicates that banks have more RSLs than RSAs. Gap is the difference between a
bank’s assets and liabilities maturing or subject to repricing over a designated
period of time.
RIS
K MANAGEMENT IN BANKS
Measuring the duration Gap is more complex than the simple gap model. The
attraction of duration analysis is that it provides a comprehensive measure of IRR
for the total portfolio. The duration analysis also recognizes the time value of
money. Duration measure is addictive so that banks can match total assets and
liabilities rather than matching individual accounts. However, Duration Gap
analysis assumes parallel shifts in yield curve. For this reason, it fails to recognize
basis risk.
Equity Price Risk is the risk of loss in value of the bank’s equity Investments
and/or equity derivative instruments arising out of change in equity prices.
The risk of loss in value of commodity held/traded by the bank, arising out of
changes in prices, basis mismatch, forward p
“Operational Risk is defined as the risk of direct or indirect loss resulting from
inadequate or failed internal processes, people and system or from external
events.”
RIS
K MANAGEMENT IN BANKS
Indeed, so significant has operational risk become that the bank for
International Settlement (BIS) has proposed that, as of 2006, banks should be made
to carry a Capital cushion against losses from this risk.
• External Fraud: Risk arising from fraudulent activities from a third party,
for example, robbery, theft, phishing or hacking.
At the present time, a number of software products have been introduced for the
purpose of operational risk management according to the Sarbanes-Oxley Act.
With the help of this software, financial audit can be performed at cheaper
expenses. Forrester Research has recognized 115 Risk and Compliance and
Governance marketers, which deal with operational risk management program
The bank’s operational risks can be classified into following six exposure classes
• People
• Process
• Management
• System
• Business and
• External
RIS
K MANAGEMENT IN BANKS
• Corporate finance
• Retail banking
• Commercial banking
• Payment and Settlement and
• Trading and Sales (Treasury operations) also
To each of this exposure classes within each business line are attached certain
risk categories under which the bank can incur losses or potential losses.
Bank collected information at first instance for a 5 year period and is being
updated on a six monthly basis June and December. These date help in qualifying
the overall potential / actual loss on account of Operational Risk and initiate
measure for plugging these risk areas.
Bank may suitably at a latter date move to appropriate models for measuring
and managing Operational Risk also after receipt of RBIs Guidance Note.
MEASUREMENT
manage and initiate actions to reduce/mitigate operational risk. The set of risk
factors that measure risk in each business unit such as audit ratings, operational
data such as volume, turnover and complexity and data on quality of operations
such as error rate or measure of business risks such as revenue volatility, could be
related to historical loss experience. Banks can also use different analytical or
judgmental techniques to arrive at an overall operational risk level. Some of the
international banks have already developed operational risk rating matrix, similar
to bond credit rating. The operational risk assessment should be bank-wide basis
and it should be reviewed at regular intervals. Banks, over a period, should develop
internal systems to evaluate the risk profile and assign economic capital within the
RAROC framework Indian Banks have so far not evolved any scientific methods
for quantifying operational risk. In the absence any sophisticated models, banks
could evolve simple benchmark based on an aggregate measure of business activity
such as gross revenue, fee income, operating costs, managed assets or total assets
adjusted for off-balance sheet exposures or a combination of these variables.
The history of banking is full of major and minor failures. It is now argued that
many of these failures were due to the fact that the risks were not identified and
managed properly. The reserve bank of India has issued elaborate guidelines on
asset liability management and risk management to banks in India. Banks have
been making vigorous in following these guidelines.
The primary responsibility of understanding the risks run by the bank and
ensuring that the risks are appropriately managed should clearly be vested with the
Board of Directors. The Board should set risk limits by assessing the bank’s risk
and risk-bearing capacity.
As the domestic market integrates with the international markets, the banks
should have necessary expertise and skill in managing various types of risks in a
scientific manner. At a more sophisticated level, the core staff at Head Offices
should be trained in risk modeling and analytical tools. It should, therefore, be the
endeavor of all banks to upgrade the skills of staffs.
Currently, while market variables are held constant for qualifying credit risk,
credit variables are held constant in estimating market risk. The economic crises in
some of the countries have revealed a strong correlation between unhedged market
risk and credit. Forex exposures, assumed by corporate which have no natural
hedges, will increase the credit risk which banks run vis-à-vis their counterparties.
The volatility in the prices of collateral also significantly affects the quality of the
RIS
K MANAGEMENT IN BANKS
loan book. Thus, there is a need for integration of the activities of both the ALCO
and the CPC and consultation process be established to evaluate the impact of
market and credit risks on the financial strength of banks. Banks may also consider
integrating market risk elements into their credit risk assessment process.
Identification
After establishing the context, the next step in the process of managing risk is to
identify potential risks. Risks are about events that, when triggered, cause
problems. Hence, risk identification can start with the source of problems, or with
the problem itself.
Source analysis Risk sources may be internal or external to the system that
is the target of risk management.
Problem analysis Risks are related to identified threats. For example: the
threat of losing money, the threat of abuse of privacy information or the threat
of accidents and casualties. The threats may exist with various entities, most
important with shareholders, customers and legislative bodies such as the
government.
When either source or problem is known, the events that a source may trigger or
the events that can lead to a problem can be investigated. For example:
stakeholders withdrawing during a project may endanger funding of the project;
privacy information may be stolen by employees even within a closed network;
lightning striking a Boeing 747 during takeoff may make all people onboard
immediate casualties.
The chosen method of identifying risks may depend on culture, industry practice
and compliance. The identification methods are formed by templates or the
development of templates for identifying source, problem or event. Common risk
identification methods are:
a matrix under these headings enables a variety of approaches. One can begin
with resources and consider the threats they are exposed to and the
consequences of each. Alternatively one can start with the threats and examine
which resources they would affect, or one can begin with the consequences and
determine which combination of threats and resources would be involved to
bring them about.
Assessment
Once risks have been identified, they must then be assessed as to their potential
severity of loss and to the probability of occurrence. These quantities can be either
simple to measure, in the case of the value of a lost building, or impossible to
know for sure in the case of the probability of an unlikely event occurring.
Therefore, in the assessment process it is critical to make the best educated guesses
possible in order to properly prioritize the implementation of the risk management
plan.
The fundamental difficulty in risk assessment is determining the rate of occurrence
since statistical information is not available on all kinds of past incidents.
Furthermore, evaluating the severity of the consequences (impact) is often quite
difficult for immaterial assets. Asset valuation is another question that needs to be
addressed. Thus, best educated opinions and available statistics are the primary
sources of information. Nevertheless, risk assessment should produce such
information for the management of the organization that the primary risks are easy
to understand and that the risk management decisions may be prioritized. Thus,
there have been several theories and attempts to quantify risks. Numerous different
risk formulae exist, but perhaps the most widely accepted formula for risk
quantification is Rate of occurrence multiplied by the impact of the
event equals risk.
RISK OPTIONS
Risk mitigation measures are usually formulated according to one or more of the
following major risk options, which are:
1. Design a new business process with adequate built-in risk control and
containment measures from the start.
RIS
K MANAGEMENT IN BANKS
Later research has shown that the financial benefits of risk management are less
dependent on the formula used but are more dependent on the frequency and how
risk assessment is performed.
In business it is imperative to be able to present the findings of risk assessments in
financial terms. Robert Courtney Jr. (IBM, 1970) proposed a formula for
presenting risks in financial terms.The Courtney formula was accepted as the
official risk analysis method for the US governmental agencies. The formula
proposes calculation of ALE (annualised loss expectancy) and compares the
expected loss value to the security control implementation costs (cost-benefit
analysis).
Ideal use of these strategies may not be possible. Some of them may involve trade-
offs that are not acceptable to the organization or person making the risk
management decisions. Another source, from the US Department of
Defense, Defense Acquisition University, calls these categories ACAT, for Avoid,
Control, Accept, or Transfer. This use of the ACAT acronym is reminiscent of
another ACAT (for Acquisition Category) used in US Defense industry
procurements, in which Risk Management figures prominently in decision making
and planning.
RIS
K MANAGEMENT IN BANKS
Risk avoidance
This includes not performing an activity that could carry risk. An example would
be not buying a property or business in order to not take on the legal liability that
comes with it. Another would be not be flying in order to not take the risk that
the airplane were to be hijacked. Avoidance may seem the answer to all risks, but
avoiding risks also means losing out on the potential gain that accepting (retaining)
the risk may have allowed. Not entering a business to avoid the risk of loss also
avoids the possibility of earning profits.
Hazard Prevention
Hazard prevention refers to the prevention of risks in an emergency. The first and
most effective stage of hazard prevention is the elimination of hazards. If this takes
too long, is too costly, or is otherwise impractical, the second stage is mitigation.
Risk reduction
Risk reduction or "optimisation" involves reducing the severity of the loss or the
likelihood of the loss from occurring. For example, sprinklers are designed to put
out a fire to reduce the risk of loss by fire. This method may cause a greater loss by
water damage and therefore may not be suitable. Halon fire suppression systems
may mitigate that risk, but the cost may be prohibitive as a strategy.
Acknowledging that risks can be positive or negative, optimising risks means
finding a balance between negative risk and the benefit of the operation or activity;
and between risk reduction and effort applied. By an offshore drilling contractor
effectively applying HSE Management in its organisation, it can optimise risk to
achieve levels of residual risk that are tolerable.
Modern software development methodologies reduce risk by developing and
delivering software incrementally. Early methodologies suffered from the fact that
they only delivered software in the final phase of development; any problems
encountered in earlier phases meant costly rework and often jeopardized the whole
project. By developing in iterations, software projects can limit effort wasted to a
single iteration.
Outsourcing could be an example of risk reduction if the outsourcer can
demonstrate higher capability at managing or reducing risks. For example, a
company may outsource only its software development, the manufacturing of hard
goods, or customer support needs to another company, while handling the business
RIS
K MANAGEMENT IN BANKS
management itself. This way, the company can concentrate more on business
development without having to worry as much about the manufacturing process,
managing the development team, or finding a physical location for a call center.
Risk sharing
Briefly defined as "sharing with another party the burden of loss or the benefit of
gain, from a risk, and the measures to reduce a risk."
The term of 'risk transfer' is often used in place of risk sharing in the mistaken
belief that you can transfer a risk to a third party through insurance or outsourcing.
In practice if the insurance company or contractor go bankrupt or end up in court,
the original risk is likely to still revert to the first party. As such in the terminology
of practitioners and scholars alike, the purchase of an insurance contract is often
described as a "transfer of risk." However, technically speaking, the buyer of the
contract generally retains legal responsibility for the losses "transferred", meaning
that insurance may be described more accurately as a post-event compensatory
mechanism. For example, a personal injuries insurance policy does not transfer the
risk of a car accident to the insurance company. The risk still lies with the policy
holder namely the person who has been in the accident. The insurance policy
simply provides that if an accident (the event) occurs involving the policy holder
then some compensation may be payable to the policy holder that is commensurate
to the suffering/damage.
Some ways of managing risk fall into multiple categories. Risk retention pools are
technically retaining the risk for the group, but spreading it over the whole group
involves transfer among individual members of the group. This is different from
traditional insurance, in that no premium is exchanged between members of the
group up front, but instead losses are assessed to all members of the group.
Risk retention
Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self
insurance falls in this category. Risk retention is a viable strategy for small risks
where the cost of insuring against the risk would be greater over time than the total
losses sustained. All risks that are not avoided or transferred are retained by
default. This includes risks that are so large or catastrophic that they either cannot
be insured against or the premiums would be infeasible. War is an example since
most property and risks are not insured against war, so the loss attributed by war is
retained by the insured. Also any amount of potential loss (risk) over the amount
RIS
K MANAGEMENT IN BANKS
insured is retained risk. This may also be acceptable if the chance of a very large
loss is small or if the cost to insure for greater coverage amounts is so great it
would hinder the goals of the organization too much.
Create a risk management plan
Select appropriate controls or countermeasures to measure each risk. Risk
mitigation needs to be approved by the appropriate level of management. For
instance, a risk concerning the image of the organization should have top
management decision behind it whereas IT management would have the authority
to decide on computer virus risks.
The risk management plan should propose applicable and effective security
controls for managing the risks. For example, an observed high risk of computer
viruses could be mitigated by acquiring and implementing antivirus software. A
good risk management plan should contain a schedule for control implementation
and responsible persons for those actions.
According to ISO/IEC 27001, the stage immediately after completion of the risk
assessment phase consists of preparing a Risk Treatment Plan, which should
document the decisions about how each of the identified risks should be handled.
Mitigation of risks often means selection of security controls, which should be
documented in a Statement of Applicability, which identifies which particular
control objectives and controls from the standard have been selected, and why.
Implementation
Implementation follows all of the planned methods for mitigating the effect of the
risks. Purchase insurance policies for the risks that have been decided to be
transferred to an insurer, avoid all risks that can be avoided without sacrificing the
entity's goals, reduce others, and retain the rest.
Review and evaluation of the plan
Initial risk management plans will never be perfect. Practice, experience, and
actual loss results will necessitate changes in the plan and contribute information to
allow possible different decisions to be made in dealing with the risks being faced.
Risk analysis results and management plans should be updated periodically. There
are two primary reasons for this:
RIS
K MANAGEMENT IN BANKS
Why do organizations take risks? The apt answer would be-to make some
handsome gains. Banks, the world over, generally, it is said that “NO RISK-NO
GAIN”, but sometimes, taking risk becomes disastrous for the organizations.
It is evident from above that if risk are not managed properly, even the
survival of the bank may become under threat, risk management has, therefore,
become an important area, which needs to be looked into with great concern and
care.
A risk management strategy delineates in what manner the risks are going to be
handled. Risk management strategy acts as a major device for the higher
management of a company because with the formulation of a risk management
strategy, a number of risks can be averted easily.
The summary risk profile or SRP is an elementary device to enhance risk visibility.
It is basically represented in the form of a chart containing information, which is
usually obtained from a risk register. The graph has to be modified according to the
risk register at fixed intervals. A graphical analysis demonstrates risks according to
probability and the degree of influence accompanied by the consequences of
mitigation functions taken into consideration.
• Risk Analysis: This process includes the detection and description of risks
along with the analysis of influence and resultant action.
These two stages should be handled distinctly to assure that decisions are taken
prudently on the basis of crucial details. However, risk management and risk
analysis are interconnected and accomplished repetitively. The official
documentation of details is a significant factor in risk management strategy. This
offers the base that backs up the risk management process.
RIS
K MANAGEMENT IN BANKS
Risk management analysis is very helpful in examining the risks and following a
well planned process to hedge the risk. At the same time, the effectiveness of the
process and the financial factors related to the process are also discussed through
this analysis.
The business sector always faces some kind of risk. The risk management
initiatives are becoming all the more important with the growing competition in the
global market. In the highly competitive global market there is hardly any scope to
afford any kind of loss. As a result of this, the concept of risk management has
gained considerable importance over the passage of time. The risk management
analysis is very important for proper application of the risk management policies.
This analysis is necessary because the demand of the market and the trends are
changing constantly and only proper analysis of risks can help the businesses to
achieve the set targets.
There are a number of risks that can be handled through the risk management
analysis. Different factors are related to the process of risk management analysis.
These are the following:
Discovering the Risk: The first step of risk management analysis is to mark the
areas where risk factors are related and causing major threats to the businesses or
the organizations. These risks are of different types like financial risk, political
risk, technical risk, risk related to the operations or reputation of the business and
many more. People related to the business may provide some kinds of threats.
Estimating the Risk Factor: It is the second step of risk management analysis and
starts after the identification of the risk factors. In this step, the possible losses and
their impacts on the business are decided. At the same time, necessary finances for
the prevention or recovery process are also decided.
Managing the Risk Factor: After the impacts of the risk are decided, the
company can look for the proper ways of managing these risks. Once the strategies
are set, the process starts working. One of the most important factors is to select
RIS
K MANAGEMENT IN BANKS
such a strategy that can be economical and can provide effective services to the
business. Risk management can be done through different processes. The existing
assets of the particular company can be used or new resources can be developed
for the purpose. It can be done through contingency planning or through business
continuity planning.
Regular Monitoring of the Applied Strategy: This is very necessary for the
success of the risk management strategy because if the strategy does not work
properly, it can be detected through the monitoring process and a new strategy can
be applied.
With the introduction of new products like plastic cards (credit, debit, smart
cards etc.) the risk of frauds have increased manifold. According to estimation, in
an active issuing Bank, card fraud is likely to claim the lion’s share of fraud being
experienced in general, and could well dominate average operating losses as a
whole. Worldwide, frauds occurred due to loss or steal of plastic cards that cause
the greatest losses. The second largest source and fastest growing source of loss is
RIS
K MANAGEMENT IN BANKS
use of counterfeit cards. Emerging areas of E-commerce and internet banking are
also a matter of concern.
Once the risks have been identified, the million dollar question is – What to do
about the Risks? The suitable answer to this question would be to manage the risks
in an efficient and effective manner so that the organization incurs minimum loss.
• If the risk is likely to occur, and it is unavoidable, accept the risk and retain
it on an economically justifiable basis.
• Try to execute some effective actions as to reduce or eliminate the loss likely
to be incurred due to happening of the particular risky incident.
• Try to diversify within a portfolio of risks with a view to shortening the loss.
• If suitable, hedge the risk artificially i.e. counterbalance and neutralize the
risk to a certain degree, by use of derivative instruments. This, in itself, is a
very risky option.
• Put in place the comprehensive internal control and audit systems with a
view to controlling risks.
The effective Risk Management Process in Bank’s. which does not result in
getting rid of risks, will help in minimizing the losses
CONCLUSION
The objective of risk management is not to prohibit or prevent risk taking, but
to ensure that the risks are consciously taken with full knowledge, clear purpose
and understanding so that it can be measured and mitigated. The purpose of
managing risk is to prevent an institution from suffering unacceptable loss causing
an institution to fail or materially damage its competitive position.
RIS
K MANAGEMENT IN BANKS
A large project involves certain risks, and that is true of banking projects. The
Risk Management is an emerging area that aims to address the problem of
identifying and managing the risks associated with the banking industry. The Risk
Management helps banks in preventing problems even before they occur. In
managing the risks, the Board of Directors and Senior Management will have to
play an effective role by formulating clear and comprehensive policies.
Most of the risks arise as a result of mismatch of assets and liabilities. If the
Assets of a bank exactly matched its liabilities of identical maturity, interest rate
conditions, and currency, then liquidity risk, interest rate risk, and currency risk
could have been avoided. However, in practice it is near impossible to have such a
perfectly matched balance sheet. A banker therefore has, to keep different types of
risk within acceptable limits. It requires the ability to forecast future changes in the
environment and formulate suitable action plans to protect the net worth of the
organization from the impact of these risks.
QUESTIONNAIRE