1.

Introduction:
Askari Commercial Bank Limited (ACBL) works as a Unit of Army Welfare Trust was established for the Welfare of Army Officials. The office of Army Welfare Trust is situated at AWT Plaza, Rawalpindi. AWT offers the AWT Saving Scheme to the army officials only. AWT has its units as under: 1. Askari Associates. 2. Askari Leasing. 3. Askari General. 4. Private Business. 5. Textile Mills. 6. Cement Industry. 7. Askari Commercial Bank. Incorporated in Pakistan on October 09, 1991. The bank obtained business commencement certificate on February 26, 1992 and started operations form April 1, 1992, as public limited company, and has since expanded into a nation-wide presence of 51 branches, supported by a network of online ATMs. The Bank is listed on the Karachi, Lahore and Islamabad Stock Exchanges and the initial public offering was over subscribed by 16 times. Askari Commercial Bank is scheduled Commercial Bank and is principally engaged in the business of banking as defined in the Banking Companies Ordinance 1962. Askari Commercial Bank limited continues to scale new heights in all areas of its operations. The safety and security of depositors funds, high productivity and optimum use of technology are the hallmarks of its corporate strength. While capturing the largest market share amongst the new banks, Askari has provided good value to its shareholders. Share price of ACBL has remained approximately 12% higher than the average share price of quoted banks during the last four years.

Askari Bank is principally engaged in the business of banking as defined in the Banking Companies Ordinance, 1962. as at December 31, 2002 the Bank had total assets of PKR 70.313 billion, with over 250000 banking customers. Askari Bank is the only bank with its operational Head Office in the twin cities of Rawalpindi-Islamabad, which have relatively limited opportunities as compared to Karachi and Lahore. This created its own challenges and opportunities, and forced us to evolve an outward-looking strategy in terms of our market emphasis. As a result, we developed a geographically diversified assets base instead of a concentration and heavy reliance on business in the major commercial centers of Karachi and Lahore, where most other banks have their operational Head Offices. Multan is a cotton city, so to get the export market of cotton ACBL open its branch in Multan in December, 1994. In a short span of time this branch increases their business remarkably. In 2001 this branch gets the trophy of highest profit for the year 2001. This branch has highest deposits and advances as compare to other banks working in Multan. Now recently this branch gets the trophy of highest imports for the month of July 2003 as compare to all the branches of Askari Commercial Bank working in Pakistan. Askari bank was incorporated in Pakistan on October 9, 1991, as a public limited company. It commenced its operations on April 1, 1992, and is principally engaged in the business of banking, as defined in the banking companies ordinance, 1962. The bank is listed on the KARACHI, LAHORE AND ISLAMABAD Stock Exchanges and its share is currently the highest quoted from among the new private sector banks in Pakistan. Askari Bank has expanded into a nation wide presence of 98 Branches, and an Offshore Banking Unit in Bahrain. A shared network of over 1,100 online ATMs covering all major cities in Pakistan supports the delivery channels for customer service. As on December 31, 2005, the Bank had equity of Rs. 8.6 billion and total assets of Rs. 145.1 billion, with over 600,000 banking customers, serviced by our 2,754 employees.

2. Loss exposure suffered most of the time:

Most of the time Askari Bank suffered loss exposure from Non Performing Loans (NPL) as compared to frauds or Treasury Investment. Askari Bank's nonperforming loans (NPLs) increased from Rs. 3.66 billion to Rs. 6.91 from 2009 to 2010. A Non-performing loan is a loan that is in default or close to being in default. Many loans become non-performing after being in default for 3 months, but this can depend on the contract terms. A loan is nonperforming when payments of interest and principal are past due by 90 days or more, or at least 90 days of interest payments have been capitalized, refinanced or delayed by agreement, or payments are less than 90 days overdue, but there are other good reasons to doubt that payments will be made in full. By Bank regulatory definition non-performing loans consist of: other real estate owned which is that taken by foreclosure or a deed in lieu of foreclosure, loans that are 90 days or more past due and still accruing interest, and loans which have been placed on nonaccrual (i.e., loans for which interest is no longer accrued and posted to the income statement) Non Performing Loans can be from: Conventional Banking Corporate Bank Agriculture Banking Islamic Banking Macro Finance

3. Identify your loss exposure:

3.1. What Loss Exposures are rated: Ideally all the credit exposures of the bank should be assigned a risk rating. However given the element of cost, it might not be feasible for all banks to follow. The banks may decide on their own which exposure needs to be rated. The

decision to rate a particular loan could be based on factors such as exposure amount, business line or both. Generally corporate and commercial exposures are subject to internal ratings and banks use scoring models for consumer / retail loans. The credit loss exposure involves both the probability of Default (PD) and loss in the event of default or loss given default (LGD). The former is specific to borrower while the later corresponds to the facility. The product of PD and LGD is the expected loss. In addition the rating and loan analysis process while being separate are intertwined. The process of assigning a rating and its approval / confirmation goes along with the initiation of a credit proposal and its approval. 3.2. Loss exposure identifies in term of: Frauds: Sanction loans on wrong documents or mortgage illegal property. Non Performing Loan: Loans those are not ended with natural maturity. Credit/Treasury losses: Foreign Exchange Rates/Stock Exchange Investments. Frauds Identifies through: Fraud identifies itself Report or Complaints Audit o Internal Audit o External Audit Normal activity/Daily activity

NPL Identifies through: Repayments stop Loan overdue Credit/Treasury losses: These types of losses occurred after they incurred. Investment that does not give profitable return can bear a loss for the bank. Board and executive management

should recognize, understand and have defined all categories of investment risk applicable to the institution. Furthermore, they should ensure that their investment management framework adequately covers all of these categories of market risk, including those that do not readily lend themselves to measurement. SAM (Special Asset Management) is also made by Askari Bank to identify and monitor Loss Exposures. SAM is a Watch list Department made other than Risk Management Division.

4. Analyses loss exposure base on loss frequency and severity

From the below methods Banks can analyze about the risk of loss and severity. These methods give the exact situation about the loss exposure and give the guideline for the future regarding that loss. Bank analyzes loss exposure as: Doubtful: When 90 days overdue with maximum 25% of outstanding amounts. These losses float when the payment is not made from last 90 days. Bank feels doubt and marked it as doubtful for loss exposure. Sub-standard: When 180 days overdue with maximum 50% of outstanding amounts. These losses float when the payment is not made from last 180 days. Bank feels doubt and marked it as sub-standard for loss exposure. Loss: When 360 days overdue with maximum 100% of outstanding amounts. These losses float when the payment is not made from last 360 days. Bank feels doubt and marked it as loss in loss exposure. From the above methods Banks can analyze about the risk of loss and severity. These methods give the exact situation about the loss exposure and give the guideline for the future regarding that loss.

According to their 2010 Balance Sheet they have following loss exposures: Loss Exposure based on loss frequency:
Askari Commercial Bank 2010 Rupees in 000 Classified Advances Category of classification Other Assets Especially Mentioned - note Substandard Doubtful Loss 14,280,500 54,779 1,155,321 2,484,033 17,904,515 54,779 1,155,321 2,484,033 257,673 684,625 257,673 684,625 14,280,500 257,673 684,625 14,280,500 257,673 684,625 Domestic Overseas Total Domestic Provision Required Overseas Total Domestic Provision Held Overseas Total

17,904,515 14,280,500

21,598,648

21,598,648 15,222,798

15,222,798

15,222,798

15,222,798

Business Exposure: Industry Characteristics Competitive Position (e.g. marketing/technological edge) Management Financial Exposure: Financial condition Profitability Capital Structure Present and future Cash flows

Audit: Banks need to review and validate each step of market risk measurement process. This review function can be performed by a number of units in the organization including internal audit/control department or ALCO support staff. In small banks, external auditors or consultants can perform the function.

Contingency Funding Plans: In order to develop a comprehensive liquidity risk management framework, institutions should have way out plans for stress scenarios. Such a plan commonly known as Contingency Funding Plan (CFP) is a set of policies and procedures that serves as a blue print for a bank to meet its funding needs in a timely manner and at a reasonable cost. A CFP is a projection of future cash flows and funding sources of a bank under market scenarios including aggressive asset growth or rapid liability erosion. To be effective it is important that a CFP should represent managements best estimate of balance sheet changes that may result from a liquidity or credit event. A CFP can provide a useful framework for managing liquidity risk both short term and in the long term. Further it helps ensure that a financial institution can prudently and efficiently manage routine and extraordinary fluctuations in liquidity.

5. Technique for treating loss exposure:

Treating loss exposure/Stress Testing: The importance of better understanding of potential risk n harms in the financial system and the measures to assess these risks n harms for both the regulators and the managers can hardly be over highlight especially due to increasing volatilities in the financial markets. The regulators and managers of the financial system around the globe have developed a number of quantitative techniques to assess the potential risks to the individual institutions as well as financial system. A range of quantitative techniques that could serve the purpose is widely known as stress testing. Stress testing is a process, which provides information on the behavior of the financial system under a set of exceptional, but reasonable assumptions. At institutional level, stress testing techniques provide a way to quantify the impact of changes in a number of risk factors on the assets and liabilities of the institution. For instance, a portfolio stress test makes a rough estimate of the value of portfolio using a set of exceptional but reasonable assumptions. However, one of the limitations of this technique is that stress tests do not account for the probability of occurrence of these exceptional events. For this purpose, other techniques, for

example VAR models etc, are used to supplement the stress tests. These tests help in managing risk within a financial institution to ensure optimum allocation of capital across its risk profile. At the system level, stress tests are primarily designed to quantify the impact of possible changes in economic environment on the financial system. The system level stress tests also complement the institutional level stress testing by providing information about the sensitivity of the overall financial system to a number of risk factors. These tests help the regulators to identify structural vulnerabilities and the overall risk exposure that could cause disruption of financial markets. Its prominence is on potential externalities and market failures. 5.1. Techniques for Stress Testing/ treating loss exposure: Simple Sensitivity Analysis measures the change in the value of portfolio for shocks of various degrees to different independent risk factors while the underlying relationships among the risk factors are not considered. For example, the shock might be the adverse movement of interest rate by 100 basis points and 200 basis points. Its impact will be measured only on the dependent variable i.e. capital in this case, while the impact of this change in interest rate on NPLs or exchange rate or any other risk factor is not considered. Scenario Analysis encompasses the situation where a change in one risk factor affects a number of other risk factors or there is a simultaneous move in a group of risk factors. Scenarios can be designed to encompass both movements in a group of risk factors and the changes in the underlying relationships between these variables (for example correlations and volatilities). Stress testing can be based on the historical scenarios, a backward looking approach, or the hypothetical scenario, a forward-looking approach. Extreme Value/ Maximum Shock scenario measures the change in the risk factor in the worst-case scenario, i.e. the level of shock which entirely wipes out the capital. Stress test shall be carried out assuming three different hypothetical scenarios:

 Minor Level Shocks: These represent small shocks to the risk factors. The level for different risk factors can, however, vary. Moderate Level Shocks: It have a mental picture of medium level of shocks and the level is defined in each risk factor separately. Major Level Shocks: It involves big shocks to all the risk factors and is also defined separately for each risk factor. Assumptions behind each Scenario: The stress test at this stage is only a single factor sensitivity analysis. Each of the five risk factors has been given shocks of three different levels. The magnitude of shock has been defined separately for each risk factor for all the three levels of shocks. Scope of Stress Test: As a starting point the scope of the stress test is limited to simple sensitivity analysis. Five different risk factors namely; interest rate, forced sale value of collateral, non-performing loans (NPLs), stock prices and foreign exchange rate have been identified and used for the stress testing. Moreover, the liquidity position of the institutions has also been stressed separately. Though the decision of creating different scenarios for stress testing is a difficult one, however, to start with, certain levels of shocks to the individual risk components have been specified considering the historical as well as hypothetical movement in the risk factors. 5.2. Methodology and Calibration of Shocks:

Interest Rate Risk: Interest rate risk is the potential that the value of the on-balance sheet and the offbalance sheet positions of the bank/DFI would be negatively affected with the change in the interest rates. The vulnerability of an institution towards the adverse movements of the interest rate can be gauged by using duration GAP analysis. The banks and DFIs shall follow the following steps in carrying out the interest rate stress tests.

 Estimate the market value of all on-balance sheet rate sensitive assets and liabilities of the bank/DFI to arrive at market value of equity Calculate the durations of each class of asset and the liability of the onbalance sheet portfolio Arrive at the aggregate weighted average duration of assets and liabilities Calculate the duration GAP by subtracting aggregate duration of liabilities from that of assets Estimate the changes in the economic value of equity due to change in interest rates on on-balance sheet positions along the three interest rate changes Calculate surplus/(deficit) on off-balance sheet items under the assumption of three different interest rate changes i.e. 1%, 2%, and 5% Estimate the impact of the net change (both for on-balance sheet and offbalance sheet) in the market value of equity on the capital adequacy ratio (CAR) Market value of the asset or liability shall be assessed by calculating its present value discounted at the prevailing interest rate. The outstanding balances of the assets and liabilities should be taken along with their respective maturity or reprising period, whichever is earlier. Duration GAP & Price Sensitivity: Duration is the measure of a portfolios price sensitivity to changes in interest rates. Longer the duration, larger the changes in the price for a given change in the interest rates. Larger the coupon, lower would be the duration and smaller would be the change in the price for a given change in the interest rates. Exchange Rate Risk: The stress test for exchange rate assesses the impact of change in exchange rate on the value of equity. To model direct foreign exchange risk only the overall net open position of the bank/DFI including the on-balance sheet and off-balance sheet exposures shall be given an adverse shocks of 5%, 10% and 15% for minor, moderate and major levels respectively. The overall net open position is measured by aggregating the sum of net short positions or the sum of net long positions;

whichever is greater regardless of sign. For example, the bank may have net long position of Rs500 million in Yen, Euro and USD and the net short position in GBP and Australian dollar of Rs600 million. The total exposure will be the greater of the two i.e. sum of the short positions of Rs600 million. The impact of the respective shocks will be calibrated in terms of the CAR. The tax-adjusted loss arising from the shocked position will be adjusted from the capital. The revised CAR will then be calculated after adjusting total loss from the risk-weighted assets of the bank/DFI. Credit Risk: The stress test for credit risk assesses the impact of increase in the level of nonperforming loans of the bank/DFI. This involves three types of shocks: The one deals with the increase in the NPLs and the respective provisioning. The three scenarios shall explain the impact of 5%, 10% and 20% increase in the total NPLs directly downgraded to loss category having 100% provisioning requirement. The tax-adjusted impact will be calibrated in the CAR of the bank/DFI for each of the scenarios. The second deals with the negative shift in the NPLs categories and hence the increase in respective provisioning. The three scenarios shall explain the impact of 50%, 80% and 100% downward shift in the NPLs categories. For example, for the first level of shock 50% of the OAEM shall be categorized under substandard, 50% of the substandard shall be categorized under doubtful and 50% of the doubtful shall be added to the loss category. The tax-adjusted impact of the increased provisioning will be calibrated in the CAR of the bank/DFI for each of the scenarios. The third deals with the fall in the forced sale value (FSV) of mortgaged collateral. The forced sale values of the collateral shall be given shocks of 10%, 20% and 40% decline in the forced sale value of mortgaged collateral for all the three scenarios respectively. The tax-adjusted impact of the additional required provision will be calibrated in the CAR for each of the scenario. Equity Price Risk:

The stress test for equity price risk assesses the impact of the fall in the stock market index. The current market value of all the on balance sheet and off balance sheet securities listed on the stock exchanges including shares, NIT units, mutual funds etc. shall be given shocks of 10%, 20% and 40% fall in their value for all the three scenarios respectively. The impact of resultant loss will be calibrated in the CAR. Liquidity Risk: The stress test for liquidity risk evaluates the resilience of the banks towards the fall in liquid liabilities. The ratio liquid assets to liquid liabilities shall be calculated before and after the shocks by dividing the liquid assets with liquid liabilities. Liquid assets are the assets that are easily and cheaply turned into cash. They include cash and balances with banks, call money lending, lending under repo and investment in government securities. Liquid liabilities include the deposits and the borrowings. The liquid liabilities should be given shocks of 10%, 20% and 30% fall. The equivalent amount should be deducted from the liquid assets assuming the fall in liquid liabilities is met by the corresponding fall in the liquid assets. The ratio of liquid assets to liquid liabilities shall be re-calculated under each scenario. 6. Risk Management: Risk Management is a discipline at the core of every financial institution and encompasses all the activities that affect its risk profile. It involves identification, measurement, monitoring and controlling risks to ensure that : a) The individuals who take or manage risks clearly understand it. b) The organizations Risk exposure is within the limits established by Board of Directors. c) Risk taking Decisions are in line with the business strategy and objectives set by BOD. d) The expected payoffs compensate for the risks taken e) Risk taking decisions are explicit and clear.

f) Sufficient capital as a buffer is available to take risk The acceptance and management of financial risk is inherent to the business of banking and banks roles as financial intermediaries. Risk management as commonly perceived does not mean minimizing risk; rather the goal of risk management is to optimize risk -reward trade -off. Notwithstanding the fact that banks are in the business of taking risk, it should be recognized that an institution need not engage in business in a manner that unnecessarily imposes risk upon it: nor it should absorb risk that can be transferred to other participants. Rather it should accept those risks that are uniquely part of the array of banks services. In every financial institution, risk management activities broadly take place Simultaneously at following different hierarchy levels. a) Strategic level: It encompasses risk management functions performed by senior management and BOD. For instance definition of risks, ascertaining institutions risk appetite, formulating strategy and policies for managing risks and establish adequate systems and controls to ensure that overall risk remain within acceptable level and the reward compensate for the risk taken. b) Macro Level: It encompasses risk management within a business area or across business lines. Generally the risk management activities performed by middle management or units devoted to risk reviews fall into this category. c) Micro Level: It involves On-the-line risk management where risks are actually created. This is the risk management activities performed by individuals who take risk on organizations behalf such as front office and loan origination functions. The risk management in those areas is confined to following operational procedures and guidelines set by management. Expanding business arenas, deregulation and globalization of financial activities emergence of new financial products and increased level of competition has necessitated a need for an effective and structured risk management in financial institutions. A banks ability to measure, monitor, and steer risks comprehensively is becoming a decisive parameter for its strategic positioning. The risk management framework and sophistication of the process, and internal controls, used to manage risks, depends on the nature, size and complexity of institutions

activities. Nevertheless, there are some basic principles that apply to all financial institutions irrespective of their size and complexity of business and are reflective of the strength of an individual bank's risk management practices. Board and senior Management oversight: a) To be effective, the concern and tone for risk management must start at the top. While the overall responsibility of risk management rests with the BOD, it is the duty of senior management to transform strategic direction set by board in the shape of policies and procedures and to institute an effective hierarchy to execute and implement those policies. To ensure that the policies are consistent with the risk tolerances of shareholders the same should be approved from board. b) The formulation of policies relating to risk management only would not solve the purpose unless these are clear and communicated down the line. Senior management has to ensure that these policies are embedded in the culture of organization. Risk tolerances relating to quantifiable risks are generally communicated as limits or sub-limits to those who accept risks on behalf of organization. However not all risks are quantifiable. Qualitative risk measures could be communicated as guidelines and inferred from management business decisions. c) To ensure that risk taking remains within limits set by senior management/BOD, any material exception to the risk management policies and tolerances should be reported to the senior management/board that in turn must trigger appropriate corrective measures. These exceptions also serve as an input to judge the appropriateness of systems and procedures relating to risk management. d) To keep these policies in line with significant changes in internal and external environment, BOD is expected to review these policies and make appropriate changes as and when deemed necessary. While a major change in internal or external factor may require frequent review, in absence of any uneven circumstances it is expected that BOD re-evaluate these policies every year.

6.1.

Risk Management framework.

A risk management framework encompasses the scope of risks to be managed, the process/systems and procedures to manage risk and the roles and responsibilities of individuals involved in risk management. The framework should be comprehensive enough to capture all risks a bank is exposed to and have flexibility to accommodate any change in business activities. An effective risk management framework includes a) Clearly defined risk management policies and procedures covering risk identification, acceptance, measurement, monitoring, reporting and control. b) A well constituted organizational structure defining clearly roles and responsibilities of individuals involved in risk taking as well as managing it. Banks, in addition to risk management functions for various risk categories may institute a setup that supervises overall risk management at the bank. Such a setup could be in the form of a separate department or banks Risk Management Committee (RMC) could perform such function. The structure should be such that ensures effective monitoring and control over risks being taken. The individuals responsible for review function (Risk review, internal audit, compliance etc) should be independent from risk taking units and report directly to board or senior management who are also not involved in risk taking. c) There should be an effective management information system that ensures flow of information from operational level to top management and a system to address any exceptions observed. There should be an explicit procedure regarding measures to be taken to address such deviations. d) The framework should have a mechanism to ensure an ongoing review of systems, policies and procedures for risk management and procedure to adopt changes. 6.2. Integration of Financial Risk Management: Risks must not be viewed and assessed in isolation, not only because a single transaction might have a number of risks but also one type of risk can trigger other risks. Since interaction of various risks could result in diminution or increase in risk, the risk management process should recognize and reflect risk interactions in all business activities as appropriate. While assessing and managing risk the

management should have an overall view of risks the institution is exposed to. This requires having a structure in place to look at risk interrelationships across the organization. 6.3. Risk Evaluation/Measurement.

Until and unless risks are not assessed and measured it will not be possible to control risks. Further a true assessment of risk gives management a clear view of institutions standing and helps in deciding future action plan. To adequately capture institutions risk exposure, risk measurement should represent aggregate exposure of institution both risk type and business line and encompass short run as well as long run impact on institution. To the maximum possible extent institutions should establish systems / models that quantify their risk profile, however, in some risk categories such as operational risk, quantification is quite difficult and complex. Wherever it is not possible to quantify risks, qualitative measures should be adopted to capture those risks. Whilst quantitative measurement systems support effective decision-making, better measurement does not obviate the need for well-informed, qualitative judgment. Consequently the importance of staff having relevant knowledge and expertise cannot be undermined. Finally any risk measurement framework, especially those which employ quantitative techniques/model, is only as good as its underlying assumptions, the rigor and robustness of its analytical methodologies, the controls surrounding data inputs and its appropriate application o Independent review: One of the most important aspects in risk management philosophy is to make sure that those who take or accept risk on behalf of the institution are not the ones who measure, monitor and evaluate the risks. Again the managerial structure and hierarchy of risk review function may vary across banks depending upon their size and nature of the business, the key is independence. o Contingency planning: Institutions should have a mechanism to identify stress situations ahead of time and plans to deal with such unusual situations in a timely and effective

manner. Stress situations to which this principle applies include all risks of all types. For instance contingency planning activities include disaster recovery planning, public relations damage control, litigation strategy, responding to regulatory criticism etc. Contingency plans should be reviewed regularly to ensure they encompass reasonably probable events that could impact the organization. o Credit Origination: Banks must operate within a sound and well-defined criteria for new credits as well as the expansion of existing credits. Credits should be extended within the target markets and lending strategy of the institution. Before allowing a credit facility, the bank must make an assessment of risk profile of the customer/transaction. This may include o Limit setting: An important element of risk management is to establish exposure limits for single obligors and group of connected obligors. Institutions are expected to develop their own limit structure while remaining within the exposure limits set by State Bank of Pakistan. The size of the limits should be based on the credit strength of the obligor, genuine requirement of credit, economic conditions and the institutions risk tolerance. Appropriate limits should be set for respective products and activities. Institutions may establish limits for a specific industry, economic sector or geographic regions to avoid concentration risk.

o Administration:
Ongoing administration of the credit portfolio is an essential part of the credit process. Credit administration function is basically a back office activity that support and control extension and maintenance of credit. A typical credit administration unit performs following functions: a. Documentation. It is the responsibility of credit administration to ensure completeness of documentation (loan agreements, guarantees, transfer of

title of collaterals etc) in accordance with approved terms and conditions. Outstanding documents should be tracked and followed up to ensure execution and receipt. b. Credit Disbursement. The credit administration function should ensure that the loan application has proper approval before entering facility limits into computer systems. Disbursement should be effected only after completion of covenants, and receipt of collateral holdings. In case of exceptions necessary approval should be obtained from competent authorities. c. Credit monitoring. After the loan is approved and draw down allowed, the loan should be continuously watched over. These include keeping track of borrowers compliance with credit terms, identifying early signs of irregularity, conducting periodic valuation of collateral and monitoring timely repayments. d. Loan Repayment. The obligators should be communicated ahead of time as and when the principal/markup installment becomes due. Any exceptions such as non-payment or late payment should be tagged and communicated to the management. Proper records and updates should also be made after receipt. e. Maintenance of Credit Files. Institutions should devise procedural guidelines and standards for maintenance of credit files. The credit files not only include all correspondence with the borrower but should also contain sufficient information necessary to assess financial health of the borrower and its repayment performance. It need not mention that information should be filed in organized way so that external / internal auditors or SBP inspector could review it easily. f. Collateral and Security Documents. Institutions should ensure that all security documents are kept in a fireproof safe under dual control. Registers for documents should be maintained to keep track of their movement. Procedures should also be established to track and review relevant insurance coverage for certain facilities/collateral. Physical checks on security documents should be conducted on a regular basis.

Risk Monitoring & Control:

Credit risk monitoring refers to incessant monitoring of individual credits inclusive of Off-Balance sheet exposures to obligors as well as overall credit portfolio of the bank. Banks need to enunciate a system that enables them to monitor quality of the credit portfolio on day-to-day basis and take remedial measures as and when any deterioration occurs. Such a system would enable a bank to ascertain whether loans are being serviced as per facility terms, the adequacy of provisions, the overall risk profile is within limits established by management and compliance of regulatory limits. Establishing an efficient and effective credit monitoring system would help senior management to monitor the overall quality of the total credit portfolio and its trends. Consequently the management could fine tune or reassess its credit strategy /policy accordingly before encountering any major setback. The banks credit policy should explicitly provide procedural guideline relating to credit risk monitoring. 6.4. Elements of Risk management: o Board and senior Management Oversight o Organizational Structure 6.5. Risk Management should include: o The Risk Management Committee o The Asset-Liability Management Committee (ALCO) o The Middle Office o Risk Management Committee: It is generally a board level subcommittee constituted to supervise overall risk management functions of the bank. The structure of the committee may vary in banks depending upon the size and volume of the business. Generally it could include heads of Credit, Market and operational risk Management Committees. It will decide the policy and strategy for integrated risk management containing various risk exposures of the bank including the market risk. o Asset-Liability Committee: Popularly known as ALCO, is senior management level committee responsible for supervision / management of Market Risk (mainly interest rate and Liquidity risks). The committee generally comprises of senior managers from treasury, Chief Financial Officer, business heads generating and using the funds of the bank, credit, and individuals from the departments

having direct link with Interest rate and liquidity risks. The CEO or some senior person nominated by CEO should be head of the committee. The size as well as composition of ALCO could depend on the size of each institution, business mix and organizational complexity. To be effective ALCO should have members from each area of the bank that significantly influences liquidity risk. In addition, the head of the Information system Department (if any) may be an invitee for building up of MIS and related computerization. ALCO should ensure that risk management is not confined to collection of data. Rather, it will ensure that detailed analysis of assets and liabilities is carried out so as to assess the overall balance sheet structure and risk profile of the bank. The ALCO should cover the entire balance sheet/business of the bank while carrying out the periodic analysis. o Middle Office: The risk management functions relating to treasury operations are mainly performed by middle office. The concept of middle office has recently been introduced so as to independently monitor measure and analyze risks inherent in treasury operations of banks. Besides the unit also prepares reports for the information of senior management as well as banks ALCO. Basically the middle office performs risk review function of day-to-day activities. Being a highly specialized function, it should be staffed by people who have relevant expertise and knowledge. The methodology of analysis and reporting may vary from bank to bank depending on their degree of sophistication and exposure to market risks. These same criteria will govern the reporting requirements demanded of the Middle Office, which may vary from simple gap analysis to computerized VAR modeling. Middle Office staff may prepare forecasts (simulations) showing the effects of various possible changes in market conditions related to risk exposures. Banks using VAR or modeling methodologies should ensure that its ALCO is aware of and understand the nature of the output, how it is derived, assumptions and variables used in generating the outcome and any shortcomings of the methodology employed. Segregation of duties should be evident in the middle office, which must report to ALCO independently of the treasury function. In respect of banks without a formal Middle Office, it should be ensured that risk control and analysis should rest with a department with

clear reporting independence from Treasury or risk taking units, until normal Middle Office framework is established.