RISK MANAGEMENT IN BANK
Indian Banking Industry is going through a transformation process in
its transitional journey from the era of protected economy to the tough
world of market economy. Banks are expanding their operations, entering
new market and trading in new asset types. The changes in financial
system, product and structures have created new opportunities along with
new risks. Risk Management has become an internal part of financial
activity of Bank and other market participants. These risks can’t be
ignored and either has to be managed by market participants as part of
Asset Liability Management or hedge. Under these circumstances,
creating an environment that promotes risk management assumes critical
importance. This requires addressing certain policy and institutional
issues in developing in India.
First and foremost a well-developed market, repo market
constitutes an important prerequisite for the promotion of risk
management practice among market participants. Regulatory gaps and
overlaps in debt markets need to be sorted out quickly to facilitate the
repeal of the 1969 notification which will go a long way in aiding the
process of Asset Liability Management for Banks. Indian conditions are
suitable for introduction of credit default swap in India. It offers
advantages of hedging credit risk without impairing the relationship with
the borrower. Forward rate agreements and interest rate swaps enable
users to lock into spreads. The RBI has already permitted interest rate
swaps. A major reason for lack of term money market is the absence of
the practice of Asset Liability Management system among bank for
identifying mismatches in carious time periods. The recent RBI
guidelines to lend on a term and also offer two-way quotes in the market.
The advisory group on banking supervision constituted by RBI
recommended greater orientation of banks management. OECD
principles of corporate governance recognized the risk management as
area of increasing importance for Board, which is related to corporate
“Life is inherently risky. There is only one big risk you should avoid at
all costs and that is the risk or doing nothing”
Risks associated with financial institutions are becoming more and
more diverse and complicated due to changes taking place in the
operating environment. In response, and in recognition of the fact that
risk cannot be entirely avoided.
“It is the process for identifying the risk the business faces, evaluating
them according to the likely hood of their occurring and the damage.
They would ensure deciding whether to wear, avoid, control or ensure
against then, allocating responsibility for dealing with them ensuring that
the process actual works and reporting material problems as early a
possible to the right level”.
The operation of bank inevitably means facing risk of many kinds
risk. Risk is inherent in bank but it is far from routine, nor is it one-
dimensional. All round the globe, market risks, technical risk, operational
risk, political risk, legal risks, and change rapidly and continually. A
recent survey in USA revealed that the directors are not focusing enough
on risk management. Most of the bank did not have a formal enterprise
wide risk management process. However, directors are not expected to
understand ever-small aspect of the management process orb monitor
every transaction. Nevertheless, they have the responsibility to oversee
the risk management function and internal control system of the bank.
There can be no one size-fit all risk management system due to diversity
in the size of balance sheet and risk appetite among banks. Each bank
must design and develop its own system to suit its specific needs
depending upon the size and complexity of business, risk philosophy,
market perception and level of capital.
Objectives of Risk Management
The very basic objective of risk management system is to put in
place and operate a systematic process to give a reasonable degree of
assurance to the top management that the ultimate corporate goals that are
vigorously pursued by it would be achieved in the most efficient manner.
In this way, all the risk that come in the way of institution achieving the
goals it has to set for itself would managed properly by the risk
management system. In the absence of such a system, no institution can
exist in the long run without being able to fulfill the objective for which it
was set up.
DIFFERENT TYPES OF RISK
1. Financial Risk:
The risk of loss from holding positions that is subject to
change in value with changing market conditions. This risk includes all
changing, in market conditions, such as prices, volatility, liquidity, and
credit risk, the ability and willingness of counterparties to honor their
Lloyd’s of London provided re-insurance without protracted
and significant losses for 300 years. The equity holders in these
enterprises started to think they were purchasing annuities rather than
placing their considerable assets at risk. With a history of profits without
significant loss that spans centuries, such a belief is understandable.
Lloyd’s accumulated $8.6 billion in losses in the three years from 1988
through 1990. The equity holders achieved a better understanding of the
financial risk they were incurring.
I. Credit risk
Credit risk is defined as the potential that a borrower or
counterparty will fail to meet its obligation in accordance with agreed
terms. RBI has been extremely sensitive to the credit risk it faces on the
investment of foreign currency assets and gold in the international
markets. Investments in bonds/treasury bills, which represent debt
obligations of Triple-A rated sovereigns and supranational entities do not
give rise to any substantial credit risk. Placement of deposit with BIS and
other central banks like Bank of England is also considered credit risk-
free. However, placement of deposits with commercial banks as also
transactions in foreign exchange and bonds/treasury bills with
commercial banks/investment banks and other securities firms give rise to
credit risk. Stringent credit criteria are, therefore, applied for selection of
counterparties. Credit exposure vis-à-vis sanctioned limit in respect of
approved counterparties is monitored on line. The basic objective of an
on-going tracking exercise is to identify any institution (which is on the
RBI’s approved list) whose credit quality is under potential threat and to
prune down the credit limits or de-list it altogether, if considered
necessary. A quarterly review exercise is also carried in respect of
counterparties for possible inclusion/deletion.
II. Trading credit Risk
This is the risk of loss from the failure of a trading counterparty
to perform its trading obligations as agreed. The largest exposures for this
risk typically occur between major global trading counterparties e.g.
liquidity providers in several markets. Unlike traditional lending, these
exposures change values with changing market conditions (prices,
volatility). Note, however, the largest risk of loss is linked but not directly
proportional to the largest exposures. Credit risk combines exposure with
default and recoveries. Thus a lower exposure can have a higher risk if
the default probability is much higher.
II. Commercial credit Risk
This is the risk of loss form providing credit to corporate
counterparties. Extensions of credit can take the form of direct loans and
contingencies or guarantees.
2. Market Risk:
This is the risk that positions can lose value due to changing market
conditions including prices, volatility, and market liquidity. It also
includes basis risk for hedge positions. Market risk, along with credit risk
are the two major components of financial risk. Market risk, which
consists primarily of price risk and volatility risk, occurs within the major
I. Commodity market Risk
This is the risk of loss from having positions in any of the
commodity markets. There are certainly tremendous variety of them,
ranging from agricultural markets, which include various grains, meats,
produce, and wood products to minerals and metals. More recently, the
energy market has undergone an expansion as electricity has deregulated
and become a commodity whose price fluctuates.
II. Currency market Risk
This is the risk of loss from having positions in any of the
currency markets. The risk can be from outright positions. It can also
reside on the balance sheet or in the income flows of a company. Many
Thai companies were carrying currency risk on their balance sheets with
assets in Thai baht and liabilities/ loans in U.S. dollars. In the summer of
1997, they were bankrupted overnight by a 20% reduction in their dollar
liabilities. Other firms suffer large fluctuations in income when earnings
denominated in foreign currencies must be converted and reported in
III. Interest Rate Risk
The crucial aspect of the management of interest rate risk is to
protect the value of the investments as much as possible from the adverse
impact of the interest rate movements. The focus of the investment
strategy revolves around the overwhelming need to keep the interest rate
risk of the portfolio reasonably low with a view to minimizing losses
arising out of adverse interest rate movements, if any. This approach is
warranted as reserves are viewed as a market stabilizing force in an
IV. Market Liquidity Risk:
This is the risk of loss from being unable to buy or sell positions
easily, at a low transaction cost. The speed and ease with which a buyer
or seller can convert assets into cash and vice versa varies with each class
of assets in the market. Gold, for example, is much more liquid than real
estate. In addition, liquidity fluctuates over time. During August and
September 1998, some of the most liquid markets, such as the U.S.
government bond market and the swap markets became considerably less
In the early 1990’s a steep spike in interest rates caused large
losses in many trenches of mortgaged- backed securities (MBS). The
market for these instruments froze because no one was interested in
bidding for them, even at huge discounts to their remaining fair market
value. That liquidity freeze helped keep MBS prices depressed for a long
V. Equity market Risk:
This is the risk of loss from holding positions in the equity
markets. This is investor risk and almost everyone is familiar with it. Like
the other markets it contains price, volatility, and liquidity.
3. Operational risk and control system
Internally, there is a total separation of the front office and back
office functions and the internal control systems ensure several checks at
the stages of deal capture, deal processing and settlement. There is a
separate set up responsible for risk measurement and monitoring,
performance evaluation and concurrent audit. The deal processing and
settlement system is also subject to internal control guidelines based on
the principle of one point data entry and powers are delegated to officers
at various levels for generation of payment instructions. There is a
system of concurrent audit for monitoring compliance in respect of all the
internal control guidelines. Further, reconciliation of accounts is done
In addition to annual inspection by the internal machinery of the
RBI for this purpose and statutory audit of accounts by external auditors,
there is a system of appointing a special external auditor to audit dealing
room transactions. The main objective of the special audit is to see that
risk management systems and internal control guidelines are adhered to.
There exists a comprehensive reporting mechanism covering all
significant areas of activity/operations relating to reserve management.
These are being provided to the senior management periodically, viz., on
daily, weekly, monthly, quarterly, half-yearly and yearly intervals,
depending on the type and sensitivity of information.
4. Settlement Risk:
This is the risk of loss from failure of a trading counterparty to
perform as obligated during the settlement process. Most settlement
processes for financial transactions have established safeguards to greatly
reduce this risk. For Ex. Most equity and debt purchases settle through
clearing houses that hold delivers until payment is received. Other
financial products frequently settle on a net difference basis. In most
swaps, just the difference between the fixed and floating leg is
transmitted. Daily settlement amounts between the biggest traders i.e.
liquidity provider, especially when they do not occur on a net basis, are
very large. The failure of a major financial institution to honor its side of
these trades of these trades could cause significant loss and serious
In 1974, a small bank in Germany, Bank Herstatt, which had $60
million in FX, trades settling the next day closed its doors. The three days
of increasing payment system gridlock that followed served as a waked-
up call to the industry and its regulators.
5. Asset liability Risk:
This is the risk that current obligations cannot be met with
current assets. This is a fundamental risk in all organizations, which must
maintain liquidity, or they become insolvent. In financial institutions, this
risk is quite significant because many liabilities can be accelerated if the
market perceives a weakness. Markets and regulators have demanded that
financial institutions maintain a high level of capital to protect the fund
providers and a high level of reserves to safeguard against “runs”. Most
of the risk arises as a result of mismatch of assets and liability. If the
assets of a bank exactly matched its liability of identical maturity, interest
rate conditions and currency risk could have been avoided. However in
practice it’s near impossible to have such a perfectly matched balance
sheet. A banker, therefore, has to keep different types of risk within
acceptable limits. It requires the ability to forecast future changes in the
environment and formulate suitable action plans to protect the bet worth
of the organization form the impact of these risks. It is by no means an
easy task. If he is proving wrong in his judgment the whole process of
risk management may go haywire. Few would disagree with the
statement that “being a banker is like being a country hound dog. If you
stand still you get kicked. If you run, they throw rocks at you”.
2. Basis Risk (Hedged Positions):
This is the risk of loss from hedging market exposures with
instruments whose changes in value do not exactly offset value changes
in the position being hedged. The mismatch could be in terms of
maturity, the underlying instrument e.g. short a government bond to
hedge a long corporate bond position, or some other characteristic. These
“small” differences can sometimes cause the combined position to be
much more risky than thought.
On May 1, 1997, L.P.Morgan lost $20 to $40 million due to basis
risk on one trade. The trader sold a yen/dollar option, and bought the
same option from counterparty. Both the bought and sold option carried
the same “knock-out” feature. The change rate is canceled if the
dollar/yen exchange rate is greater than 127.3. This looks like one of
those perfect hedges, rumored to occur only in Japanese gardens. The
problem was mismatch in maturity. The sold option expired six hours
before the bought option. The exchange rate was below 127.3 yen when
the sold leg matured but moved above that barrier by the time the bought
leg matured. The hedge, the bought leg, was knocked out by the shift in
dollar yen rates, leaving J.P. Morgan with an unhedged loss. Ironically, if
the deals had not contained the “knock-out” feature, Morgan would have
made money on the basis risk timing it was holding.
3. PRESETTLEMENT RISK:
This is the risk of loss from failure of a trading counterparty to
perfume as obligated, but before the trade actually settles. If counterparty
to a deal that matures in six years, defaults after three years, the other
counterparty may have to go into the marketplace and “replace” the
defaulted deal. This potential replacement cost is based on the market
prices and other factors, like applicable netting agreements and
collaterals, at the time of the default.
4. Commercial Credit Risk:
This is the risk of loss form providing credit to corporate
counterparties. Extensions of credit can take the form of direct loans and
contingencies or guarantees.
5. Loan Risk:
This is the risk of loss from loaning money and having the
borrower fail to repay, either due to default or because they are not
willing to repay. Most analysis in commercial lending considers how the
borrower will repay.
6. Guarantee Risk:
This is the risk or loss from providing guarantees or letters of
credit. These are from of contingent credit exposure (e.g. the exposure is
contingent on other events occurring).
7. Portfolio Exposure:
A measure of the possible loss that could occur with each given
counterparty and with groups of counterparties, for ex. Industries,
countries, and economics regions. When traditional credit products, such
as, loans, leases, letters of credits and guarantee are transacted the
exposure is known as static. Capturing credit exposure for the corporate
counterparties that typically use these traditional credit products is fairly
straightforward and consideration quickly shifts to “default risk” for
When the portfolio contains a significant proportion of derivative
trades, exposure might undergo large shifts with changes I market
conditions. Therefore, measuring portfolio exposure to the d4ealer or
banks where derivative trades predominate, is a much more difficult the
sum deal by deal exposures, due to portfolio effects, close out netting
agreements and margin or collateral agreement.
8. Portfolio Defaults:
A measure of the rate at which exposure convert in to losses due
to default. Default consideration occurs on both a granular level,
“counterparty by counterparty” and at various portfolio levels. At the
granular level, the credit managers rate the counterparty ability to repay
loans. At the portfolio levels, credit managers consider how defaults
9. Portfolio Recovery:
A measure of how much credit risk is ameliorated by loan
recoveries, which reduce the loss when counterparty defaults. Loans can
contain features and structures that create higher recovery rates,
significantly reducing credit risk. The two-loan structure considerations
that most directly impact recovery rates are seniority where the loan is
situated within the borrowing firm’s internal capital structure and security
what collateral secures the loan.
10. Global Portfolio Risk:
This is the risk of loss from all financial risks, including the
combination of credit and market risks. There are fundamental factors,
like economic conditions, which create a link between them. Market and
credit risks are not independent from each other, yet most financial firm’s
measures and manage them separately.
11. New Products and Risks
With the introduction of new products like plastic cards, credit,
debit, smart card, etc. The risk of fraud has increased manifold.
According to estimation in an active issuing bank card, fraud is likely to
claim the lion’s share of fraud being experienced in general and could
well dominate average operating losses as a whole worldwide frauds
occurred due to loss or steal of plastic cards that cause the greatest losses.
The second largest sources and the fastest growing source of loss is use of
counterfeit card. Emerging areas of E-commerce and Internet banking are
also a matter of concern.
RISK MANAGEMENT PROCESS
Risk can be defined as the potential that events expected or
anticipated may have adverse impact on banks capital or
earnings. Therefore proper identification of existing risk and
risk that may arise from new business is crucial to the risk
Accurate and timely measurement of risk enables a bank to
quantify the risk for controlling and monitoring risk level.
It is administered by establishment and communication of
limits for risk taking units through policies standards and
procedures. There should be a let out system to authorize
accretion in controlling the risk.
It is affected through risk reporting to ensure timely review of
risk positions and acceptations. Monitoring report should be
concise, frequent, timely and reasonably accurate. The purpose
of monitoring is to present right information to the right
With respect to risk management, the Bank places great importance on
implementing the following processes. When commencing new
businesses or handling new products, the Bank also ascertains legal
compliance as well as the application of an adequate risk management
1. Risk Identification: it is crucial that all the have to be identified
first. The methodology normally followed is risk matrix approach
which appears as under
Risk Matrix ( Indicative)
Advances Yes Yes No Yes Yes
Investments Yes Yes Yes Yes Yes
t & Payment
No No No No Yes
Deposits No Yes No Yes Yes
The matrix above has been prepared main products. The matrix can
be detailed to go down to individual product level risks for better
identification of the risks present.
2. Risk Measurement: the step is the most crucial step of all. Having
identified the risks, tools for measurement of each one of the risks need to
be put in place to measure each one of the risks quantitatively. The most
challenging task is the selection of an appropriate tool or measures for
quantification of risk. The measures of quantification range from very
simple to highly complex. What is important is to use an appropriate
quantification method or tool suitable for the blank.
3. Risk Control & Monitoring:
It deals with setting up of limits to each one of the risks and
monitoring to ensure that the actual exposure to each one of the risks
defined is within the limits prescribed in the risk management policy.
Any violation of limits needs to be thoroughly investigated to ascertain
the reason for violation and to avoid such violation in future.
The traditional control based risk management ends with the
above-mentioned steps. The modern risk management, which strives to
align risk management with overall corporate objectives and strategies,
involves to addition steps in the form of allocation and risk adjusted
Steps in the risk management process
Identification and assessment
A first step in the process of managing risk is to identify potential risks.
The risks must then be assessed as to their potential severity of
loss and to the probability of occurrence. Risks are about events
that, when triggered, will cause problems. Hence, risk
identification can start with the source of problems, or with the
• Source analysis Risk sources may be internal or external to the
system that is the target of risk management. Examples of risk
sources are: stakeholders of a project, employees of a company or
the weather over an airport.
• Problem analysis Risks are related to identified threats. For
example: the threat of losing money, the threat of abuse of privacy
information or the threat of accidents and casualties. The threats
may exist with various entities, most important with shareholder,
customers and legislative bodies such as the government.
When either source or problem is known, the events that a source may
trigger or the events that can lead to a problem can be investigated. For
example: stakeholders withdrawing during a project may endanger
funding of the project; privacy information may be stolen by employees
even within a closed network; lightning striking a Boeing 747 during
takeoff may make all people onboard immediate causalities.
The chosen method of identifying risks may depend on culture, industry
practice and compliance. The identification methods are formed by
templates or the development of templates for identifying source,
problem or event. Common risk identification methods are:
• Objectives-based Risk Identification Organizations and project
teams have objectives. Any event that may endanger achieving an
objective partly or completely is identified as risk. Objective-based
risk identification is at the basis of COSO's
• Scenario-based Risk Identification In scenario analysis different
scenarios are created. The scenarios may be the alternative ways to
achieve an objective, or an analysis of the interaction of forces in,
for example, a market or battle. Any event that triggers an
undesired scenario alternative is identified as risk - see Futures
Studies for methodology used by Futurists.
• Taxonomy-based Risk Identification The taxonomy in
taxonomy-based risk identification is a breakdown of possible risk
sources. Based on the taxonomy and knowledge of best practices, a
questionnaire is compiled. The answers to the questions reveal
• Common-risk Checking In several industries lists with known
risks are available. Each risk in the list can be checked for
application to a particular situation. An example of known risks in
the software industry is the Common Vulnerability and Exposures
list found at http://cve.mitre.org.
Once risks have been identified, they must then be assessed as to their
potential severity of loss and to the probability of occurrence. These
quantities can be either simple to measure, in the case of the value of a
lost building, or impossible to know for sure in the case of the probability
of an unlikely event occurring. Therefore, in the assessment process it is
critical to make the best educated guesses possible in order to properly
prioritize the implementation on the risk management plan.
The fundamental difficulty in risk assessment is determining the rate of
occurrence since statistical information is not available on all kinds of
past incidents. Furthermore, evaluating the severity of the consequences
(impact) is often quite difficult for immaterial assets. Asset valuation is
another question that needs to be addressed. Thus, best educated opinions
and available statistics are the primary sources of information.
Nevertheless, risk assessment should produce such information for the
management of the organization that the primary risks are easy to
understand and that the risk management decisions may be prioritized.
Thus, there have been several theories and attempts to quantify risks.
Numerous different risk formulae exist, but perhaps the most widely
accepted formula for risk quantification is:
Rate of occurrence multiplied by the impact of the event equals risk
Later research has shown that the financial benefits of risk management
are not so much dependent on the formulae used. The most significant
factor in risk management seems to be that 1.) Risk assessment is
performed frequently and 2.) it is done using as simple methods as
In business it is imperative to be able to present the findings of risk
assessments in financial terms. Robert Courtney Jr. (IBM, 1970)
proposed a formula for presenting risks in financial terms. The Courtney
formula was accepted as the official risk analysis method for the US
governmental agencies. The formula proposes calculation of ALE
(Annualized Loss Expectancy) and compares the expected loss value to
the security control implementation costs (cost-benefit analysis).
Possible actions available
Once risks have been identified and assessed, all techniques to manage
the risk fall into one or more of these four major categories:
Ideal use of these strategies may not be possible. Some of them may
involve trade offs that are not acceptable to the organization or person
making the risk management decisions.
Includes not performing an activity that could carry risk. An example
would be not buying a property or business in order to not take on the
liability that comes with it. Another would be not flying in order to not
take the risk that the planes were to be hijacked. Avoidance may seem the
answer to all risks, but avoiding risks also means losing out on the
potential gain that accepting (retaining) the risk may have allowed. Not
entering a business to avoid the risk of loss also avoids the possibility of
earning the profits.
Involves methods that reduce the severity of the loss. Examples include
sprinklers designed to put out a fire to reduce the risk of loss by fire. This
method may cause a greater loss by water damage and therefore may not
be suitable. Halon fire suppression systems may mitigate that risk, but the
cost may be prohibited by the strategy.
Modern software development methodologies reduce risk by developing
and delivering software incrementally. Early methodologies suffered
from the fact that they only delivered software in the final phase of
development; any problems encountered in earlier phases meant costly
rework and often jeopardized the whole project. By developing in
increments, software projects can limit effort wasted to a single
increment. A current trend in software development, spearheaded by the
Extreme Programming community, is to reduce the size of increments to
the smallest size possible, sometimes as little as one week is allocated to
Involves accepting the loss when it occurs. True self insurance falls in
this category. Risk retention is a viable strategy for small risks where the
cost of insuring against the risk would be greater over time than the total
losses sustained. All risks that are not avoided or transferred are retained
by default. This includes risks that are so large or catastrophic that they
either cannot be insured against or the premiums would be infeasible.
War is an example since most property and risks are not insured against
war, so the loss attributed by war is retained by the insured. Also any
amount of potential loss (risk) over the amount insured is retained risk.
This may also be acceptable if the chance of a very large loss is small or
if the cost to insure for greater coverage amounts were so great it would
hinder the goals of the organization too much
Means causing another party to accept the risk, typically by contract
Insurance is one type of risk transfer. Other times it may involve contract
language that transfers a risk to another party without the payment of an
insurance premium. Liability among construction or other contractors is
very often transferred this way.
Some ways of managing risk fall into multiple categories. Risk retention
pools are technically retaining the risk for the group, but spreading it over
the whole group, involves transfer among individual members of the
group. This is different from traditional insurance, in that no premium is
exchanged between members of the group.
Create the plan
Decide on the combination of methods to be used for each risk. Each risk
management decision should be recorded and approved by the
appropriate level of management. For example, a risk concerning the
image of the organization should have top management decision behind it
whereas IT management would have the authority to decide on computer
The risk management plan should propose applicable and effective
security controls for managing the risks. For example, an observed high
risk of computer viruses could be mitigated by acquiring and
implementing anti virus software. A good risk management plan should
contain a schedule for control implementation and responsible persons for
those actions. The risk management concept is old but is still not very
Follow all of the planned methods for mitigating the effect of the risks.
Purchase insurance policies for the risks that have been decided to be
transferred to an insurer, avoid all risks that can be without sacrificing the
entity's goals, reduce others, and retain the rest.
Review and evaluation of the plan
Initial risk management plans will never be perfect. Practice, experience,
and actual loss results, will necessitate changes in the plan and contribute
information to allow possible different decisions to be made in dealing
with the risks being faced.
If risks are improperly assessed and prioritized, time can be wasted in
dealing with risk of losses that are not likely to occur. Spending too much
time assessing and managing unlikely risks can divert resources that
could be used more profitably. Unlikely events do occur, but if the risk is
unlikely enough to occur, it may be better to simply retain the risk, and
deal with the result if the loss does in fact occur.
Prioritizing too highly the Risk management processes itself could
potentially keep an organization from ever completing a project or even
getting started. This is especially true if other work is suspended until the
risk management process is considered complete.
SYSTEM RISK MANAGEMENT
Computer systems have become indispensable in banking
operations, which are not only growing more diverse and sophisticated,
but are encompassing large increases in transaction volumes.
Accordingly, safety measures to avoid system risks are extremely crucial
for providing customers with high-quality services. From January 2004,
the Bank transitioned its core computer system to a new system with the
most advanced functions at the NTT Data Banking Center for Regional
Banks. This center has established solid safety measures that include the
adoption of a mutual backup system using its two centers in eastern and
western Japan. The Bank takes all possible measures against system risks
through utilization of a program that specifies detailed responses in case
of system failure and internal rules for preventing computer crimes and
The Bank also employs external audits of its system risk
management. By undergoing strict checking of our system risk
management by an independent institution, we are further ensuring that
our risk management is maintained at the highest level while increasing
the sophistication of our system risk management.
REPUTATION RISK MANAGEMENT
The Bank institutes measures to control and minimize reputation
risk. These include formulating reputation risk management regulations
that specify means for reducing and preventing reputation risk, as well as
measures to be taken should such problems arise.
INFORMATION SECURITY RISK MANAGEMENT
Recent advances in IT have led to a rapid increase in and
diversification of information-processing environments and objectives,
including the use of the Bank's internal LAN and connection to the
Internet. Therefore, strengthening the management system to maintain
information security against system threats such as information leakage,
unauthorized changes and destruction of information is becoming
To respond to these circumstances, the Bank formulated an
Information Security Policy as a basic policy on safety measures
concerning the protection of information assets (information and
information systems). The Bank has also formulated Information Security
Standards as its specific safety standards for information security.
In addition, in February 2005, the Bank formulated new
Regulations on the Handling of Personal Information and established a
seeking to further reinforce its systems for adequately protecting personal
information in line with the enactment of the Personal Information
Protection Act as of April 1, 2005.
The Bank has formulated its Contingency Plan that outlines
specific procedures for responding to an array of unforeseen
circumstances including crimes, natural disasters such as fires or
earthquakes, computer system malfunctions, financial crises, information
security risks, and market and other risks. We strengthen our response
structure by carrying out drills based on this plan and review this plan on
a regular basis.
ASSET LIABILITY MANAGEMENT
In the regulated economy he interest spread is primarily a function of
central banks of the country because banks accept deposits of regulated
rate and lend at regulated rates and earn the stipulated rates. In a globalize
environment intense competition for business and increasing fluctuations
in both domestic interest rates as well as foreign exchange rates put
pressure on the management of banks to maintain spreads profitability
and long term viability without increasing market risk. There are two
major types of risks that commercial banks are exposed to in the course
of their operation i.e. credit risk and market risk. Banking business itself
is a credit risk. Market risk arising out of fluctuations in interest rates,
foreign exchange rate, equity price risk and commodity price risk is
virtually not existent in such a regime where market rates and prices are
stable for relatively long periods of time. Banks are exposed to market
risk in market driven and liberalized environment. Therefore, banks have
to manage not only credit risk but also market risk. They require a
managerial approach to control the viability of market risk.
Thus, Asset Liability Management is a strategic response of banks to
inflationary pressures, volatility in interest rate and severe recessionary
trends in the global economy. The commercial banks in India began to
face tremendous problems of Assets and liability mismatch leading to
deregulation of interest rate and free play of market forces, entry of new
player, emergence of new instrument and new products at competitive
rates and enhancement of risks. The banks witnessed the vulnerability of
mismatch during 1995-96. The banks which funded term assets bank in
such a way as to maximize its net income minimize the market risk. This
is to be done by analyzing the current market risk profile of the banks and
its impact on the future risk profile. The manager has to choose the best
course of action depending the risk performance of the management.
A. ASSET MANAGEMENT
1. CASH MANAGEMENT:
Cash management is a dynamic function that need to be dealt with
effectively at various levels. Cash balances are the idle assets of the bank,
hence cash should be kept at a bare minimum level. The banks need to
manage their cash balances in order to meet their customer requirements
of their demand deposits.
2. RESERVES AND INVESTMENT MANAGEMENT:
Reserve requirement constitute the first charge on any banks
funds and the balance can be used for advances and other income
generating assets. The reduction in statutory liquidity ration helps the
banks to invest more resources in profitable avenues. The banks should
plan their requirements properly.
3. CREDIT MANAGEMENT:
A major portion of banks income is derived from returns on advances
and credit expansion. Managing credit is a critical function of any banks.
Effective credit management is necessary to ensure that the advances
remain performing and the income is maximized.
4. MANAGEMENT OF OTHER ASSETS:
The banks have to invest in other assets in order to generate more
income and not to keep idle assets. It can invest in real estate, government
security, money market etc. However the creation of other assets should
generate additional income to the bank.
B. LIABILITY MANAGEMENT:
1. OWNED FUNDS:
The banks owned funds are capital and reserve and surplus. Capital is
raised by offering equity to the public. It can also be achieved through
increasing reserves. Capital adequacy has to be maintained by the banks.
It is considered as a financial barometer for the stability and soundness of
A major source of asset creation of a bank is mobilization of deposits. It
has become a challenging task for banks in these days. Banks collect
funds through different types of deposits having different maturities.
There are some demand deposits also. The banks have to see that these
deposits are rapid on time.
Whenever there is a shortage of funds, banks can borrow from RBI,
financial institutions, and markets. It is also a major source of raising
funds. However, the banks have to consider the rate of interest, maturity
and other statutory requirement, while borrowing from outside.
4. FLOATING FUNDS:
The banks have floating funds with them in the form of bills payables,
draft payables. These funds are available for short and temporary period.
These funds have no costs. However, proper management of these funds
requires network of branches, speed in delivery of services and
C. PROCESS OF ASSET LIABILITY MANAGEMENT:
Asset liability management is a strategic approach to measure, monitor
and manage the market risk of a bank. The process of ALM involves the
1) MEASUREMENT OF RISK:
The first step in ALM is to decide or measure the risk. The
appropriateness or risk measurement parameters depending upon the
degree of volatility in the operation environment, availability of
supporting data and expertise with in the bank and the expected market
and business developments. Generally, the net interest income and market
value of portfolio equity are the two major parameters which banks
employ to measure their balance sheet risk. The short term as well as long
term balance sheet risks can be measured with the help of these
parameters. There are various methods used to measure interest risk, the
ASSET LIABILITY MISMATCH POSSIBILITY IN A BANK
CLASSIFICATION OF ASSET LIABILITY
important methods are gap method, Duration method, Simulation method
and value of risk method.
Gap analysis is the important technique used to analyze interest rate
risk. It measures the difference between a banks asset and liability and off
balance sheet positions which will be reprised or will mature within a pre-
determined period. This technique measures the difference between the
absolute value of rate sensitive and rate sensitive liability over a gap
period. It ignores the time when the assets and liability would need to be
reprised. The rate sensitivity gap can be mathematically expressed as
RSG = ------
RSG=Rate Sensitive Gap.
RSL=Rate Sensitive Asset.
RSL=Rate Sensitive Liability.
A ratio of 1 indicates perfect match of rate sensitive assets to liability. If
spread is positive at the beginning of the period, this perfect match
protects the same even in the wake of subsequent change in interest rates.
If the ratio is greater than one, higher income is produced with increase in
interest rate. Similarly, a ratio of less than one produces higher losses
with fall in interest rates. However, a major drawback of Gap analysis is
that it ignores the timing of re- pricing of assets and liability rarely takes
place at the same time.
Duration method attempts to assess the effects of interest rate changes
on the market value of the assets and liability of the banks. The duration
of the asset and liability is computed as the weighted average maturity of
the resultant cash flow, the weight being the present value of the cash
flow. Duration is the less than the maturity for coupon bond. Greater the
duration gap, higher is the interest rate risk exposer of the asset liability
picture under different scenarios, ascribing probability to them and
choosing the most optimal model. This method is most dynamic but its
utility is depends upon the accuracy of forecast. The value of risk method
is an attempt work out depreciation and appreciation in the value of asset
and liability due to change in interest rate with a view to indicate the
trend in economic value of portfolio. For evaluating the opportunity cost
benefits carrying of market items of balance sheet such as loan, deposits
etc, in a longer time frame, impact of interest rate changes on the value of
such assets or liabilities under different interest rate scenarios will have to
be calculated. It is also useful to compute the net worth of the bank at
particular point of time which will be helpful in ascertaining long-term
risk implications of the decisions which have already been taken or are to
2) ENHANCEMENT OF LONG-TERM PROFITABILITY:
The next step of ALM is identification of favorably priced assets or
liability and off balance sheet item so as to enhance long term
profitability for a given level of risk. The branch manager should resist
the temptation of accession to easily found high priced liabilities. Every
effort should be made to find out low priced liabilities. The management
has to build up core business and create assets and liability for the bank.
The thrust of the management should be on client market and not on a
financial market. Mismatch are usually built in client market as assets and
liability are created sequentially but not simultaneously and the same are
managed in financial markets.
3) MANAGEMENT OF RISK:
The third stage in the ALM is effective management of market risk. The
directors should formulate overall investment policy liquidity policy and
the policy regarding financing. It should also determine the acceptable
level of risk in term of the parameters chosen. The bank should
undertaken strategic planning exercise for it asset-liability. It involves
management of CRR and SLR for the Banks as whole formulating
schemes having refinance facilities to have better leverage in managing
the assets and liability and as a spin off earning better profit. The
management should also focus on product and services, that are made
available to branches with have special advantage. The policies and
strategies of the bank need to be reviewed from time to time keeping in
view the banks liquidity exercise and development in the business.
The banks should set up an assets and liability Management
committee giving it the responsibility of deciding on business and risk
management strategy. The committee should consist of banks senior
management with chief management with chief executive management as
its head for drawing up strategic plan. The committee should periodically
review the plans in terms of market funds, interest rate movement,
deposits growth and financing need of the bank. The ALM committee has
to address crucial issues like product pricing of deposits and loans, the
derived maturity profile of incremental assets and liability, extend of
exposure in long dated government security and impact of the long
business deals on the banks risk profile. The ALM committee should
review the results and progress in implementation of the decisions. It
should also articulate the current interest rate review of bank and base its
decisions for the future business strategy in this regard. The bank can also
constitute sub-committees to handle certain important activity and for its
better planning and implementation.
Strategic management of investment calls for periodic review of
investment portfolio. Strategic liability management involves satisfying
liquidity constraints, balancing source of funds, taking advantage of
relative interest rates on different money market instruments. Strategic
planning exercise should also be done at the branch level. At this level
assets and liability of the branch should be bifurcated into core and non-
core assets and liability. Reasonable estimate on assets and liability under
core and non-core category can be made by scanning through the
individual deposit accounts and advance accounts. Management core
deposits with core advances could be attempted by identifying some of
their lending schemes like term loan, housing loan, consumer credit loan,
vehicle loan etc. Other assets like cash or bank balances which do both
earn ant remuneration could be managed in such a way sending frequent
cash remittances to currency chest and bank balances by sending TTs to
the credit of central office account.
D. UTILITY OF ASSET LAIBILITY MANAGEMENT:
The ALM program plans crucial role in ensuring adequate liquidity in
the bank by assessing liquidity needs of the bank managing
simultaneously assets and liability of the bank. Thus, the utility of ALM
for banks lies in its effectiveness to enable the management to achieve the
banks basic objective of maximizing income while controlling its risk
exposure and maintaining reasonable amount of liquidity in an
environment of competitiveness and discontinuity ALM allows a bank to
plan for risks well ahead of the time they can prove damaging to price is
loans and deposits in a competitive manner and to structure its products
in such a way as to attain optimum level of income with acceptable risk.
It also facilities its earnings by imparting stability to its interest margins.
E. PRE-REQUISITES TO THE EFFECTIVENESS OF ASSETS
AND LIABILITY MANAGEMENT:
Asset and liability management as an approach of managing assets-
liability can help in achieving the desired result if the following
conditions are fulfilled:
• ALM requires deduction to acting on the basis of the contemplated
future, a determination to plan regularly and systematically as an
integral part of management.
• The ALM presupposes the team approach in decision making and
• Visualization of the banks vision and its articulation in terms of
purpose and mission is the hallmark of ALM
• The top management should evolve system to provide to all levels
of management a thorough understanding and awareness of risk
and all its parameters.
• Technological and infrastructure support system in the bank would
be an important prerequisite to implement the system effectively.
• The bank must develop human resource and craft a well thought
out strategy for developing skills and competencies of its
functionaries for risk definition, risk quantification and risk
From Risk Management to Value Management
The subject of finance suggests that the ultimate objective of any
commercially oriented enterprise is ‘shareholder wealth maximization’.
This means that all the decisions should be towards maximizing the
market the value of equity shares traded in the market in the long run.
Accounting measures of performance evaluation such as Net Profit
Margin, Return on Assets, Return on Equity, Earnings per Share, etc. are
at best useless as they are only return measures. They do not consider the
actual risk taken to earn the return earned. The measures of shareholder
wealth maximization, broadly called as SWM measures, consider both
the return and risk in its framework and are superior to the accounting
measures in a number of ways.
The following description explains the relationship between the
expected return, actual return and addition to shareholder wealth in a
given time period:
• AR > ER: Addition to existing wealth of shareholders
• AR < ER: Destruction of existing wealth of shareholders
• AR = ER: Maintenance of existing wealth of shareholders
AR = Actual rate of return on shareholders’ capitals
ER = Expected Rate of Return on shareholders’ capitals
As it can be seen, wealth maximization takes place only when the actual
return is higher than the expected return. Actual return for this purpose is
an economic measure, not an accounting measure. The term ‘expected
return’ denotes the rate of return expected by the shareholders for the
level of risk they are exposed to in their investment. There are a number
of approaches to estimating the expected return such as Capital Asset
Pricing Model (CAPM), Arbitrage Pricing Theory (APT), etc.
There has been a shift gradually from accounting based measures to
SWM measures in many industries. Banking is not an exception to this.
The most popular SWM measure in the banking industry is Risk Adjusted
Return On Capital (RAROC) and its variants. RAROC has its numerator
the return earned and capital allocated in its denominator. Given the
importance of SWM measures, the traditional control oriented risk
management system should have pave the way for value based risk
management system. In order to achieve this, the two steps need to be
added to the existing list of steps in risk management:
1. Capital Allocation: Under this step, activities of a blank would
be broken down to various major businesses, retail banking, corporate
banking, government business, proprietary trading, etc. Each one can be
viewed as a Strategic Business Unit (SBU) with targets of return
performance. Each one of the SBUs is allocated a portion of the bank’s
equity capital. The allocation of capital is based on the contribution of
each SBU to various risk of the bank. Higher the contribution of an SBU
to the risk of the bank, higher will be the capital allocated.
2. Risk-adjusted Performance Measurement: Having allocated
capital to each SBU commensurate with its contribution to the overall
risk of the bank, a target return on the capital allocated needs to be set.
The question of whether the target returns to be achieved by each SBU
dependent upon risk contribution is the most contentious issue occupying
the attention of the risk management community.
Integration of Risks Leading to EWRM System:
Each one of the risk is interrelated to the other. It has been observed that
one type of risk can transfer itself into some other type, if not managed
properly thereby causing losses to the bank. For example, it has been
generally observed that when interest rate go up in the economy, the
credit risk also increases as increase in the interest rates on loan increases
the burden of the borrower to pay. Similarly, the market risk and liquidity
risk are highly interrelated. It has been witnessed that when the markets
crash, the liquidity of the traded securities in the market dries up
drastically. The recent example in the Indian market highlighting the
interrelationship between operational risk and market risk (of adverse
price change) was the fall in the market value of ONGC stocks when
wrong allotments were made due to error in the software used by the
registrar of the issue. When risk are interrelated strongly, managing each
one of them under a ‘silo’ approach can leads to losing the focus on
interrelationship as each one the risk management function would be
concentrating only on a particular risk. To prevent this leakage, RBI has
suggested that the banks should move towards an integrated risk
management system in which the mentioned interrelationships are
analyzed prior to ascertaining the impact of risk. The current risk
management practices under the ‘silo’ approach do not pave the way for
identifying the tool. This means that there is a need for a thorough
overhauling of the entire risk management system rather than merely
making cosmetic changes to the existing system.
Technology and Risk Management
Technology can be very effectively employed in measurement and
management of various risks in banks.
‘Liquidity risk’ can be controlled by proper deployment of technology
for centralized operations with networking of branches, payment system
reforms, implementation of technology-oriented schemes like electronic
clearing services, electronic fund transfer, real-time gross settlement
systems, centralized fund management systems, public debt office
negotiated dealing system etc.
measures which can mitigate ‘credit risk’ include analysis of industry
data, software-based preventive monitoring system for borrower
accounts, straight through processing, implementation of know your
customer guidelines of RBI etc.
‘Product/Services risk’ can be controlled by proper customer
relationship management, implementing data warehousing and data
mining, proper market analysis, emphasis on proper deployment of
delivery channels. Technology has a major role in deployment of product
Three Basic PillarsThree Basic Pillars
The NewBaselCapital Accord
Banking Risks & Capital Accords
The extent of risk taken by a bank and the amount of capital required
to be maintained by the bank for such risk-taken is all about capital
adequacy standards. Prior to the implementation of the Basel’s first
capital accord in the beginning of the 1990s, there was no relationship
between capital and risk taking. Banking businesses, being one of the
highly levered businesses, is the significantly prone to stocks. Moreover,
banking business is the business of public confidence. If public
confidence erodes, it becomes difficult for a bank to be in business. Basel
Committee, with a view to protecting banks from vulnerabilities and to
maintain financial stability, recommended a minimum capital to risk-
weighted assets ratio, thereby limiting the risk exposure to availability of
capital. Initially the capital accord recognized only credit risk.
Subsequently, the market risks also brought under the capital accord.
Recently in the Basel Accord-2, sweeping changes have been suggested
for the computation of capital adequacy as Basel Accord-1 miserably
failed to achieve its objectives of promoting safety and soundness of the
financial system. Apart from credit and market risks, the operational risk
would also require minimum capital to be maintained under Basel
To achieve these objectives, Basel Committee proposed a three-pillared
framework as under:
Pillar 1: Minimum Capital Requirements: Under this, in the
current accord, a minimum capital has been prescribed to be
maintained. To arrive at the capital for various types of risks, a
number of approaches, widely classified as standardized approach,
have been prescribed. The critical issues in the internal approach in
which the banks are free to develop their own approach to measures
risks, validating the internal approach and ensuring consistency across
Pillar 2: Supervisory Review Process: This puts responsibility on
the bank supervisor to ensure that bank follow rigorous processes,
measure their risk exposures correctly and maintain capital in
accordance with risk exposure. The recent initiatives of the RBI in the
introduction of Risk Based Supervision and Risk Based internal Audit
are in conformity with this pillar.
Pillar 3: Market Discipline: This aims to strengthen the safety and
soundness of the banking system through better disclosure of risk
exposure and capital maintained. This is expected to help the market
participants to better assess the position of banks.
Why Basel II?
The essence of Basel II is to manage the risk profitably and align
the risks undertaken/assumed by the bank to the economic capital of
The new accord is designed to introduce safety and soundness into the
banking system. Banks need to measure risk, diversify exposures and
manage risks in an optimum manner that fetches them adequate
compensation, improves bottom-line in the short-term and helps them
to maximize the stakeholders value in the long-run.
Banks have been compelled to review and overhaul the Risk
Managements is also emerging as an important business differentiator
in the face of rapid economic growth that is being witnessed in the
global economy and is capable of ensuring orderliness in the global
financial scenario if implemented properly. The keystone of Basel
initiative is to achieve this objective and to ensure that banks are not
strapped for capital to cover the risks they assume.
Basel II framework provides a methodology for transforming
banks into vibrant and stable entities in the globally competitive and
dynamic financial markets. It points towards RAPM (Risk Adjusted
Performance Management) methodology and RAROC (Risk Adjusted
Return on Capital).
All the three pillars are intended to be equal in importance. The
first pillar echoes Basel I in terms of minimum prescriptive levels of
regulatory capital, across credit and market risks, but also introduces
operational risk charges for the first time. With increasing
transactional complexities, multiplicity of technology platforms and
various product innovations, banks face a number of operational risks
which could affect their market reputation. Pillar II is actually the next
sieve for any of the risks not captured under Pillar I with a
Supervisory Review Process (SRP) designed for this. Pillar III brings
into play the importance of market driven disclosures to peers and
other stakeholders. As the saying goes, it is a “Risk Determined Code
of Conduct”, signifying among others, the status of the bank in terms
of adoption of sophisticated risk management practices.
A Need for Existence
The Indian Scenario
A feature, which is unique to our Indian financial system, is the diversity
of its composition . We have the dominance of government ownership
coupled with significant private shareholding in the public sector banks,
which in turn continue to have a dominate share in the total banking
system. These public sector banks, especially the new ones are
continuously trying to be at par with international standards and norms.
We also have cooperative banks whose numbers are large. There are
Regional Rural Banks with links to their parent commercial banks. The
foreign banks operate profitably and have uniform regulatory standards.
Now banking has become a one-stop shop of varied financial services.
In this scenario, Reserve Bank of India has been setting prudential norms
in convergence to international standard. India has to aim for global
standards across the banking sector in order to manage risk. This is the
guiding principle in Basel-II Accord.
In the annual policy statement in May this year, the RBI announced that
Indian banks should come out with a framework by the end of December
2006 for migrating their standards of supervision, accountability and best
practice guidelines in line with the provision of the Basel-II Accord.
Moreover, the framework adopted by the banks must be adaptable to
changes in business size, market dynamics, and introduction of newer
products in future.
To ensure that Indian banks must:
• Make an in-depth analysis of the option available under Basel-II.
• Adopt ‘standardized approach ‘for credit risk.
• Adopt ‘basic indicator approach’ for operational risk.
• Review the progress at quarterly intervals.
• Install comprehensive and rigorous system to assess borrower’s
Issue in implementing Basel II by the Indian banking
“Implementation OF Basel II is no longer a possibility, it is a
certainty. Thus, the Indian banking industry has to gear up towards
it and ensure that it is implemented well in time-or else the cost of
being left behind will be too large to bear”
The draft Basel II Accord has finally been accepted and is applicable
to all banks in member countries from January 1, 2007, and India is no
exception. In fact, India’s association with the Basel Committee on
Banking Supervision dates back to 1997 when it was among the 16 non-
member countries that were consulted in the drafting of the Basel Core
Principles. Reserve Bank of India (RBI) became a member of the Core
Principle Liaison Group in 1998 and subsequently became a member of
the Core Principle Working Group on capital. Within the CPWG, RBI
had the privilege of leading a group of 6 major non G-10 supervisors who
presented a proposal on a simplified approach for Base II to the
The main addition or improvement fund in Basel II over Basel I is that
it recognizes both credit and operational risks apart from market risk as
the primary sources of risks and directs banks to allocate adequate
amount of capital for these types of risks. RBI’s approach to
implementing the prudential norms has been one of gradual convergence
with international best practices with appropriate adaptations. RBI wants
to achieve this in a phased manner through a consultative process evolved
within the country.
RBI, in its annual policy statement in May 2004, had announced that
banks in India should examine, in depth, the option available under Basel
II and draw a road map by the end of December 2004 for migration to
Basel II by December 2006, and review the progress made thereof at
quarterly intervals. Further, the RBI will be closely monitoring the
progress made by the banks in this direction. Hence, all banks in India, to
begin with, will be directed to adopt the Standardized Approach for
Credit Risk and the Basic Indicator Approach for Operational Risk. After
adequate skills are developed, both in banks as well as at the supervisory
levels, some banks may be allowed to migrate to the Integrated Risk
Based (IRB) approach.
The regulatory initiatives taken by RBI towards implementing Basel
• Ensuring that banks have a suitable risk management framework
oriented towards their requirements as dictated by the size and
complexity of their business, risk philosophy, market perceptions
and expected level of capital. The framework adopted by the banks
has to be one that can be adoptable to changes, if required.
• Introduction of Risks Based Supervision (RBS) in 23 banks on
• Encouraging banks to formalize their Capital Adequacy
Assessment Program (CAAP) in alignment with their business plan
and performance budgeting systems.
• Enhancing the area of disclosure, so as to have greater
transparency, of the financial position and the risk profit of the
banks. The areas of greater disclosure include capital ratios,
profitability ratios, non-performing loans, provision for non-
performing loans, etc.
• Improvement the level of corporate governance standards in banks.
• Building capacity for ensuring the regulator’s ability to identify
and permit eligible banks for IRB/Advanced Measurement
RBI has initiatives concepts like:
• Risk-Based Supervision (RBS) in 23 banks on pilot basis.
• Encouraging banks to formulate Capital Adequacy Assessment
• Improving corporate governance in banks.
• RTGS System: Many Indian banks (11to be precise) are going in for
Real Time Gross Settlement (RTGS) system, e.g., ING Vysya Bank.
This system will allow the clients to transfer funds instantaneously
across RTGS-enabled Banks in India, thus putting their funds to better
use because of a quicker realization as compared to current instrument
based fund transfers. Also the bank can manage intraday liquidity
Nevertheless, there are many challenges that Indian banks faces by virtue
of its culture diversity and lack of infrastructure.
Requirement for an Effective Risk Management System
The Basel Committee on Banking Supervision has set out the
requirement for an effective risk management system as under:
• Well-informed board of directors and oversight of board
• Capable management
• Adequate risk management policies and processes
• High quality MIS for risk management and
• Appropriate staffing of the risk management function
The job of the board is to establish bank’s strategic direction and define
risk tolerances for various type of risk. The risk management policies and
standards need to be approved by the board. The senior management of
the board is responsible for implementation, integrity and maintenance of
the risk management system.
The Indian financial system, the banking system in particular, is vastly
diverse. There is a simultaneous existence of the huge government
ownership along with significant private shareholders in public sector
banks, which have a huge presence in total banking system. Apart from
the public sector banks there are the relatively new private sector banks-
most of which are multinationals. There are also many Co-operative
Banks and the Regional Rural Banks and branches of foreign banks
(these branches are, by and large, hugely profitable operations for the
present banks). The process of providing financial services is also
changing rapidly from traditional banking to a one-stop shop of varied
financial services, and the old institutional demarcations are increasingly
To implement Basel II norms in India, the following challenges are
• Implementation of Basel II Accord, especially the IRB approach,
will be a major challenge as banks will have to substantially
upgrade their information system, risk management systems as
well as technical skills of the staff.
• In terms of operational risk, the banks will have to prioritize risk
control among different business lines. Given the complexities
and data requirements, may banks will be compelled to use the
standardized Approach, which means that the capital charge for
operational risk will only be an add-on to the overall capital.
• The issue of credit rating has to be streamlined. Though there are
a few players in the credit rating arena in India, the credit rating
methodology used by these agencies need to be strengthened and
applied universally. Also, encouraging the ratings of issuers
could turn out to be a challenge.
• Basel II allows the supervisor to prescribe higher minimum
capital levels for banks for, amongst other things, interest rate in
the banking book and concentration of risk exposures. RBI has
already initiated action to identify these issues in banks. But
given the huge magnitude of this task in the Indian context, the
task is, at a very last, daunting.
• Issues of cross-border capital have to be sorted out-this will
particularly affect foreign banks (currently foreign banks are
statutorily required to be maintain local capital).
Note that this list of challenges is not exhaustive, but in all
likelihood refers to the major challenges that would need to be
addressed in the process of implementation of Basel II.
RBI in various documents has pointed out that Basel II will involve a
shift from direct supervisory focus to implementation issues, and that
banks and supervisors will be required to invest large resources in
upgrading technology and human resources to meet the minimum
standards. Assuming that banks and supervisors can switch over to the
Basel II norms without a problem, Indian banks, especially the public
sector banks, will become more efficient and globally competitive.
Implementation of Basel II will, in general, lead to decrease in the
required capital with respect to operational risks. However, in India,
several factors may raise the required capital even for credit risks (one
example to this effect could be the use of real estate as collateral for loans
attracting a 150% risk weight on non-performing loans). On the contrary,
a 75% risk weight on retail lending to SMEs and a 35% risk weight on
home loans might lead to some reduction in the capital requirements.
As per Basel II, the bulk of the borrowers in the Indian market fall in
the speculative grade-this might cause a dramatic rise in the debt costs
and heightened cyclicality of bank credit. Augmenting the capital
requirements of the banks could have adverse impact on the credit
portfolios of the banking sectors.
Another issue could be the introduction of the Economic Capital
Based (ECB) models to help banks in capital budgeting, deal pricing and
performance management in a “risk adjusted” framework. Though this
will be a useful tool, it would require banks and supervisors to understand
the two elements of economic capital assessment; namely:
• Calculation of aggregate economic capital across all sources of risk.
• Allocation of capital to individual business units or profit centers on a
These are some of the major impacts that are going to be felt by all the
banks including the RBI in implementing Basel II. However, there is no
doubt that a successful implementation of Basel II will ensure that the
banks would benefit from the economic capital framework. IT will
further provide the banks with a platform to develop models for
managing their business efficiently and complete with the more
sophisticated players. It will also help banks learn to use their capital in
the most efficient manner, which will definitely be the key to survival in
a global, unconstrained and ruthless environment in the financial service
Improved Risk Management (RM) Process
Basel II is normally seen largely as a compliance driven issue and only a
small number of banks have fully exploited business efficiency and
integrity. In fact, Base II affords a good opportunity to undertake a
through review of RM processes and consolidated them. While
implementing to comply, we can implement to gain. We can implement
for reduced overall cost, increased RAROC and improved decision-
making process. It also helps build a transparent corporate accountability
and enables management of risk in accordance with the risk appetite
enabling economic capital saving, a precursor to development of
integrated risk management capability across the bank. It creates an
increased level of transparency around disclosure of risk. Hence, banks
need to use the opportunity to implement effective RM system to achieve
As Basel II helps banks differentiate customers by risk, advantages
and disadvantages are likely to accrue for bank customers.
Those with possible advantage:
• Prime customer
• Well-rated entities.
• Small and medium- sized business.
• High-quality liquidity portfolios.
• Collateralized and hedged exposures
• Low credit and operational loss exposures.
• Strong risk management processes.
Those with possible disadvantages:
• Higher credit risk individuals.
• Uncollateralized credit.
• Specialized lending (in some cases).
• High historical credit and operational loss experience.
• Weak risk management processes.
In a recent survey conducted by the Federation of Indian Cambers of
Commerce and Industry (FICCI), 55% of the respondents’ claims that
Indian banks lack adequate preparedness to be able to confirm to the
Basel-II provision by 2006. Whereas, 50% of public sector banks have
expressed their preparedness in meeting these guidelines, only 25% of the
old and new private sector and foreign banks are likely to be ready to
meet them by 2006. According to the survey, concerns of the Indian
banks in implementing these norms are:
• 51.6% said due to low levels of computerization,
• 87% said due to absence of robust internal credit rating
• 80.6% said due to lack a strong management information
• And 58% said due to the lack of sufficient training and
education to reach the levels to conform to the provision of
Effect on Indian Banks
State Bank of India, Bank of Baroda, and Bank of India
Vivek Srivastava, senior bank analyst at Fitch Ratings, Mumbai, is more
skeptical. Collecting the necessary data is going to take sometime, he
says. So far, the RBI has told only the internationally active banks that
they to be ready to comply with Basel-II from the outset. And, there are
only about three banks that fall into this category, even loosely defined:
The State Bank of India, Bank of Baroda, and Bank of India (all public
sector banks). These banks will probably adopt the standardized approach
to credit risk management he says.
In addition, some of the progressive new generation of private sector
banks, which have the most advanced technology platforms because they
entered the business late, will also want to apply the new Accord from the
This is confirmed by Paresh Sukthankar, head of credit and market risk,
at HDFC Bank, one of the largest of the new generation of private sector
(it is eight years old). Fully automated and growing at an annual
compound rate of 20-25%, HDFC Bank has had a grading model in a
place to rate its corporate portfolio for some time. Sukthankar says he is
still waiting for final guidelines from the RBI, buts expects that banks
will initially be required to adopt the standardized approach for credit
risk, with amore advanced approach being introduced a year or two later.
“We will be at the forefront in implementing the new guidelines as they
are rolled out by the central bank,” he says.
ABN AMRO has decided to adopt the A-IRB approach, under the new
accord, for calculating the minimum capital required against its credit
risk, reveals Jan Sijbrand in the interview with GRR. But the bank has not
yet decided whether it would adopt the AMA approach for operational
risk. If it does not, this could raise difficulties over its regulation in the
Adopting the A-IRB means that the bank will attract “seriously lower”
capital charge on its mortgage retail business-its main strength in the US
mid-west – than its local competitors, who will face the higher capital
charges associated with Basel-I.
IDBI bank has chosen to go by the advanced management approach for
Citigroup will be on the advanced approach for all risk types. It planes to
run parallels of Base-II from 2006 onwards and go live from 2007. This
will give it a strategic edge by reaping advantages through the “learning
curve” throughout 2006. From data collection and implementation
standpoint, it will be more challenging for Citigroup, given over 50% of
Citigroup’s exposures reside outside of the US. Citigroup will be the
most complex Basel-II implementation in the world.
Today RBI states that due to diversity and varying size of Balance Sheet
it is not necessary to adopt risk management.
I assume that banks can evolve their own system competable with their
type and size of operation as well as risk perception and with the
Implementation of technology-oriented schemes like electronic fund
transfer, real-time gross settlement systems, centralized fund management
systems public debt office negotiated dealing system etc.