Risk Management Essentials for Bankers

Presented by Mr. David Vu
Risk Management Essentials
Date: 24th and 25th Mar 2017
Venue: Sunway Resort Hotel

The purpose of this course is to provide attendees with crucial
understanding of risk management in financial institutions. Firstly, an
introduction on basic principles of risk management, risk governance and
key risks are made to analyse how it affects the banking institutions,
standard risk framework, and essential risk tools. Critical concepts are
covered in risk management like Enterprise Risk Management and standard
internal control framework. Attendees will tackle on case studies of
financial failures such as the financial crisis during 2007-2008. This will
enable them to gain a better understanding of cause and effect and how to
prevent it from happening in the future. The focus will also be on key
regulations for the banking sector, capital management and stress testing.
All this will allow the attendees to gain a robust background of risk
management.
Introduction

 Overview of Risk Management
▫ Understanding corporate governance and risk management
▫ Introduction to risk management and identify key risks in banking institutions
▫ Analyzing internal control and enterprise risk management
▫ Recapping financial failures and financial crisis
▫ Understanding risk appetite framework and requirements of Basel II/III
▫ Exploring internal capital adequacy assessment process and stress testing
 Overview of Liquidity Risk Management
▫ Understanding key principles of liquidity risk management
▫ Identifying risk measurement, risk limits, and risk reports
▫ Understanding stress testing and contingency planning policy
 Overview of Interest Rate Risk Management in Banking Book
▫ Understanding key principles of interest rate risk management in banking book
▫ Identifying risk measurement, risk limits, and risk reports
▫ Understanding stress testing
 Overview of Operational Risk Management
▫ Understanding key principles of operational risk management
▫ Understanding risk assessment tools, key risk indicators, risk incidents capturing
▫ Understanding technology risk, vendor risk, and insurance program
Training Outline

After completing this course, you will be able to:
• Understand key risks facing banking institutions
• Apply key principles of risk management into your work especially for risk
analysts, risk managers.
• Understand a standard framework of internal control and the concept of
Enterprise Risk Management.
• Understand compliance risk as well as essential regulations in banking
environment.
• Understand the financial crisis in 2007 – 2008 and lessons learnt.
• Build up a risk appetite framework for your institution with key principles,
risk tolerances, and limit settings.
• Build up risk assessment tools and techniques for risk management.
• Understand Internal Capital Adequacy Assessment Process and criticality of
stress tests in capital management.
Expected Outcomes

OVERVIEW OF RISK MANAGEMENT
 CORPORATE GOVERNANCE AND RISK MANAGEMENT
 AN INTRODUCTION TO KEY RISKS IN BANKING INSTITUTIONS
 INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT
 FINANCIAL FAILURES AND LESSONS LEARNT
 FINANCIAL CRISIS OF 2007 - 2008
 RISK APPETITE FRAMEWORK
 OVERVIEW OF BASEL II / III
 INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
5

Corporate Governance and Risk Management
Corporate Governance: Sample Definitions
 “The system by which companies are directed and
controlled” – Adrian Cadbury, 1992
 “The structures, processes, cultures and systems that
engender the successful operation of the organisation” – K
Keasey and M Wright, 1993
 “The process of supervision and control intended to
ensure that the company’s management acts in
accordance with the interests of Shareholders” – J
Parkinson, 1994
6

Components of Corporate
Governance
 Ethics
 Integrity
 Code of Conduct
 Accountability
 Responsibility
 Information
 Investment Protection
 Shareholder Action
 Transparency
 Internal Control System
 Regulations
Why is Corporate Governance is so
important?
 Even best-run organisations can make
mistakes or poor decisions on i.e. investment,
recruitment, evaluation, etc.
 While risk is an important and unavoidable
component of modern management, it
should not imply that governance of
enterprises is overlooked.
 A good decision that leads to i.e. a successful
investment can be based on poor assessment
of risk. Also, good governance practice can
lead to poor decision making. Hence, there
must be a balance.
 To help avoid / mitigate agency cost problem.
7

Shareholders
Board of
Directors
CEO / MD
Executive
Directors
Front Office
Functions
Middle Office
Functions
Back Office
Functions
Put in equity to set up the business
Shareholders nominate a BoD to run the
business on their behalf. They set the
business policies
Board includes a Management team lead by
CEO/MD and Executive Directors who manage
the business on a day-to-day basis. They design
appropriate strategies to implement policies
Senior Management is recruited to
develop business plans / processes /
procedures to execute the strategies
8

What is Risk Management?
 In a concise context, Risk Management is the identification, assessment,
measurement, monitoring and get corrective actions to risks facing the firm.
 It is defined under ISO 31000 as the effect of uncertainty on objectives (whether
positive or negative) followed by coordinated and economical application of
resources to minimize, monitor, and control the probability and/or impact of
unfortunate events or to maximize the realization of opportunities.
Key Issues
 Probability (likelihood) of event occurring
 Severity (impact) of the event on set objectives
 The strategies to manage risk typically include transferring the risk to another party,
avoiding the risk, reducing the negative effect or probability of the risk, or even
accepting some or all of the potential or actual consequences of a particular risk.
9

Risk Governance in Practice
 Select competent board members and establish guidelines to govern the
board organization and structures;
 Select competent executive officers, evaluate and compensate them
accordingly;
 Review and approve the management-developed strategy i.e. approve the
overall risk-appetite of the institution;
 Develop risk culture and monitor the control of the environment;
 Ensure that the necessary corrective actions are taken to remedy the
situation;
 Ensure the compliance of the institution with its legal and regulatory
requirements; and
 Directors are to perform these functions in the best interest of the
shareholders and other stakeholders.
10

8 Principles for Bank Boards & Senior Management
(Basel Committee)
 Principle 1: Board qualifications, capabilities and responsibilities
 Principle 2: Board’s role regarding the bank’s strategic objectives and
corporate values
 Principle 3: Lines of responsibility & accountability
 Principle 4: Ensuring oversight by senior management
 Principle 5: Auditors and internal control functions
 Principle 6: Board & key executive compensation
 Principle 7: Transparent governance
 Principle 8: “Know your operational structure”
11

12
ASAMPLEOFRISKGOVERNANCE

13

A Concise Typology of Key Risk Exposures in Banking Sector
14
Overview of Key Risks in Banking Institutions
RISKS
Market Risk
Credit Risk
Liquidity Risk
Operational Risk
Legal & Compliance Risk
Business Risk
Strategic Risk
Reputation Risk
Funding Liquidity Risk
Trading Liquidity Risk

A Schematic View of Key Financial Risks
15
Financial
Risks
Market
Risk
Credit
Risk
Transaction Risk
Portfolio
Concentration
Issue Risk
Issuer Risk
Counterparty Risk
Equity Price
Risk
Interest Rate
Risk
Foreign
Exchange Risk
Commodity
Price Risk
Trading Risk
Gap Risk
General risk
Specific risk

Effective tradeoff of risk and reward
Shared responsibility for risk management
Based on an understanding of risk
Avoid activities that are inconsistent with values
Focus on clients and core values
Use of judgment and common sense
Risk Management Principles
16

Key Risk Definitions
17
Reputational Risk: is the current or prospective risk to earnings and capital arising
from an adverse perception of a banking institution on the part of existing and
potential transactional stakeholders, i.e. clients, trading counterparties, employees,
suppliers, regulators, governmental bodies, and investors.
Compliance Risk: is the current or prospective risk to earnings, capital and
reputation arising from violations or non-compliance with laws, rules, regulations,
agreements, prescribed practices, or ethical standards, as well as from incorrect
interpretation of relevant laws or regulations.
Strategic Risk: is the current and prospective impact on earnings, capital, reputation
or good standing of a banking institution arising from poor business decisions,
improper implementation of decisions or lack of response to industry, economic or
technological changes. This risk is a function of the compatibility of the bank’s
strategic goals, the business strategies developed to achieve these goals, the
resources deployed to meet these goals and the quality of implementation.

Key Risk Definitions (cont.)
18
Credit Risk: is the risk arising from the potential that an obligor is either unwilling to
perform on an obligation or its ability to perform such obligation is impaired resulting in
economic loss to the bank.
Market Risk: is the risk of losses in on and off balance sheet positions as a result of adverse
changes in market prices i.e. interest rates, foreign exchange rates, equity prices and
commodity prices. Market risk exists in both trading and banking book. A trading book
consists of positions in financial instruments and commodities held either with trading
intent or in order to hedge other items of the trading book.
Operational Risk: is the current and prospective risk to earnings and capital arising from
inadequate or failed internal processes, people and systems or from external events.
Liquidity Risk: is the risk of losses to a banking institution arising from either its inability to
meet its obligations as they fall due or to fund increases in assets without incurring
unacceptable cost or losses. Liquidity risk also arises from the failure to recognize or address
changes in market conditions that affect the ability to liquidate assets quickly and with
minimum loss in value.

19
Market Risk Liquidity Risk Credit Risk
Operational
Risk
Framework
& Policies
Market
Risk
Mgmt
Policies
Limits &
Controls
Liquidity
Mgmt
Policies
Compliance
Triggers &
MATs
Credit
Risk
Mgmt
Policies
Portfolio
Caps,
Triggers &
Risk Conc.
Risk Models
OpRisk
Mgmt
Policies
RCSA / KRI
/ Loss
Capturing
Business Continuity
VaR
Models
Valuation
Models
Contingency Funding
FTP
Model
ALM
Model
Liquidity
Models
Retail
Scoring
Model
Internal
Credit Rating
Model
(SME/Corp)
Scorecard Approach
Advanced Approach
(LDA)Model Backtesting
BASEL II/III
ICAAP
IRRBB
Credit
Concentration Risk
Stress Testing
Framework
Capital
Adequacy
Leverage Ratio
Liquidity Standards
(LCR/NSFR)
Integrated Risk Management Framework in Practice

20
Credit Risk Management Framework in Practice
CREDIT RISK
COMPONENTS
KEY ELEMENTS TO HAVE
Credit Risk
Governance
Credit Risk Policy
Framework
Credit Risk Model &
Validation
Credit Risk Monitoring
& Reporting
Risk-based Decision
Making
Credit Risk Mgmt
Structure
Credit Risk Mgmt
TOR & Policies
Credit Risk Mgmt
Policy
Collateral Mgmt
Policy
Authority Limit
Mgmt Framework
Corporate Rating
Model
Retail Scoring
Model
Model Validation
Framework
Credit Risk Capital
Charge
Risk Reporting
Templates
Reporting
Workflow
Risk-based Pricing
RAROC / RORAC
Framework
Risk-based
Portfolio Strategy
PD, LGD & EAD
Estimation
Credit VaR
Calculation

21
Market Risk Management Framework in Practice
MARKET RISK
COMPONENTS
Market Risk
Governance
Market Risk Policy
Framework
Market Risk Model &
Validation
Credit Risk Monitoring
& Reporting
Asset Liability
Management
Market Risk Mgmt
Structure
Market Risk Mgmt
TOR & Policies
Market Risk Mgmt
Policy
ALM Policy
Limits Mgmt
Framework
Instruments &
VaR Model
Valuation Model
Model Validation
Framework
Risk-based Decision
Making
Risk Reporting
Templates
Reporting
Workflow
Liquidity Risk
Management
Interest Rate Risk
in Trading Book
Interest Rate Risk
in Banking Book
Risk-based Pricing
Risk-based
Portfolio Strategy

22
Operational Risk Management Framework in Practice
OPERATIONAL RISK
COMPONENTS
Operational Risk
Governance
Operational Risk
Policy Framework
Other OpRisk Related
Policy Framework
Operational Risk
Measurement
Operational Risk
Control
OpRisk Mgmt
Structure
OpRisk Mgmt TOR
& Policies
OpRisk Mgmt
Policy
BCP/DRP
Framework
New Product
Program
Technology &
Cyber Risk Policy
Vendor Risk Mgmt
Policy
Insurance
Program
Operational Risk
Capital Charge
RCSA / KRIs
Loss / Near Miss
Capturing
Control Design
Program
Control Design
Review
Corrective Action
Plan
BIA / TSA / AMA
Approach
OpVaR
Calculation
Reporting &
Monitoring

23

Internal Control
Objectives of Internal Controls
▫ Accurate Financial Information
▫ Compliance with Policies and
Procedures
▫ Safeguarding Assets
▫ Efficient Use of Resources
▫ Accomplishment of Objectives
and Goals
Institute of Internal Auditors (IIA)
Why are Internal Controls Important?
Internal controls are designed to provide
reasonable assurance regarding the
achievement of objectives in the following
categories:
▫ Effectiveness and Efficiency of
Operations
▫ Reliability of Financial Reporting
▫ Compliance with Laws and Regulations
Source: Internal Control – Integrated Framework
Executive Summary, Committee of Sponsoring
Organizations of the Treadway Commission (COSO)
Internal Control and Enterprise Risk Management
24

Internal Control-Integrated Framework (2013 Edition)
• Consists of three parts:
▫ Executive Summary
▫ Framework and Appendices
▫ Illustrative Tools for Assessing
Effectiveness of a System of
Internal Control
• Key items:
▫ Definition of internal control
▫ Categories of objectives
▫ Components and principles of
internal control
▫ Requirements for effectiveness
25

Environments changes... … have driven Framework updates
Expectations for governance oversight
Globalization of markets and operations
Changes and greater complexity in business
Demands and complexities in laws, rules,
regulations, and standards
Expectations for competencies and
accountabilities
Use of, and reliance on, evolving
technologies
Expectations relating to preventing and
detecting fraud
COSO Cube (2013 Edition)
26

1. Demonstrates commitment to integrity and ethical values
2. Exercises oversight responsibility
3. Establishes structure, authority and responsibility
4. Demonstrates commitment to competence
5. Enforces accountability
16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies
13. Uses relevant information
14. Communicates internally
15. Communicates externally
10. Selects and develops control activities
11. Selects and develops general controls over technology
12. Deploys through policies and procedures
6. Specifies suitable objectives
7. Identifies and analyzes risk
8. Assesses fraud risk
9. Identifies and analyzes significant change
Control Environment
Risk Assessment
Control Activities
Information &
Communication
Monitoring Activities
27

1. The organization demonstrates a commitment to
integrity and ethical values.
2. The board of directors demonstrates independence
from management and exercises oversight of the
development and performance of internal control.
3. Management establishes, with board oversight,
structures, reporting lines, and appropriate authorities
and responsibilities in the pursuit of objectives.
4. The organization demonstrates a commitment to
attract, develop, and retain competent individuals in
alignment with objectives.
5. The organization holds individuals accountable for
their internal control responsibilities in the pursuit of
objectives.
Control Environment
28

6. The organization specifies objectives with sufficient
clarity to enable the identification and assessment of
risks relating to objectives.
7. The organization identifies risks to the achievement
of its objectives across the entity and analyzes risks
as a basis for determining how the risks should be
managed.
8. The organization considers the potential for fraud in
assessing risks to the achievement of objectives.
9. The organization identifies and assesses changes that
could significantly impact the system of internal
control.
Risk Assessment
29

10. The organization selects and develops control
activities that contribute to the mitigation of risks
to the achievement of objectives to acceptable
levels.
11. The organization selects and develops general
control activities over technology to support the
achievement of objectives.
12. The organization deploys control activities through
policies that establish what is expected and
procedures that put policies in place.
Control Activities
30

13. The organization obtains or generates and uses
relevant, quality information to support the
functioning of internal control.
14. The organization internally communicates
information, including objectives and
responsibilities for internal control, necessary to
support the functioning of internal control.
15. The organization communicates with external
parties regarding matters affecting the functioning
of internal control.
Information &
Communication
28

16. The organization selects, develops, and performs
ongoing and/or separate evaluations to ascertain
whether the components of internal control are
present and functioning.
17. The organization evaluates and communicates
internal control deficiencies in a timely manner to
those parties responsible for taking corrective
action, including senior management and the
board of directors, as appropriate.
Monitoring Activities
32

Requirements for effective internal control
 Effective internal control provides reasonable assurance regarding the
achievement of objectives and requires that:
▫ Each component and each relevant principle is present and functioning
▫ The five components are operating together in an integrated manner
 Each principle is suitable to all entities; all principles are presumed relevant
except in rare situations where management determines that a principle is not
relevant to a component (e.g., governance, technology)
 Components operate together when all components are present and functioning
and internal control deficiencies aggregated across components do not result in
one or more major deficiencies
 A major deficiency represents an internal control deficiency or combination
thereof that severely reduces the likelihood that an entity can achieve its
objectives
33

Enterprise Risk Management
ERM is a process, effected by an entity’s board of
directors, management, and other personnel, applied in
strategy setting and across the enterprise, designed to
identify potential events that may affect the entity,
manage risks to be within its risk appetite, to provide
reasonable assurance regarding the achievement of entity
objectives.
- Proposed by COSO (2003)
34

Enterprise Risk Management (ERM)
 Integrated Strategy - ERM is important because it supports
the Department’s strategy and our Management Principles
including, “we will manage risk in fulfilling our mission”.
 Consistency - Systematic approach for management and
operations – how we make decisions, govern how we
establish and implement requirements, and how we hold
ourselves accountable.
 Better Communication - ERM will provide that framework
for clearly articulate the processes we use for program
execution, and governance.
 Clear and Concrete Measures of Performance - It will
improve efficiency and allow a bank to consistently speak
with one voice to our contractors, customers, and
stakeholders.
Why is
ERM
important?
35

COSO Enterprise Risk Management
Risk profiles are increasing
 Regulatory/public scrutiny
 Expanding services increases risks
 Business change increases risk complexity
 Need for right kind of risk training
 Need for risk assessment methodologies/technology tools
 Stakeholders have different risk needs
 Inconsistent risk language used
Key Benefits from ERM
 Awareness of risk increased
 Cross-enterprise risk identified
 Coordination across business units for more effective mitigation
 Consistent risk information
 Common risk language established
 Shareholder value protected or enhanced
36

COSO Enterprise Risk Management
KEY SUCCESS FACTORS FOR ERM
 Provide clear goals and objectives
 Establish sponsorship or senior
management
 Link to performance measures
and compensation
 Drive the approach from the
corporate/head office
 Establish a dedicated corporate
function
COSO ERM Cube
37

COSO Internal Control vs. Enterprise Risk Management
38

ERM vs. Internal Control
• ERM elaborates and expands on those components of internal control
relevant to risk:
▫ Significantly expands on the “risk assessment” component
▫ Emphasizes and expands on other components as they relate to risk
• Internal control and ERM are 2 separate frameworks considerable overlap:
▫ In some respects IC is broader and in others ERM is broader
▫ IC framework remains in tact
▫ ERM framework addresses risk management concepts more broadly and deeply
• ERM is effective only when:
▫ IC components are present and functioning effectively
▫ ERM components are present and functioning effectively
• You can have effective internal control without enterprise risk management, but
you cannot have effective enterprise risk management without effective internal
controls
39

40

Case #1 - Barings Bank
Incident
The incident involved the loss of nearly
$1.25Bil due to the unauthorized trading
activities during 1993 to 1995 of a single
and junior trader named Nick Leeson.
Result
The size of the losses relative to Barings
Bank’s capital along with potential
additional losses on outstanding trades
forced Barings into bankruptcy in Feb
1995.
Causes
Rouge trading, failed control activities,
and internal fraud.
Financial Failures and Lessons Learnt
41

Case #2 – Allied Irish Bank
Incident
John Rusnak, a currency option trader in
charge of a very small trading book in
AIB’s Allfirst First Maryland Bancorp
subsidiary, entered into massive
unauthorized trades during the period
1997 through 2002, ultimately resulting
in $691Mil in losses.
Result
This resulted in a major blow to AIB’s
reputation and stock price.
Causes
and internal fraud.
42

Case #3 – Kidder Peabody
Incident
Between 1992 and 1994, Joseph Jett, head of the
government bond trading desk at Kidder Peabody,
entered into a series of trades that were incorrectly
reported in the firm’s accounting system, artificially
inflating reported profit. When corrected in Apr 1994,
$350Mil in previously reported gains had to be reversed.
Result
Although Jett’s trades had not resulted in any actual loss
of cash for Kidder, the announcement of such a massive
misreporting of earnings triggered a substantial loss of
confidence in the competence of the firm’s
management by customers and GE, which owned
Kidder. In Oct 1994, GE sold Kidder to Paine Webber,
which dismantled the firm later on.
43

Case #4 – Société Générale
Incident
In Jan 2008, SG reported trading losses
of $7.1Bil that the firm attributed to
unauthorized activity by a junior trader
named Jerome Kerviel.
Result
The large loss severely damaged SG’s
reputation and required it to raise a
large amount of new capital.
Causes
and internal fraud.
44

Other Cases
 Sumitomo Corporation
The firm lost $2.6Bil in a failed attempt by Yasuo Hamanaka, a senior trader, to corner the world’s copper
market – that is, to drive up prices by controlling a large portion of the available supply. Sumitomo
management claimed that Hamanaka had used fraudulent means in hiding the size of his positions from
them. He also claimed that he had disclosed the positions to senior management. He was sent to jail. See
Asiaweek (1996), Dwyer (1996), and McKay (1999).
 Daiwa Bank
Toshihida Iguchi of Daiwa Bank’s New York office lost $1.1Bil trading Treasury bond between 1984 and 1995.
He hid his losses and made his operation appear to be quite profitable by forging trading slips, which
enabled him to sell without authorization bonds held in customer accounts to produce funds he could claim
were part of his trading profit. His fraud was aided by a situation similar to Nick Leeson’s at Barings – Iguchi
was head of both trading and the back-office support function. Iguchi was sent to jail. See more at
www.erisk.com
 Merrill Lynch
The firm reportedly lost $350Mil in trading mortgage securities in 1987 due to risk reporting that used a 13-
year duration for all securities created from a pool of 30-year mortgages. Although this duration is roughly
correct for an undivided pool of 30-year mortgages, the correct duration is 30 years when the interest-only
part is sold and the principal-only part is kept, as Merrill was doing. See Crouhy, Galai, and Mark (2001).
 UBS
The Swiss bank in 2011 reported a loss of $2.3Bil due to unauthorized trading by Kweku Adoboli, a relatively
junior equity trader. This incident cost the CEO of UBS his job. See Wilson (2011).
45

Lessons learnt from these financial failures
 The necessity of an independent trading back office
 Always make exhaustive inquiries about unexpected sources of profit or loss.
 Always make thorough inquiries about any large unanticipated movement of
cash.
 Control personnel are to tighten procedures that may lead to detection of
fictitious trade entries.
 Flag any trader who appears to be using an unusually high number of such
cancellations of trading positions.
 Control personnel should be aware of situations in which traders are being
supervised by temporary or new managers.
 Vacation policy needs to be mandatory.
 Cash and collateral requirements should be monitored at trader level.
 Any patterns of P&L that are unusual relative to expectations need to be
identified and investigated by both management and the control functions.
46

47

Financial Crisis of 2007 - 2008
A Synopsis
 Starting in 2000, mortgage originators in the US relaxed their lending
standards and created large numbers of subprime first mortgages.
 This, combined with very low interest rates, increased the demand for real
estate and prices rose.
 To continue to attract first time buyers and keep prices increasing they
relaxed lending standards further
 Features of the market: 100% mortgages, ARMs, teaser rates, NINJAs, liar
loans, non-recourse borrowing
 Mortgages were packaged in financial products and sold to investors
48

A Synopsis (cont.)
 Banks found it profitable to invest in the AAA rated tranches because the
promised return was significantly higher than the cost of funds and capital
requirements were low
 The property bubble burst in in 2007. Some borrowers could not afford
their payments when the teaser rates ended. Others had negative equity
and recognized that it was optimal for them to exercise their put options.
 U.S. real estate prices fell and products, created from the mortgages, that
were previously thought to be safe began to be viewed as risky
 There was a “flight to quality” and credit spreads increased to very high
levels
49

An Origination Model of Asset-Backed Securities (ABS)
Asset 1 (eg Auto loans)
Asset 2 (eg Home loans)
Asset 3 (eg Bonds)
Asset 4 (eg Credit Cards)

Asset n
Total Principal is:
$100 million
SPE
or
SPV
Senior Tranche
Principal: $80 million
Return = 5%
Mezzanine Tranche
Return = 10%
Equity Tranche
Return = 20%
50

And Continue with ABS Collateralized Debt Obligation
Asset Cash Flows
Including
Subprime Mortgages
Senior Tranches (75%)
AAA
Mezzanine Tranches (20%)
BBB
Equity Tranches (5%)
Not Rated
Senior Tranche
(80%) AAA
Mezzanine Tranche
(15%) BBB
Equity Tranche
(5%) BB-
Which one is riskier between a
ABS Senior Tranch and ABS CDO Senior Tranch?
51

BBB Tranches
 BBB tranches of ABSs were often quite thin (1% wide)
 This means that they have a quite different loss distribution from BBB bonds and
should not be treated as equivalent to BBB bonds
 They tend to be either safe or completely wiped out
 What does this mean for the tranches of the Mezzanine ABS CDO?
Regulatory Capital
 Capital required for securities created from a portfolio of mortgages was
considerably less than capital that would be required if mortgages had been kept on
the balance sheet
Role of Incentives
 Arguably the incentives of valuers, the creators of ABSs and ABS CDOs, and rating
agencies helped to create the crisis
 Compensation plans of traders created short-term horizons for decision making
52

Lessons learnt from the crisis
 Be aware of irrational exuberance
 Do not underestimate default correlations in stressed markets
 Recovery rate depends on default rate
 Compensation structures did not create the right incentives
 If a deal seems too good to be true (eg, a AAA earning LIBOR plus 100
bp) it probably is
 Do not rely on ratings without any due diligence
 Transparency is important in financial markets
 Resecuritization was a not good idea
53

54

Background and Approach
 Many reports (e.g. 2009 SSG) showed that most board of directors and senior
management did not actively articulate, measure, and adhere to a level of risk
acceptable to firms.
 Most firms acknowledged some need for improvement in their procedures for
setting and monitoring risk appetite, and many acknowledged the need to
renovate the way in which their boards were receiving financial and risk
information.
 As a result, the Basel Committee on Banking Supervision, in its report Principles
for Enhancing Corporate Governance, outlined expectations that it is the board’s
responsibility to “approve and oversee the implementation of the bank’s overall
risk strategy, including its risk tolerance/appetite”.
 Lastly, for a modern risk management universe today, the Risk Appetite
Framework (RAF) is seen as a critically strategic decision-making tool.
Risk Appetite Framework
55

Linking to Strategic Objectives
Risk appetite articulates the level of risk a company is prepared to accept
in order to achieve its strategic objectives.
Capital Adequacy (CAR)
Earnings Volatility (EAR)
Credit Rating Target
Risk / Reward Tradeoff
Risk Preference / Aversion
Measures
Regulators
Investors
Debt holders
Stakeholders
Rating Agencies
Enterprise Risk Tolerance
Risk Appetite for Each Risk
Category
Risk Limits
56

Linking to Strategic Objectives
Risk Appetite Framework (RAF)
Strategic Planning
Asset
Allocation
Business
Planning
Liquidity
Management
Capital
Allocation
Performance
Measurement Others
Understand the
constraint and
ability to take risk
Understand the
risk/reward
tradeoff
57

Measure Risk Profile
Ensure appropriate action is taken prior Risk Profile surpassing Risk Appetite
Set Risk Limits and Tolerances
Ensure that risk-taking activities are within Risk Appetite
Establish Risk Appetite
Self-Imposed Constraints & Drivers
Define Risk Capacity
Identify regulatory constraints
Risk
Appetite
Framework
A Standard Flow for RAF Implementation
58

Monitoring Risk Profile
Firms with more developed RAFs combine multiple risk metrics that help in managing
or mitigating downside risk in a thoughtful, deliberate way. The metrics used should
range from the dynamic and forward looking to the static and point-in-time; they may
include but not limited to:
 Capital targets beyond solely regulatory measures (economic capital, tangible common equity,
and total leverage);
 Capital at risk amounts;
 A variety of liquidity ratios, terms, and survival horizons;
 Net interest income volatility or earnings-at-risk calculations;
 VaR limits in trading book;
 Risk sensitivity limits;
 Risk concentrations by internal and/or external credit ratings;
 Expected loss ratios;
 The firm’s own credit spreads;
 Asset growth ceilings by business line or exposure type;
 Performance of internal audit ratings; and
 Economic value added;
59

Risk Appetite Statement (RAS)
KEY OBJECTIVES FOR BUILDING A RISK APPETITE STATEMENT
• By considering the risk and return trade-off, RAS plays a critical role in guiding senior management
on how to govern bank risks to be able to achieve key objectives of the Board and shareholders.
• RAS will help a bank to be able to withstand contingencies such as a market turmoil influencing the
balance sheet of the bank, a deterioration of loan portfolio, a decline in capital adequacy,
operational losses, or a liquidity crisis.
• RAS will play as a cornerstone to help bank managers do commitments with the Board in building
a robust risk management framework with a risk practice in vogue.
• RAS will help to define risk profiles, risk limits, and risk thresholds for each kind of risks.
Shareholders’
Objectives
The Board approves
RAS to hook into the
business strategy
RAS will define
risk profiles and
prudential limits
Control and
monitor risks
based on RAS
RAS is seen as a critical element for a standard RAF
60

Risk Appetite Statement
SHAREHOLDERS
BOARD OF DIRECTORS
BUSINESS
STRATEGY
Liquidity Risk
Operational Risk
Market Risk
Credit Risk
Reputational Risk Regulatory Risk
Non-financial
Objectives
Financial
Objectives
Approve
RISK APPETITE STATEMENT
The Board of a
bank will
approve the
business
strategy based
on RAS in the
hope to achieve
non-financial
and financial
objectives.
Hook
Shareholders of
a bank often
look at financial
objectives.
61

A Sample RAS Report
Type of metric Name Description MAT Green Amber Red
As of
Dec‘XX
Returns
ROE NPAT / Average equity 10.60% >13.2% 8.0% to 13.2% <8% 16.5%
ROA NPAT / Average assets 1.50% >1.91% 1.4% to 1.91% <1.4% 2.5%
Cost to Income Operating Cost / Gross Income 55.00% <50% 50% to 60% >60% 55.5%
Credit Risk
Non-performing
Loans
Non-performing loans / Total Loan
Outstanding
0.55% <0.5% 0.5% to 0.6% >0.6% 0.45%
Loan Loss Coverage Net Operating profit / Cost of Credit 3.2x >4.0x 2.5x - 4.0x <2.5x 7.0x
Single Borrowing
Concentration
Proportion of single loan to total net worth 16.50% <15% 15% to 18% >18% 5.5%
Liquidity Risk
Liquidity Coverage
Ratio
Follow Prakas B7-015-349 established on 23
Dec 2015
70.00% >70% 65% to 70% <65% 99.1%
Single lender
concentration
Maximum % of contribution from a single
lender / Net Worth
16.50% <15% 15% to 18% >18% 7.5%
Overall Capital Total Capital on total Risk Weighted Assets 19.50% >24% 19%-24% <19% 20.5%
Tier 1 Capital Buffer Tier 1 Capital of Total Net Worth 67.50% >75% 65% to 75% <65% 95.2%
Operational Risk Operational Loss % of Annual Revenue 0.55% <0.5% 0.5% - 1% >1% 0.01%
Reputation
/Compliance Risk
Major breaches in
regulatory reporting
Number of delays in regulatory
reporting/submission in last recorded
quarter (without management awareness)
0 0 0 0 0
Major monetary fines
Number of monetary fines in last recorded
quarter
0 0 0 0 0
62

63

Overview of Basel II
History of Banking Regulations
• Pre-1988
• 1988: BIS Accord (Basel I)
• 1996: Amendment to BIS Accord
• 1999: Basel II first proposed, implemented in 2007
Key Elements of Basel II/III Pacts
• Capital Types
• Key pillars
• Risk Weighted Capital
• Capital Adequacy Ratio
• Capital charges
64

CAPITAL TIERS
 Tier 1 Capital: common equity tier (CET), non-cumulative perpetual
preferred shares
 Tier 2 Capital: cumulative preferred stock, certain types of 99-year
debentures, subordinated debt with an original life of more than 5
years
CAPITAL TYPES
 Economic Capital (EC) is an estimate of the level of capital that a
bank needs to run its business as usual (BAU).
 Regulatory Capital (RC) is the capital that a bank needs to hold by
regulators in order to operate or remain its operations.
65

3 KEY PILLARS UNDER BASEL II
Pillar I
Minimum Capital
Requirements
Pillar II
Supervisory Review
Process
Pillar III
Market Discipline
Minimum standards for
capital management on a
risk-based basis:
 Credit Risk
 Operational Risk
 Market Risk
Increases responsibilities
and levels of discretion for
supervisory reviews and
controls covering:
 Capital Adequacy
 Internal Models
 Capital charges
 Capital Monitoring
Banks are required to
increase information
disclosure relating to
measurement of credit
and operational risks, and
improve the transparency
of financial information to
the market.
66

3 KEY PILLARS UNDER BASEL II
Basel II
Supervisory review
process
• How will supervisory
bodies assess, monitor
and ensure capital
adequacy?
• Internal process for
assessing capital adequacy
in relation to risk profile
• Supervisors to review and
evaluate banks’ internal
processes
• Supervisors to require banks
to hold capital in excess of
minimum to cover other
risks, e.g. strategic risk
• Supervisors seek to
intervene and ensure
compliance
Market disclosure
• What and how should
banks disclose to
external parties?
• Effective disclosure of:
- Banks’ risk profiles
- Adequacy of capital
positions
• Specific qualitative and
quantitative disclosures
- Scope of application
- Composition of capital
- Risk exposure
assessment
- Capital adequacy
Minimum capital
requirements
• How is capital adequacy
measured particularly for
Advanced approaches?
• Better align regulatory
capital with economic risk
• Evolutionary approach to
assessing credit risk
- Standardised (external
factors)
- Foundation IRB
- Advanced IRB
• Evolutionary approaches to
operational risk
- Basic indicator
- Standardised
- Advanced Measurement
IssuePrinciple
• Continue to
promote safety and
soundness in the
banking system
• Ensure capital
adequacy is
sensitive to the
level of risks borne
by banks
• Constitute a more
comprehensive
approach to
addressing risks
• Continue to
enhance
competitive
equality
67

RISK WEIGHTED CAPITAL
 A risk weight is applied to each on-balance-sheet asset according
to its risk (e.g. 0% to cash and govt bonds; 20% to claims on OECD
banks; 50% to residential mortgages; 100% to corporate loans,
corporate bonds, etc.)
 For each off-balance-sheet item we first calculate a credit
equivalent amount and then apply a risk weight
 Risk weighted amount (RWA) consists of
▫ sum of risk weight times asset amount for on-balance sheet items
▫ Sum of risk weight times credit equivalent amount for off-balance sheet
items
68

CAPITAL ADEQUACY RATIO
 Capital adequacy ratio is a measure of the amount of a bank's capital
expressed as a percentage of its risk weighted credit exposures.
 An international standard which recommends minimum capital
adequacy ratios has been developed to ensure a bank can absorb a
reasonable level of losses before becoming insolvent.
69

CAPITAL ADEQUACY RATIO
70

Capital Charges under Basel II
Approaches that can be
followed in determination
of Regulatory Capital
under Basel II
Total
Regulatory
Capital
Operational
Risk
Capital
Credit
Risk
Capital
Market
Risk
Capital
Basic Indicator
Approach
Standardized
Approach
Advanced Measurement
Approach (AMA)
Standardized
Approach
Internal Ratings Based
(IRB)
Foundation IRB
Advanced IRB
Standard Model
Internal Model
Score Card
Loss Distribution
Internal Modeling
71

Overview of Basel III
 Capital Definition and Requirements
 Capital Conservation Buffer
 Countercyclical Buffer
 Leverage Ratio
 Liquidity Ratios
 Capital for CVA Risk
 Contingent Convertible Bonds
72

Capital Definition and Requirements
 Three types:
– Common equity Tier 1
– Additional Tier 1
– Tier 2
 Definitions tightened
 Limits
– Common equity > 4.5% of RWA
– Tier 1 > 6% of RWA
– Tier 1 plus Tier 2 > 8% of RWA
 Phased implementation of capital levels stretching to January 1, 2015
 Phased implementation of capital definition stretching to January 1,
2018
73

Capital Conservation Buffer
 Extra 2.5% of common equity required in normal times to absorb losses
in periods of stress
 If total common equity is less than 7% (=4.5%+2.5%) dividends are
restricted
 To be phased in between January 1, 2016 and January 1, 2019
Countercyclical Buffer
 Extra equity capital to allow for cyclicality of bank earnings
 Left to the discretion of national regulators
 Can be as high as 2.5% of RWA
 Dividends restricted when capital is below required level
 To be phased in between January 1, 2016 and January 1, 2019
74

Leverage Ratio
 Objective is to constrain the build-up of leverage in the banking sector
which would help to avoid destabilization of deleveraging processes
that may shock the broader financial system and the economy.
 This is not a risk-based ratio that the ratio of Tier 1 capital to total
exposure (not risk weighted) must be greater than 3%
 Exposure includes all items on balance sheet and some off-balance
sheet items
 To be introduced on January 1, 2018 after a transition period
75

Liquidity Risk Ratios
Objective of Liquidity Coverage Ratio (LCR) is to ensure that a bank meets its liquidity needs
for a 30 calendar days under liquidity stress scenarios and has adequate stock of
unencumbered High Quality Liquid Assets (HQLA) that can be converted into cash at a little
or no value loss in financial markets.
Objective of NSFR is to promote resilience over a longer time span by creating additional
incentives for a bank to fund their activities with more stable sources of funding on an
ongoing basis. NSFR complements and supports the LCR and it has been developed to
provide a sustainable maturity structure of assets and liabilities.
76

Key Ratios in Basel III
77

Capital for CVA Risk
 CVA is the adjustment to the value of transactions with a counterparty to
allow for counterparty credit risk
 Basel III requires CVA risk arising from changing credit spreads to be
incorporated into market-risk VaR calculations
Contingent Convertible Bonds
 Bonds which automatically get converted into equity if certain conditions
are satisfied
 For example, in the case of Credit Suisse, a Swiss bank, there is conversion
if:
• Tier 1 equity falls below 7% of RWA, or
• Swiss regulator determines that the bank needs public sector support
78

Key Comparisons between Basel II and Basel III
Requirements Under Basel II Under Basel III
Minimum Ratio of Total Capital to RWAs 8% 10.5%
Minimum Ratio of Common Equity Tier to RWAs 2% 4.5% to 7%
Tier I Capital to RWAs 4% 6%
Capital Conservation Buffer (CCB) to RWAs n/a 2.5%
Countercyclical Buffer n/a 0% to 2.5%
Leverage Ratio n/a 3%
Liquidity Coverage Ratio * n/a 100%
Net Stable Funding Ratio * n/a 100%
* The ratio to be differently defined across regulators and timelines
79

Transition period of compliance to Basel III
80

81

 A typical bank’s Internal Capital Adequacy Assessment Process
(ICAAP) must exhaustively estimate capital required for risks not
sufficiently covered or not included under Pillar I
 A typical bank’s ICAAP must meet the following objectives:
• Exhaustively identifies and measures all material risks in the bank’s
business and the assessment of capital required to support these risks.
• Risk-based and forward-looking
• Integrated into the management process and decision-making culture of
the bank
• Ability to determine the overall level of capital and the assessment
supporting such outcome
Internal Capital Adequacy Assessment Process
82

Process flow of ICAAP
Banks are required to put in place an internal process to assess its own capital adequacy.
Board & Senior
Management
Oversight
Exhaustive
Assessment of
Risks
Sound Capital
Assessment
Monitoring
and Reporting
Review of
ICAAP
 Approval of all risk
policies
 Setting of Risk
Appetite
Statement
 Assess all
material risks and
required
additional capital
against such risks
 Assess the impact
on capital arising
from stress events
 Assess capital
adequacy to
support growth
 Capital plan and
action for capital
raising
 Ensure that a
bank is able to
meet minimum
capital
requirements to
operate as a
going concern
even under
stress conditions
 Independent
review of the
implementation of
ICAAP
83

Capital Demand and Capital Availability
 ICAAP requires a bank to ensure that it has adequate capital to support all
its risks in both current and in the future.
 This requires banks to determine their DEMAND and SUPPLY of Capital
 The ICAAP Operating Framework implemented provides the processes to
systematically identify the bank’s Demand for and availability of capital.
CAPITAL DEMAND
 Capital requirements for current Pillar
I and Pillar II risk items
 Additional Capital to support planned
future business growth
 Risk appetite and target credit ratings
– required capital buffer
CAPITAL AVAILABILITY
 Availability of current financial
resources
 Retained earnings from future P/L
 Possible actions to make available
previously committed capital
 Ability to tap external sources for
capital
84

Key Elements under ICAAP
The ICAAP Operating Framework is based on Basel II requirements and best practices
adopted by banks for ICAAP / Capital Management and comprises four key components
Bank Governance at Board &
Senior Management Level
Assessment of Capital Demand
and Supply
Calibrating Capital Adequacy
Capital Management
Capital Management
Policy
Risk Appetite
Setting
Business Strategic
Planning
Point-in-time Capital
Assessment
Core capital, add-on capital
Capital
Projection &
Forecasting
Availability of
Capital
Financial resources
Capital Adequacy Assessment
Capital Planning Capital Allocation
85

Assessment of Capital Demand
CAPITAL DEMAND
Capital Conservation
Buffer
Capital Conservation
Buffer
Countercyclical
Capital Buffer
Increase in Capital
Demand under Stress
Events
Pillar 2 Risks
(Credit Con. Risk, IRRBB,
Liquidity, Reputation, Legal,
Compliance, etc.)
Operational Risk
Market Risk
Credit Risk
RegulatoryCapital
Requirement
Pillar1+Pillar2
CapitalRequirements
BaselIII
Requirement
CAPITAL SUPPLY
Tier 1
Common
Equity
Tier 2
Capital
Tier 1
Others
Bank’sRegulatory
CapitalPosition
Any
availability of
financial
resources?
Any stress
loss
adjustment?
Any Solvency
Capital
Adjustment?
86

Risk Materiality Assessment Guidelines
These risk areas are considered material
due to their criticality and pervasiveness
in the bank’s business operations:
 All Pillar 1 Risks:
 Credit Risk
 Market Risk
 Operational Risk
 Pillar 2 risk areas:
 IRRBB
 Liquidity Risk
 Credit Concentration Risk
 Reputation Risk
 Legal and Compliance Risk
 Strategic Risk
For other surging risk areas, a bank
should determine their materiality risk
at the episode of Risk Identification:
 Is there a plausible scenario in which the
risk may result in a negative impact of 5%
or more on the bank’s P/L?
risk may result in critically negative
impact on the bank’s reputation?
risk may result in significant customer
attrition of more than 10%?
 Qualitative Assessment by risk type
owner, in consultation with risk managers
/ advisors and business support units?
Material risks
that can be
quantified
87

Stress Test Impact on Capital Demand and Supply
Increase in Capital Demand Decrease in Capital Supply
Credit Risk Stress Test
Increase in RWA will increase
Capital Requirement for up to 2-3
years more.
Credit Risk Stress Test
Credit Risk Stress losses deducted
from Capital Supply
Market Risk Stress Test
Market Risk Stress losses deducted
from Capital Supply
Interest Rate Risk in Banking Book
IRRBB stress losses from EVE
simulation deducted from Capital
Supply
Example:
CR Stress Test RWA: $10 Mil
CR Stress Test Loss: $2 Mil
MR Stress Test Loss: $0.5 Mil
IRRBB Stress Test Loss: $1 Mil
88

Stress Testing Methodology
Internal Capital Adequacy Assessment ProcessOverallMethodologyEvents
Multiple possible scenarios with different combination of political
/ natural / macro-economic events
Stress is assumed to hit during a time span and peaks over a time
point before easing off by end of another time point
Appropriate level of stressing on Growth, Yield, Cost of Risk,
Expense at both portfolio and product level
Summarization of P/L and Balance Sheet impact for each scenario
Global
Events
Local
Events
 QE tapering by US Fed going to impact every economy around the world
 Brent price hike in global market
 Pandemic impacting multiple geographies
• Strong currencies (USD, EUR) appreciation leading to pressure on SME sector
• Reform in banking industry with the advent of tough government policies
• Conflict ties across countries (i.e. India-Pakistan, China-Japan, etc.)
• Pricing cap by regulators impacting on P/L
• Exclamities – flood, earthquake, nuclear factories, etc.
89

Stress Testing Framework and Process
Events
Identification
Scenario
Description
Macro Factors Portfolio Impact
Finalize
Stress Test
Report
1. Global
Recession
2. Country
Rating
Downgrade
3. Brexit
4. Natural
Disaster
5. Cyber
Attack
6. Pandemic
Preparation of
stress scenarios
for each event
identified and
extent of
economic
impact on each
risk factor.
1. S0 – Base
2. S1 – Mild
3. S2 – Moderate
4. S3 – Severe
1. GDP
2. Inflation (CPI)
3. Interest Rate
4. Property Price
5. Unemployment
6. FDI
7. Stock market
8. Government
Revenue
9. Currency
stability
10. Oil Price
11. Deposit Run
12. Credit crunch
1. Impact on
Credit Risk
• Consumer
Lending – by
programs
• Business
Lending – by
economic
sectors
2. Market &
Liquidity Risk
Impact
• Interest rate
• Price risk
3. Operational
Risk Impact
1. Run stress
test impact
on earnings,
asset quality
and capital
for S1, S2,
and S3.
2. Report
review and
acceptance
3. BOD
approval
90

Internal Assumptions for Stress Testing
 Severity impact of macroeconomic factors on the impaired loans for each product / industry
sector under stress condition is delivered using the following NPL Multiplier (benchmark).
 Stress NPL impact on vulnerable segments and Large Borrowers is derived using the same NPL
multiplier above plus add-on factor, i.e. 10% add-on for Large Borrowers and 20% add-on for
vulnerable segments.
 Stress LGD is derived from Consumer Banking and SME Banking’s actual LGD:
91

 Understanding the difference between Corporate Governance and
Risk Management
 Recognizing specific risks in banking environment
 Be aware of a standard risk management framework
 Recognizing COSO framework on Internal Control and Enterprise
Risk Management
 Understanding financial failures with lessons learnt
 Understanding financial crisis during 2007 to 2008
 Recognizing a standard risk appetite framework
 Recognizing requirements under Basel II/III
 Understanding ICAAP and Stress Testing
Overview of Risk Management: Wrap-up
92

OVERVIEW OF LIQUIDITY RISK MANAGEMENT
 KEY PRINCIPLES OF LIQUIDITY RISK MANAGEMENT
 LIQUIDITY RISK MEASUREMENT
 LIQUIDITY RISK LIMITS AND RISK REPORTS
 LIQUIDITY STRESS TESTING
 CONTINGENCY FUNDING PLAN
94

95
 Definition
Liquidity is the ability of a bank to fund increases in assets and meet obligations
as they come due, without incurring unacceptable losses. The fundamental role
of banks in the maturity transformation of short-term deposits into long-term
loans makes banks inherently vulnerable to liquidity risk, both of an institution-
specific nature and that which affects markets as a whole. Virtually every
financial transaction or commitment has implications for a bank’s liquidity.
Effective liquidity risk management helps ensure a bank's ability to meet cash
flow obligations, which are uncertain as they are affected by external events and
other agents' behavior. Liquidity risk management is of paramount importance
because a liquidity shortfall at a single institution can have system-wide
repercussions. Financial market developments in the past decade have
increased the complexity of liquidity risk and its management.
Management Principles of Liquidity Risk
Source: Principles for sound liquidity risk management and supervision (BCBS, Sep 2008)

96
 Principle 1
A bank is responsible for the sound management of liquidity risk. A bank should
establish a robust liquidity risk management framework that ensures it
maintains sufficient liquidity, including a cushion of unencumbered, high quality
liquid assets, to withstand a range of stress events, including those involving the
loss or impairment of both unsecured and secured funding sources. Supervisors
should assess the adequacy of both a bank's liquidity risk management
framework and its liquidity position and should take prompt action if a bank is
deficient in either area in order to protect depositors and to limit potential
damage to the financial system.
Fundamental principle for the management and supervision of
liquidity risk

97
 Principle 2
A bank should clearly articulate a liquidity risk tolerance that is appropriate for its business
strategy and its role in the financial system.
 Principle 3
Senior management should develop a strategy, policies and practices to manage liquidity risk in
accordance with the risk tolerance and to ensure that the bank maintains sufficient liquidity.
Senior management should continuously review information on the bank’s liquidity
developments and report to the board of directors on a regular basis. A bank’s board of
directors should review and approve the strategy, policies and practices related to the
management of liquidity at least annually and ensure that senior management manages
liquidity risk effectively.
 Principle 4
A bank should incorporate liquidity costs, benefits and risks in the internal pricing, performance
measurement and new product approval process for all significant business activities (both on-
and off-balance sheet), thereby aligning the risk-taking incentives of individual business lines
with the liquidity risk exposures their activities create for the bank as a whole.
Governance of liquidity risk

98
 Principle 5
A bank should have a sound process for identifying, measuring, monitoring and controlling
liquidity risk. This process should include a robust framework for comprehensively
projecting cash flows arising from assets, liabilities and off-balance sheet items over an
appropriate set of time horizons.
 Principle 6
A bank should actively monitor and control liquidity risk exposures and funding needs
within and across legal entities, business lines and currencies, taking into account legal,
regulatory and operational limitations to the transferability of liquidity.
 Principle 7
A bank should establish a funding strategy that provides effective diversification in the sources
and tenor of funding. It should maintain an ongoing presence in its chosen funding markets and
strong relationships with funds providers to promote effective diversification of funding sources.
A bank should regularly gauge its capacity to raise funds quickly from each source. It should
identify the main factors that affect its ability to raise funds and monitor those factors closely to
ensure that estimates of fund raising capacity remain valid.
Measurement and Management of Liquidity Risk

99
 Principle 8
A bank should actively manage its intraday liquidity positions and risks to meet payment
and settlement obligations on a timely basis under both normal and stressed conditions
and thus contribute to the smooth functioning of payment and settlement systems.
 Principle 9
A bank should actively manage its collateral positions, differentiating between
encumbered and unencumbered assets. A bank should monitor the legal entity and
physical location where collateral is held and how it may be mobilised in a timely manner.
 Principle 10
A bank should conduct stress tests on a regular basis for a variety of short-term and
protracted institution-specific and market-wide stress scenarios (individually and in
combination) to identify sources of potential liquidity strain and to ensure that current
exposures remain in accordance with a bank’s established liquidity risk tolerance. A bank
should use stress test outcomes to adjust its liquidity risk management strategies, policies,
and positions and to develop effective contingency plans.

100
 Principle 11
A bank should have a formal contingency funding plan (CFP) that clearly sets out the
strategies for addressing liquidity shortfalls in emergency situations. A CFP should outline
policies to manage a range of stress environments, establish clear lines of responsibility,
include clear invocation and escalation procedures and be regularly tested and updated to
ensure that it is operationally robust.
 Principle 12
A bank should maintain a cushion of unencumbered, high quality liquid assets to be held
as insurance against a range of liquidity stress scenarios, including those that involve the
loss or impairment of unsecured and typically available secured funding sources. There
should be no legal, regulatory or operational impediment to using these assets to obtain
funding.
◦ The principle 13 talks about public disclosure and principle 14 to 17 talks about the role of
supervisors.

101

102
Purpose
It’s critical for a bank to establish an appropriate set of liquidity risk measures (or liquidity
ratios) so as to facilitate the bank in monitoring and controlling liquidity risk. The main
purpose of liquidity risk measures is to enable the entity to capture various aspects of
liquidity risk, such as deposit concentration, level of highly liquid financial assets and
amount of undrawn commitments.
Key Liquidity Ratios
• Liquidity Ratio – defined as the ratio of total liquid assets to total short term (less than 1
year) liabilities.
• Loan to Deposit Ratio – defined as the ratio of of total non-bank loans to the total 3rd
party deposits, but excluding interbank deposits.
• CASA to Total Deposit Ratio – defined as the ratio of the total current and savings
account deposits to total deposits.
• Interbank Deposit to Total Liabilities Ratio – defined as the ratio of the short term
interbank deposits to total liabilities.
Measurement of Liquidity Risk

103
Other Liquidity Ratios to Consider
• Core Deposit Ratio
• Secondary Reserve Ratio
• Head Office Excess Cash Reserve Ratio
• Large Fund Provider / Total Deposits Ratio
• Total Undrawn Commitments
• Maximum Cash Outflow (MCO) Limits
Cash-flow Modelling
Cash flow profiling under different operating conditions is a useful approach for
managing liquidity risk. Under this approach, a bank should put in place appropriate
system and procedures to achieve the following objectives:
◦ To monitor on a daily basis the net funding requirements under normal business
conditions.
◦ To conduct at least monthly cash flow analyses based on stress scenarios.
Measurement of Liquidity Risk

104

105
Liquidity Risk Limits and Reports
Limit Purpose
Liquidity Ratio Limits To facilitate in monitoring the extent to which it can liquidate assets to cover short-term liabilities.
Loan-to-Deposit Ratio Limits
To facilitate in monitoring the extent of its reliance on external funding sources as compared with
non-bank deposits.
Wholesale Deposits Ratio Limits To facilitate in monitoring deposit concentration with respect to non-retail and non-bank deposits.
Liquidity Gap Ratio Limits To facilitate in monitoring its contractual cumulative cash-flow over the next 90 days.
Core Deposit Ratio Limits To facilitate in monitoring the stability of its deposit base.
Secondary Reserves Ratio Limits
To monitor whether a bank maintains sufficient amount of highly liquid assets as secondary
reserves.
Head Office Excess Cash Reserve
Ratio Limits
To ensure that on a bank-wide basis, a bank maintains sufficient cash in the clearing accounts for
daily clearing.
Large Fund Provider / Total Deposits
Ratio Limits
To facilitate in monitoring the stability and reliance on external funding sources as compared to
total deposit base.
Interbank Deposit Ratio Limits To facilitate in monitoring its deposit concentration with respect to interbank deposits.
Total Undrawn Commitment Limits To facilitate in monitoring the total undrawn commitments granted to its customers.
Maximum Cash Outflow (“MCO”)
Limits
To facilitate in monitoring the potential cash outflows projected by the behavioral cash flow
models over the next business day and next week and under the business-as-usual conditions.
A set of MCO limits should be imposed for each major currency in which a bank operates in. a
separate set of MCO limits should also be imposed for stress testing purposes (see below).
Stress MCO Limits
These limits are used to facilitate in monitoring the potential cash outflows projected by the
behavioral cash flow models over the next 5 business days under stressful conditions.
A set of MCO limits shall be imposed for each major currency in which a bank operates in.

106
A Sample of Structural Liquidity Flow

107
A Sample of Liquidity Coverage Ratio Report

108

109
Liquidity Stress Testing
 Required under ALM Policy on Funding & Liquidity Risk
Management
 Ensure sufficient diversified funding sources
 Liquidity Stress Testing should include key liquidity metrics:
 Liquidity Ratios
 Loans to Deposits
 Bank Policy Metrics
 Liquidity Coverage Ratio (LCR)
 Net Stable Funding Ratio (NSFR)

110
Liquidity Stress Testing
Contractual and modeled
Cash Flows
Scenario Analysis
aggregation
Cash Flow Profile of Assets
Liability Roll-over Vectors
Liquidity Gap
Asset Liquidation and
Counterbalancing
Net Liquidity Position
resulting from Scenario
parameterization
+
=
+
=

111

112
Contingency Funding Plan
The liquidity contingency plan mentions alternative funding sources if
current projections of funding sources and uses are not correct.
The contingency plan will act as the bridge between the actual liquidity that
is being held by a bank and the maximum that would be needed in the event
of a run on liquidity.
The plan will address:
• Identifying and developing potential funding sources
• Setting up plans for assigning responsibilities under various defined
hypothetical liquidity situations.
• Predefining triggers that would initiate liquidity management and
remedial action plans.

113
SCOPE
The scope of Contingency Funding Plan (CFP) is to build an action plan to
tackle stressed conditions of liquidity due to some factors from the market
impacting on a bank.
Funding sources used to solve stressed liquidity will be referenced to
Liquidity Policy Manual of a bank.
PURPOSE
The purpose is to come up with a well-organized action plan to be able to
control a liquidity contingency efficiently and effectively.
Identifying events resulting in a liquidity contingency and coming up with
promptly corrective actions to control the liquidity situation.

114
EARLY WARNINGS
It is very important to identify of early warnings of a liquidity contingency to
be able to come up with actions in place. A bank needs to look at following
warning signals in order to take promptly corrective actions:
• Some liquidity indicators lie on management action triggers.
• There is a general liquidity stress in the market.
• Some rumors on the market that not certified.
• Hardship in making loan disbursements.
• Hardship in finding funding sources.
• Damage or robbery occurred at HO or one of branches of a bank.
• Any liquidity problem happened with another bank/MFI in the market.
• Reports of cash deficiency at branches.

115
TRIGGER EVENTS
Some following events maybe trigger for a liquidity crisis:
- Depositors are queuing for a long row at one or some branches or at ATM
machines for withdrawals.
- Many calls from VIP customers or even from central bank requesting to
know the current status of a bank.
- Some journalists want to meet top managers of a bank for some
enquiries relating to the current status of a bank.
- Many depositors are earlier withdrawing their deposits.
- Many VIP customers request to withdraw cash with their FD accounts
abnormally.
- Many customers keep withdrawing all or very little of their balances.

116
MAIN ACTIVITIES
The CFP will include but not limited to following main activities:
• Forming a management team to face with the liquidity crisis in which
responsibilities and functions need to be clearly defined;
• Roles and responsibilities of relevant departments in case of a liquidity crisis;
• Indicators for early warnings to find out potential liquidity risk;
• The list and plan of liquid assets that are available for sale or hypothecation to
be able to convert into cash when necessary;
• The list, classification, orders of funding sources in case of a liquidity crisis in
which includes financial institutions, individuals, big corporations with
estimated deposits to be mobilized as well as the strategy to remain the
relationship according to the importance and scope;
• Funding sources mobilized from central bank through OMO;
• Plan for assets and liabilities in case of a liquidity crisis;
• Plan for internal and external communication when a liquidity crisis exists;

117
Liquidity Funding Plan
 Review AFS marketable securities, reliability and ability to liquidate or make
REPOs with central bank under a liquidity crisis.
 Review the structure of other assets as well as the liquidity degree of them.
 Review other available sources of funds on money market and capital market.
Money Market
• Term deposits.
• Repos.
• Swap.
NBC
• Repos T-Notes with central bank.
• Any bailouts with some assets to be discounted.
Vault Cash

118
Reporting
• Daily MCO Report & Unencumbered assets Report.
• Maturity Mismatch Report with local currency and FCY.
• Duration Gap Report on the balance sheet.
• Daily MCO Report in details with products impacted by the contingency.
• Report on reserve requirements on both local currency and FCY.
• Report on FX position.
• Report on forecast of depositors’ behaviors.
Funding Sources
• Review all external funding sources including interbank lines.
• Review the capital structure and adjust the durations of assets and
liabilities components.
• Call for funds from FX markets.
• Contact with potential partners in funding the bank.

OVERVIEW OF INTEREST RATE RISK MANAGEMENT
IN BANKING BOOK
 KEY PRINCIPLES OF INTEREST RATE RISK MANAGEMENT IN
BANKING BOOK
 INTEREST RATE RISK MEASUREMENT IN BANKING BOOK
 INTEREST RATE RISK LIMITS AND REPORTS
 INTEREST RATE RISK STRESS TESTING
119

Management Principles of Interest Rate Risk in
Banking Book (IRRBB)
120
 Definition
Interest rate risk is a bank’s exposure to adverse movements in interest rates.
Interest rate risk in the banking book (IRRBB) more specifically refers to the
current or prospective risk to the bank’s capital and earnings arising from adverse
movements in interest rates that affect the institution’s banking book positions.
When interest rates change, the present value and timing of future cash flows
change. This in turn changes the underlying value of a bank’s assets, liabilities and
off-balance sheet instruments and hence its economic value (EV).
 Banking and supervisory practices
According to a survey of supervisory and regulatory practices with respect to
IRRBB among member jurisdictions of the Committee, most jurisdictions employ
a Pillar 2 approach based on an economic value (EV) or economic value of equity
(EVE) 10 measure, together with some version of Pillar 3 or other disclosure
standard. IRRBB frameworks in these jurisdictions are typically applied to all legal
entities.
Source: Interest Rate Risk in the Banking Book (BCBS, Jun 2015)

121
 Principle 1
IRRBB is an important risk for all banks that should be specifically identified,
measured, monitored and controlled.
 Principle 2
The board of directors of each bank is responsible for oversight of the IRRBB risk
management framework, and for agreeing the bank’s risk appetite for IRRBB.
Directors should collectively have adequate knowledge and understanding of
IRRBB for this task. Monitoring and management of IRRBB may be delegated by
the board to appropriate expert individuals or groups/committees.
 Principle 3
The risk appetite of a bank for IRRBB should be calibrated in terms of both risk
economic value and risk to earnings. Risk appetite should be expressed though
appropriate policy limits and internal controls.

122
 Principle 4
Measurement of IRRBB should be based on outcomes for both economic value
and earnings arising from a wide and appropriate range of interest rate shock
scenarios (including stress scenarios) that result in changes to interest rates
across the term structure.
 Principle 5
In measuring IRRBB, key behavioral and strategic assumptions should be fully
understood, conceptually sound and documented. Such assumptions should be
rigorously tested and should be aligned with the corporate plan. Assumptions
should not be adjusted sole to take account of expectations for changes in
interest rates.
 Principle 6
Measurement systems and models used for IRRBB should be based on complete
and accurate data, and subject to appropriate documentation, testing and
controls to give assurance on the accuracy of calculations. Models used to
measure IRRBB should be comprehensive and covered by strong internal
validation process.

123
 Principle 7
Measurement outcomes of IRRBB levels and hedging strategies should be
reported to management and the board on a regular basis, at relevant levels of
aggregation (by consolidation level and currency)
 Principle 8
Information on IRRBB positions and limits should be reported to supervisors
when requested and public disclosure should be made on a regular basis
 Principle 9
Internal capital should be specifically allocated to IRRBB as approved by the
board, in line with the agreed risk appetite.

IN BANKING BOOK
BANKING BOOK
124

Measurement of Interest Rate Risk in Banking
Book (IRRBB)
125
• The purposes of measuring IRRBB
▫ establish the amount of economic capital to be held against such risks
▫ how to reduce the risks by buying or selling interest-rate-sensitive
instruments
• Although ALM risk is a form of market risk, it cannot be effectively
measured using the trading- VaR framework
• This VaR framework is inadequate for two reasons.
▫ first, the ALM cash flows are complex functions of customer behavior.
▫ second, interest-rate movements over long time horizons are not well
modeled by the simple assumptions used for VaR.

Book (IRRBB)
126
• Banks use three alternative approaches to measure ALM interest-rate
risk, as listed below:
▫ Gap reports
▫ Rate-shift scenarios
▫ Simulation methods similar to Monte Carlo VaR
• GAP REPORTS
▫ The “gap” is the difference between the cash flows from assets and
liabilities
▫ Gap reports are useful because they are relatively easy to create
▫ This measure is only approximate because gap reports do not include
information on the way customers exercise their implicit options in
different interest environments
▫ There are three types of gap reports: contractual maturity, re-pricing
frequency, and effective maturity.

Book (IRRBB)
127
• Contractual-Maturity Gap Reports
▫ A contractual-maturity gap report indicates when cash flows are
contracted to be paid for liabilities, it is the time when payments would
be due from the bank, assuming that customers did not roll over their
accounts.
▫ For example, the contractual maturity for checking accounts is zero
because customers have the right to withdraw their funds immediately.
▫ The contractual maturity for a portfolio of three-month certificates of
deposit would (on average) be a ladder of equal payments from zero to
three months.
▫ The contractual maturity for assets may or may not include
assumptions about prepayments. In the most simple reports, all
payments are assumed to occur on the last day of the contract.

Book (IRRBB)
128
• Re-pricing Gap Reports
▫ Re-pricing refers to when and how the interest payments will be reset
• Effective-Maturity Gap Reports
▫ Although the re-pricing report includes the effect of interest-rate
changes, it does not include the effects of customer behavior.
▫ This additional interest-rate risk is captured by showing the effective
maturity.
▫ For example, the effective maturity for a mortgage includes the expected
prepayments, and may include an adjustment to approximate the risk
arising from the response of prepayments to changes in interest rates.
▫ Gap reports give an intuitive view of the balance sheet, but they
represent the instruments as fixed cash flows, and therefore do not allow
any analysis of the nonlinearity of the value of the customers' options. To
capture this nonlinear risk requires approaches that allow cash flows to
change as a function of rates.

Book (IRRBB)
129
• Estimating Economic Capital Based on Gap Reports

IN BANKING BOOK
BANKING BOOK
130

131
IRRBB Limits and Reports
 Position Limits. Any position limit imposed should be consistently monitored on a
daily basis against its applicable set of positions.
 Re-pricing Gap Limits. Re-pricing gap limits, by tenor bucket, should be monitored
against the net re-pricing gap observed in each re-pricing bucket as measured in the
static re-pricing gap analysis.
 Interest Rate PV01 Limits. This measures the maximum change in value as a result of a
basis point change in interest rate. It provides the most specific measure of
diminution in value due to interest rate risk. The entity should apply different levels of
interest rate shocks and set specific PV01 limits for its portfolios.
 NII and EVE Limits
 NII limit should be compared against the largest drop in NII estimated in the dynamic NII
simulation under various interest rate scenarios.
 EVE limit should be compared against the largest drop in EVE estimated in the static EVE
simulation under various interest rate scenarios.
 NII stress limit should be compared against the largest drop in NII estimated in the NII stress
testing under various interest rate stress scenarios.

132
The data as at 31-Dec-20XX (equivalents in USD Million) (based on residual tenors)
Maturity / Re-pricing < 1M 1M-3M >3M-6M >6M-9M >9M-12M >1Y-2Y >2Y-3Y >3Y
RATE-SENSITIVE ASSETS (RSA)
Cash on hand 10,089 - - - - - - -
Balances with the NBC 60,834 2,500 - - - - - -
Balances with other banks 63,244 4,050 200 - - - - -
Loans and advances 122 200 730 1,487 2,438 21,087 42,751 177,321
Total RSA 154,290 6,750 930 1,487 2,438 21,087 42,751 177,321
RATE-SENSITIVE LIABILITIES (RSL)
Deposits from non-individuals 17,275 24,674 12,026 7,143 14,583 - - -
Deposits from individuals 44,420 43,803 48,657 58,329 46,041 21,324 2 2
Borrowings - - - - 10,000 - 6,000 -
Total RSL 61,695 68,477 60,683 65,472 70,624 21,324 6,002 2
Dollar Gap 72,595 -61,727 -59,753 -63,986 -68,186 -237 36,749 177,319
Dollar Gap Cum. 72,595 10,868 -48,885 -112,871 -181,057 -181,293 -144,544 32,774
Interest Sensitivity Ratio 2.2 0.1 0.0 0.0 0.0 1.0 7.1
Dollar Gap % Liabilities 20.5% -17.4% -16.9% -18.1% -19.2% -0.1% 10.4% 50.1%
Dollar Gap % Assets 16.7% -14.2% -13.7% -15.7% -0.1% 8.4% 11.1% 18.7%

133
The data as at 31-Dec-20XX (equivalents in USD Million)
Maturity / Re-pricing Date USD KHR THB Total
RATE-SENSITIVE ASSETS (RSA)
Cash on hand 9,367 551 171 10,089
Cash in banks 168,274 2,300 195 170,769
Loans and advances 242,763 5,823 6,076 254,662
Total RSA 420,404 8,673 6,443 435,520
RATE-SENSITIVE LIABILITIES (RSL)
Deposits from non-individuals 64,718 6,314 4,669 75,701
Deposits from individuals 261,622 533 424 262,579
Borrowings 16,000 - - 16,000
Total RSL 342,341 6,847 5,093 354,280
FX Gap Position 78,063 1,826 1,350 81,239
FX Gap Position % Assets 17.9% 0.4% 0.3% 18.7%

IN BANKING BOOK
BANKING BOOK
134

IRRBB Stress Testing
135
• Rate-shift scenarios attempt to capture the nonlinear behavior of
customers.
• A common scenario test is to shift all rates up by 1%. After shifting
the rates, the cash flows are changed according to the behavior
expected in the new environment
• For example, mortgage prepayments may increase, some of the
checking and savings accounts may be withdrawn, and the prime
rate may increase after a delay.
• The NPV of this new set of cash flows is then calculated using the
new rates.

136
• As an example, let us consider a bank with $90 million in savings
accounts and $100 million in fixed-rate mortgages. Assume that the
current interbank rate is 5%, the savings accounts pay 2%, and the
mortgages pay 10%. The expected net income over the next year is $8.2
million:
Interest Income = 10% x $100M - 2% x $90M = $8.2M
• If interbank rates move up by 1 %, assume that savings customers will
expect to be paid an extra 25 basis points, and 10% of them will move
from savings accounts to money-market accounts paying 5%. Nothing
will happen to the mortgages. In this case the expected income falls
slightly to $7.5 million:
Interest Income = 10% x $100M - 2.25% x $81M - 5% x $9M = $7.5M
• Now assume that interbank rates fall by 1 %. Savings customers are
expected to be satisfied with 25 basis points less, but 10% of the
mortgages are expected to prepay and refinance at 9%. The expected
income in these circumstances is $8.3 million:
Interest Income = 10% x $90M + 9% x $10M - 1.75% x $90M = $8.3M

137
• The example above shows the nonlinear change of income. We can extend this to
show changes over several years. By discounting these changes, we can get a
measure of the change in value.
• An approximate estimate of the economic capital can be obtained by assuming
that rates shift up or down equal to three times their annual standard deviation,
and then calculating the cash flows and value changes in that scenario. The
economic capital is then estimated as the worst loss from either the up or down
shifts.
• The rate-shift scenarios are useful in giving a measure of the changes in value and
income caused by implicit options, but they can miss losses caused by complex
changes in interest rates such as a shift up at one time followed by a fall. To
capture such effects properly we need a simulation engine that assesses value
changes in many scenarios.
• The purpose of using simulation methods is to test the nonlinear effects with
many complex rate scenarios and obtain a probabilistic measure of the economic
capital to be held against ALM interest-rate risks.
• Monte Carlo simulation can use the same behavior models as the rate-shift
scenarios. The difference is that in a simulation, the scenarios are complex, time-
varying interest-rate paths rather than simple yield-curve shifts.

OVERVIEW OF OPERATIONAL RISK MANAGEMENT
 KEY PRINCIPLES OF OPERATIONAL RISK MANAGEMENT
 RISK ASSESSMENT TOOLS
 KEY RISK INDICATORS
 CAPTURING OPERATIONAL RISK INCIDENTS
 OVERVIEW OF TECHNOLOGY RISK
 OVERVIEW OF VENDOR RISK
 INSURANCE PROGRAM
138

Definition of Operational Risk
Current Basel II definition is “the risk of loss resulting from
inadequate or failed internal processes, people and systems
or from external events”
 Includes both internal and external event risk
 Legal risk is also included, but strategic, reputational and systemic
risks are not
 Direct losses are included, but indirect losses (opportunity costs) and
near misses are not
Key Principles of Operational Risk Management
139

Drivers of Operational Risk
 Internal Process
Losses that have incurred due to a deficiency in an existing procedure, absence
of a procedure or failure to follow any existing procedure.
 People
The risk that people do not follow the organization's policies, procedures or
established practices or are not adequately trained to carry out their duties,
resulting in errors, omissions.
 Systems
Risks relating to systems are: system availability, virus attacks, data corruption,
data integrity, confidential client information compromised etc.
 External Events
External fraud, natural disaster, terrorist attacks etc.
140

Source: Principles for the Sound Management of Operational Risk (BCBS, Jun 2011)
141

142

143

144

A Sample of Operational Risk Heatmap
145

146

Operational
Risk
Identification of Risk Events
• Assessment and evaluation
• Scenario analysis
• Questionnaires
Insurance
Business
Continuity
Planning
Control Self-
Assessment
Operational
Risk Capital
Calculation
Risk Assessment Tools in Flow
Risk Assessment Tools
147

Operational
Risk
Control Activities
• CSA process
• Review control weaknesses
• Track actions
• Link control evidence to risks
• Review incidents as evidence of control failures
Insurance
Business
Continuity
Planning
Control Self-
Assessment
Operational
Risk Capital
Calculation
148

Operational
Risk
Mitigation of Operational Risks
• Crisis Management Team & Plan
• Incident Management Teams
• Crisis Management Centre
• Work-Area Recovery
• Disaster Recovery strategy
Insurance
Business
Continuity
Planning
Control Self-
Assessment
Operational
Risk Capital
Calculation
149

Operational
Risk
Risk Transfer
• Placement
• Claims Handling
• Specific perils e.g. Buildings/Contents, Business Interruption Insurance,
Transit Insurance, Fidelity Insurance
• Advice & Guidance
Insurance
Business
Continuity
Planning
Control Self-
Assessment
Operational
Risk Capital
Calculation
150

Operational
Risk
Capital Charge Calculation
• Apply specific methods for calculations
• Planning
Insurance
Business
Continuity
Planning
Control Self-
Assessment
Operational
Risk Capital
Calculation
151

Purpose
Vision
5-Year Strategic
Plan
Strategy
Core
Processes
Critical
Systems
Colleagues
External Events
i.e. Calamities,
Terrorism
Change agenda
Bottom-up
Operational Risk
Profile
Scenarios
Top-down
Operational Risk
Profile
Facilities
Operational
Risk Capital
Operational
Risk Appetite
Business Continuity
Incident & Near-Miss
Reporting
Resilience
Work-Area
Recovery
Disaster
Recovery
Incident & Crisis
Management
Insurance
Programme
Operational Risk strategy and plan
ReportingSuppliers &
Outsource Vendors
Operational Risk
End-to-end Process
view
Key Controls
Control Self-
Assessment
Policies
Claims
152

153
Risk Register Template for Event Identification and Risk Assessment
RISK IDENTIFICATION INHERENT RISK ASSESSMENT
No.
RISK
CATEGORY
RISK/THREAT TO BE IDENTIFIED
SCOPE LIKELIHOOD IMPACT SEVERITY
1 Operational
The risk of AML, KYC & Black Person
Compliance will severe impact on Bank-wide.
Bank-wide Possible (3) High (4) High
2 Operational
The risk of misconduct on Account Opening
will moderately impact on Operation
function.
Bank-wide Possible (3) High (4) Medium
RISK IDENTIFICATION RESIDUAL RISK ASSESSMENT
No.
RISK
CATEGORY
RISK/THREAT TO BE IDENTIFIED RISK
TOLERANCE
RISK
RESPONSE
CONTROL ACTIVITIES
1 Operational
The risk of AML, KYC & Black
Person Compliance will severe
impact on Bank-wide.
<12 Mitigate
Using policies, checklists, checks
and trainings.
IT procedures/reports are in place.
2 Operational
The risk of misconduct on Account
Opening will moderately impact on
Operation function.
<12 Mitigate
Using policies, checklists, checks
and trainings

154

Key Performance Indicators (KPIs)
Used for managers to monitor
business performance to assure
that the business operations are
followed and congruent with
business objectives.
Key Risk Indicators (KRIs)
Used for forecast purpose and to
facilitate for managers to be able
to manage risks and threats in
the future and not just for
recent incidents/risks.
Key Risk Indicators
155

Definition of Key Risk Indicator (KRI)
Indicator: is a figure presented as a number or a percentage originating
from a series of events that are observed and implementable with
relevant changes.
Therefore, KRI is a combination of indicator and the risk perspective to
come up with a measurement of early risk warnings.
Key Risk Indicators for a banking institution will come from different
branches and various departments at HO such as IT, HR, Finance, Risk,
Credit, Operations, Legal & Compliance, Marketing, Internal Audit.
Key Risk Indicators
156

Key Risk Indicators - Key Traits
1. KRIs should imply an ability to forecast with
potential risk factors and should be
quantifiable.
2. After establishing KRIs, we need to
adequately collect data on time with the
cheapest cost.
3. The data needs to be analyzed and
monitored to identify the heat map of
operational risks.
4. Indicators need to be evaluated periodically
to assure the reliability and long-term
management.
5. KRIs need to be updated when we have
changes in the business environment.
1. Identify
& Define
2. Collect
data
3. Analyze
& Monitor
4.
Evaluation
5. Update
& Adjust
Key Risk Indicators
157

Key Risk Indicators - Sequential Cycles
Control Self-
Assessment
Business
Impact
KRI
Identification
Data Recording
Analysis of
Indicators
Reporting
Adjustment &
Update KRIs
Control Self-
Assessment
Key Risk Indicators
158

Key Risk Indicators - Setting Thresholds
1. So much data to do analysis,
and we need ORM unit to
evaluate the heat map of
operational risks.
2. Set up thresholds to filter
data to focus on excesses of
permitted limits.
3. Improve the efficacy of
analyses.
4. Data for categorizing risks
will facilitate to identify the
heat map of operational
risks.
Threshold
Low Risk Medium Risk High Risk
Key Risk Indicators
159

160

Risk Management Essentials for Bankers

Risk Management Essentials for Bankers

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Risk Management Essentials for Bankers

Similar to Risk Management Essentials for Bankers (20)

Recently uploaded

Recently uploaded (20)

Risk Management Essentials for Bankers