Banks face numerous risks that must be carefully managed. The document outlines several key risks faced by banks: credit risk from loan defaults, market risk from changes in market prices, operational risk from failed internal processes, liquidity risk from inability to fund operations, and reputational risk from negative publicity. It also provides examples of how specific banks like Northern Rock and Barings faced risks that ultimately led to losses or collapse without proper risk mitigation. Effective risk management requires banks to identify, assess, prioritize and control risks, as well as purchase insurance and diversify their portfolios.

1. Risks Faced By Banks
By Karan Seth

2. What is Risk?
The basic definition of risk says that risk
is a situation involving exposure to
danger.
Risk is an uncertain event or condition
that, if it occurs, has an effect on at least
one objective.

3. Risk is the possibility of losing something of value. Values can be
gained or lost when taking risk resulting from a given action or
inaction, foreseen or unforeseen. Risk can also be defined as the
intentional interaction with uncertainty.
For example physical health, social status, emotional well-being, or
financial wealth can be gained or lost when taking risk resulting
from a given action or inaction.

4. Pure Risk
Pure risk, also called absolute risk, is a category of threat that
is beyond human control and has only one possible outcome if
it occurs: loss. Pure risk includes such incidents as natural
disasters, fire or untimely death.

5. Risk In Terms Of Finance
Financial risk is any risk associated with
financing, including financial transactions
that include company loans in risk of
default.
Financial risk is the possibility that
shareholders or other financial stakeholders
will lose money when they invest in a
company that has debt if the company's
cash flow proves inadequate to meet its
financial obligations.

6. It is often said that profit is a reward for risk bearing. Nowhere is this
truer than in the case of banking industry. Banks are literally exposed
to many different types of risks. A successful banker is one that can
mitigate these risks and create significant returns for the shareholders
on a consistent basis. Mitigation of risks begins by first correctly
identifying the risks, why they arise and what damage can they cause.
I have listed various kinds of risks that are faced by every bank.

7. Risks Faced By Banks
• Credit Risk
• Market Risk
• Operational Risk
• Liquidity Risk
• Reputational Risk
• Business Risk
• Systemic Risk
• Cybersecurity Risk
• Moral Hazard

8. Credit Risk
Credit risk is the risk that arises from the
possibility of non-payment of loans by the
borrowers. Although credit risk is largely
defined as risk of not receiving payments,
banks also include the risk of delayed
payments within this category.
The profitability of a bank is extremely
sensitive to credit risks. Hence, even if credit
risk rises by a small amount, the profitability
of the bank can get extremely impacted.
Therefore, to deal with such risks banks have
come up with a wide variety of measures.

9. Punjab National Bank Scam
On Wednesday morning, PNB informed the Bombay Stock
Exchange that it has detected some "fraudulent and unauthorised
transactions" in one of its branches in Mumbai to the tune of
$1771.69 million (approx). Following the announcement, the share
price of the State-owned bank plunged 10%. This is one the
examples of the Credit Risk faced by Punjab National Bank.

10. Market Risk
 Market Risk can be defined as the risk of losses in the bank’s
trading book due to changes in equity prices, interest rates, credit
spreads, foreign-exchange rates, commodity prices, and other
indicators whose values are set in a public market.
 It can also be defined as the risk of losses in on- or off-balance
sheet positions that arise from movement in market prices.
 Market risk is prevalent mostly amongst banks who are into
investment banking since they are active in capital markets.

11. Components of Market Risk
 Interest rate risk: Potential losses due to fluctuations in interest
rate
 Equity risk: Potential losses due to fluctuations in stock price
 Currency risk: Potential losses due to international currency
exchange rates
 Commodity risk: Potential losses due to fluctuations in prices of
agricultural, industrial and energy commodities like wheat,
copper and natural gas respectively

12. Cisco Systems Case
In a lawsuit, Cisco alleged that Huawei Technologies Company
Limited, a large Chinese networking company, copied and
misappropriated Cisco’s software, including source code,
documentation, and other copyrighted materials. Cisco claims that
Huawei’s products were such a close copy to their own that they
shared the same errors and bugs as the vendor's own products in
the same product category. While Huawei was not a partner with
Cisco—at least at the time of the accusation—the incident
highlights the potential risk of sourcing from global markets where
IP might not be as carefully guarded.

13. Operational Risk
• Operational risk occurs as the result of a failed business processes
in the bank’s day to day activities. Examples of operational risk
would include payments credited to the wrong account or
executing an incorrect order while dealing in the markets. None
of the departments in a bank are immune from operational risks.
• Operational risks arise mainly because of hiring the wrong
people or alternatively they could also occur if there is a
breakdown of the information technology systems.

14. Causes of Operational Risk
• Human risk: Potential losses due to a human error, done willingly
or unconsciously
• IT/System risk: Potential losses due to system failures and
programming errors
• Processes risk: Potential losses due to improper information
processing, leaking or hacking of information and inaccuracy of
data processing.

15. Barings Bank Case
Founded in 1762, Barings Bank was a United Kingdom institution with
worldwide reach. Even the Queen of England had an account there. In
1989, Nick Leeson was hired at Barings. He was quickly promoted to
the trading floor and appointed manager in Singapore where he traded
on the Singapore International Monetary Exchange (SIMEX). Leeson
was an aggressive trader, making large profits in speculative trading. In
1993, his profits constituted almost 10% of Barings’ total profits. In July
1992, a new Barings employee suffered a small loss on Leeson’s watch.
Leeson did not wish to lose his reputation for infallibility, or his job, so
he hid the loss in an error account. Leeson attempted to make back the
loss through speculative trading, but this led to even bigger losses,
which again were hidden in this account. He kept doubling up his bets
in an attempt to get out from under the losses. Barings, a 233-year old
bank, collapsed overnight and was bought by ING for £1.

16. Liquidity Risk
Liquidity risk can be defined as the risk of a bank not being able to
finance its day to day operations.
Liquidity risk is the risk that the bank will not be able to meet its
obligations if the depositors come in to withdraw their money.
In this system, only a percentage of the deposits received are held
back as reserves, the rest are used to create loans. Therefore, if all
the depositors of the institution came in to withdraw their money
all at once, the bank would not have enough money. This situation
is called a bank run.

17. Northern Rock Bank Case
In August 2007 the United Kingdom experienced its first bank run
in over 140 years. Although Northern Rock was not a particularly
large bank (it was at the time ranked 7th in terms of assets) it was
nevertheless a significant retail bank and a substantial mortgage
lender. In fact, ten years earlier it had converted from a mutual
building society whose activities were limited by regulation largely
to retail deposits and mortgages. Since Northern Rock failed the
world has experienced what is arguably its most serious financial
crisis ever. This resulted in a liquidity crunch, which led to the
bailout by the government and an eventual government takeover.
This is a classic example of how imprudent management of
liquidity risk can ruin a bank.

18. Reputational Risk
Reputation is an extremely important intangible asset in the
banking business.
Customers like their money to be deposited at places which they
believe follow safe and sound business practices. Hence, if there is
any news in the media which projects a given bank in a negative
light, such news negatively impacts the banks business.
Banks like JP Morgan bank, Chase bank, Citibank, Bank of
America etc have all been in the business for hundreds of years and
have stellar reputations. These reputations enable them to generate
more business more profitably.

19. Causes of Reputational Risk
• The inability of the bank to honor government/regulatory
commitments
• Nonobservance of the code of conduct under corporate
governance
• Mismanagement/Manipulation of customer records
• Ineffective customer service/after sales services

20. Citibank Case
• Citibank was recently viewed as manipulating the Forex rates via
conducting false trades with its own trading partners. When
regulators found out about Citibank’s predatory tactics, they
levied huge fines on the bank.
• Apart from the fines Citibank also lost reputation as a bank that
follows fair trade practices when the customers found out that
they tend to resort to market manipulation. Many prospective
customers may have shifted their business away from Citibank as
a result of this discovery causing monetary loss as a result of
reputation loss.

21. Business Risk
Business risk is the risk associated with the failure of a bank’s long
term strategy, estimated forecasts of revenue and number of other
things related to profitability. Long term strategies are good for
banks but they should be subject to change. The entire banking
industry is unpredictable.
Hence, there is always a risk that a given bank may choose the
wrong strategy. As a result of this wrong choice, the bank may
suffer losses and end up being acquired or may simply collapse.

22. Washington Mutual Bank Case
Washington Mutual was a conservative savings and loan bank. In
2008, it became the largest failed bank in U.S. history.
Washington Mutual did a lot of business in California. The housing
market there did worse than in other parts of the country. In 2006,
home values across the country started falling.
The second reason for Washington Mutual’s failure was that it
expanded its branches too quickly.

23. Systemic Risk
• Systemic risk arises because of the fact that the financial system
is one intricate and connected network. Hence, the failure of one
bank has the possibility to cause the failure of many other banks
as well. This is because banks are counterparties to each other in
a lot of transactions. Hence, if one bank fails, the credit risk event
for the other banks becomes a reality.
• They have to write off certain assets as a result of the failure of
their counterparty. This writing off often leads to the bankruptcy
of other banks and an unstoppable domino seems to take over.
Systemic risk is an extremely bad scenario to be in.

24. Cybersecurity Risk
Cybersecurity risk is the most prevalent IT risk in the financial
services industry. It refers to the risk undertaken by a financial
institution to keep electronic information private and safe from
damage, misuse or theft.
Cybersecurity risk is as much of a people risk as it is technology risk.
The risk arises from a range of external and internal factors at banks
such as:
• Lack of user privilege segregation
• Missing transaction business controls
• Poor password policies;
• Inadequate logical access controls
• Shortcomings in personnel vetting

25. Canadian Bank Case
In May 2018, two of Canada’s largest banks, Bank of Montreal,
and the Canadian Imperial Bank of Commerce’s Simplii Financial
confirmed hackers stole the personal and financial data of more
than 90,000 customers. Hackers have threatened to release personal
information for nearly 90,000 customers of two Canadian banks
unless the lenders pay a $1-million ransom for its safe return.
While the banks took online security measures after the hackers
contacted them, it was surprising to see that these processes were
not put in place before.

26. Moral Hazard
Moral hazard is a risk that occurs when a big bank or large
financial institution takes risks, knowing that someone else will
have to face the burden of those risks.
Moral hazard occurs when the bank decides the magnitude of the
risk to be undertaken with the knowledge that a counterparty bears
the cost of the risk taken.

27. Risk Management
Risk management is the identification, evaluation, and prioritization of
risks followed by coordinated and economical application of resources
to minimize, monitor, and control the probability or impact of
unfortunate events or to maximize the realization of opportunities.
Components of Risk Management are :
• identify, characterize threats
• assess the vulnerability of critical assets to specific threats
• determine the risk (i.e. the expected likelihood and consequences of
specific types of attacks on specific assets)
• identify ways to reduce those risks
• prioritize risk reduction measures

28. Mitigating Credit Risk
The methods can include risk based pricing, or adjusting the cost
of credit according to the credit strength of the
borrower; credit tightening, or reducing the amount
of credit available to higher risk applicants; diversification, or
increasing the portfolio mix of borrowers and
purchasing credit insurance.

29. Mitigating Market Risk
In order to be able to mitigate such risks banks simply use hedging
contracts. They use financial derivatives which are freely available
for sale in any financial market. Using contracts like forwards,
options and swaps, banks are able to almost eliminate market risks
from their balance sheet. Banks can also hire a financial planner.

30. Mitigating Operational Risk
• 4 Steps – How To Reduce Operational Risk:
• Step 1: Managing Equipment Failures.
• Step 2: Keep Strong Business to Business Relationships.
• Step 3: Having Adequate Insurance.
• Step 4: Know the Regulations.

31. Mitigating Liquidity Risk
Liquidity risk management requires mapping of cash flows for
short as well as long period, which is the basis for strategic
planning. Liquidity risk management is essential in banks and nbfc,
because matching of cash flow determine the profitability. If there
is idle fund, there is a cost. If there is shortage , borrowing from the
market is expensive. So by mapping for short and long period of
source and use of fund, it is ascertained that in which bucket there
could be shortage. For example if short term source of fund is more
than short term use, the management has to devise a product which
will result in short term increase in investment.

32. Mitigating Reputational Risk
There are six ways to mitigate reputational risk :
• Protect yourself against data breaches. ...
• Be vigilant about customer service mishaps. ...
• Keep your employees happy to prevent reputation risk. ...
• Make values truly operational. ...
• Be mindful of ethical conduct. ...
• Manage external reputation risks.

33. Mitigating Business Risk
Banks have no possible way to mitigate the risks that are created
by following inappropriate business objectives. Which objectives
were right and which were wrong.
If business changes then the insurance should also change.
Banks need to make sure that the strategies that they make should
change with time.

34. Mitigating Systemic Risk
Banks tend to leverage up to the maximum, as evidenced by the
structure of bank balance sheets. The complex network of
exposures among financial institutions creates a significant threat
that the surviving banks will lose part or all of their investment in
the collapsing bank. And, if such a failure is sudden or unexpected,
there could be losses massive enough to threaten or take down the
responding banks. Financial risk managers and regulators can also
find the intertemporal aspect of financial contracts to be a
challenge to managing systemic risk.

35. Mitigating Cybersecurity Risk
The key to mitigating the cybersecurity risk is to ensure that the
controls are applied across all business units and divisions to
ensure that no permissions to access are granted
unintentionally/without prior knowledge.
There is need to create, and then strictly enforce, some
cybersecurity policies for the employees to follow.
Banks need to make sure that all transactions take place under
expert supervision.

36. Conclusion
Banks can exercise a large degree of control over certain risks by
enabling and investing in efficient internal and external controls,
systems and processes. They can also manage some types of risk
by ensuring meticulous, tech-driven audits and compliance. Some
risks such as systemic risk, which the banks have little or no
control over, can only be mitigated if banks have a strong capital
base, to ensure a sound infrastructure.