Risk is the potential for the occurrence of a loss (“potential negative effect on an asset that may derive from given processes in progress or given future events.”), but importantly risk attaches to i.e. risk cannot be separated from growth opportunities. Banks in the process of financial intermediation are confronted with various kinds of financial and non-financial risks viz., credit, interest rate, liquidity, foreign exchange rate, equity price, commodity price, legal, regulatory, reputational, operational, etc. These risks are highly interdependent and events that affect one area of risk can have ramifications for a range of other risk categories. Thus, top management of banks should attach considerable importance to improve the ability to identify measure, monitor and control the overall level of risks undertaken.
Ideally Risk Management function should cover:
a. Well defined organizational structure;
b. Comprehensive risk measurement approach;
c. Comprehensive risk management policies approved by the Board which should be consistent with the broader business strategies, capital strength, management expertise and overall willingness to assume risk;
d. Guidelines and other parameters used to govern risk taking including detailed structure of prudential limits;
e. Robust MIS for reporting, monitoring and controlling risks;
f. Well laid out processes, effective control and comprehensive risk reporting framework;
g. Separate risk management framework independent of operational departments and with clear delineation of levels of responsibility for management of risk;
h. Timely assessments
Risk Management Structure:
The primary responsibility of understanding the risks run by the bank and ensuring that the risks are appropriately managed should clearly be vested with the Board of Directors. The Board should set risk limits by assessing the bank’s risk and risk- bearing capacity. At organizational level, overall risk management should be assigned to an independent Risk Management Committee or Executive Committee of the top Executives that reports directly to the Board of Directors. The functions of Risk Management Committee should essentially be to identify, monitor and measure the risk profile of the bank. The Committee should also develop policies and procedures, verify the models that are used for pricing complex products, review the risk models as development takes place in the markets and also identify new risks. The Committee should design stress scenarios to measure the impact of unusual market conditions and monitor variance between the actual volatility of portfolio value and that predicted by the risk measures. The Committee should also monitor compliance of various risk parameters by operating Departments
A prerequisite for establishment of an effective risk management system is the existence of a robust MIS, consistent in quality. The existing MIS, however, requires substantial upgradation and strengthening of the data collection machinery to ensure the integrity and reliability of data. The risk management is a complex function and it requires specialised skills and expertise. As the domestic market integrates with the international markets, the banks should have necessary expertise and skill in managing various types of risks in a scientific manner.
Credit risk or default risk involves inability or unwillingness of a customer or counterparty to meet commitments in relation to lending, trading, hedging, settlement and other financial transactions. The Credit Risk is generally made up of transaction risk or default risk and portfolio risk. The portfolio risk in turn comprises intrinsic and concentration risk.
The credit risk of a bank’s portfolio depends on both external and internal factors.
The external factors are the state of the economy, wide swings in commodity/equity prices, foreign exchange rates and interest rates, trade restrictions, economic sanctions, Government policies, etc.
The internal factors are deficiencies in loan policies/administration, absence of prudential credit concentration limits, inadequately defined lending limits for Loan Officers/Credit Committees, deficiencies in appraisal of borrowers’ financial position, excessive dependence on collaterals and inadequate risk pricing, absence of loan review mechanism and post sanction surveillance, etc.
Another variant of credit risk is counterparty risk.
The counterparty risk arises from non- performance of the trading partners. The non-performance may arise from counterparty’s refusal/inability to perform due to adverse price movements or from external constraints that were not anticipated by the principal. The counterparty risk is generally viewed as a transient financial risk associated with trading rather than standard credit risk.
The management of credit risk should receive the top management’s attention and the process should encompass:
a. Measurement of risk through credit rating/scoring;
b. Quantifying the risk through estimating expected loan losses i.e. the amount of loan losses that bank would experience over a chosen time horizon (through tracking portfolio behaviour over 5 or more years) and unexpected loan losses i.e. the amount by which actual losses exceed the expected loss (through standard deviation of losses or the difference between expected loan losses and some selected target credit loss quantile);
c. Risk pricing on a scientific basis;
d. Controlling the risk through effective Loan Review Mechanism and portfolio management.
The credit risk management process should be articulated in the bank’s Loan Policy, duly approved by the Board. Each bank should constitute a high level Credit Policy Committee, also called Credit Risk Management Committee or Credit Control Committee etc. to deal with issues relating to credit policy and procedures and to analyse, manage and control credit risk on a bank wide basis. The Committee should, inter alia, formulate clear policies on standards for presentation of credit proposals, financial covenants, rating standards and benchmarks, delegation of credit approving powers, prudential limits on large credit exposures, asset concentrations, standards for loan collateral, portfolio management, loan review mechanism, risk concentrations, risk monitoring and evaluation, pricing of loans, provisioning, regulatory/legal compliance, etc. The credit risk management department should also lay down risk assessment systems, monitor quality of loan portfolio, identify problems and correct deficiencies, develop MIS and undertake loan review/audit.
Credit Risk Management encompasses management techniques, which help the banks in mitigating the adverse impacts of credit risk:
1. Carefully formulated scheme of delegation of powers i.e. Credit Approving Authority
2. Prudential limits, single/group borrower limits, should be laid down, maximum exposure limits to industry, sector
3. Comprehensive risk scoring / rating system
4. Risk-return pricing and Risk Adjusted Return on Capital (RAROC) framework for pricing of loans
5. Periodic monitoring/ evaluation of the loan portfolio
6. Loan Review Mechanism for large value accounts, formulate Loan Review Policy and it should be reviewed annually by the Board
7. The proposals for investments banking should also be subjected to the same degree of credit risk analysis, as any loan proposals
8. Adequate framework for managing their exposure in off-balance sheet products like forex forward contracts, swaps, options, etc.
9. Framework for Inter-bank Exposure and Country Risk
With progressive deregulation, market risk arising from adverse changes in market variables, such as interest rate, foreign exchange rate, equity price and commodity price has become relatively more important. Even a small change in market variables causes substantial changes in income and economic value of banks.
Market risk takes the form of:
a. Liquidity Risk
b. Interest Rate Risk
c. Foreign Exchange Rate (Forex) Risk
d. Commodity Price Risk and
e. Equity Price Risk
The Boards should clearly articulate market risk management policies, procedures, prudential risk limits, review mechanisms and reporting and auditing systems. The policies should address the bank’s exposure on a consolidated basis and clearly articulate the risk measurement systems that capture all material sources of market risk and assess the effects on the bank. The operating prudential limits and the accountability of the line management should also be clearly defined.
The Asset-Liability Management Committee (ALCO) should function as the top operational unit for managing the balance sheet within the performance/risk parameters laid down by the Board. The banks should also set up an independent Middle Office to track the magnitude of market risk on a real time basis. The Middle Office should comprise of experts in market risk management, economists, statisticians and general bankers and may be functionally placed directly under the ALCO. The Middle Office should also be separated from Treasury Department and should not be involved in the day to day management of Treasury. The Middle Office should apprise the top management / ALCO / Treasury about adherence to prudential / risk parameters and also aggregate the total market risk exposures assumed by the bank at any point of time.
Liquidity is the ability to efficiently accommodate deposit and other liability decreases, as well as, fund loan portfolio growth and the possible funding of off-balance sheet claims. A bank has adequate liquidity when sufficient funds can be raised, either by increasing liabilities or converting assets, promptly and at a reasonable cost. It encompasses the potential sale of liquid assets and borrowings from money, capital and forex markets. Thus, liquidity should be considered as a defence mechanism from losses on fire sale of assets.
The liquidity risk in banks manifest in different dimensions:
Funding Risk – need to replace net outflows due to unanticipated withdrawal/non-renewal of deposits (wholesale and retail)
Time Risk- need to compensate for non-receipt of expected inflows of funds, i.e. performing assets turning into non-performing assets; and
Call Risk - due to crystallisation of contingent liabilities and unable to undertake profitable business opportunities when desirable.
The first step towards liquidity management is to put in place an effective liquidity management policy, which, inter alia, should spell out the funding strategies, liquidity planning under alternative scenarios, prudential limits, liquidity reporting / reviewing, etc.
Liquidity measurement is quite a difficult task and can be measured through stock or cash flow approaches. Apart from this banks adopt key ratios, which are followed across the banking system
In addition to this Banks should prepare Contingency Funding Plans to measure their ability to withstand bank-specific or market crisis scenario.
Interest Rate Risk (IRR)
Interest Rate Risk (IRR) refers to potential impact on NII or NIM or Market Value of Equity (MVE), caused by unexpected changes in market interest rates. The management of Interest Rate Risk should be one of the critical components of market risk management in banks. The regulatory restrictions in the past had greatly reduced many of the risks in the banking system. Deregulation of interest rates has, however, exposed them to the adverse impacts of interest rate risk. The Net Interest Income (NII) or Net Interest Margin (NIM) of banks is dependent on the movements of interest rates. Any mismatches in the cash flows (fixed assets or liabilities) or repricing dates (floating assets or liabilities), expose banks’ NII or NIM to variations. The earning of assets and the cost of liabilities are now closely related to market interest rate volatility. Interest Rate Risk can take different forms:
1. Gap or Mismatch Risk
2. Basis Risk
3. Embedded Option Risk
4. Yield Curve Risk
5. Price Risk
6. Reinvestment Risk
7. Net Interest Position Risk
Foreign Exchange (Forex) Risk
Forex risk is the risk that a bank may suffer losses as a result of adverse exchange rate movements during a period in which it has an open position, either spot or forward, or a combination of the two, in an individual foreign currency. The risk inherent in running open foreign exchange positions have been heightened in recent years by the pronounced volatility in forex rates, thereby adding a new dimension to the risk profile of banks’ balance sheets. The banks are also exposed to interest rate risk, which arises from the maturity mismatching of foreign currency positions.
Even in cases where spot and forward positions in individual currencies are balanced, the maturity pattern of forward transactions may produce mismatches. As a result, banks may suffer losses as a result of changes in premia/discounts of the currencies concerned.
In the Forex business, banks also face the risk of default of the counterparties or settlement risk. While such type of risk crystallization does not cause principal loss, banks may have to undertake fresh transactions in the cash/spot market for replacing the failed transactions. Thus, banks may incur replacement cost, which depends upon the currency rate movements. Banks also face another risk called time-zone risk or Herstatt risk which arises out of time-lags in settlement of one currency in one centre and the settlement of another currency in another time- zone. The Forex transactions with counterparties from another country also trigger sovereign or country risk
Forex risks can be managed by:
a. Setting appropriate limits – open positions and gap limits.
b. Establishing clear and well-defined division of responsibility between front, middle and back offices.
Managing operational risk is becoming an important feature of sound risk management practices in modern financial markets in the wake of phenomenal increase in the volume of transactions, high degree of structural changes and complex support systems. The most important type of operational risk involves breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial loss through error, fraud, or failure to perform in a timely manner or cause the interest of the bank to be compromised.
Generally, operational risk is defined as any risk, which is not categorized as market or credit risk, or the risk of loss arising from various types of human or technical error. It is also synonymous with settlement or payments risk and business interruption, administrative and legal risks. Operational risk has some form of link between credit and market risks. An operational problem with a business transaction could trigger a credit or market risk.
Indian banks have so far not evolved any scientific methods for quantifying operational risk. In the absence any sophisticated models, banks could evolve simple benchmark based on an aggregate measure of business activity such as gross revenue, fee income, operating costs, managed assets or total assets adjusted for off-balance sheet exposures or a combination of these variables.
Internal controls and the internal audit are used as the primary means to mitigate operational risk. Banks could also explore setting up operational risk limits, based on the measures of operational risk. The contingent processing capabilities could also be used as a means to limit the adverse impacts of operational risk.
Insurance is also an important mitigator of some forms of operational risk.
Risk education for familiarising the complex operations at all levels of staff can also reduce operational risk.
Banks should have well defined policies on operational risk management. The policies and procedures should be based on common elements across business lines or risks. The policy should address product review process, involving business, risk management and internal control functions.
One of the major tools for managing operational risk is the well-established internal control system, which includes segregation of duties, clear management reporting lines and adequate operating procedures. Most of the operational risk events are associated with weak links in internal control systems or laxity in complying with the existing internal control procedures.
The self-assessment could be used to evaluate operational risk along with internal/external audit reports/ratings or RBI inspection findings. Banks should endeavour for detection of operational problem spots rather than their being pointed out by supervisors/internal or external auditors.