RISK MANAGEMENT IN BANKING

A PROJECT SUBMITTED IN
PART COMPLETION OF

MASTERS OF MANAGEMENT STUDIES

TO
UNIVERSITY OF MUMBAI

BY
NAYAN THARVAL

UNDER THE GUIDANCE OF

PROF. SONALI TIPRE

THAKUR INSTITUTE OF MANAGEMENT STUDIES & RESEARCH

KANDIALI (E), MUMBAI-400101
MMS (2005-2007)

1
 CERTIFICATE

THAKUR INSTITUTE OF MANAGEMENT STUDIES

AND RESEARCH, MUMBAI

This is to certify that Mr. Nayan Tharval of TIMSR has

successfully completed the project work titled Risk

Management In Banking in

part completion for the degree of MMS prescribed by

Mumbai University

This project is the record of authentic work carried out by

him and References of work and relative sources of
information have been given at the end of the project.

___________________ _____________________

Signature of the Guide Signature of the Student

Prof. Sonali Tipre Nayan Tharval

2
 Acknowledgement

We believe that behind the ascend of each and every student lie not
only the relentless urge to work hard but also the guidance and
inspiration of their guide, co-guide and other helpful people.

With a deep sense of gratitude I would like to thank each and every
person who has contributed towards the successful completion of the
project work.

I owe a special thank to my project guide Prof. Sonali Tipre for

providing me with the valuable insights in to the projects. She
elucidated me the minute intricacies how the Banks carry out Risk
Management and Measurement of various risks that they are exposed
to.

Sincere thanks to the workforce of TIMSR, for their kind and timely
support & cooperation.

3
4
Synopsis

Market volatility, corporate irregularities and anxious capital markets

have shaken the banking industry and highlighted the perils of poor
risk management. The past decade has seen dramatic losses in the
banking industry. Firms that had been performing well suddenly
announced large losses due to credit exposures that turned sour,
interest rate positions taken, or derivative exposures that may or may
not have been assumed to hedge balance sheet risk. In response to
this, commercial banks have almost universally embarked upon an
upgrading of their risk management and control systems. Traditional
risk systems can't capture the inter-relationships between various risk
types across geographies, departments and lines of business. Since
the late 1980s, a number of large U.S. banks have invested heavily in
systems designed to measure the risks associated with their different
lines of business. Risk management in the banking sector is a key issue
linked to financial system stability.

The immediate purpose of such risk-measurement systems is to

provide bank managements with a more reliable way to determine the
amount of capital necessary to support each of their major activities
and, thus, to determine the overall leverage for the bank as a whole. A
large number of banks have implemented new performance measures
such as risk adjusted return on capital (RAROC), economic value added
(EVA) and Value at Risk (VaR) to control and price their risks. The
importance of these risk measurement tools has been greatly
magnified by regulators, such as the Federal Reserve and Bank of
England, who plan to start using these concepts to calculate the
minimum amount of capital that banks must hold. For competitive and
regulatory reasons, it is now necessary for all banks to have a sound
risk-measurement framework

5
This report aims at:

i. Explaining the basic concepts of Risk and Risk Management.

ii. Providing quick access to the whys and hows of risk
management.
iii. Providing easy-to-understand information, including equations
and examples that can be quickly applied to most risk
measurement problems.
iv. Providing information bout how risk measurement is used in
the management of risk and probability.

6
 Table of Content

Chapter Topic Page No.

No
Part – I : Risks In Banking – An Introduction
1 Introduction 9
1.1 Defining Risk 9
1.2 Defining Risk Management 9
1.3 Risk Management framework 9-10

2 Types Of Risks 11-13

3 Risk Management Systems and Procedures 14-16

4 Risk Measurement – An Introduction 17-19

4.1 Economic Capital 17
4.2 Risk Adjusted performance 18-19

Part – II : Credit Risk

5 Introduction to Credit Risk 21-27
5.1 Meaning of Credit Risk 21
5.2 Bifurcation of credit Risk 21-22
5.3 Sources of credit Risk 23
5.4 Need for Credit Risk Analysis 23-25
5.5 Quantifying credit risk 25-27

6 Types of Credit Structure 28-34

7 Credit Risk and Basel Accords 35-39

7.1 1998 Basel Accord 35-36
7.2 Basel 2 (New) accord 37-39

8 Credit Risk Measurement 40-47

8.1 EC Framework for Credit Risk Quantification 40
8.2 Calculation of EL and UL for Single 41
Facility/Loan
8.3 Determining EL and UL due to default and 42-44
Downgrades
8.4 Calculation of EL and UL for Portfolio 45
8.5 RAROC over one Year 46-47

Part – III : Market Risk

9 Introduction to Market risk 49-51
9.1 Meaning of Market risk 49
9.2 The Three Main Factors of Market Risk 49-51

7
10 Market Risk Management 52-57
10.1 Board and Senior Management Oversight 52-53
10.2 Organizational Structure for Market Risk 54-57

11 Market Risk Monitoring And Control 58-69

11.1 Risk Monitoring 58
11.2 Risk Control 58-59
Part – Part Iv Operational Risk
12 Introduction To Operational Risk 61-62
12.1 Meaning of Operational Risk 61
12.2 Operational Risk Management Principles 61-62

13 Operational Risk Management And 63

Measurement
13.1 Board And Senior Management’s Oversight 63
13.2 Operational Risk Function 64
13.3 Operational Risk Assessment and Quantification 64

8
 Part - I
Risk In Banking – An Overview

Banks are said to be in the business of making money by providing

services to customers and taking risks. In general, if a bank takes more
risk it can expect to make more money, but greater risk also increases
the danger that the bank could lose badly and be forced out of
business. Banks run their business with two goals in mind: to generate
profit and to stay in business. Banks therefore try to ensure that their
risk taking is informed and prudent. The control of that gambling is the
business of risk management.

9
10
Chapter 1 Introduction

1.1 Defining Risk:

Financial risk in a banking organization is possibility that the outcome
of an action or event could bring up adverse impacts. Such outcomes
could either result in a direct loss of earnings / capital or may result in
imposition of constraints on bank’s ability to meet its business
objectives. Such constraints pose a risk as these could hinder a bank's
ability to conduct its ongoing business or to take benefit of
opportunities to enhance its business. Risks are usually defined by the
adverse impact on profitability of several distinct sources of
uncertainty. While the types and degree of risks an organization may
be exposed to depend upon a number of factors such as its size,
complexity business activities, volume etc, it is believed that generally
the banks face Credit, Market, Liquidity, Operational, Compliance /
legal / regulatory and reputation risks.

1.2 Defining Risk Management:

Risk Management is a discipline at the core of every financial
institution and encompasses all the activities that affect its risk profile.
It involves identification, measurement, monitoring and controlling
risks. Risk management as commonly perceived does not mean
minimizing risk; rather the goal of risk management is to optimize risk-
reward trade -off.

1.3 Risk Management framework.

A risk management framework encompasses the scope of risks to be
managed, the process/systems and procedures to manage risk and the
roles and responsibilities of individuals involved in risk management.
The framework should be comprehensive enough to capture all risks a
bank is exposed to and have flexibility to accommodate any change in
business activities.

11
An effective risk management framework includes:

a) Clearly defined risk management policies and procedures covering

risk identification, acceptance, measurement, monitoring, reporting
and control.

b) A well constituted organizational structure defining clearly roles and

responsibilities of individuals involved in risk taking as well as
managing it. Banks, in addition to risk management functions for
various risk categories may institute a setup that supervises overall
risk management at the bank. Such a setup could be in the form of a
separate department or bank’s Risk Management Committee (RMC)
could perform such function. The structure should be such that ensures
effective monitoring and control over risks being taken. The individuals
responsible for review function (Risk review, internal audit, compliance
etc) should be independent from risk taking units and report directly to
board or senior management who are also not involved in risk taking.

c) There should be an effective management information system that

ensures flow of information from operational level to top management
and a system to address any exceptions observed. There should be an
explicit procedure regarding measures to be taken to address such
deviations.

d) The framework should have a mechanism to ensure an ongoing

review of systems, policies and procedures for risk management and
procedure to adopt changes.

12
Chapter 2 Types of Risks
Banks are exposed to the various kinds of risk. For e.g. Market risk,
credit risk & operational risk.

Bank operations

Market risk Operational risk Credit risk

Liquidity Forex Trading Traditional

risk risk risk risk

Interest rate risk

Pre
settlement
settlement

The risks associated with the provision of banking services differ by the
type of service rendered. Three Broad categories of Risks faced by
banks are systematic or market risk, credit risk, and operational risk.

1. Systematic risk/ Market Risk is the risk of asset value change

associated with systematic factors. It is sometimes referred to as
market risk, which is in fact a somewhat imprecise term. By its nature,
this risk can be hedged, but cannot be diversified completely away. In
fact, systematic risk can be thought of as undiversifiable risk. All
investors assume this type of risk, whenever assets owned or claims
issued can change in value as a result of broad economic factors. As

13
such, systematic risk comes in many different forms. For the banking
sector, however, two are of greatest concern, namely variations in the
general level of interest rates and the relative value of currencies.
Because of the bank's dependence on these systematic factors, most
try to estimate the impact of these particular systematic risks on
performance, attempt to hedge against them and thus limit the
sensitivity to variations in undiversifiable factors. Accordingly, most will
track interest rate risk closely. They measure and manage the firm's
vulnerability to interest rate variation, even though they can not do so
perfectly. At the same time, international banks with large currency
positions closely monitor their foreign exchange risk and try to
manage, as well as limit, their exposure to it. In a similar fashion, some
institutions with significant investments in one commodity such as oil,
through their lending activity or geographical franchise, concern
themselves with commodity price risk. Others with high single-industry
concentrations may monitor specific industry concentration risk as well
as the forces that affect the fortunes of the industry involved.

2. Credit risk arises from non-performance by a borrower. It may

arise from either an inability or an unwillingness to perform in the pre-
committed contracted manner. This can affect the lender holding the
loan contract, as well as other lenders to the creditor. Therefore, the
financial condition of the borrower as well as the current value of any
underlying collateral is of considerable interest to its bank. The real
risk from credit is the deviation of portfolio performance from its
expected value. Accordingly, credit risk is diversifiable, but difficult to
eliminate completely. This is because a portion of the default risk may,
in fact, result from the systematic risk outlined above. In addition, the
idiosyncratic nature of some portion of these losses remains a problem
for creditors in spite of the beneficial effect of diversification on total
uncertainty. This is particularly true for banks that lend in local
markets and ones that take on highly illiquid assets. In such cases, the

14
credit risk is not easily transferred, and accurate estimates of loss are
difficult to obtain.

3. Operational risk is associated with the problems of accurately

processing, settling, and taking or making delivery on trades in
exchange for cash. It also arises in record keeping, processing system
failures and compliance with various regulations. As such, individual
operating problems are small probability events for well-run
organizations but they expose a firm to outcomes that may be quite
costly.

15
Chapter 3 Risk Management System and Procedure

The management of the banking firm relies on a sequence of steps to

implement a risk management system. These can be seen as
containing the following four parts:
(i) Standards and reports
(ii) Position limits or rules
(iii) Investment guidelines or strategies
(iv) Incentive contracts and compensation.
In general, these tools are established to measure exposure, define
procedures to manage these exposures, limit individual positions to
acceptable levels, and encourage decision makers to manage risk in a
manner that is consistent with the firm's goals and objectives. To see
how each of these four parts of basic risk management techniques
achieves these ends, we elaborate on each part of the process below.

(i) Standards and Reports

The first of these risk management techniques involves two different
conceptual activities, i.e., standard setting and financial reporting.
They are listed together because they are the sine qua non of any risk
system. Underwriting standards, risk categorizations, and standards of
review are all traditional tools of risk management and control.
Consistent evaluation and rating of exposures of various types are
essential to understand the risks in the portfolio, and the extent to
which these risks must be mitigated or absorbed. The standardization
of financial reporting is the next ingredient. Obviously outside audits,
regulatory reports, and rating agency evaluations are essential for
investors to gauge asset quality and firm level risk.
These reports have long been standardized, for better or worse.
However, the need here goes beyond public reports and audited
statements to the need for management information on asset quality
and risk posture. Such internal reports need similar standardization

16
and much more frequent reporting intervals, with daily or weekly
reports substituting for the quarterly GAAP periodicity.

(ii) Position Limits and Rules

A second technique for internal control of active management is the
use of position limits, and/or minimum standards for participation. In
terms of the latter, the domain of risk taking is restricted to only those
assets or counterparties that pass some prespecified quality standard.
Then, even for those investments that are eligible, limits are imposed
to cover exposures to counterparties, credits, and overall position
concentrations relative to various types of risks. While such limits are
costly to establish and administer, their imposition restricts the risk
that can be assumed by any one individual, and therefore by the
organization as a whole. In general, each person who can commit
capital will have a well-defined limit. This applies to traders, lenders,
and portfolio managers. Summary reports show limits as well as
current exposure by business unit on a periodic basis. In large
organizations with thousands of positions maintained, accurate and
timely reporting is difficult, but even more essential.

(iii) Investment Guidelines and Strategies

Investment guidelines and recommended positions for the immediate
future are the third technique commonly in use. Here, strategies are
outlined in terms of concentrations and commitments to particular
areas of the market, the extent of desired asset-liability mismatching
or exposure, and the need to hedge against systematic risk of a
particular type. The limits described above lead to passive risk
avoidance and/or diversification, because managers generally operate
within position limits and prescribed rules. Beyond this, guidelines offer
firm level advice as to the appropriate level of active management,
given the state of the market and the willingness of senior
management to absorb the risks implied by the aggregate portfolio.
Such guidelines lead to firm level hedging and asset-liability matching.

17
In addition, securitization and even derivative activity are rapidly
growing techniques of position management open to participants
looking to reduce their exposure to be in line with management's
guidelines.

(iv) Incentive Schemes

To the extent that management can enter incentive compatible
contracts with line managers and make compensation related to the
risks borne by these individuals, then the need for elaborate and costly
controls is lessened. However, such incentive contracts require
accurate position valuation and proper internal control systems. Such
tools which include position posting, risk analysis, the allocation of
costs, and setting of required returns to various parts of the
organization are not trivial. Notwithstanding the difficulty, well
designed systems align the goals of managers with other stakeholders
in a most desirable way.

18
Chapter 4 Risk Measurement – An Introduction

Until and unless risks are not assessed and measured it will not be
possible to control risks. Further a true assessment of risk gives
management a clear view of institution’s standing and helps in
deciding future action plan. To adequately capture institutions risk
exposure, risk measurement should represent aggregate exposure of
institution both risk type and business line and encompass short run as
well as long run impact on institution. To the maximum possible extent
institutions should establish systems / models that quantify their risk
profile, however, in some risk categories such as operational risk,
quantification is quite difficult and complex. Wherever it is not possible
to quantify risks, qualitative measures should be adopted to capture
those risks. Economic Capital gives a common framework for
quantifying the risk arising from many diverse sources. It also allows
calculating the amount of equity capital that the bank should hold.
RAROC has become industry standard way of measuring risk-adjusted
probability. It allows comparing the probability of different
transactions.

4.1. Economic capital

Economic capital is one of the most important risk metrics because it

provides with a unifying framework to translate all the risks into a
single metric. For market risks, daily value at risk is calculated and
then translated into economic capital. For credit and operating risks
economic capital is directly estimated from the probability distribution
of losses. Economic capital is the net value the bank must have at the
beginning of the year to ensure that there is only a small probability of
defaulting within that year. The net value is the value of the assets
minus the liabilities. The small probability is the probability that
corresponds to the bank’s target credit rating.

19
4.2 .Risk Adjusted Performance
Economic capital is useful for identifying large risks and setting aside
the required amount of capital to be held by the bank to ensure
smooth functioning without defaulting. However, when deciding
whether to carry out a transaction, the bank is not only concerned
about the risk, it is also interested in probability relative to that risk. By
measuring risk- adjusted performance (RAP), a bank can integrate risk
measurement into the daily profitability management of the business.
Traditionally, the banking industry relied on measurements that gave
an incomplete picture and its relation to risk. The two most common
measurements were Return on Assets (ROA) and Return on Equity
(ROE). ROA is a profit divided by the rupee value of the portfolio. ROE
is the profitability divided by either book capital or Regulatory capital.
The book capital is the net value of the bank as measured by
accounting methods. The regulatory capital is the minimum amount of
capital that must be held by the bank according to regulators such as
the Bank of England and the Federal Reserve. The return on assets
takes no account of the risk of the assets. As an alternative, over the
last decade the industry has developed two metrics for risk-adjusted
performance that are based on Economic Capital: RAROC and SVA.
RAROC is the risk-adjusted return on capital, and SVA is shareholder
value added.

4.2.1. Risk – Adjusted Return on Capital (RAROC)

RAROC is the expected net risk-adjusted profit (ENP) divided by the
economic capital that is required to support the transaction.

RAROC = ENP
EC

20
4.2.2. Shareholder Value Added (SVA)
Shareholder value added (SVA) gives a dollar- based measure of
performance. It is simply the actual or expected probability minus the
required probability to meet the hurdle rate.

SVA = ENP – H x EC

21
 Part – II
Credit Risk

Burgeoning non-performing assets in the Indian banking system have

brought to light the inefficiencies in the credit risk management
practices of Indian banks. It is the time that Indian banks realize the
importance of effective credit risk management practices in mitigating
their losses and improving their bottom line.

22
Chapter 5 Introduction to Credit Risk

5.1 Meaning of Credit Risk

The Reserve Bank of India has defined Credit Risk as the possibility
of the loss that stems from outright default due to inability or
unwillingness of a customer or counter party to meet their
commitments in relation to lending, trading, settlement and other
financial transactions. If the probability of loss is high, the credit risk
involved is also high and vice-versa.

5.2 Bifurcation of Credit Risk

The study of credit risk can be bifurcated to facilitate better cognition
of the concept.

Overall Credit Risk

Firm Credit risk Portfolio Credit Risk

A single borrower/obligor exposure is generally known as Firm Credit

Risk while the credit exposure to a group of similar borrowers , is called
portfolio Credit Risk This bifurcation is important for the proper
understanding and management of credit risk as the ultimate reasons
for failure to pay can be traced to economic, industry, or customer –
specific factors. While risk decides the fate of overall portfolio, portfolio
risk in turn determines the quantum of capital cushion required.

23
Both firm credit risk and portfolio credit risk are impacted or triggered
by systematic and unsystematic risks.

Firm Credit Risk Portfolio Credit Risk

Credit risk

Systematic Risk Unsystematic Risk

Socio-political
Risks
Business Risks

Economic Risks

Other Exogenous
Financial Risks
Risks

External forces that affect all business and households in the country
or economic system are called systematic risks and are considered as
uncontrollable. The second type of credit risks is unsystematic risks
and is controllable risks. They do not affect the entire economy or all
business enterprises/households. Such risks are largely industry-
specific and /or firm specific. A creditor can diversify these risks by
extending credit to a range of customers.

24
5.3. Sources of Credit Risk
Credit – related losses can occur in the following ways:
 A customer fails to repay money that was lent by the bank
 A customer enters into a derivative contract with the bank in
which the payments are based on market prices, and then the
market moves so that the customer owes money, but customer
fails to pay.
 The bank holds a debt security (e.g. a bond or a loan) and the
credit quality of the security issuer falls, causing the value of the
security to fall. Here, a default has not occurred, but the
increased possibility of a default makes the security less
valuable.
 The bank holds a debt security and the market’s price for risk
changes. For example, the price for all BB-rated bonds may fall
because the market is less wiling to take risks. In this case, there
is no credit event, just a change in market sentiment. This risk is
therefore typically treated as market risk

5.4. Need for Credit Risk Analysis

Much of importance has been attached to credit risk analysis,
especially by banks and other financial intermediaries with significant
credit exposure. The main reasons are as follows:
 Prudence : It is the responsibility of the supplier of the credit to
ensure that their actions are prudent, because excessive credit
will prove destructive to everyone involved as has been
evidenced by the demise of many banks in Japan during the past
decade, as the result of over lending in the late 1980’s. Usually
everyone is very confident during the heightened pace of
economic activity, and financial institutions are no exceptions.
Lending during the boom- phase is highly challenging and so is
providing credit during a recession period.

25
 Increase in bankruptcies: Recessionary phases are common
in the economy, although the timing and causes may be different
for different countries. In 2002/2003, the US economy went
through massive job losses and sluggish growth and was almost
on the verge of an economic slowdown. Given the fact that the
incidence of bankruptcies during recession is high, the role of
accurate credit analysis is very important

 Disintermediation: With the expansion of the secondary capital

and debt markets, many good credit-worthy customers,
especially the larger ones access and raise funds directly from
public. Since credit rating is compulsory for raising debt from the
public market, the firms that are not able to fulfill this
requirement approach financial intermediaries, including banks.
This can result in the lowering of the quality of the credit asset
portfolio. Hence, a more vigilant approach by the lenders is
necessary.

 Increase in Competition: he banking business is witnessing

more competition with the advent of the new generation banks
and liberalization policies pursued by governments. With the
increase in the competition, naturally pricing is under pressure.
In other words, as your returns become lower, technically your
risk level should also reduce. So tighter credit risk analysis is
necessary.

 Volatility of collateral/asset values: Gone are the days, when

collaterals offered comfort. While it is no longer easy to insist on
collateral security in view of the increasing competition in the
market. The land and houses that are as collateral security with
the bank against the loan issued by the bank to customer may
touch all time high during boom period but during recession it

26
 may not quote even half the value of the credit extended during
boom periods.

 Poor Asset Quality: Banks in India and abroad face the

problem of non-performing assets (NPA), i.e. credit assets that
are on the verge of becoming credit losses. In other words, they
display high risk tendencies to become bad debts. NPA
management is a major challenge for banks. Credit Risk analysis
helps to keep check on NPA.

 High impact of Credit Losses: It is a common perception that

a small percentage of bad debts is acceptable and won’t do
much damage. However, unfortunately this is not true. Even a
small credit facility turning bad will hurt business, especially for
banks and other financial intermediaries operating in a highly
competitive sector. Credit Risk Analysis helps in minimizing
credit loss which is a best option rather than attempting to book
20, 25 or 50 times the business volumes, to ensure adequate
returns to shareholders.

5.5. Quantifying Credit Risk

Quantitative measurement has been adopted by banks to improve
their processes for selecting and pricing credit transactions.
Quantitative measurement has become even more important since it
was adopted by the Basel Committee on Banking as the basis for
getting regulatory capital. A bank’s credit risk has two distinct facets,
“quality of Risk” and “quantity of risk”. The former refers to “severity
of losses”, by both default probability and the recoveries that could
affect in the event of default. The latter refers to the outstanding
balance as on the date of default.
Credit Risk is a function of other risks or the combined outcome of
other risk such as, Default risk, Exposure risk, and Recovery risk.

27
Default Risk: It is the probability of the event of default, i.e. missing a
payment obligation, breaking an agreement or economic default. A
payment default is declared when a scheduled payment is not made
within 90 days from the due date. Default Risk depends upon the credit
standing of the borrower and is measured by the probability that
default occurs during a given time period. Although this cannot be
measured directly, it can be observed from historical statistics or can
be collected internally from rating agencies.

Exposure Risk: The uncertainty prevailing with future cash flows

generates exposure risk. The outstanding balances at the time of
default are not known in advance particularly under credit facilities like
committed lines of credit, overdrafts, project financing etc. Hence, the
amount at risk in future that can potentially be lost in case of default is
uncertain.

Recovery Risk: The recoveries in case of losses are not predictable.

They depend upon the type of default, availability of collaterals, third
party guarantees, and legal issues.
 Collateral’s Value: The existence of collateral minimizes credit
risk, if such collateral can be easily possessed and has significant
value. Sometimes, the economic value of collateral assets might
be eroded and may even be less than the value of the
outstanding debt.
 Guarantor’s Value: The net worth of the guarantors and, in turn,
their ability to discharge liabilities upon invocation of guarantee
may undergo changes affecting the ultimate realizable amount.
 Legal Issues: Recovery risk depends upon the type of default. A
payment default doesn’t mean that the borrower will never pay,
but it triggers various types of actions such as renegotiation up
to the obligation to repay all outstanding balances.

5.5.1. Why Measure Credit Risk?

28
There are three main sets of decisions for which it is important to
measure credit risk such as: Origination, Portfolio optimization,
and Capitalization

1. Supporting Origination Decisions: The most basic decision is

whether to accept a new asset into the portfolio. The origination
decision can be framed in two possible ways:

29
  Given the risk and a fixed price, is the asset worth taking?
This is the type of decision made when dealing with a large volume of
retail customers. It is a more rigid approach where there is little
opportunity to modify the price, and therefore the decision becomes
“yes/no”
 Given the risk, what price is required to make the asset worth
buying?
This approach is typically used in a flexible, liquid trading environment,
or in negotiating rates and fees for a corporate loan

2. Supporting Portfolio Optimization: In optimizing a portfolio, the

manager seeks to minimize the ratio of risk to return. To reduce the
portfolio’s risk, the manager must know where there are
concentrations of risk and how the risk can be diversified.
Quantifying credit risks with the help of appropriate credit-portfolio
model helps the bank manager to identify risk concentrations in the
given portfolio and allow the manager to try “what- if “analyses to
test strategies for diversifying the portfolio.

3. Supporting Capital Management: Quantification of credit risks

helps to set the provisions for expected losses over the next year, and
the reserves, in case losses are unusually bad. Credit risk
measurement also helps to ensure whether the total economic capital
available is sufficient to maintain the bank’s target credit rating given
the risks or not. If it is insufficient, the bank must raise more capital,
reduce the risk or expect to be downgraded.

30
Chapter 6 Types of Credit Structure

Credit risk can arise in many ways, from granting loans to trading
derivatives. The amount of credit risk depends largely on the structure
of the agreement between the bank and its customers. An agreement
between a bank and a customer that creates credit exposure is often
called a credit structure or a credit facility

Credit Exposure To
1.Credit Exposure To Retail Customers
Large Corporations

Personal Loans
Commercial loans Credit cards
Commercial Lines Credit Car Loans
Letter Of Credit & Structure
Leases and hire-
Gurantees purchase agreements
Leases Mortgages
Credit derivatives Home-equity lines of
Credit Exposures In credit
Trading Operations

Bonds
Asset-backed securities
Securities lending and
repos
Margin accounts
Credit exposure for
derivatives

31
6.1 Credit Exposure to Large Corporations:

 Commercial Loans: Typically, commercial loans have fixed

structure for disbursements from the bank to the company and
have a fixed schedule of repayments, including interest payments.
There may also be a fee paid by the company at the initiation of
the loan. The loan may be secured (collateralized) or unsecured. If
it is secured, then in the event of default, the bank will take legal
possession of some specified asset and be able to sell this to
reduce the loss. An unsecured loan is a general obligation of the
company and in the case of default; the bank will just get its share
of the residual value of the company. The loan may also be
classified as senior or Subordinated(also called junior).When a
company liquidates, it pays off the senior loans first; then if there
are any remaining assets, it pays off the subordinated loans. As
senior loans always get paid before subordinated loans, they have
lower loss in the event of default.
For credit risk measurement, the most important loan features are
the collateral type, the level of seniority, the term or maturity and
the scheduled amounts that are expected to be outstanding (i.e.
the amount that the company owes the bank at any given time)

 Commercial Lines: In a standard loan, the pattern of

disbursements and repayments is set on the day of closing deal.
For a line of credit (also known as revolver or a commitment), only
a maximum amount is set in advance. The company then draws
on the line according to its needs and repays it when it wishes.
With a line of credit, the bank faces the possibility of loss on both
the drawn and undrawn amounts, and should therefore set aside
capital for each.

 Letters of Credit: There are two primary types of letters of credit

(LC): Trade LC and Backup LC. Trade LC is tied to specific export
32
 transactions. A trade LC guarantees payment from a local importer
to an overseas exporter; if the importer fails to pay, the bank will
pay, and then try to reclaim the amount from the importer. For the
bank, this creates a short-term exposure to the local importer. A
backup letter of credit is a general form of guarantee or credit
enhancement in which the bank agrees to make payments to a
third party if the bank’s customer fails. This is used to lower the
cost of the customer’s getting credit from the third party, because
the third party now only faces the risk of a bank default. He bank
faces the full default risk from its customer and has the same risk
as if it had given the customer a direct loan.

 Leases: Leases are form of collateralized loan, but with different

tax treatment in certain situations. In an equipment lease, the
equipment is given to the customer, and n return, the customer
makes rental payments. After sufficient payments, the customer
may keep the equipment. In terms of credit risk, this is
equivalent to giving the customer a loan, having them buy the
equipment, and pledging the equipment as collateral to secure
the loan. In both the cases, if the customer stops making
payments, the bank ends up owing the equipment.

 Credit Derivatives: In almost all cases, the calculation of the risk

for credit derivatives can be based on the analysis that would be
used for the underlying loan.
As a simple example, consider a derivative in which one bank
agrees to pay an initial amount, and in return, a second bank
agrees to make payments equal to all the payments they receive
from a particular corporate loan. For the first bank, if the
corporation defaults, the bank will receive less money and will
therefore make a loss. For the second bank, if the corporation
defaults, the bank will receive less money from the corporations,
but it will also need to pay less to the first bank. The changes in
33
 payments therefore cancel each other out, and they make no
loss. Through this agreement, the economic risk of the loan has
been transferred from the second bank to the first. In measuring
the risk for the first bank, we would treat this credit derivative as
if it were just a loan to the corporation.

6.2 Credit Exposure to Retail Customers:

 Personal Loans: Personal loans are typically unsecured and may

be used by the customer for any purpose. They are generally
structured to have a fixed time for repayment. The interest
charges may be fixed at the time of origination, or may float
according to the bank’s published prime rate, which the bank
may change at its discretion.

 Credit Cards: Credit cards are again generally unsecured by

collateral, but they have no fixed time for repayment. The
interest-rate is typically 10% to 15% above the floating prime
rate, to compensate for the very heavy default rates experienced
on credit cards.

 Car Loans: Car loans are same as personal loans except that
they are for a specific purpose and have the car as collateral.
They tend to have a lower loss given default than personal loans
because of the collateral, and they have a lower probability of
default because the customer is unwilling to lose the car.

 Leases and Hire-Purchase Agreements: In a lease, the customer

is allowed to use a physical asset (such as a car) that is owned
by the bank. Leases are typically structured so that at the end of
a finite period, the asset will be returned to the bank. The
customer makes regular payments to cover the interest that
would have been required to purchase the asset and to cover
34
 depreciation. The customer typically has the option to buy the
asset outright at the end of the lease for a prespecified lump
sum.
Hire- purchase agreements are similar to leases except that the
payments include the full value of the asset, and the customer is
certain to own the asset at the end of the agreement
Leases and hire-purchase agreements are similar to car loans in
that they are secured by the physical asset that has been
purchased. Leases are structured such that the bank continues
to own the physical asset legally until all lease payments have
been made. This makes repossession easier and reduces the loss
given default.

 Mortgages: Mortgages use the customer’s home as collateral.

This minimizes the probability of default. Furthermore, banks
generally ensure that the loan to value ratio is less than 90%, so
even if the property value drops by 10%, the bank will still have
a loss given default of 0.

 Home-Equity Lines of credit: A home-equity line of credit

(HELOC) is like a credit card but secured by the customer’s
house. This ensures a low probability of default.

6.3 Credit Exposures in Trading Operations

 Bonds: Bonds credit risk depends on the level of seniority and

whether it is secured with collateral or not.

 Asset- Backed Securities: Asset- backed securitization is used

with retail assets, such as credit cards and mortgages. In an
asset-backed security, the payments from many uniform assets
are bundled together to form a pool. This pool is then used to
make payments to several sets of bonds. The analysis of the
35
 credit risk of an asset-backed security is the same as the
analysis of a portfolio of loans. In this case, we calculate the
probability distribution of the payments from the pool of
underlying assets and use this to estimate the probability that
the pool will sufficient to pay the bonds. The calculation of the
probability distribution depends on the risk of the individual
assets and the correlation between them.

 Securities lending and Repurchase Agreements: Sec lending and

repos agreements are common functions in bank’s trading
operations. From credit-risk perspective, both sec lending and
repos are short-term collateralized loans. In sec lending,
counterparty asks to borrow a security from the bank for a
limited period of time. The security is typically a share or bond.
To minimize the credit risk, the counterparty gives collateral to
the bank that is worth slightly more than the borrowed security.
The collateral is typically in the form of cash. At the end of the
trade, the counterparty returns the security and the bank returns
the cash, less a small amount as a fee.
Repos are very similar to securities lending except that they are
used to gain funding. In a repo, a security is sold by the bank
with a guarantee from the bank to repurchase it at a fixed price
and date. At the time of sale, the bank receives cash. At the time
of repurchase, the bank sends the cash to the counterparty, plus
a small additional amount, which is effectively an interest
payment for the loan.
In both the cases, the bank could make a credit loss if the
counterparty defaults and the value of the security have risen to
be higher than the amount of cash that the bank was expecting
to pay to get the security back. The expected exposure at default
will be the average amount by which the value of the security
can be expected to exceed the cash.

36
 Margin Accounts: A margin account is another form of
collateralized loan. In a margin account, a customer takes a loan
from the bank, and then with the loan and his own funds,
purchases a security. The security is then held by the bank as
collateral against the loan. The pledging of the security as
collateral by the customer to the bank is called hypothecation. It
is also possible for the bank to pledge the security to another
bank to get a loan. This is called rehypothecation.
Margin accounts are used by customers who want to leverage
their positions and increase their potential returns. As an
example, consider a customer who has %10000 and takes a loan
for $10000. Thus customer now has $20000 which he can use to
buy securities worth $20000. If the price rises by 10% to $22,000
and the customer sells these securities, then after paying back
the loan with interest, the customer has a little less than
$12,000, a nearly 20%gain, conversely , if the price falls by 10%,
the customer makes a 20% loss. Typically, retail customers are
allowed to borrow only up to half the value of the securities that
own. If the value of the securities falls, the bank will ask the
customer for more cash to maintain the 50% ratio; this is called a
margin call. If the customer does not respond, the bank will sell
all or part of the shares. After paying off the, any residual value
is given back to the customer. If the securities lost more than
50% of their value before they are liquidated, and the customer
failed to make up the difference, the bank would suffer credit
loss.

37
Chapter 7 Credit Risk and Basel Accords

The Basel Committee on Banking Supervision was established in the

mid – 1980s. It is a committee of national banking regulators, such
as the Bank of England and the Federal Reserve Board. The purpose
of the committee is to set common standards for banking
regulations and to improve the stability of the international banking
system. Basel Accords helps the banks in managing credit risk and
as well as other risks.

7.1. 1998 Basel Accord:

The 1998 accord was motivated largely by low amount of available
capital kept by Japanese banks in relation to the risks in their
lending portfolios. This low ratio was believed to allow the Japanese
banks to make loans at unfairly low rates. The 1998 accord required
that all banks should hold available capital equal to atleast 8% of
their risk-weighted assets (RWA) .The first accord has two basic
principals:
1. To ensure adequate level of capital in the international banking
system.
2. To create more level playing field in competitive terms so that
banks could no longer build business volume without adequate
capital backing.
The prescribed formula is given below:

Tier1 + Tier 2 Capital

Risk Weighted Assets
Capital: While tier 1 capital consists of paid-up share capital and
disclosed reserves. Tier 2 capital comprises undisclosed reserves,
asset revaluation reserves, hybrid capital instruments (such as
mandatory convertible debt) and subordinated debt. Also, the tier 1
capital should be at least 50% of the total capital.

38
 Risk – Weighted Assets: Assets in the balance sheet of a bank have
been differentiated, based on the risks. While central
government/Central bank obligations carry nil (0%) risk, those of
the private business sector carry full risk (100%).The portfolio
approach is adopted to measure risk with assets classified into four
buckets(0%,20%,50%,and 100%). This distinction, depending upon
counter parties, gives a unique perspective to the capital adequacy
of a banking institution. If a bank has more counter parties having
nil (or lower) risk, it needs to hold less capital than a bank which has
parties with 100% risk weight.
The summarized weight scale is given below: Risk Weight of On –
B/S items
Risk 0% 20% 50% 100%

Weights
Counter Parties
Central Govt, Central Bank
exposure in National Currency
x
OECD Govt/ Central Banks &
claims guaranteed by them
x
Multi- Lateral development
banks(ADB, IBRD, etc )
X
Banks in OECD/ Claims
guaranteed by them
x
Residential mortgage backed
loans
x
Private sector entities

39
7.2. Basel 2 (New) Accord:
The suggested form of new Accord was published in January 2001 to
obtain comments from the banking industry. The final Accord will be
effective from 2006 – 2007. The new Accord retains the same concepts
of EWA and Tier 1 and Tier 2 available capital, but it changes the
method for calculating RWA.
The new Accord has three pillars:
i) Minimum requirement of Capital
ii) Role of supervisory review process
iii) Market discipline
The measurement of minimum requirement of capital gives many
formulas to replace the simple calculations of the 1998 Accord. The
supervisory review pillar requires regulators to ensure that the
bank has effective risk management, and requires the regulators to
increase the required capital if they think that the risks are not being
adequately measured. The market discipline pillar requires banks to
disclose large amounts of information so that depositors and investors
can decide for themselves the risk of the bank and require
commensurately high interest-rates and return on capital.

Minimum Capital Requirements: The new Accord allows banks to

calculate their required regulatory capital using one of two
approaches:
a) The standardized Approach: The standardized approach
is more complex than the 1998 Accord and has sections
dealing with many specific cases, but broad intention is
that risk weights should be set according to the credit
rating of the customer. In the standardized approach, the
credit rating must be made by an organization outside the
bank such as External Credit Assessment Institutions
(ECAI) The rated counter parties receive weights ranging
from 20% to 150%, depending upon the rating assigned by
ECAI. However, the un-rated counter parties continue to

40
 receive 100% weight. Generally all AAA and AA rated
companies require only 20% weight while credit exposures
rated B and below require 150% weight.

Risk Weights for Government and Banks under the new standardized
Approach

Grade AAA to A+ to BBB+ BB+ to Below Unrated

AA- A- to BBB- B- B-
Governmen 0% 20% 50% 100% 150% 100%
ts
Banks 20% 50% 100% 100% 150% 100%

Risk Weights for Corporate Exposures under the New Standardized

Approach

Grade AAA to A+ to A- BBB+ to Below Unrated

AA- BB- BB-
Corporatio 20% 50% 100% 150% 100%
ns

b) The Internal Rating Based Approach for Credit Risk:

IRB allows banks to use their own internal estimates of risk
to determine capital requirements, which the approval of
their Supervisors (or Central Banks).
IRB are of two types:

i. IRB foundation, where banks are required to provide their

own internal estimates of Probability of Default (PD) and
use predetermined regulatory inputs for Loss Given Default
(LGD), Exposure at Default (EAD) and a factor for maturity.

41
 ii. IRB Advanced, where all inputs to risk weighted asset
calculation – PD , LGD, and EAD – estimated by the bank
itself , subject to regulatory satisfaction

iii. The adoption of an IRB approach requires empirical data,

the main components are as follows:
Probability of Default (PD) – Defined as the statistical
percentage probability of a borrower defaulting within a one-
year time horizon. PD is directly linked to the Customer rating.
The PD can range from 0.000% for a zero risk customer to
100% for a very high- risk customer

Loss Given Default: It is estimated amount of loss expected

if a credit facility defaults, calculated as a percentage of the
exposure at the date of default. The value depends on the
collateral, if any and other factors that impact on the likely
level of recovery. LGD estimates are to be based upon
historical recovery rates and stress tested for economic
downturns, among others

Exposure at Default (EAD): Represents the expected level

of usage of the facility when default occurs. This value does
not take account of guarantees, collateral or security.

Under the IRB approach, a bank estimates each borrower’s

creditworthiness and the results are translated into estimates of a
potential future loss amount, which from the basis of minimum
capital requirements, subject to strict methodological and disclosure
standards. The expected credit loss from an exposure is the main
driver for determining the credit rating in IRB. PD is based on the
stand alone borrower risk rating or customer rating. LGD is
dependent upon the collateral while EAD is the amount of credit
extended.

42
43
 Chapter 8 Credit Risk Measurement

8.1. Economic Capital Framework for Credit Risk

Quantification:
EC captures the variance or the uncertainty of the losses around the
average. With its focus on uncertainty, EC quantifies the portfolio
credit risk. For the credit risk of lending operations, the required
economic Capital (EC) depends on the probability distribution of the
losses. The probability distribution for credit losses is sketched below:
MPL
EL

P
R
O
B
A
Credit Risk Measured as B
Economic Capital I
L
I
T
Worst Case loss y

Credit Loss

EC = MPL – EL

Where: MPL: Max Probable Loss

EL : Expected Loss

44
8.2. Calculation of EL & UL for Singe Facility/ Single Loan

Expected Loss (EL): Mean of losses

Unexpected Loss (UL): Standard Deviation

Formula for EL is as follows:

EL = P (1 x E x S) + (1 – P) (0 x E x S)
=PxExS
Where: P: In case there is default, the probability is represented as ‘P’
E: Exposure at Default
S: Loss Given Default/ Severity
(1 – P): In case there is no default, it represented by ‘(1 – P)’

Formula for UL is as follows:

UL = P – P2 x E x S

Example: If we loaned $ 100 to a BBB rated company, then P would be

22 basis points. LGD is 30%, and then EL is as follows:
EL = 0.0022 x $100 x 0.3 = $ 0.066
(P) (E) (S)

UL = 0.0022 – 0.00222 x $ 100 x 0.3 = $ 1.41

45
8.3. Determining Losses Due to Both Default and Downgrades
When a company is downgraded, it means that the rating agency
believes that the probability of default has risen. A promise by this
downgraded company to make a future payment is no longer as
valuable as it was because there is an increased probability that the
company will not be able to fulfill its promise. Consequently, there is a
fall in the value of the bond or a loan.
To obtain the EL and UL for this risk, we require the probability of a
grade change and the loss if such a change occurs. The probability of a
grade change has been researched and published by the credit-rating
agencies.

Probability of Grade Migration (bps) – Table showing the probability of

a company of one grade migrating to another grade before the end of
the year.
Rating At The Start Of The Year
AAA AA A BBB BB B CCC Defau
lt
Ratin
AAA 9366 66 7 3 3 0 16 0
g AA 583 917 225 25 7 10 0 0
At 2
The A 40 694 917 483 44 33 31 0

End 6
BBB 8 49 519 892 667 46 93 0
Of
6
the BB 3 6 49 444 833 576 200 0
Year 1
B 0 9 20 81 747 841 1074 0
8
CCC 0 2 1 16 105 387 6395 0
Defau 0 1 4 22 98 530 2194 10000
lt

To understand how to read this table, let us use it to find the grade
migration probabilities for a company that is rated Single A at the start
of the year. Looking down the third column, we see that the company

46
has a 7- basis point chance of becoming AAA rated by the end of the
year. It has a 2.25% chance of being rated AA, a 91.76% chance of
remaining single – A and a 5.19% chance of being downgraded to BBB.
Looking down to the bottom of the column, we see that it has a 4-
basis points chance of falling into default.

Thus from external rating agencies we can get any company’s

probability of moving to a different grade by the end of the year.
Associated with each grade is a discount rate relative to the risk-free
rate.
As an example, let us calculate the EL and UL for a BBB – rated bond
with a single payment of $100 that is currently due in 3 years. At the
end of the year the bond will have 2 years to maturity.
Corporate Bond spreads – Table showing the probability (bps) of
corporate bond migrating from one grade to another over the years.
Rating 1yr 2yr 3yr 5yr 7yr 10yr 30yr
AAA 38 43 48 62 72 81 92
AA 48 58 63 77 92 101 112
A 73 83 103 117 137 156 165
BBB 118 133 148 162 182 201 220
BB 275 300 325 350 375 450 575
B 500 50 600 675 725 775 950
CCC 700 750 900 1000 1100 1250 1500

The loss given default (LGD) is assumed to be 30%. If it is assumed

that the risk- free discount rate of 5% and the bond is still rated BBB,
the value will be $88.45
Value BBB = $100________ = $ 88.45
(1 + 5% + 1.33%)2

Table Showing Change in Values for a BBB bond due to Credit

Events:
Rating Value Loss
AAA $ 89.96 $ - 1.52
AA $ 89.71 $ - 1.26
A $ 89.29 $ - 0.84
BBB $ 88. 45 $ - 0.00
47
BB $ 85.73 $ 2.71
B $ 81.90 $ 6.55
CCC $ 79.91 $ 9.44
Defaul $ 61.91 $ 26.53
t

The calculation of EL and UL for the same example of BBB bond

is as follows

Year Probabili Loss Expected Unexpected

End ty (LG ) Loss Loss
Rating (PG , (PG LG ) (LG – EL )2 PG
bps )
AAA 3 $(1.52 $(0.000) $ 0.001
)
AA 25 $(1.26 $(0.003) $0.005
)
A 483 $(0.84 $(0.040) $0.051
)
BBB 8926 - - $0.031
BB 444 $2.71 $0.121 $0.284
B 81 $6.55 $0.053 $0.328
CCC 16 $9.44 $0.015 0.137
Default 22 $26.53 $0.058 $1.525
Total $0.203 $1.537

48
8.4. Calculation of EL and UL of the Portfolio

The expected loss for the portfolio (ELP) is simply the sum of the
expected losses for the individual loans within the portfolio. The
unexpected loss for the portfolio (ULP) is the standard deviation
obtained from the sum of the variances for the individual loans.

Example of Historical Losses Used To Estimate the Unexpected Loss of

the Portfolio
Year Assets Write – offs %loss
$Bn $Bn
1990 231 1.2 0.5%
1991 236 2.6 1.1
1992 243 0.7 0.3
1993 245 5.6 2.3
1994 250 5.9 2.4
1995 269 9.4 3.5
1996 284 2.1 0.7
1997 309 1.8 0.6
1998 333 0.2 0.1
1999 352 11.7 3.3
2000 386 2.5 0.7
EL% PH 1.4%
UL% PH 1.2%
In dollar terms, the UL for the portfolio is the UL as percentage,
multiplied by the total size of the portfolio:

UL PH = N E UL% PH = 11 x 285.27 x 1.2% = $37.65 Bn

49
8.5. RAROC Over One Year:

RAROC is the expected net risk-adjusted profit (ENP) divided by the

economic capital that is required to support the transaction.

RAROC = ENP
EC

Where for a loan, the expected net profit ENP is the interest income on
the loan, plus any fees (F), minus interest to be paid on debt, minus
operating costs (OC), and minus expected loss.
Thus Formula can be Re-written as:
RAROC = A0 rA + F – D0 rD – OC – EL
EC
Here: The interest income on the loan asset is the initial loan amount

(A0), multiplied by the interest rate on the loan (rA)

The interest to be paid on the debt is the amount of debt (D 0),

multiplied by the interest rate on the debt (rD).

Example:
A loan of $100 for 1 year to a company rated BBB with the following
assumptions:
1. the collateral is such that the LGD is 30%
2. The average default correlation with the rest of the portfolio is
3%
3. The capital multiplier for the portfolio is 6
4. The probability of default is 22 basis points i.e. 0.22%
5. The interbank rate for one-year debt is 5 (rD).

6. The customer is being charged 6.5% interest (rA)

7. The operating costs(OC) are $1
8. The Hurdle rate (H) of 25%

50
Solution:

Calculation of risk characteristics of the loan

EL = P x E x S = 0.22% x $100 x 30% = $0.066

UL = P – P2 x E x S = 0.22% - 0.22% 2
x $100 x 30% = $1.41

ULC = 3% x $ 1.41 = $ 0.24

EC = Economic multiplier x ULC = 6 x $0.24 = $ 1.46

Calculation of RAROC

RAROC =
A0 rA + F – D0 rD – OC – EL = $100 x 6.5% -($100-$1.46)x 5%- $1-
$0.066
EC $1.46

RAROC = 35%

Calculation of SVA

SVA = ENP – H x EC = 35% - 25% x $1.46 = $ 0.14

51
 Part – III

Market Risk

Banks are exposed to market risk via their trading activities and their
balance sheets. The measurement of trading risk is probably the most
advanced of the three main types of risks faced by banks.

52
Chapter 9 Introduction to Market Risk

9.1. Meaning of Market Risk:

It is the risk that the value of on and off-balance sheet positions of a
financial institution will be adversely affected by movements in market
rates or prices such as interest rates, foreign exchange rates, equity
prices, credit spreads and/or commodity prices resulting in a loss to
earnings and capital.

9.2. Three Main factors of Market risk

1. Interest rate risk:
Interest rate risk arises when there is a mismatch between positions,
which are subject to interest rate adjustment within a specified period.
The bank’s lending, funding and investment activities give rise to
interest rate risk. The immediate impact of variation in interest rate is
on bank’s net interest income, while a long term impact is on bank’s
net worth since the economic value of bank’s assets, liabilities and off-
balance sheet exposures are affected. Consequently there are two
common perspectives for the assessment of interest rate risk
a) Earning perspective: In earning perspective, the focus of
analysis is the impact of variation in interest rates on accrual or
reported earnings. This is a traditional approach to interest rate risk
assessment and obtained by measuring the changes in the Net Interest
Income (NII) or Net Interest Margin (NIM) i.e. the difference between
the total interest income and the total interest expense.
b) Economic Value perspective: It reflects the impact of
fluctuation in the interest rates on economic value of a financial
institution. Economic value of the bank can be viewed as the present
value of future cash flows. In this respect economic value is affected
both by changes in future cash flows and discount rate used for
determining present value. Economic value perspective considers the
potential longer-term impact of interest rates on an institution.

53
Sources of interest rate risks:
Interest rate risk occurs due to
(1) Differences between the timing of rate changes and the timing of
cash flows (re-pricing risk);
(2) Changing rate relationships among different yield curves effecting
bank activities (basis risk);
(3) Changing rate relationships across the range of maturities (yield
curve risk);
(4) interest-related options embedded in bank products (options risk).

2. Foreign Exchange Risk:

It is the current or prospective risk to earnings and capital arising from
adverse movements in currency exchange rates. It refers to the impact
of adverse movement in currency exchange rates on the value of open
foreign currency position. The banks are also exposed to interest rate
risk, which arises from the maturity mismatching of foreign currency
positions. Even in cases where spot and forward positions in individual
currencies are balanced, the maturity pattern of forward transactions
may produce mismatches. As a result, banks may suffer losses due to
changes in discounts of the currencies concerned. In the foreign
exchange business, banks also face the risk of default of the counter
parties or settlement risk. While such type of risk crystallization does
not cause principal loss, banks may have to undertake fresh
transactions in the cash/spot market for replacing the failed
transactions. Thus, banks may incur replacement cost, which depends
upon the currency rate movements. Banks also face another risk called
time-zone risk, which arises out of time lags in settlement of one
currency in one center and the settlement of another currency in
another time zone. The Forex transactions with counter parties
situated outside Pakistan also involve sovereign or country risk.

54
3. Liquidity risk

Liquidity risk is potential outcome of the inability of the banks to

generate cash to cope up with the decline in the deposits or increase in
the assets, to the large extent it is an outcome of the mismatch in the
maturity patterns of the assets & liabilities.

Possible needs for the liquidity are manifold they can be classified into
4 broad categories

1. Funding risk: - the need to replace the outflows of the funds. e.g.
non renewal of the wholesale funds
2. Time risk: - the need to compensate for the no receipt of the
expected inflow of the funds e.g. when the borrower fails to meet
his commitment.
3. Call risk:- the need to find new funds when contingent liability
becomes due e.g. a sudden surge in the borrowing under ATMs
4. the need to undertake new transactions when desirable, e.g. a
request for the imp client

55
Chapter 10 Market Risk Management

10.1. Board and senior Management Oversight.

Likewise other risks, the concern for management of Market risk must
start from the top management. Effective board and senior
management oversight of the bank’s overall market risk exposure is
cornerstone of risk management process. For its part, the board of
directors has following responsibilities.
a) Delineate banks overall risk tolerance in relation to market risk.
b) Ensure that bank’s overall market risk exposure is maintained at
prudent levels and consistent with the available capital.
c) Ensure that top management as well as individuals responsible for
market risk management possess sound expertise and knowledge to
accomplish the risk management function.
d) Ensure that the bank implements sound fundamental principles that
facilitate the identification, measurement, monitoring and control of
market risk.
e) Ensure that adequate resources (technical as well as human) are
devoted to market risk management.

The first element of risk strategy is to determine the level of market

risk the institution is prepared to assume. The risk appetite in relation
to market risk should be assessed keeping in view the capital of the
institution as well as exposure to other risks. Once the market risk
appetite is determined, the institution should develop a strategy for
market risk-taking in order to maximize returns while keeping
exposure to market risk at or below the pre-determined level. While
articulating market risk strategy the board needs to consider economic
and market conditions, and the resulting effects on market risk;
expertise available to profit in specific markets and their ability to
identify, monitor and control the market risk in those markets; the
institution’s portfolio mix and diversification. Finally the market risk
strategy should be periodically reviewed and effectively communicated
56
to the relevant staff. There should be a process to identify any shifts
from the approved market risk strategy and target markets, and to
evaluate the resulting impact.
The Board of Directors should periodically review the financial results
of the institution and, based on these results, determine if changes
need to be made to the strategy. While the board gives a strategic
direction and goals, it is the responsibility of top management to
transform those directions into procedural guidelines and policy
document and ensure proper implementation of those policies.
Accordingly, senior management is responsible to:
a) Develop and implement procedures that translate business policy
and strategic direction set by BOD into operating standards that are
well understood by bank’s personnel.
b) Ensure adherence to the lines of authority and responsibility that
board has established for measuring, managing, and reporting market
risk.
c) Oversee the implementation and maintenance of Management
Information System that identify, measure, monitor, and control bank’s
market risk.
d) Establish effective internal controls to monitor and control market
risk.

The institutions should formulate market risk management polices

which are approved by board. The policy should clearly delineate the
lines of authority and the responsibilities of the Board of Directors,
senior management and other personnel responsible for managing
market risk; set out the risk management structure and scope of
activities; and identify risk management issues, such as market risk
control limits, delegation of approving authority for market risk control
limit setting and limit Excesses.

57
10.2. Organizational Structure for Market Risk Management
The organizational structure used to manage market risk vary
depending upon the nature size and scope of business activities of the
institution, however, any structure does not absolve the directors of
their fiduciary responsibilities of ensuring safety and soundness of
institution. While the structure varies depending upon the size, scope
and complexity of business, at a minimum it should take into account
following aspect.
a) The structure should conform to the overall strategy and risk policy
set by the BOD.
b) Those who take risk (front office) must know the organization’s risk
profile, products that they are allowed to trade, and the approved
limits.
c) The risk management function should be independent, reporting
directly to senior management or BOD.
d) The structure should be reinforced by a strong MIS for controlling,
monitoring and reporting market risk, including transactions between
an institution and its affiliates.

Besides the role of Board as discussed earlier a typical organization

set up for
Market Risk Management should include: -
 The Risk Management Committee
 The Asset-Liability Management Committee (ALCO)
 The Middle Office.

Risk Management Committee: It is generally a board level

subcommittee constituted to supervise overall risk management
functions of the bank. The structure of the committee may vary in
banks depending upon the size and volume of the business. Generally
it could include heads of Credit, Market and operational risk
Management Committees. It will decide the policy and strategy for

58
integrated risk management containing various risk exposures of the
bank including the market risk. The responsibilities of Risk
Management Committee with regard to market risk management
aspects include:
a) Devise policies and guidelines for identification, measurement,
monitoring and control for all major risk categories.
b) The committee also ensures that resources allocated for risk
management are adequate given the size nature and volume of the
business and the managers and staffs that take, monitor and control
risk possess sufficient knowledge and expertise.
c) The bank has clear, comprehensive and well-documented policies
and procedural guidelines relating to risk management and the
relevant staff fully understands those policies.
d) Reviewing and approving market risk limits, including triggers or
stop losses for traded and accrual portfolios.
e) Ensuring robustness of financial models and the effectiveness of all
systems used to calculate market risk.
f) The bank has robust Management information system relating to risk
reporting.

Asset-Liability Committee: Popularly known as ALCO, is senior

management level committee responsible for supervision /
management of Market Risk (mainly interest rate and Liquidity risks).
The committee generally comprises of senior managers from treasury,
Chief Financial Officer, business heads generating and using the funds
of the bank, credit, and individuals from the departments having direct
link with interest rate and liquidity risks. The CEO or some senior
person nominated by CEO should be head of the committee. The size
as well as composition of ALCO could depend on the size of each
institution, business mix and organizational complexity. To be effective
ALCO should have members from each area of the bank that
significantly influences liquidity risk. In addition, the head of the
Information system Department (if any) may be an invitee for building

59
up of MIS and related computerization. Major responsibilities of the
committee include:
a) To keep an eye on the structure /composition of bank’s assets and
liabilities and decide about product pricing for deposits and advances.
b) Decide on required maturity profile and mix of incremental assets
and liabilities.
c) Articulate interest rate view of the bank and deciding on the future
business strategy.
d) Review and articulate funding policy.
e) Decide the transfer pricing policy of the bank.
f) Evaluate market risk involved in launching of new products.
ALCO should ensure that risk management is not confined to collection
of data.
Rather, it will ensure that detailed analysis of assets and liabilities is
carried out so as to assess the overall balance sheet structure and risk
profile of the bank.
The ALCO should cover the entire balance sheet/business of the bank
while carrying out the periodic analysis.

Middle Office: The risk management functions relating to treasury

operations are mainly performed by middle office. The concept of
middle office has recently been introduced so as to independently
monitor measure and analyze risks inherent in treasury operations of
banks. Besides the unit also prepares report for the information of
senior management as well as bank’s ALCO. Basically the middle office
performs risk review function of day-to-day activities. Being a highly
specialized function, it should be staffed by people who have relevant
expertise and knowledge. The methodology of analysis and reporting
may vary from bank to bank depending on their degree of
sophistication and exposure to market risks. These same criteria will
govern the reporting requirements demanded of the Middle Office,
which may vary from simple gap analysis to computerized VaR
modeling. Middle Office staff may prepare forecasts (simulations)

60
showing the effects of various possible changes in market conditions
related to risk exposures. Banks using VaR or modeling methodologies
should ensure that its
ALCO is aware of and understand the nature of the output, how it is
derived, assumptions and variables used in generating the outcome
and any shortcomings of the methodology employed. Segregation of
duties should be evident in the middle office, which must report to
ALCO independently of the treasury function. In respect of banks
without a formal Middle Office, it should be ensured that risk control
and analysis should rest with a department with clear reporting
independence from Treasury or risk taking units, until normal Middle
Office framework is established.

61
Chapter 11 Market Risk Monitoring and Control

11.1. Risk monitoring

Risk monitoring processes are established to evaluate the performance
of bank’s risk strategies/policies and procedures in achieving overall
goals. Whether the monitoring function is performed by middle-office
or it is a part of banks internal audit it is important that the monitoring
function should be independent of units taking risk and report directly
to the top management/board. Banks should have an information
system that is accurate, informative and timely to ensure
dissemination of information to management to support compliance
with board policy. Reporting of risk measures should be regular and
should clearly compare current exposures to policy limits. Further past
forecast or risk estimates should be compared with actual results to
identify any shortcomings in risk measurement techniques. The board
on regular basis should review these reports. While the types of reports
for board and senior management could vary depending upon overall
market risk profile of the bank, at a minimum following reports should
be prepared.
a) Summaries of bank’s aggregate market risk exposure
b) Reports demonstrating bank’s compliance with policies and limits
c) Summaries of finding of risk reviews of market risk policies,
procedures and the adequacy of risk measurement system including
any findings of internal/external auditors or consultants.

11.2. Risk Control.

Bank’s internal control structure ensures the effectiveness of process
relating to market risk management. Establishing and maintaining an
effective system of controls including the enforcement of official lines
of authority and appropriate segregation of duties, is one of the
management’s most important responsibilities. Persons responsible for
risk monitoring and control procedures should be independent of the

62
functions they review. Key elements of internal control process include
internal audit and review and an effective risk limit structure.
Audit: Banks need to review and validate each step of market risk
measurement process. This review function can be performed by a
number of units in the organization including internal audit/control
department or ALCO support staff. In small banks, external auditors or
consultants can perform the function. The audit or review should take
into account.
a) The appropriateness of bank’s risk measurement system given the
nature, scope and complexity of bank’s activities
b) The accuracy or integrity of data being used in risk models.
c) The reasonableness of scenarios and assumptions
d) The validity of risk measurement calculations.

Risk limits: As stated earlier it is the board that has to determine

bank’s overall risk appetite and exposure limit in relation to its market
risk strategy. Based on these tolerances the senior management
should establish appropriate risk limits. Risk limits for business units,
should be compatible with the institution’s strategies, risk
management systems and risk tolerance. The limits should be
approved and periodically reviewed by the Board of Directors and/or
senior management, with changes in market Conditions or resources
prompting a reassessment of limits.

63
 Part IV

Operational Risk

The management of specific operational risks is not a new practice; it

has always been important for banks to try to prevent fraud, maintain
the integrity of internal controls, and reduce errors in transactions
processing, and so on. However, what is relatively new is the view of
operational risk management as a comprehensive practice comparable
to the management of credit and market risks in principle.

64
Chapter 12 Introduction to Operation Risk

12.1. Meaning of Operational Risk:

Operational risk is the risk of loss resulting from inadequate or failed
internal processes, people and system or from external events.
Operational risk is associated with human error, system failures and
inadequate procedures and controls. It is the risk of loss arising from
the potential that inadequate information system; technology failures,
breaches in internal controls, fraud, unforeseen catastrophes, or other
operational problems may result in unexpected losses or reputation
problems. Operational risk exists in all products and business activities.

12.2. Operational Risk Management Principles.

There are 6 fundamental principles that all institutions, regardless of

their size or complexity, should address in their approach to
operational risk management.
a) Ultimate accountability for operational risk management rests with
the board, and the level of risk that the organization accepts, together
with the basis for managing those risks, is driven from the top down by
those charged with overall responsibility for running the business.
b) The board and executive management should ensure that there is
an effective, integrated operational risk management framework. This
should incorporate a clearly defined organizational structure, with
defined roles and responsibilities for all aspects of operational risk
management/monitoring and appropriate tools that support the
identification, assessment, control and reporting of key risks.
c) Board and executive management should recognize, understand
and have defined all categories of operational risk applicable to the
institution.
Furthermore, they should ensure that their operational risk
management framework adequately covers all of these categories of

65
operational risk, including those that do not readily lend themselves to
measurement.
d) Operational risk policies and procedures that clearly define the way
in which all aspects of operational risk are managed should be
documented and communicated. These operational risk management
policies and procedures should be aligned to the overall business
strategy and should support the continuous improvement of risk
management.
e) All business and support functions should be an integral part of the
overall operational risk management framework in order to enable the
institution to manage effectively the key operational risks facing the
institution.
f) Line management should establish processes for the identification,
assessment, mitigation, monitoring and reporting of operational risks
that are appropriate to the needs of the institution, easy to implement,
operate consistently over time and support an organizational view of
operational risks and material failures.

66
67
Chapter 13 Operational Risk Management and
Measurement

13.1 Board and senior management’s oversight

Likewise other risks, the ultimate responsibility of operational risk
management rests with the board of directors. Both the board and
senior management should establish an organizational culture that
places a high priority on effective operational risk management and
adherence to sound operating controls. The board should establish
tolerance level and set strategic direction in relation to operational
risk. Such a strategy should be based on the requirements and
obligation to the stakeholders of the institution.
Senior management should transform the strategic direction given by
the board through operational risk management policy. Although the
Board may delegate the management of this process, it must ensure
that its requirements are being executed. The policy should include:
a) The strategy given by the board of the bank.
b) The systems and procedures to institute effective operational risk
management framework.
c) The structure of operational risk management function and the roles
and responsibilities of individuals involved.
The policy should establish a process to ensure that any new or
changed activity, such as new products or systems conversions, will be
evaluated for operational risk prior to going online. It should be
approved by the board and documented. The management should
ensure that it is communicated and understood throughout in the
institution. The management also needs to place proper monitoring
and control processes in order to have effective implementation of the
policy. The policy should be regularly reviewed and updated, to ensure
it continue to reflect the environment within which the institution
operates.

68
13.2. Operational Risk Function
A separate function independent of internal audit should be
established for effective management of operational risks in the bank.
Such a functional set up would assist management to understand and
effectively manage operational risk. The function would assess,
monitor and report operational risks as a whole and ensure that the
management of operational risk in the bank is carried out as per
strategy and policy.
To accomplish the task the function would help establish policies and
standards and coordinate various risk management activities. Besides,
it should also provide guidance relating to various risk management
tools, monitors and handle incidents and prepare reports for
management and BOD.

13.3. Operational Risk Assessment and Quantification

Banks should identify and assess the operational risk inherent in all
material products, activities, processes and systems and its
vulnerability to these risks.
Banks should also ensure that before new products, activities,
processes and
systems are introduced or undertaken, the operational risk inherent in
them is subject to adequate assessment procedures. While a number
of techniques are evolving, operating risk remains the most difficult
risk category to quantify. It would not be feasible at the moment to
expect banks to develop such measures.
However the banks could systematically track and record frequency,
severity and other information on individual loss events. Such a data
could provide meaningful information for assessing the bank’s
exposure to operational risk and developing a policy to mitigate /
control that risk.

69
Bibliography

Reference Books:

1. The Fundamentals Of Risk Measurement - By Chris

Marrison

2. Credit Risk Analysis - By Ciby Joseph

3. Credit Risk Models – By Amandio F C da Silva

Websites:

1. Google.com

2. www.SAS Risk Management For Banking. htm

3. www.Risk Management – Banking Information, Federal

reserve Bank Of Chicago.htm

70