Chapter 20 Risk Management in Banks and Basel Accords – CS Professional Banking Law and Practice Notes is designed strictly as per the latest syllabus and exam pattern.
Risk Management in Banks and Basel Accords – CS Professional Banking Law and Practice Study Material
As a financial intermediary, what are the prominent risks to which banks are exposed to? (Dec 2008, 5 marks)
Banks are in the business of channeling the resources and savings of community towards sections which need the resources. As financial intermediaries, the banks are exposed to a number of risks. Some of the prominent risks can be categorized as under; (a) credit risk (b) liquidity risk (c) forex risk (d) interest rate risk. While credit risk is usually a non fungible risk, the other risks are all fungible.
By fungible we mean that outstanding positions from some other transaction can be offset with the position from a transaction. In forex risk, we only mean the risk due to the total open position of a bank as the positions created due to a sale transaction can be offset by a purchase transaction. Interest rate risk is mainly affected by government decisions, inflation, balance of payments position, exchange rates, demand etc.
Attempt the following:
How do banks minimise the risk involved in lending funds? (June 2009, 5 marks)
Minimisation of risk in lending funds
With a view to minimize the risk involved in lending the banks should follow the following accepted norms:
(a) Ability of the borrower to repay the loan. The borrower should possess capacity and character.
(b) Adequate security of tangible assets or collateral security of strength.
(c) Profit the bank would receive by granting the advance.
(d) Liquidity -the banks would lend most of their funds for short periods only.
(e) Loans for productive purposes.
(f) Concentration of advances to be avoided. The principle of spread / diversification is to be followed.
(g) Borrower should be financed adequately to the extent he really needs.
(h) Post sanction monitoring control and follow-up actions.
As per the Basel Norms, bank’s risks are broadly classified into credit risk, market risk and operational risk. Write a short overview of the risk management structure of a bank and its important features. (June 2014, 5 marks)
Risk Management is a methodology that helps managers makes best use of their available resources. The process consists of important steps like:
- Identification of risks;
- Analyzing the risks;
- Evaluating the risks;
- Monitor and review;
- Mitigation of risks.
Important Features of Risk Management
- Risk management policies should be approved by the board. It should cover all the required guidelines and directives of the regulators and applicable legal frame work.
- There should be a good support from the Information Technology wing for creating an integrated system whereby an effective and efficient MIS would be an integral part of the risk management.
- There should be clear demarcation of functions and authority levels to ensure better internal control systems (ex: front office, mid office and back office of an integrated treasury).
- An effective communication system coupled with the training programs.
- One of the risk mitigation measures is to setup appropriate limits for various aspects like counter party limit, country limit, currency limit, over night and intraday limits, stop loss limit, individual and group exposure limits etc.
- Inbuilt checking and balancing systems, such as input and output controls, access control to the computer systems and sensitive areas of the banks.
- Apart from review by the ALCO members, a periodical review and evaluation system should be in place.
Risk Management Structure
Banking companies should create an effective risk management structure to handle the risks associated with the bank’s business models and operations. The risk management structure should cover the Credit, Market, Operational and other risks. The structure should be ably supported by the technology in identification and monitoring process of risks.
- The Risk Management Committee should be formed at the Board level with the overall responsibility to monitor and manage the overall risks of the bank.
- Asset Liability Management Committee (ALCO) is a strategic decision making body, formulating and overseeing the function of Asset Liability Management (ALM) of a bank.
- ALCO is headed by the Managing Director or the Chief Executive Officer.
- The Identified Risk, analysis and evaluation etc. are to be first discussed analyzed at Credit Risk Management Committee (CRMC), Operating Risk Management Committee (ORMC) and Marketing Risk Management Committee (MRMC).
- Thereafter the proposals emerging from this is to be placed before Audit Committee of the Board. With the orders of Audit Committee of the Board the proposal should place before Risk Management Committee of the Board.
- The concerned Risk Management Department to monitor the implementation and compliance of the same.
The Risk Management Committee should also monitor compliance of various risk parameters by operating departments.
The function of Risk Management Committee should essentially be to identify and monitor to measure the risk profile of the Bank. The committee should design stress scenario to measure the impact of unusual market conditions and monitor the variance between actual volatility of portfolio value so that predicted by the risk measures.
The Basel Committee on Banking Supervision (BCBS) is a committee which was set up by the Central Bank Governors of a group of ten countries, to address international issues relating to the banking supervision. The Basel Committee on Banking Supervision in 1988 came out with a Capital Accord for banks, covering the areas of risks in respect of banks’ assets and liabilities in the balance sheet and off balance sheet exposures.
Under the Basel I Accord, only the credit risk factor was considered and the minimum requirement of capital funds was fixed at 8 per cent of the total risk weighted assets. In India, banks are required to maintain a minimum of 9 percent (Capital to Risk Weighted Asset Ratio – CRAR) on an ongoing basis.
The Second Accord brought in significant changes in risk management in banks. The Basel II accord introduced a new approach based on the three pillars:
Pillar I: Minimum Capital Requirements: The minimum capital requirement should be calculated based on three risks viz.,
(a) Credit Risk:
- Standardized Approach
- Internal Ratings Based Approach
(b) Operational Risk and
(c) Market Risk.
Pillar II: Supervisory Review Process: This pillar addresses the issues like the key aspects of supervisory review, risk management guidance and transparency and accountability. It also covers the treatment of interest rate risk in the banking book, credit risk (stress testing, credit concentration risk etc.) operational risk, enhanced cross border risks.
Pillar III – Market Discipline: As part of an effective risk management, banks are expected to disclose important information. Such market discipline can contribute to a safe and sound banking environment.
These disclosures would assist various stakeholders to review and understand the status of the banks’ operations and strategies in a competitive business December 31, 2016s environment. These disclosures would assist the investors to make their investment decisions.
Disaster recovery management plan (DRMP) and business continuity plan (BCP) are two important areas to mitigate the information technology risks in the banks. Explain. (June 2015, 10 marks)
(A) Disaster Recovery Management Plan (DRMP): In a fully computerized bank branch, DRMP has acquired high importance. DRMP deals with the emergency action which the branch will take to deal with a situation of disaster. It covers three steps of action when a disaster strikes, viz.
(a) Confronting the disaster by a Emergency Plan.
(b) Procurement of required materials through a Back-up Plan; and
(c) To restore the office normalcy for speeding up commencement of normal business transactions.
(B) Business Continuity Plan (BCP): Business Continuity Plan relates to resuming, maintaining and recovering business activity in the event of disruptions, disasters and calamities. The plan should accomplish the following objectives:
(a) Provide for the safety and well-being of people on the premises at the time of disaster
(b) Continue critical business operations
(c) Minimize the duration of a serious disruption to operations and resources (both information processing and other resources)
(d) Minimize immediate damage and losses
(e) Establish management succession and emergency powers
(f) Facilitate effective co-ordination of recovery tasks
(g) Reduce the complexity of the recovery efforts
(h) Identify critical lines of business and supporting functions
Comment on the following:
The BASEL III accord deals in capital adequacy norms to be fulfilled by banks. (Dec 2016, 2 marks)
True: The BASEL III regulations based on three-mutually reinforcing Pillars viz. minimum capital requirements, supervisory review of capital adequacy and market discipline of BASEL II.
Explain in brief five risks associated with payment systems. (June 2017, 5 marks)
The risks associated with the payment systems can broadly be classified under the following heads, viz.,
- Credit Risk;
- Liquidity Risk;
- Operational Risk;
- Legal Risk; and
- Systemic Risk.
The circumstances under which these risks arise are as under:
|1.||Credit Risk||Failure by a party to meet the financial obligations|
|2.||Liquidity Risk||A party in the system fails to pay on account of insufficient funds|
|3.||Operational Risk||A risk which can arise on account of human error, system failure, frauds, etc.|
|4.||Legal Risk||Non-compliance of legal or regulatory framework can create a legal risk|
|5.||Systemic Risk||It can have a chain effect into the system due to the default of one of the parties.|
Answer the following questions in brief:
‘Cross Border Risk’ and ‘Currency Risk’ in relation to international banking business. (Dec 2017, 3 marks)
‘Cross Border Risk’ and ‘Currency Risk’
Cross Border Risk: The Cross border risk arises on account of trade and investment activities between two or more countries. This is one of the major risks the international banks face. This type of risk also called as country risk.
Currency Risk: When an international trade and / or financial transaction take place, it would result in a currency deal. In view of the additional deal (involvement of foreign currency) a new risk arises called currency risk. Two or more than two currencies (in case of cross rates) are involved and due to the market fluctuations the exchange rate (price) of the currencies results in a risk called “foreign exchange risk” as well.
Narrate the Preventative Controls and Detective Controls to handle IT related issues and risks in Banks. (Dec 2017, 2 marks)
Preventative Controls and Detective Controls Preventative Controls: This type of control stops errors or irregularities. Preventative controls are designed to keep errors or irregularities from occurring in the first place. They are built into internal control systems and require a major effort in the initial design and implementation stages. Good design/screen layout reduces or stops the errors at the time of coding data or entering data from source document.
Detective Controls: Detective controls are practices, procedures and tool that are intended to uncover the existence of errors, inaccuracies, fraud that has already occurred. Identification of errors or irregularities happens after they occur. For example: An input validation program identifies data input errors.
Management of credit risk in a bank will require alertness on the part of staff at all the stages of credit delivery. Explain various steps for efficient management of credit risks. (Dec 2018, 5 marks)
Key issue in managing credit risk is to apply a consistent evaluation and rating system of all investment opportunities. Prudential limits need to be laid down on various aspects of credit viz., benchmarking current ratio, debt- equity ratio, profitability ratio, debt service coverage ratio, concentration limits for group/single borrower, maximum exposure limits to industries, and provision for flexibilities to allow variation for very special features. Credit rating may be single point indicator of diverse risk factors. Management of credit risk in a bank will require alertness on the part of staff at all the stages of credit delivery and monitoring process:
Appraisal Stage: In addition to following the prescribed guidelines of the bank, the important point is the appraisal of the man behind the project. For this, no rules can be prescribed or formula can be given.
- Whether the branch has its own network for obtaining reliable information about present and prospective borrowers through some well-known sources like local organizations, lead bank offices, other customers etc.
- Whether the credit officers keep an eye on local newspapers for keeping track on some developments in some units/industries etc.
- Whether marketability of the product is assured beyond reasonable doubt.
- Whether while processing the proposals, a list of all the important reference made by the borrowers is kept on record.
- Whether a small map of the location of the unit, residence of the borrowers/ guarantors are kept on record.
- Whether the branch ensures creation of assets and whether the disbursement is made in stages and checked at every stage, wherever possible.
- Whether the payments are directly made to the dealers.
- Whether the branch ensures long term availability of the business premises, wherever business premises are on rent.
View / Renewal
- Whether the branch considers renewal as a ritual or uses the opportunity to review its credit decision.
- Whether proper follow-up for obtaining financial information is started in time and borrowers are properly educated in this regard.
Asset Verification / Inspection / Visits : This is most important aspect of monitoring a borrowers’ account. If done regularly, it gives an opportunity to interact will the borrowers and must be used to ascertain the problems that the unit is facing/like to face. Remedial steps should be initiated at the earliest. If an eye is kept on the activities of the borrower, there is no reason as to why the account can’t be kept healthy.
(a) State in brief the factors attributing to the increased importance of credit risk modelling in the banks. (June 2019) (4 marks)
(b) Explain the various types of ‘Market Risk’ involved in banking business. Differentiate between ‘Counter Party Risk’ and ‘Country Risk’. (8 marks)
(a) The increasing importance of credit risk modeling can be attributed to the following three factors:
- Banks are becoming increasingly quantitative in their treatment of credit risk.
- New markets are emerging in credit derivatives and the marketability of existing loans is increasing through securitization/loan sales market.
- Regulators are concerned to improve the current system of bank capital requirements especially as it relates to credit risk.
Credit Risk Models have assumed importance due to the fact that they provide the decision maker with insight or knowledge that would not otherwise be readily available or that could be obtained at a high cost. In a marketplace where margins are fast disappearing and the pressure to lower pricing the credit risk models give their users a competitive edge.
(b) Types of Market Risk involved in banking business are as under: Interest rate risk : Interest rate risk is the probability that variations in the interest rates will have a negative influence on the quality of a given financial instrument or portfolio, as well as on the institution’s condition as a whole. The risk affects the Net Interest Margin(NIM).
Currency risk: Currency risk is the risk where the fair value or future cash flows of a given financial instrument fluctuate as a result from changes in the currency exchange rates.
Price risk: Price risk occurs when the fair value or future cash flows of capital and debt financial instruments (stock, bonds, indexes and derivatives connected with them) fluctuate as a result from market prices’ changes, no matter whether these changes are caused by factors typical for individual instruments or for their issuer(counterparty), or by factors related to all the instruments traded on the market. It arises if investment is sold prematurely.
Default or Credit Risk: Credit risk is more simply defined as the potential of a bank borrower or counterparty to fail to meet its obligations in accordance with the agreed terms. For most banks, loans are the largest and most obvious source of credit risk. It is the most significant risk, more so in the Indian scenario where the NPA level of the banking system is significantly high. It is prevalent in case of loans.
Operational Risk: It arises due to failed internal processes, people or system or from external events like, frauds, incompetency of staff, faulty documentation, non-compliance etc.
Strategic Risk: This risk arises due to adverse business decisions, improper implementation of decisions.
Counterparty Risk and Country Risk
Counterparty Risk: This is a variant of Credit risk and is related to non-performance of the trading partners due to counterparty’s refusal and or inability to perform. The counterparty risk is generally viewed as a transient financial risk associated with trading rather than standard credit risk.
Country Risk: This is also a type of credit risk where non-performance of a borrower or counterparty arises due to constraints or restrictions imposed by a country. Here, the reason of non-performance is external factors on which the borrower or the counterparty has no control.
Explain the following features of the Basel-Ill accord :
(i) Minimum Total Regulatory Capital Requirement
(ii) Counter Cyclical Buffer
(iii) Leverage Ratio. (June 2019, 6 marks)
(i) Minimum Total Regulatory Capital Requirement: Under revised guidelines (BASEL III) minimum total regulatory capital will consist of the sum of the following categories:
(a) Tier 1 Capital (going-concern capital)
- Common Equity Tier 1 capital
- Additional Tier 1 capital
(b) Tier 2 Capital (going-concern capital)
As of 2019, under Basel III, a bank’s tier 1 and tier 2 capital must be at least 8% of its risk-weighted assets.
(ii) Counter Cyclical Buffer: As per Basel III norms regulators of banks of the countries are also responsible for regulating credit volume in their national economies. If credit growth is rapidly expanding than GDP growth, bank regulators can increase their capital requirements with the help of the Countercyclical Buffer to curb the excessive credit growth.
The counter cyclical buffer suggested varies between 0% – 2.5% and it is meant to restrict excess credit growth which may turn out to be counter – productive. The aim of the Countercyclical Capital Buffer(CCCB) regime is two fold. Firstly, it requires banks to build up a buffer of capital in good times which may be used to maintain flow of credit to the real sector in difficult times.
Secondly, it achieves the broader macro-prudential goal of restricting the banking sector from indiscriminate lending in the periods of excess credit growth that have often been associated with the building up of system-wide risk.
(iii) Leverage Ratio: It is defined as Ratio of Tier 1 Capital to Total Assets, According to Basel III this ratio should be a minimum of at least 3% even where there is no risk weighting. According to Basel III rules BCBS agreed to test minimum Tier 1 leverage ratio of 3% during the parallel run period by 2017.
This was also made applicable for banks in India. During the period of parallel run, banks should strive to maintain their existing level of leverage ratio but, in no case the leverage ratio should fall below 4.5%. A bank whose leverage ratio is below 4.5% may endeavour to bring it above 4.5% as early as possible. According to the data released by RBI, most of the banks are maintaining leverage ratio of over 4.5%. (The ratio is calculated on quarterly basis).
“For a successful implementation of an effective Credit Risk Management System, in banks, a sound organizational structure is a pre-requisite”. In this regard, briefly explain the recent RBI guidelines to Banks on appointing Chief Risk Officer (CRO). (Dec 2019, 6 marks)
As part of Risk Management, banks are required, inter-alia, to have a system of separation of credit risk management function from the credit sanctioning process. As banks follow diverse practices in this regard, to bring uniformity in approach followed by banks and to align the risk management system with the best practices, banks are advised as under:
(a) Each bank to lay down a Board-approved policy clearly defining the role and responsibilities of the Chief Risk Officer (CRO).
(b) Appointment of the CRO shall be for a fixed tenure with the approval of the Board of Directors. The CRO may be transferred / removed from his post before completion of the tenure only with the approval of the Board and such premature transfer/removal shall be reported to the Department of Banking Supervision, Reserve Bank of India (RBI), Mumbai. In case of listed banks, any change in incumbency of CRO shall be reported to the stock exchanges also.
(c) CRO should be a senior official in the banks’ hierarchy and shall have the necessary and adequate professional qualification / experience in the areas of risk management.
(d) The CRO shall have direct reporting lines to the Managing Director (MD) & CEO/ Risk Management Committee (RMC) of the Board. If the CRO reports to the MD & Chief Executive Officer (CEO), the RMC shall meet the CRO on one to-one basis, without the presence of the MD & CEO, at least every quarter.
(e) The CRO not to have any reporting relationship with the business verticals of the bank and not be given any business targets.
(f) In case the CRO is associated with the credit sanction process, it has to be clearly spelt out whether the CRO’s role would be that of an adviser or a decision maker. The policy to include the necessary safeguards to ensure the independence of the CRO.
(g) In banks that follow committee approach in credit sanction process for high value proposals, if the CRO is one of the decision makers in the credit sanction process, he shall have voting power and all members who are part of the credit sanction process, shall individually and severally be liable for all the aspects, including risk perspective related to the credit proposal. If the CRO is not a part of the credit sanction process, his role will be limited to that of an adviser.
(h) In banks which do not follow committee approach for sanction of high value credits, the CRO can only be an adviser in the sanction process and with no sanctioning power.
(i) The CRO in his role as an adviser shall be an invitee to the credit sanction / approval committee without any voting rights in the proceedings of the committee.
(j) There shall not be any ‘dual hatting’ i.e. the CRO shall not be given the responsibility of Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief of the internal audit function or any other function.
Explain the Composition of Regulatory Capital. What is the minimum regulatory capital requirement for Banks in India as per Basel III Accord ? (Dec 2019, 6 marks)
Composition of Regulatory Capital
Banks are required to maintain a minimum Pillar 1 Capital to Risk-weighted Assets Ratio (CRAR) of 9% on an on-going basis (other than capital conservation buffer and countercyclical capital buffer etc.). The Reserve Bank will take into account the relevant risk factors and the internal capital adequacy assessments of each bank to ensure that the capital held by a bank is commensurate with the bank’s overall risk profile.
This would include, among others, the effectiveness of the bank’s risk management systems in identifying, assessing / measuring, monitoring and managing various risks including interest rate risk in the banking book, liquidity risk, concentration risk and residual risk. Accordingly, the Reserve Bank will consider prescribing a higher level of minimum capital ratio for each bank under the Pillar 2 framework on the basis of their respective risk profiles and their risk management systems. Further, in terms of the Pillar 2 requirements, banks are expected to operate at a level well above the minimum requirement.
*RWA = Risk Weighted Assets
#CRAR = Capital to Risk Weighted Asset Ratio
Components of Capital
Total regulatory capital consists of the sum of the following categories:
- Tier 1 Capital (going-concern capital)
(a) Common Equity Tier-i
(b) Additional Tier
- Tier 2 Capital (gone-concern capital)
Minimum regulatory capital requirement for Banks ¡n India as per Basel III Accord:
With full implementation of capital ratios and Capital Conservation Buffer (CCB) the capital requirements are summarised as follows:
|Regulatory Capital||As % to RWAs|
|(i) Minimum Common Equity Tier 1 Ratio||5.5|
|(ii) Capital Conservation Buffer (comprised of Common Equity)||2.5|
|(iii) Minimum Common Equity Tier 1 Ratio plus Capital Conservation Buffer [(i) + (ii)]||8.0|
|(iv) Additional Tier 1 Capital||1.5|
|(v) Minimum Tier 1 Capital Ratio [(i) + (iv)]||7.0|
|(vi) Tier 2 Capital||2.0|
|(vii) Minimum Total Capital Ratio (MTC) [(v) + (vi)]||9.0|
|(viii) Minimum Total Capital Ratio plus Capital Conservation Buffer [(vii) + (ii)]||11.5|
What is an Operational Risk? Explain type of Operational Risk which having the potential to result in substantial losses. (Dec 2020, 6 marks)
It is the risk of loss resulting from inadequate or failed internal processes of an organisation, in human actions, systems or due to external events. Problems related to operation risks arise because of inadequate attention given to the processes and systems, or because people fail in their performance, or their functions are poorly defined.
Operational risks are difficult to define because of the broad spectrum or potential loss events, it covers. According to the segment where the company acts, this may be subject to various operational risks inherent to the business. Operational risks varies from one business to another depending upon the segment in which it operates.
Operational risk has been defined by the Basel Committee on Banking Supervision as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. It includes legal risk, but excludes strategic and reputational risk.
Operational risk identifies why a loss happened and at the broadest level includes the breakdown by four causes i.e. People, Processes, Systems and External factors.
The Basel Committee has identified the following types of operational risk events as having results in substantial losses:
- Internal Fraud. Examples: employee theft etc.
- External Fraud. Examples: robbery, forgery etc.
- Employment practices and workplace safety. Examples: violation of employee health and safety rules.
- Clients, products and business practices. Examples: misuse of confidential customer information, Fiduciary breaches etc.
- Damage to physical assets. Examples: Vandalism by disgruntled employees, Earthquakes, Fires and floods etc.
- Business disruption and system failure. Examples: Computer hardware and software failures etc.
- Execution, delivery and process management. Examples: incomplete legal documentation.
What is Operational Risk? Explain the types of Operational Risk as identified by Basel Committee. (Dec 2021, 3 marks)
Operational risk has been defined by the Basel Committee on Banking Supervision as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition is based on the underlying causes of operational risk. It seeks to identify why a loss happened and at the broadest level includes the breakdown by four causes: people, processes, systems and external factors.
The Basel Committee has identified the following types of operational risk events as having the potential to result in substantial losses:
- Internal fraud : For example, intentional misreporting of positions, employee theft, and insider trading on an employee’s own account.
- External fraud : For example, robbery, forgery, cheque kiting, and damage from computer hacking.
- Employment practices and workplace safety : For example, workers compensation claims, violation of employee health and safety rules, organized labour activities, discrimination claims, and general liability.
- Clients, products and business practices : For example, fiduciary breaches, misuse of confidential customer information, improper trading activities on the bank’s account, money laundering, and sale of unauthorized products.
- Damage to physical assets: For example, terrorism, vandalism, earthquakes, fires and floods.
- Business disruption and system failures: For example, hardware and software failures, telecommunication problems, and utility outages.
- Execution, delivery and process management: For example: data entry errors, collateral management failures, incomplete legal documentation, and unauthorized access given to client accounts, non-client counterparty mis- performance, and vendor disputes etc.
(a) In what forms the credit risk arises for banks?
(b) Why is there increasing importance of credit risk modelling?
(c) In the measurement of Credit Risk, models may be classified into three different dimensions. What are such dimensions? (June 2022, 4 marks each)