["450 frauds and the action taken should be placed before the SCBF and intimated to the RBI at quarterly intervals. b)\t All fraud cases are grouped into vigilance and non-vigilance. Only vigilance cases should be referred to the investigative authorities. Non-vigilance cases may be investigated and dealt with at the bank level within a period of six months. In cases involving very senior executives of the bank, the Board\/ ACB\/ SCBF may initiate staff accountability process. Staff accountability process should not be held up for the case being filed with law enforcement agencies. Both the criminal action and domestic enquiry should be conducted simultaneously. Filing Complaints with Law Enforcement Agencies Banks should lodge complaint with the law enforcement agencies immediately on detection of fraud. Banks should have a nodal point\/ officer for filing all complaints with the CBI on behalf of the bank and serve as the single point for coordination and redressal of infirmities in the complaints. The complaint lodged by the bank should be vetted by a legal officer. For complaints of cheating, misappropriation of funds, diversion of funds etc., by borrowers, the account should be classified as frauds and reported to RBI. Penal measures for fraudulent borrowers The penal provisions as applicable to wilful defaulters would apply to the fraudulent borrower including the promoter director(s) and other whole time directors of the company in so far as raising of funds from the banking system or from the capital markets. Borrowers who have defaulted and have also committed a fraud in the account would be debarred from availing bank finance from Scheduled Commercial Banks, Development Financial Institutions, Government owned NBFCs, Investment Institutions, etc., for a period of five years from the date of full payment of the defrauded amount. After this period, it is for individual institutions to take a call on whether to lend to such a borrower. The penal provisions would apply to non-whole time directors (like nominee directors and independent directors) only in rarest of cases based on conclusive proof of their complicity. No restructuring or grant of additional facilities may be made in the case of RFA or fraud accounts. No compromise settlement involving a fraudulent borrower is allowed unless the conditions stipulate that the criminal complaint will be continued. Third parties such as builders, warehouse\/cold storage owners, motor vehicle\/tractor dealers, travel agents, etc. and professionals such as architects, valuers, chartered accountants, advocates, etc. are also to be held accountable if they have played a vital role in credit sanction\/disbursement or facilitated the perpetration of frauds. The details of such third parties involved in frauds, should be reported to Indian Banks\u2019 Association (IBA). In this regard the normal procedures and the processes of notice and personal hearing be adopted. IBA would prepare caution lists of such third parties for circulation among the banks. Legal Audit of Title Documents in respect of Large Value Loan Accounts","451 The title deeds and other documents in respect of all credit exposures of `5 crore and above should be subject to periodic legal audit; and re-verification of title deeds with relevant authorities as part of regular audit exercise till the loan stands fully repaid. A review note should be submitted to their Board\/Audit Committee of the Board at quarterly intervals in respect of such legal audits. 10.4 SALE OF FINANCIAL ASSETS OF DOUBTFUL STANDARD\/ FRAUDULENT \t ORIGIN TO ASSET RECONSTRUCTION COMPANY (ARC) Banks should ensure that while packaging and selling performing or non-performing assets, it is properly ascertained that the pool of assets being sold does not contain any loan originated fraudulently or has been classified as fraud as on the date of sale. 10.5 REPORTING CASES OF THEFT, BURGLARY, DACOITY AND BANK \t ROBBERIES Banks should arrange to report by fax\/e-mail instances of bank robberies, dacoities, thefts and burglaries to the following authorities immediately on their occurrence. \uf0ae\t Centralised Fraud Monitoring Cell (CFMC), RBI; Regional Office of Department of Banking Supervision (DBS) \/ Senior Supervisory Manager (SSM)\/ Small Bank Monitoring Division (SBMD); Security Adviser, Central Security Cell, RBI; Ministry of Finance, Department of Financial Services Government of India. The report should include relevant particulars and details of such events. Banks should also submit a quarterly Return on such events to RBI electronically in XBRL system covering all cases during the quarter, within 15 days of the end of the quarter. 10.6 INTERNAL VIGILANCE IN BANKS For public sector banks the guidelines issued by the Central Vigilance Commission require them to appoint a Chief Vigilance Officer. This is aimed at the internal vigilance functions in the public sector banks are addressed through a set of predetermined and structured procedures to ensure comprehensive treatment and transparency. A set of guidelines have been prescribed by RBI for having broadly common approach in all banks. Vigilance promotes clean business transactions, professionalism, productivity, promptness and transparent practices. It includes putting in place systems and procedures to curb opportunities for corruption. The guidelines aim at structuring efficient and effective vigilance system in banks in the larger interest of all concerned stakeholders. Anti-corruption Agencies: The disciplinary authority of the bank has the overall responsibility of looking into the acts of misconduct alleged against, or committed by, the employees, and to take appropriate punitive action. It is also required to take appropriate preventive measures so as to prevent","452 commission of misconducts\/ malpractices by the employees. A designated officer (Chief Vigilance Officer (CVO) in public sector banks and Chief of Internal Vigilance (CIV) in private sector banks) acts as a Special Assistant\/Advisor to the CEO in the discharge of these functions. He also acts as a liaison officer between the bank and the Police\/ SFIO\/ other law enforcement authorities. The CVO also acts as a link between the Central Vigilance Commission. In public sector banks an internal advisory committee of three members, is set up to scrutinize the complaints received in the bank and also the cases arising out of inspections and audit etc; and determine involvement of vigilance angle, or otherwise, in such transactions. Vigilance functions are wide ranging and include \u2013 Collecting intelligence about the corrupt practices committed by the employees; investigating into verifiable allegations reported to him; processing investigation reports for further consideration of the disciplinary authority concerned; referring the matters to the CEO; taking steps to prevent commission of improper practices\/misconducts, etc. In case of public sector banks, vigilance matters are referred to the Central Vigilance Commissioon, as required. Vigilance function can broadly be divided into three parts \u2013 (i) Preventive vigilance; (ii) Punitive vigilance; and (iii) Surveillance and detection. Acts with Vigilance Angle 1)\t Vigilance angle is obvious in the following acts a)\t Demanding and\/or accepting gratification other than legal remuneration in respect of an official act or for using his influence with any other official. b)\t Obtaining valuable thing, without consideration or with inadequate consideration from a person with whom he has or is likely to have official dealings or his subordinates have official dealings or where he can exert influence. c)\t Obtaining for himself or for any other person any valuable thing or pecuniary advantage by corrupt or illegal means or by abusing his position as an employee. d)\t Possession of assets disproportionate to his known sources of income. e)\t Cases of misappropriation, forgery or cheating or other similar criminal offences. 2)\t For certain other acts like those stated below, the disciplinary authority and the CIV need to weigh the circumstances and conclude whether it is reasonable to doubt the integrity of the officer concerned - (i) Gross or wilful negligence; (ii) Recklessness in decision making; (iii) Blatant violations of systems and procedures; (iv) Exercise of discretion in excess, where no ostensible organizational interest is evident; (v) Failure to keep the controlling authority\/ superiors informed in time. Preventive Vigilance Measures:","453 (i)\t Study of existing procedure and practices with a view to modifying those which provide a scope for corruption. (ii)\t Review the regulatory functions to see whether these are strictly necessary, and whether the manner of discharge and exercise of powers are capable of improvement. (iii)\t Devise adequate methods of control over exercise of discretion so that these are not exercised arbitrarily but in a transparent and fair manner; (iv)\t Identify the areas prone to corruption and that the officers of proven integrity are posted in those. Staff rotation and mandatory leave: The banks should identify sensitive positions and frame Board approved internal policy for rotation of staff in general and in respect of sensitive desks in particular. The policy should also include the minimum period for staff rotation and mandatory leave for the staff at all levels, including the CEO. Complaints: Information about corruption, malpractice or misconduct on the part of employees, from any source, is termed as a complaint. These may flow to the administrative authority\/ the Police\/ SFIO\/ RBI from any of the following sources: (a) From employees or the public; (b) Inspection reports and stock verification surveys; (c) Annual property statements; (d) Transactions reported under the Conduct Rules; (e) Irregularities detected in the routine audit of accounts; e.g. tampering with records, over-payments, misappropriation of money or materials etc.; (f) Audit reports; (g) Complaints and allegations in the press etc.; and (h) Intelligence gathered by agencies like CBI, local bodies etc. Anonymous\/ pseudonymous complaints received by the CIV may be dealt with on merit. Investigation agency for conducting investigations: It will be necessary to decide whether the allegations should be inquired into departmentally or whether a police investigation is necessary. This will also be determined based on the norms stipulated for fraud cases. Review of cases entrusted to Police\/ SFIO: A case registered by the Police should normally not be reviewed administratively. If reviewed for specific reasons, the police should be associated. Action against persons making false complaints: If a complaint against an employee is found to be malicious, vexatious or unfounded, action against the complainant should be examined.","454 10.7 LET US SUM UP CEO, Audit Committee of the Board and the Special Committee of the Board responsible for fraud risk management, fraud monitoring and fraud investigation function. Frauds have been classified based mainly on the provisions of the Indian Penal Code. Fraud Monitoring Return (FMR) is submitted for individual fraud cases. All frauds of `1.00 lakh and above should be reported to the Board promptly on detection. Frauds are required to be reported to Police. CBI as per the norms of RBI based on the amount involved (of `10000 and above). Framework for loan related frauds has been laid down to direct the focus of banks on the following aspects - relating to prevention, early detection, and prompt reporting to RBI and investigating agencies, and timely initiation of staff accountability proceedings. Risk Management Group should scrutinize at pre-sanction stage itself. Employees should be encouraged to report fraudulent activity in an account. Banks must initiate and complete staff accountability exercise within six months from the date of classification as a Fraud. Banks should subject the title deeds and other documents in respect of all credit exposures of `5 crore and above to periodic legal audit and re-verification of title deeds with relevant authorities as part of regular audit exercise till the loan stands fully repaid. Banks should arrange to report by fax\/e-mail instances of bank robberies, dacoities, thefts and burglaries to the following authorities immediately on their occurrence. An officer of suitable seniority to be designated as Chief of Internal Vigilance (CIV). CIV\u2019s functions can broadly be divided into three parts \u2013 (i) Preventive vigilance; (ii) Punitive vigilance; and (iii) Surveillance and detection. Vigilance angle is obvious in certain acts, while in certain other acts one has to weigh the circumstances to arrive at a conclusion. 10.8 KEYWORDS Fraud Monitoring Return (FMR) Returns; Central Fraud Registry (CFR); Early Warning Signals (EWS); Red Flagged Accounts (RFA); Fraud Monitoring Group (FMG) Risk Management Group (RMG); Chief Vigilance Officer; VigilanceAngle; Preventive Vigilance; 10.9 CHECK YOUR PROGRESS 1)\t Quarterly Review of Frauds is submitted to the -----. a)\t Board of Directors b)\t Risk management Committee of the Board c)\t Special Committee of the Board on Frauds d)\t Audit Committee of the Board 2)\t Banks should submit a copy each of the Quarterly Report on Frauds Outstanding in the format given in ___ to the Regional Office of Urban Banks Department of the Reserve","455 Bank of India under whose jurisdiction the Head Office of the bank falls within 15 days of the end of the quarter to which it relates. a)\tFMR b)\t FMR 1 c)\t FMR 2 d)\t FMR 4 3)\t The threshold value for application of early warning signals and red flagged accounts is exposure of ----- or more. a)\t ` 500 million b)\t ` 100 million c)\t ` 250 million d)\t ` 50 million 4)\t The tenure of Chief of Internal Vigilance is ----- years. a)\t5 b)\t6 c)\t3 d)\t1 10.10 KEY TO \u2018CHECK YOUR PROGRESS\u2019 1 (d); 2 (a); 3 (a); 4 (c) References: 1)\t RBI Master Directions on Frauds \u2013 Classification and Reporting by commercial banks and select FIs dated July 1, 2016 (https:\/\/www.rbi.org.in\/Scripts\/BS_ ViewMasDirections.aspx?id=10477) 2)\t RBI Circular DBS .CO.FrMC .BC.No.9\/23.04.001\/2010-11 dated May 26, 2011 on Internal Vigilance in Private Sector\/foreign Banks. (https:\/\/rbi.org.in\/scripts\/ NotificationUser.aspx?Mode=0&Id=6448) 3)\t RBI Circular CO.DPSS.OVRST.No.S1619\/06-08-005\/2022-2023 dated December 26, 2022 on Central Payments Fraud Information Registry \u2013 Migration of Reporting to DAKSH. (https:\/\/rbi.org.in\/scripts\/NotificationUser.aspx?Mode=0&Id=12431) 4)\t CVC Office Order No. 24\/4\/04 dated 15thApril, 2004 on Vigilance angle - Determination in Banking Sector. (https:\/\/www.cvc.gov.in\/sites\/default\/files\/oo240404.pdf)","456 CHAPTER 11 CASE STUDIES STRUCTURE 11.1 \tCase Studies on Income Recognition and Asset Classification 11.2\tCase Studies on KYC\/AML 11.3\tCase Studies on FEMA 11.4\tSolutions to Case Studies 11.1 CASE STUDIES ON INCOME RECOGNITIONANDASSETCLASSIFICATION Case I: Dhanwan Bank Ltd. \u2013 Asset Classification You are examining following three borrower accounts for their asset classification status. Please list your observations and suggest further actions to be taken by the bank. (a)\t Cash credit account of XYZ Ltd. (i)\t Outstanding as at 25\/6\/2023 - `5,25,550\/- (ii)\t Drawing Power - `7,00,550\/- (Stock Statement Date \u2013 28\/2\/2023) (iii)\t Transactions during 1\/4\/2023 and 25\/6\/2023 (iv)\t Debit Summations - `2,75,000\/- (Of which \u2013 Interest - `7,250\/- (v)\t Credit Summations - Nil\u2013 (vi)\t Asset classification: Standard (b)\t Term loan account of ABC Ltd. for purchase of 6 trucks. (i)\t Disbursed on 1st January 2020 (ii)\t Outstanding as at 25\/6\/2023 - `61,00,000\/- (iii)\t Drawing Power - `60,00,000\/- (Based on repayment schedule) (iv)\t Repayment: Monthly instalments (v)\t Security: Hypothecation of the trucks purchased. (vi)\t Market Value of security: `28,00,000\/- (vii)\tSecurity condition: Four trucks destroyed in fire and accidents. 2 trucks operational. (viii)\tAsset Classification: Standard (c)\t Demand Loan of Mr. PQR against security of Life Insurance Policy (i)\t Disbursed on 1st January 2020","457 (ii)\t Outstanding as at 25\/6\/2023 - `8,00,000\/- (iii)\t Drawing Power - `1,60,000\/- (Based on repayment schedule) (iv)\t Sanctioned Limit - `10,00,000\/- (v)\t Repayment: Monthly instalments (vi)\t Security: Life Insurance Policy. (vii)\tSurrender Value of Policy: `15,00,000\/- (viii)\tAsset Classification: Doubtful Case II: Aishwarya Bank Ltd. \u2013 Income on NPAs You are examining interest earned on the following two accounts during June 2023. Please list your observations and suggest further actions to be taken by the bank. (a)\t Cash credit account of XYZ Ltd. (i)\t Outstanding as at 5\/7\/2023 - `5,50,200\/- (ii)\t Drawing Power - `3,50,000\/- (Since 5\/3\/2023) (Last Stock Statement Date \u2013 30\/6\/2023) (iii)\t Transactions during 1\/4\/2023 and 5\/7\/2023 (iv)\t Debit Summations - `2,75,000\/- (v)\t Credit Summations - `50,000\/- (During April 2023) (vi)\t Interest Debited: `9,000\/- (`2900\/- + `3,000 + `3100) (vii)\tAsset classification: Sub-Standard (Since 2\/6\/2023) (b)\t Demand Loan of Mr. PQR against security of Life Insurance Policy (i)\t Disbursed on 1st January 2020 (ii)\t Outstanding as at 5\/7\/2023 - `5,00,000\/- (iii)\t Drawing Power - `2,60,000\/- (Based on repayment schedule) (iv)\t Sanctioned Limit - `8,00,000\/- (v)\t Repayment: Monthly instalments (vi)\t Security: Life Insurance Policy. (vii)\tSurrender Value of Policy: `12,00,000\/- (viii)\tCredit Summations - `50,000\/- (During April 2023) (ix)\t Interest Debited: `10,100\/- (`5300\/- + `4,800)","458 (x)\t Interest for June 2023 (not debited): `4900 (xi)\t Asset Classification: Doubtful (Since 2\/6\/2023) 11.2 CASE STUDIES ON KYC\/AML Case I: Hoshiyar Bank Ltd. \u2013 KYC Documentation Your Corporate Banking Team has sanctioned a cash credit limit of `100 crore to DEF Ltd. As a part of disbursement procedure, you are required to complete the KYC documentation for the company. Following information is available regarding DEF Ltd.: (i)\t Directors: Mr. X, Mr. Y, Mr. S, Mrs. W, and Mrs. Z (ii)\t MD & CEO: Mr. X (iii)\t Authorised Signatories: Mr. X (MD), Mr. H (CFO), Mrs. J (COO) (Any two of the three). (iv)\t Shareholders: Mr. X (5%), Mrs. Z (3%), Mrs. B (3%), LMN Ltd. (44%), RST Ltd. (45%) (v)\t Shareholders of LMN Ltd. PQR Ltd. and RST Ltd. LMN Ltd. PQR Ltd. RST Ltd. Mr. X (25%), Mr. D Mr. M (5%), Mr. N (3%), Mr. X (15%), Mrs. R (35%), (3%), Mrs. P (3%), Mrs. Mrs. B (3%), Others (89% Mrs. P (2%) Mrs. B (3%), R (25%), Others (44% - - each less than 2%) PQR Ltd. (45%) each less than 2%) (vi)\t Mr. M and Mr. N are brothers. There is a shareholders\u2019 agreement for DEF Ltd. giving the right to Mr. M and Mr. N jointly appoint 3 out of 5 directors. Case II: Bank Beta Ltd. \u2013 TBML - Advance Remittances for Imports You are the Compliance Officer of Bank Beta. Your Bank has been recently penalized for not filing STR in respect of 20 current accounts of private limited companies, through which numerous cross-border remittances were made to Hong Kong and Dubai for imports of different items within a year and a half (June 2021 to November 2022). It transpired that these accounts were opened by a group of persons, who had opened 100 accounts in several banks and totally remitted around `8000\/- crores to several entities in Dubai and Hong Kong as remittances for imports, without actually making any imports over a period of two years (November 2020 to November 2022). Of these, `3500 crores were remitted through the 20 accounts opened with the Bank Beta. These remittances were sent as advance payments for imports of cashew nuts, rice, dates, pulses, etc. The 20 accounts were opened at two different branches (10 each) of Bank Beta in the","459 same city. For each of these accounts two persons were authorized signatories (jointly or severally) out of three persons - Mr. P, Mrs. Q and Mr. R. All these accounts were opened in a span of two weeks. The activity of these companies as per their account opening forms was: (i) In 5 cases: Wholesale garment dealer; (ii) In 4 cases: Import of electronic goods; (iii) In 4 cases: Import of steel and ferrous metals; (iv) In 7 cases: Fabricators and structural engineers For all the remittances made, the customers had provided proforma invoices along with the Requisition Forms. These proforma invoices were from eight different entities having the same addresses (5 at Hong Kong, and 3 at Dubai). All the requisition forms for outward remittances stated the purpose as \u201cAdvance payment for imports\u201d. Besides, the forms had information pertaining to: (i) Name and address of the customer remitting, (ii) Name, address, and bank details of the beneficiary, (iii) Currency and amount of remittance. Customer Relations Team (at the branch) deals with the customer for completion of all compliance and other requirements, including due diligence, for opening the accounts, and thereafter for handling their trade transactions. All outward remittance requests are sent by the Customer Relations Team to the Transactions CPC, along with the relevant documents, with their recommendations on their bonafide and genuineness. Transactions CPC examines the transactions from the Forex regulations perspective and executes the permissible transactions. The bank maintains customer profiles in its core application. For non-individual customers following information is maintained in the system:","460 (i) Name of the entity; (ii) Address of registered office; (iii) Communication address; (iv) Names of Authorised Signatories; (v) Mode of operations; (vi) Expected annual turnover; (vii) Expected average balance. Please discuss this case for the following purposes: (i) To identify the deficiencies that could have contributed to Beta Bank being put in this embarrassing position. (ii) To suggest improvements in the context of Trade Transactions pertaining to (a) Customer Profiles in the Application, (b) Forex Remittance Requisition Form, (c) Functioning of Customer Relations Team, and (d) Functioning of Transactions CPC Team. 11.3 CASE STUDIES ON FEMA Case I: Delta Bank Ltd. \u2013 External Commercial Borrowing XYZ Ltd., a pharmaceutical manufactuting company, enjoys credit facilities with your bank. The company has approached your bank for handling their transaction for procuring investment from Germany and UAE as detailed below. (a)\t From Germany: (i)\t Amount: Euro 10 million (ii)\t Lender: A French bank (iii)\t Instrument: Floating Rate Notes (iv)\t Average Maturity Period: 15 months (v)\t Interest Rate: Benchmark rate plus 350 bps (vi)\t End-use: For import of capital equipment from Germany (vii)\tAny other ECB borrowings\/ outstanding: Nil (viii)\tECB liability \u2013 Equity ratio: 8:1 (ix)\t Other aspects: (1)\t The company has requested for a bank guarantee from your bank for the proposed ECB. (2)\t Out of Euro 10 million \u2013 Euro 2.5 million will be immediately paid as advance to the German Manufacturer, and the balance amount will be invested in a Certificate of Deposits with S&P rating of (A-) for 3 months. (b)\t From UAE (i)\t Amount: Euro 5 million","461 (ii)\t Lender: A UAE bank (iii)\t Instrument: Floating Rate Notes (iv)\t Average Maturity Period: 60 months (v)\t Interest Rate: Benchmark rate plus 400 bps (vi)\t End-use: For repayment of rupee loans (vii)\tAny other ECB borrowings\/ outstanding: Nil (viii)\tECB liability \u2013 Equity ratio: 8.5:1 (ix)\t Other aspects: (i)\t The company has requested for a bank guarantee from your bank for the proposed ECB. (ii)\t Out of Euro 5 million \u2013 Euro 1 million will be repatriated to India immediately. The balance amount will be invested in a Certificate of Deposits with S&P rating of (A-) for 3 months. After the expansion of the Indian unit, the balance amount will be repatriated to India. Please state your decision for the two propositions \u2013 stating reasons for the same. Case II: Alpha Bank Ltd. \u2013 Exports Details of two export transactions handled by your bank, along with their current status is given below. What action will you take and why? (a) On 1st April 2023, XYZ Ltd. exported certain medicines billed for $ 500,000 to South Africa. The export documents were sent through your bank. The company has been dealing with your bank for six years, and their dealings have been satisfactory. On the 25th June 2023, the company requested that the amount of invoice be reduced to $ 450,000. This reduction was required because part of the goods in the lot were past their expiry date. He has assured that the reduced value will be received within two weeks of approval for reduced value to be realised. (b) PQR Ltd. has received remittance of $ 300,000 from the United Kingdom, on 1st September 2022 towards export of garments. Till 30th June 2023, the export documents have not been submitted by the exporter company. What course of action will you take? After two months, in September 2023, the customer submits the export documents with a request to send the documents directly to the importer. The billed amount was net of the","462 value of goods less interest on the advance amount received at the Alternate reference Rate, What will you do? 11.4 SOLUTIONS TO CASE STUDIES A. Income Recognition and Asset Classification Case I: Dhanwan Bank Ltd. \u2013 Asset Classification (i)\t Cash credit account of XYZ Ltd. \u25cf\t The account should be classified as Sub-standard asset. \ufffd\t The drawing power is based on the stock statement that is nearly four months old as on 25\/6\/2023. \ufffd\t The interest debited for the months of April 2023 and May 2023 is \u20b97,250\/-, but there are no credits during the period from 1\/4\/2023 to 25\/6\/2023. \u25cf\t The Core Banking System and the System Used for Asset Classification need to be reviewed. \ufffd\t These systems, in conjunction, should check following aspects on daily basis: (1)\t Age of the stock statements and classify an account as per the age of stock statement, ignoring the status based on the outstandings. (2)\t Amount of credits in the account since the date of last interest debit is at least equal to the interest amount. Accounts for which credits are short of the interest amount to be classified as NPA, ignoring the status as per outstandings. (ii)\t Term loan account of ABC Ltd. for purchase of 6 trucks. \u25cf\t The account should be classified as Doubtful asset. \ufffd\t The realisable value of security (i.e. the trucks) has eroded significantly (>50%). \u25cf\t The Core Banking System, Credit monitoring system, and the System Used for Asset Classification need to be reviewed. \ufffd\t These systems, in conjunction, should check following aspects on daily basis: (1)\t Change in the valuation of securities and flag those that cross erosion by 50% or more and then 90% or more, and classify the accounts accordingly ignoring the classification based on the outstandings.","463 (iii)\t Demand Loan of Mr. PQR against security of Life Insurance Policy \u25cf\t The account should be classified as Standard asset. \ufffd\t Loans against the surrender value of life insurance policy remain standard as long as the outstandings are less than the surrender value of life insurance policies. \u25cf\t The Core Banking System, Credit monitoring system, and the System Used for Asset Classification need to be reviewed. \ufffd\t These systems, in conjunction, should check following aspects on daily basis: (1)\t For loans against the surrender value of life insurance policy, the outstandings to be checked with the surrender value of the policy. Only accounts where the surrender value does not cover the outstandigs, should be classified as per the usual norms. Case II: Aishwarya Bank Ltd. \u2013 Income on NPAs (i)\t Cash credit account of XYZ Ltd. \u25cf\t The account became NPA as on 2\/6\/2023, hence only the amount of interest actually realised can be reckoned as income. \ufffd\t During April 2023 certain amounts were credited that would cover the previous interests charged to the account. \ufffd\t Interest amounts debited during April to June 2023 should be debited to the P & L account of the bank. \ufffd\t Future interests (July 2023 and onwards) should be calculated and recorded in a memorandum account, and should not be credited to the P&L account of the bank. \u25cf\t The Core Banking System needs to be reviewed, and following features to be incorporated: \ufffd\t When an account is first classified as NPA the amount of interest debited in the prior period to be compared with the credits received, and the unrecovered amount to be reversed and held in a suspense account. \ufffd\t No interest amount should be debited to NPA accounts and should not be credited to the P&L account of the bank. Instead these should be separately recorded in a manner so that the amount of unrealised interest can be known on ongoing basis in aggregate and also for individual accounts, with chronological details. (ii)\t Demand Loan of Mr. PQR against security of Life Insurance Policy \u25cf\t The interest for June 2023 should have been debited to the demand loan account.","464 \ufffd\t For loans against the surrender value of life insurance policy the interest amount on NPAs can be credited to the P&L account and debited to the loan account, as long as the outstandings are less than the surrender value of life insurance policies. \u25cf\t The Core Banking System, Credit monitoring system, and the System Used for Asset Classification need to be reviewed, for the following aspects: \ufffd\t For loans against the surrender value of life insurance policy, the outstandings to be checked with the surrender value of the policy. For accounts where the surrender value covers the outstandigs, the interest amount should be accounted for as it is done for Standard Accounts. After outstandings exceed the surrender value, the interest should be dealt with as in case of other NPAs. \ufffd\t Also to verify for reversal of unrealised interest when the account first becomes an NPA, whether these are being reversed. B. KYC\/AML Case I: Hoshiyar Bank Ltd. \u2013 KYC Documentation (a)\t Shareholdings of Various Companies Shareholder DEF Ltd. LMN Ltd. PQR Ltd. RST Ltd. Mr. X 5 25 3 15 Mrs. Z 3 3 Mrs. B 3 3 LMN Ltd. 44 3 2 RST Ltd. 45 25 35 Mr. D Mrs. P 100 5 45 Mrs. R 3 100 Mr. M Mr. N 44 89 PQR Ltd. 100 100 Others (b)\t Shareholders\u2019 Total Effective Holdings in DEF Ltd. Shareholder RST Ltd. (XH) RST Ltd. (TH) DEF Ltd. (XH) DEF Ltd. (TH) Mr. X 15 6.75 11.75","465 Mrs. Z Mrs. B 1.35 4.35 1.9575 4.9575 44 LMN Ltd. 0.9 45 15.75 RST Ltd. 1.0125 0.9 0.6075 15.75 Mr. D 20.25 1.0125 18.0225 0.6075 Mrs. P 2 20.25 18.0225 Mrs. R 35 Mr. M 2.25 2.25 Mr. N 1.35 1.35 PQR Ltd. 45 Others 40.05 40.05 XH = Cross Holding; TH = Total Holding (c)\t Beneficial Owners of DEF Ltd. (i)\t Mr. X and Mrs. R (Qualify holding 10%) (ii)\t Mr. M and Mr. N (Acting in concert \u2013 right to appoint majority of the Directors) (d)\t Documents required: (i)\t Related to the Company: (a)\t Memorandum and Articles of Association (b)\t Certificate of Incorporation (c)\t PAN (To be Validated) (d)\t GSTIN (e)\t Board Resolution for availing the credit facility, and opening an account for availing the loan, authorising the officers to operate the said account and also to execute such documents as required. (f)\t Address of Principal Place of Business (if different from the Registered Office) (ii)\t Related to the Authorised Signatories and the Beneficial Owners: (a)\t For following individuals \u2013 Mr. X, Mr. H, Mr. J, Mr. R, Mr. M and Mr. N. (b)\t Any of the OVDs (To be validated \u2013 where possible) (c)\t Address Proof (Alternate, in case the address on the OVD is not current and valid. Case II: Bank Beta Ltd. \u2013 TBML - Advance Remittances for Imports","466 Deficiencies: Improvements: Transaction Diligence (Execution): Forex remittance Requisition Form: -\t Not checked commodities\/ products with -\t Details of the purpose viz. Details of Item activity to be imported, expected date of receipt of -\t Comparison with country trade data goods, -\t Past remittances status -\t Recent imports made in the commodity -\t Diligence on suppliers (Beneficiaries of -\t Beneficiaries \u2013 LEI remittances) -\t Proposed mode of transport (including -\tCommon addresses of various suppliers shipping company, etc.) missed Customer Relations Team: -\t Higher diligence \u2013 for higher risk countries -\t Examining cross-border remittance request not done incisively -\t Same suppliers for several customers not -\t Interact with the customer for getting precise noticed and detailed information -\t Several customers with the same authorized -\t Covering following aspects \u2013 Purpose of signatories not noticed imports, Total quantity imported over the Transaction Monitoring: year, past trend, period of association with -\t RFIs\/ Rules for Trade transactions did not the supplier, how came in contact with the throw alerts customer, etc. -\t Common suppliers related RFI? -\t Details of importing customer\u2019s organization \u2013 number of employees, organization set- -\t Common beneficiaries for several remitters up, etc. related RFI? -\t Market inquiries on the customer, on the -\t Turnover related RFIs? overseas supplier \u2013 whether other buyers -\t Closure of advance remittances made importing from them -\t High Risk countries related RFIs Transactions CPC Team: -\t Scrutiny of alerts generated -\t Examining transactions with past pattern -\t Diligence on beneficiaries of the remittances -\t Transactions pattern in the account -\t Verify for similar transactions in the past Improvements: Customer Profile in System: -\t Thorough scrutiny of documents -\t Verifying with national trade data \u2013 home country and exporting country -\t Activity details -\t Verify for closure of past advance remittance -\t Commodities\/ products (Imports) transactions -\t Commodities\/ products (Exports) -\t Diligence on counterparties -\t Names of Suppliers (with locations) -\t Media checks -\t Names of customers (with locations) -\t Risk categorization -\t Details of BOs -\t Linking similar\/ associated accounts","467 C. FEMA Case I: Delta Bank Ltd. \u2013 External Commercial Borrowing XYZ Ltd., a pharmaceutical manufactuting enjoys credit facilities with your bank. The company has approached your bank for handling their transaction for procuring investment from Germany and UAE as detailed below. (a)\t From Germany: (i)\t The proposal will be processed under approval route. As the customer is already enjoying credit facilities, its bonafides are known. (ii)\t The proposal meets the required criteria in respect of all parameters viz. eligibility of the borrower, permissible lender, end-use, amount, maturity period, nature of borrowing, and interest rate. (iii)\t Request for bank guarantee will be rejected as it is not permitted. (iv)\t Request for parking ECB proceeds for three months in CDs will be granted \u2013 as it is permitted \u2013 and for bonafide reasons. (b) From UAE (i)\t The proposal will be rejected because the lender is from UAE which is on the Gray list of FATF, hence is not a FATF compliant country. (ii)\t Besides, the proposal does not meet the criteria of minimum maturity period of 10 years for ECB for the stated purpose. (iii)\t Request for bank guarantee would be rejected, even if the proposal was acceptable. (iv)\t Request for parking funds abroad would be rejected because the end-use of ECB is for meeting funds requirements in India. Case II: Alpha Bank Ltd. \u2013 Exports (a)\t Reduction in value of exports for the bonafide reasons is permitted, subject to certain conditions, viz. \ufffd\t The reduction does not exceed 25 per cent of invoice value: \ufffd\t It does not relate to export of commodities subject to floor price stipulations \ufffd\t The exporter is not on the exporters\u2019 caution list of RBI, \ufffd\t The exporter is advised to surrender proportionate export incentives availed of, if any.","468 The reduction requested is 10% of the original value. Adherence to the other two conditions will be verified and on these being fulfilled, the request will be acceded to. XYZ Ltd. will be advised to surrender proportionate export incentives received by it. (b)\t The advance amount received was entered in the EDPMS received. The time limit of making exports against advance payment received is nine months that expired on the 31st May 2023. Vigorous follow-up will be made with XYZ Ltd. for effecting export and submit relevant documents. The reasons for the delay was ascertained. The company advised that during inspection a part of the lot was found to be sub-standard. Delayed receipt of export documents will be accepted where the reasons are bonafide. The interest element is within the ceiling prescribed i.e. Alternative reference rate plus 200 bps. The request for sending the bills direct to the buyer will be accepted since the payment has been received in advance. The outstanding entry in EDPMS will be suitably marked off with the entry of Bill of Lasing, and showing adjustments in the amounts.","469 MODULE III 1.\t Definition of Risk 2.\t Risk Management Framework 3.\t Risk Management Policy 1. DEFINITION OF RISK 1.1 INTRODUCTION Banks are commercial entities. They generate risks like risk machines. Risk is inherent in the nature and structure of a bank because of the type of functions they perform. In recent years, particularly, Risk Management has assumed great significance for banks as the external connect and diversity of products have created a host of known and unknown risks. Addressing risk management in the context of current challenges is a complex matter and is a function of appropriate policies, procedures, and culture. In this context, risk management is better appreciated and better applied if we understand the term \u201crisk\u201d clearly. 1.2 WHAT IS RISK? Risk is everywhere. We constantly experience risk in our daily lives. Everything we do has some degree of risk attached to it. For example, being alive carries the risk of sickness or death. Risk is certain; only it\u2019s timing and extent of impact are uncertain. It is evident that risk cannot be completely removed from our lives. In fact, by taking risks in life, we make progress. In fact, what separates modern times from ancient times is the progress made in science and technology, education and healthcare, organization, and infrastructure. However, the catalyst that drove the progress of humankind is understanding of risk and undertaking it in a rational manner. Although risk is experienced all the time and, in every field, it is not easy to define risk. The whole science of risk management spins around understanding, identifying, measuring and mitigating risks. Definition of Risk The term \u2018risk\u2019can be traced to several possible origins. The Oxford English Dictionary (OED) cites the earliest use of the word in English as to 1621. It was initially spelled as \u2018risqu\u00e9\u2019which came from the word \u2018risqu\u00e9\u2019of French origin. The spelling changed to \u2018risk\u2019 from 1655. Among other definitions, The Oxford English Dictionary 3rd edition defined risk as: \u201c(exposure to) the possibility of loss, injury, or other adverse or unwelcome circumstances; a chance or situation involving such a possibility\u201d (Wikipedia, n.d.) There are multiple definitions of risk. Today, we talk about risk in terms of any deviation from the optimum solution or process, usually described in terms of expected loss.","470 Risk is, in an organizational context, usually defined as anything that can have an adverse impact on the fulfillment of corporate objectives. According to this definition, risk is a function of attaining business objectives. It is the consequence of the actual result deviating from the expected result that gives rise to risk. Without an objective, or intended income, there is only uncertainty. Financial risk arises from uncertainty about financial returns. In finance, risk is the possibilities that the actual return on investment will be different from its expected returns. The greater the likelihood of deviation from the expected return, the higher will be the risk. The above definition of risks has several important elements which should be understood. i.\t Risk is measurable: Risk is a measure that can be quantified and is expressed as parameter, number, or value. Therefore, risk can be measured, estimated, or calculated in some way. The actual risk arising from business may not be in line with expectations. Thinking through and quantifying risk allows us to better understand the uncertainty we face and helps us to take informed decisions. Risk which cannot be quantified is hard to manage. ii.\t Risk is different from uncertainty. In this regard, it is important to understand the distinction between risk and uncertainty as defined by Knight. Frank Knight was an eminent economist who formalized a distinction between risk and uncertainty in his 1921 book, Risk, Uncertainty, and Profit. As Knight saw it, an ever-changing world brings new opportunities for businesses to make profits, but it also means that we have imperfect knowledge about future events. While both risk and uncertainty refer to situations where outcomes cannot be accurately predicted, an uncertain situation represents a far greater state of ignorance than does a risky situation. \t A known risk is \u201ceasily converted into an effective certainty\u201d, while \u201ctrue uncertainty,\u201d as Knight called it, is \u201cnot susceptible to measurement.\u201d Therefore, according to Knight, risk applies to situations where we do not know the outcomes of a given situation but can measure their probabilities. Risk is different from \u201cuncertainty\u201d which refers to situations in which the probabilities of alternative outcomes are not known or cannot be accurately discerned. \t We can attach probabilities to risk. The term \u201crisk\u201d is used to refer to situations in which the probabilities of different outcomes are either known or can be inferred with reasonable accuracy. iii.\t Risk is the product of likelihood and impact: Risks arise from the uncertainty about the future. We know that the future will follow one of many possible outcomes, but we don\u2019t know which one. In terms of risk theory, the probability of an event occurring takes a value from zero to one. An event is impossible if its probability is zero. An event is certain if it has a probability of one. If it is certain, we can say that there is no risk as","471 the outcome can be estimated. The risk lies in its uncertainty. In practice, the probability of loss (p) will lie between zero and one, i.e., 0 < p < 1. Often this is talked in terms of odds of gains and losses. This is the ratio of unfavorable to favorable outcomes. So, if the probability of gain is 0.25, the odds are 0.75:0.25. Hence it can be said that odds are 3:1 \t Banking risk has two dimensions: the uncertainty- whether an event will occur or not and the intensity of the impact \u2013 what will be the likelihood of loss if the event happens. Risk is concerned not just with the probability of an event happening but the consequence of that event also. Thus, the probability of a severe earthquake may be small, but the consequences are so catastrophic that it would be categorized as a high- risk event. Risk = Probability of an event \u00d7 Consequence in lost money \t Risk = Probability \u00d7 Impact iv.\t Risk and Reward Trade-off. We know that investment that carries a higher risk has the potential of a higher return. For example, a zero-risk investment such as in GOI securities carries no default risk and therefore carries a low rate of return. On the other hand, investment in a stock issued by a startup offers a high rate of return but has potential to cause enough loss to wipe out the entire investment. Those who desire large rewards have to be willing to take considerable risk. Stocks generally are riskier than bonds but generate higher return over long periods. Therefore, the decision on how much risk to take and what type of risks a bank would assume is critical for the success of an organization. v.\t Risk and Known Unknown Matrix: Risk is also thought of in terms of (i) known knowns (ii) known unknowns and (iii) unknown unknowns. Known knowns are risks that are properly identified and measured, for example how change in interest rate affects bond price. The second category, the known unknowns include model risk or weakness in a model which the risk manager knows but fails to measure it. For example, the risk manager could have ignored to include an important factor into the model. The last category known as unknown unknowns are the most \t difficult ones. They represent events totally outside the scope of most scenarios. Example includes regulatory risk. This category is sometimes called as Knightian uncertainty, a form of risk that is immeasurable Knowns Unknowns Knowns Risks we are aware of and can Risks we are aware of but can not measure measure Unknown Unknowns Unknown Knowns Unknowns Things we understand but we Things we are neither aware of nor we can not measure can measure","472 2. RISK MANAGEMENT FRAMEWORK 2.1 RISK MANAGEMENT CONCEPT In the world of finance, risk management refers to the practice of identifying potential risks in advance, analyzing them and taking precautionary steps to reduce\/curb the risk. It basically involves the identification of risks that arise during the course of bank\u2019s conduct of business and dealing with them in an effective manner to minimize the losses that may occur. It is a process that involves the development of tools and techniques to detect and measure risk and put in place systems and procedures to manage them. Risk management is a series of business decisions based on appropriate business policies and strategies that seek to optimize risk adjusted returns on assets. The aim is not to avoid risks but to handle them and minimize their impact through the exercise of appropriate strategies. Essentially, risk management requires a.\t An understanding of the risk being taken b.\t Understanding and assessment of risk appetite c.\t Allowing opportunities to be exploited within the risk appetite d.\t Ensuring that risks outside of it are not undertaken 2.2 RISK MANAGEMENT APPROACH Risks faced by banks are highly interdependent. We know that key interdependencies exist between financial risk and business risk, business risk and operational risk, and operational risk and financial risk. Further, each of these major categories of risk can be split into more granular risks. For example, financial risk can be broken down into market risk, credit risk, and liquidity risk. These financial risks in turn have their own interdependencies. Let\u2019s examine loan documentation as a practical example of a key interdependency between operational risk and financial risk (i.e., specifically credit risk). As a business process, the quality of loan documentation is usually considered an operational risk. If the loan defaults, the quality of the loan documentation can have a significant impact on loss severity giving rise to a higher level of credit risk. Need for Integrated Risk Management With such a complex, interlocking system of bank-wide risks, it is obvious that a silo- based risk management strategy is inferior to the holistic and integrated framework of risk management. i.\t Targeting individual risks as silos will not account for the interdependencies between them, meaning associated risks may not be captured. ii.\t On top of it, gaps and redundancies will result in an inefficient system.","473 iii.\t Another key weakness of a silo-based risk management approach is the challenge of aggregating risk exposures across the organization. For example, if business units use different methodologies and systems to track counterparty risk, then it would be difficult to quantify the aggregate exposure for a single counterparty. Enterprise risk management (ERM) provides integrated analyses, integrated strategies, and integrated reporting with respect to an organization\u2019s key risks, which address their interdependencies and aggregate exposures. In addition, an integrated ERM framework supports the alignment of oversight functions such as risk, audit, and compliance. Such an alignment would rationalize risk assessment, risk mitigation and reporting activities 2.3 RISK CULTURE Risk culture can be defined as the shared set of norms towards risk within a group that influences decision- making and is evidenced through behaviour. For the success of risk management strategy, prevalence of a healthy risk culture is critical. Risk culture represents the general awareness, attitude, behaviors of the bank\u2019s Board of Directors, senior management, and employees towards risk. Risk culture framework consists of the following components: i.\t Risk competence: \t This encompasses the bank\u2019s recruitment, learning, skills, and knowledge in relation to risk. a bank can build on its existing risk competence through: a.\t Skills: The Board of Directors, senior management, and employees should have skills for risk identification, assessment, and identifying mitigating actions. Regular training can enhance the risk management skills of these individuals across the bank, particularly with regard to best practices, regulatory requirements and knowledge of the bank\u2019s key policies, processes and standards. b.\t Learning: the bank should propagate knowledge of risk management to all its employees, senior management, and Board of Directors. to cope with the changing risk dynamics. c.\t Recruitment and Induction: the bank\u2019s recruiting process should take into consideration a prospective employee\u2019s predisposition toward risk, plus their current knowledge and past experience of risk management. ii.\t Organization: \t These are the processes, procedures, and governance systems that support risk management. It is how the bank\u2019s operating environment is structured and what is valued.","474 a.\t Strategy and Objectives: the bank should have clearly stated objectives. As part of the process of determining these objectives, the bank should identify the risks it faces and define an acceptable risk profile in its risk appetite statement. This is an iterative process whereby there is continuous assessment and evaluation of the risks and their potential implications within the strategy, objective, planning and oversight activities. b.\t Values and Ethics: It is important that all bank personnel (i.e., Board members, management, and employees) do not expose the bank to imprudent risk taking by working outside of the bank\u2019s defined ethical principles. c.\t Policies, Processes and Procedures: The bank\u2019s policies, processes and procedures should have sufficient management controls to promote prudent risk taking by employees within the acceptable risk appetite parameters. The policies, processes, and procedures should support holistic risk management and highlight the roles and responsibilities of each employee in the risk management process. iii.\tRelationships: \t These are the interactions between the different hierarchical levels within the bank in areas specifically covering ethics, management, leadership behavior and communication flows. Banks can strengthen relationships through enhanced communication and constructive challenge in the following areas: a.\t Effective Communication: Good corporate governance requires that risks are understood, managed, and communicated. There should be structured communication channels to ensure \t effective risk reporting within the bank. The bank\u2019s employees should be encouraged to identify and report on existing and emerging risks through a clearly defined escalation process. b.\t Leadership: The Board of Directors and senior management should be the main drivers of embracing the appropriate risk culture. Whereas the Board of Directors sets the tone for risk management practices, senior management should support sound infrastructure and processes for risk management and should provide the appropriate tools to employees for successful risk management. c.\t Challenge: The banks should encourage constructive challenge on risk-related discussions. There should be an enabling environment for such two-way discussions across all functions and between the various levels in the bank from the Board to executives, managers to employees, peer to peer. This challenge should be seen as a valuable and constructive activity without fear of reprisal.","475 iv.\tMotivation: \t This is the analysis of why people manage risks the way they do, how risk is taken into account in performance management, risk appetite, incentives, and obligations. Banks should align motivation systems through: a.\t Performance Management: The bank should align its performance management systems toward prudent risk taking by senior management and employees. the Key Performance Indicators (KPIs) of senior management should include risk management measures, which should have an appropriate weighting to ensure they influence the right behavior. KPIs should also measure the risk appetite of the key people so those businesses keep growing but with risk consciousness. b.\t Risk Orientation: There should be a common risk language throughout the bank. The Board and senior management should ensure that all employees understand and live the bank\u2019s risk appetite statement. The nature of risks an employee is likely to take helps gauge his or her risk orientation. c.\t Accountability: the senior management in a bank should constantly inform business units of the importance of risk management. Business units and employees within those functions should be held liable for any imprudent risks taken by them. Employee risk taking should be premised on the bank\u2019s risk appetite and be in line with the approach to risks managed by the bank. The Board as whole, senior management, and each employee should be held accountable, individually and\/or collectively, for imprudent risks taken. 2.4 RISK MANAGEMENT ARCHITECTURE Risk management architecture refers to the design of the risk management framework to manage the risks faced by a bank. The organizational structure of risk management Risk management architecture should take care of the following requirement: i.\t It should provide an integrated approach to risk management. ii.\t It should capture the whole range of risks faced by a bank. iii.\t It should include tools and techniques to detect and determine all material risks faced by a bank and to assess and measure them. iv.\t Banks put in place appropriate risk mitigation and hedging strategies to keep the material risks within acceptable limits. v.\t Since risks faced by a bank are always evolving, monitoring of risks on an ongoing basis becomes part of risk management architecture. vi.\t In should also include procedures for assessment of capital requirement and for allocation of capital in respect of various types of risks.","476 vii.\t It should also include the setting up of a robust management information system. 2.5 ELEMENTS OF RISK MANAGEMENT FRAMEWORK Ideally, banks\u2019 risk management framework should strive to cover full spectrum of risks by analyzing them from both business and enterprise level perspective. Each bank should tailor its risk management system to meet its needs and circumstances. It has to be aligned to the SWOT analysis. \u2022\t Effective risk management framework requires active involvement of the Board of Directors (BoD) and senior management in the formulation and oversight of risk management activity. Accordingly, they provide strategic direction and set up business strategies and policies of their institutions, including those related to managing and taking risks. The bank should also ensure that senior management is fully capable of understanding and managing the risk emerging from the activities of the bank. ii.\t Appropriate Policies, Procedures, and Limits need to be defined by the Board of Directors and senior management of the Bank to tailor their risk management policies and procedures to the types of risks that emerge from Bank\u2019s activities. iii.\t With a view to identify, measure, and monitor various risk exposures faced by the bank, it should have adequate Risk Monitoring and Management Information Systems. Consequently, risk monitoring activities must be supported by information systems that provide senior managers and directors with timely reports on the financial condition, operating performance, economic forecast, and risk exposure of the institution. iv.\t Establishing and maintaining an effective system of controls, including the enforcement of official lines of authority, delegation of power and the appropriate separation of duties such as trading, custodial, and back-office is one of management\u2019s more important responsibilities. A properly structured system of internal controls promotes effective operations and reliable financial and regulatory reporting, and helps to ensure compliance with relevant laws, regulations, and institutional policies. v.\t Given the importance of appropriate internal controls, the results of audits or reviews should be properly documented, as should management\u2019s responses to them. Effectiveness of systemic controls is one of the significant tools for risk management. The Risk Management Function should be institutionalized to supervise overall risk management at the bank. Ideally, overall risk management function should be independent from those who assume or accept them. At its broadest, then, risk management is a process to ensure that undesirable-events do not occur taking the above elements in view, the risk management framework should include the following: i.\t Appropriate organizational structure ii.\t Risk management policies and strategies","477 iii.\t Risk identification process iv.\t Risk measurement tools v.\t Model of back-testing and validation process vi.\t Risk mitigation tools and techniques vii.\t Risk monitoring and risk control mechanism viii.\t Capital adequacy assessment process ix.\t Capital allocation methods x.\t Management information system 3. RISK MANAGEMENT POLICY 3.1 RISK MANAGEMENT POLICY The risk management policy of a bank reflects its risk management philosophy. The risk management policy describes the course of risk-taking activities to manage the multifarious risks faced by a bank. Banks differ in terms of their business focus, risk profile, risk attitude and risk acceptance capability. It is therefore difficult to conceive a model risk management policy as the composition, mix of business and risks inherent in the organization is different from others. However, although Risk management policies are unique to banks there are some common characteristics which should be borne in mind while preparing risk management policy i.\t Corporate goals and corporate vision should set the tune of risk management policy. ii.\t Risk management policy should incorporate risk acceptance levels of various types of risks. iii.\t It should underline banks\u2019 commitment to promote risk management systems and processes under corporate governance system. iv.\t The policy should act as a reference manual for risk management for all personnel in the bank. v.\t It should outline the link between risk management strategies and the bank\u2019s business plan. vi.\t Identification and measurement procedures and methods should be clearly spelt out in the policy. vii.\t The changes in market conditions alter the assumptions that were made at the time of the risk management policies formulation. The policies should therefore be reviewed frequently and aligned with market developments.","478 viii.\tThe bank management should treat the occasion of issuing the policy statement as an opportunity to highlight the bank\u2019s commitment to adhere to the best practices in risk management and assure the financial sector regulator, the external auditor, the shareholders, and the depositors that their interests will be protected. ix.\t There is also commonality in business risks in financial intermediation \u2013 the core of business of banks. However, the risk management policy is a general document on the bank\u2019s risk management philosophy and risk appetite, and it does not contain specific issues pertaining to the management of loans and investments. There has to be separate policies regarding credit risk, operational risk, etc. 3.2 RISK APPETITE Risk appetite means the aggregate level and types of risk an institution is willing to assume within its risk capacity, in line with its business model, to achieve its strategic objectives. Risk capacity means the maximum level of risk an institution is able to assume given its capital base, its risk management and control capabilities, and its regulatory constraints. Considering and setting a risk appetite enables an organization to optimize its rewards by optimizing risk taking and accepting calculated risks within an appropriate level of authority. The organization\u2019s risk appetite should be established and\/or approved by the board (or equivalent) and effectively communicated throughout the organization and it should comply with the regulatory norms. The organization should prepare a risk appetite statement, which may: i.\t provide direction and boundaries on the risk that can be accepted at various levels of the organization, how the risk and any associated reward is to be balanced, and the likely response; ii.\t consider the context of the organization\u2019s understanding of value, cost-effectiveness of management, rigor of controls and assurance process; iii.\t Define the control, permissions and sanctions environment, including the delegation of authority in relation to approving the organization\u2019s risk acceptance, highlighting of escalation points, and identifying the escalation process for risk outside the acceptance criteria, capability or capacity; iv.\t be reflected in the organization\u2019s risk management policy and reported upon as part of the organization\u2019s internal risk reporting system; v.\t include quantitative statements, described as limits, thresholds or key risk indicators, which set out how certain risks and their rewards are to be judged and\/or how the aggregate consequences of risks are to be assessed and monitored.","479 \t In developing a possible model for risk appetite, the following key factors are to be kept in mind: i.\t risk appetite has at least two components: risk and control and that to consider either in isolation could result in sub-optimal decisions. But at the same time, a low risk appetite should not deprive the opportunity to do business and grow. The effectiveness of risk management should be a facilitator of business and not a dampener. ii.\t risk appetite needs to be a measurable concept. Risk appetite needs to have some form of meaningful \u201cyardstick\u201d to support its proper implementation. iii.\t There appears to be a broad consensus that there is no single risk appetite, but rather a range of appetites for different types of risk. It therefore seemed appropriate to look at the subject of risk appetite at different levels. iv.\t Risk appetite has a temporal dimension: in other words, the appetite and tolerance will change over time as circumstances change. This is not something that can be written in tablets of stone and then ignored for the rest of the year. The dynamism of the business environment and changing risk profile has to be kept in mind. \t Banks usually have a non-aggressive approach to risk appetite, partly because they do business with public deposits and partly because they are under strict regulatory control and supervisory surveillance. But it should not mean that stakeholder value is diminished. \t The bank has to take a view on its risk appetite keep in view its business development strategies. The declaration of risk appetite sets the platform for fixing business targets, determining the business mix, and selecting risk grades of loans and investments. 3.3 RISK LIMITS Risk limits are the boundaries of potential losses that may arise if the assumed risks materialize, and they are fixed for different operational areas and activities. They determine the volume of business that can be undertaken in different areas and the quality of assets that can be accepted. The bank can fix the monetary values of risk limits in terms of the potential loss of net earnings and capital that it can sustain. The overall risk limit can be fixed as a percentage of the total capital and then apportioned among credit, market, and operational risks, after earmarking some amount to take care of the residual risks. Let us suppose that the bank\u2019s owned funds aggregate ` 4 billion, and the bank\u2019s board of directors have fixed the aggregate risk limit at 25 percent of owned funds. The overall risk limit for the year will be ` 1 bln. Of this sum, ` 650 million can be allotted to cover credit risk, ` 200 million to cover market risk,","480 and ` 100 million to cover operational risk, and the balance of ` 50 million can be earmarked for residual risks. The risk limits, which represent the respective outer limits, are not allocated between different types of risks on hypothetical bases. It is linked to the past data and future prospects. All dimensions of risks have to be factored. Business opportunities, market competition, and the bank\u2019s targeted business mix and historical loss experiences in different business lines influence the allocation of limits. 3.4 RISK MANAGEMENT STRATEGY, POLICIES AND PROCEDURES Market Risk Management Strategy An institution should develop a sound and well-informed strategy to manage market risk. The strategy should be approved by the institution\u2019s Board of Directors (Board). The Board, based on the recommendation of senior management, should first determine the level of market risk the institution is prepared to assume and the possible losses it is willing to bear. This level should be set with consideration given to, among other factors, the amount of market risk capital set aside by the institution against unexpected losses. Risk appetite is most important to set the limits for risk management. Market and economic intelligence are important to keep market risks within the manageable range. Once its market risk tolerance is determined, the institution should develop a strategy that balances its business goals with its market risk appetite. In setting its market risk strategy, an institution should consider the following factors: a.\t economic, market and liquidity conditions and their impact on market risk; b.\t whether the institution has the expertise to take positions in specific markets and is able to identify, measure, evaluate, monitor, report and control or mitigate the market risk on a timely basis in those markets; and c.\t the institution\u2019s portfolio mix and how it would be affected if more market risk was assumed. An institution should be aware that in executing its hedging strategies, offsetting or hedged instruments can still be exposed to market risks when the hedge is not perfect. Hedging strategies generally incorporate and rely on certain assumptions about the correlation between two instruments\/assets. The effectiveness of these strategies will be affected if these assumptions are proved to be inaccurate or no longer hold. The institution should evaluate the impact of a breakdown in these assumptions and critically assess the effectiveness of the strategies. An institution should put in place a process by which significant changes in the size or scope of its activities would trigger an analysis of the adequacy of capital supporting the activities.","481 The institution is encouraged to have an internal capital allocation system that meaningfully links identification, monitoring and evaluation of market risks to economic capital. An institution\u2019s market risk strategy should be periodically reviewed by the Board and senior management taking into consideration its financial performance, market risk capital and updated market developments. The market risk strategy should be effectively communicated to the relevant staff. There should also be a process to detect and report to the approving authority deviations from the approved market risk strategy, operating bands and target markets. Risk Management Policies An institution should formulate market risk policies which should be approved by the Board. All policies related to market risks have to be regulatory compliant and should be able to balance the risks. These policies, which should be reviewed periodically, should reflect the strategy and processes of the institution, including its approach to controlling and managing market risk. The Board should oversee the institution\u2019s management to ensure that these strategies, policies and processes are implemented effectively and fully integrated into the institution\u2019s overall risk management process. In addition, exceptions to established policies should receive the prompt attention of, and authorization by, the appropriate level of management and the institution\u2019s Board where necessary. The policies should clearly: a.\t prescribe how market risk is measured and communicated, including communication to the Board; b.\t spell out the process by which the Board decides on the maximum market risk the institution is able to take, as well as the frequency of review of risk limits; c.\t set out the scope of activities of the business units assuming market risk; d.\t delineate the lines of authority and the responsibilities of the Board, senior management and other personnel responsible for managing market risk; e.\t establish the processes which the institution determines the appropriate levels of capital against unexpected losses, and f.\t identify and set guidelines on the market risk control limit structure, delegation of approving authority for market risk control limit setting and limit excesses, capital requirements and investigation and resolution of irregular or disputed transactions. Market Risk Management Procedure An institution should establish appropriate procedures to implement the market risk policy, strategy and processes. These should be documented in a manual and the staff responsible for carrying out the procedures should be familiar with the content of the manual. The","482 manual should spell out the operational steps and processes for executing the relevant market risk controls. It should also be periodically reviewed and updated to take into account new activities, changes in systems and structural changes in the market. The procedures should cover all activities that are exposed to market risk. Risk Measurement Monitoring and Control An institution should establish a sound and comprehensive risk management framework and processes. This should, among other things, comprise: a.\t a framework to identify risks; b.\t an appropriately detailed structure of market risk limits that are consistent with the institution\u2019s risk appetite, risk profile and capital strength, and which are understood by, and regularly communicated to, relevant staff; c.\t guidelines and other parameters used to govern market risk-taking; d.\t processes for allocation of positions to the trading book; e.\t appropriate management information system (MIS) for accurate and timely identification, aggregation, monitoring, controlling, and reporting of market risk, including transactions between the institution and its affiliates, to the institution\u2019s Board and senior management; f.\t exception tracking and reporting processes that ensure prompt action at the Board or appropriate level of the institution\u2019s senior management, where necessary; g.\t effective controls around the use of models to identify and measure market risk; and h.\t valuation policies, including policies and processes for considering and making appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities, such as positions that otherwise cannot be prudently valued, including concentrated and less liquid positions. An institution\u2019s risk management system should be able to quantify risk exposures and monitor changes in market risk factors (e.g. changes in interest rates, foreign exchange rates, equity prices and commodity prices) and other market conditions on a daily basis. The rigor with which the risks are stipulated and managed is important. An institution whose risk levels fluctuate significantly within a trading day should monitor its risk profile on an intra- day basis. The system should also enable an institution to identify risks promptly and take quick remedial action in response to adverse and sudden changes in market factors. In measuring and monitoring its market risk, an institution should use a risk management system that is commensurate with the scale and complexity of its risk-taking. The system should be able to measure current exposures, through marked-to-market or marked-to-","483 model pricing, as well as potential market risks. It should be able to accommodate volume increases, new valuation methodologies and new products. The risk management system should provide information on the outstanding positions and unrealized profit or loss as well as, to the extent practicable, the accrued profit or loss on a daily basis. This information should be retained for audit and investigation purposes. As far as possible, the system should also cover information on the positions of customers. An institution that is active in treasury and financial derivatives should have a system that is able to monitor trading positions, market movements and credit exposures daily and preferably on a real-time basis. An institution should consider correlations between markets and between categories of risk when evaluating its risk positions. These correlations could result in the transmission of shocks from stressed conditions in one market to other markets or may significantly increase the aggregate overall risk to the institution, although individual risks, such as market and credit risks, may appear manageable when viewed independently. Due to such correlated risks, an institution\u2019s risk tolerance could be exceeded. An institution could incorporate risk correlations in their risk assessments through appropriately constructed scenarios in stress testing. An institution whose trading and other financial activities are limited in volume, scope and complexity, may use less sophisticated methodologies. An institution should regularly evaluate market risk measurement models and assumptions to ensure that they provide reasonable estimates of market risk. In these reviews, the models should be independently validated, backtested and re-calibrated when necessary. Validation should include verifying the consistency, timeliness, reliability, independence and completeness of data sources; the accuracy and appropriateness of volatility and correlation assumptions; and the accuracy of valuation and risk factor calculations. A back- testing programme should also be conducted regularly to verify that the models are reliable in measuring potential losses over time. Exceptional back-testing may be warranted when there are significant market developments or when there are changes in the model or its major assumptions. The Board and senior management should be cognizant of the strengths and limitations of the institution\u2019s market risk measurement systems, in order to determine the appropriate risk limits. They should also ensure that the material limitations of the models are well understood and provided for. 3.5 POLICY GUIDELINES AND STRATEGIC APPROACH Operational Risk Management Policy establishes minimum requirements and controls to address business strategy, compliance with law, rules, regulations; mitigation of other identified risks while procedures are specific instructions for implementing a policy or performing a task, and may include such things as examples, scenarios, links, job aids, etc. It focuses on control systems and sensitization of employees towards ORM.","484 The operational risk management framework provides strategic direction and ensures that an effective operational risk management and measurement process is adopted throughout the institution. Each institution\u2019s operational risk profile is unique and requires a tailored risk management approach appropriate for the scale and materiality of the risk present, and the size of the institution. The key elements in the Operational Risk Management process include \u2013 i.\t Appropriate policies and procedures; ii.\t Efforts to identify and measure operational risk; iii.\t Effective monitoring and reporting; iv.\t A sound system of internal controls; and v.\t Appropriate testing and verification of the Operational Risk Framework. 3.6 Policy Requirement Each bank must have policies and procedures that clearly describe the major elements of the Operational Risk Management framework including identifying, assessing, monitoring and controlling \/ mitigating operational risk. They should be institutionalized at the unit level so that risk control is made effective. The policy should be approved by the board and include: i.\t The firm\u2019s definition of operational risk. ii.\t The firm\u2019s approach to operational risk governance. iii.\t A description of the main activities and elements of operational risk, including the roles and responsibilities of the participants. Operational Risk Management policies, processes, and procedures should be documented and communicated to appropriate staff i.e., the personnel at all levels in units that incur material operational risks. The policies and procedures should outline all aspects of the institution\u2019s Operational Risk Management framework, including: - i.\t The roles and responsibilities of the independent bank-wide Operational Risk Management function and line of business management. ii.\t A definition for operational risk, including the loss event types that will be monitored. iii.\t The capture and use of internal and external operational risk loss data including data potential events (including the use of Scenario analysis). iv.\t The development and incorporation of business environment and internal control factor assessments into the operational risk framework.","485 v.\t A description of the internally derived analytical framework that quantifies the operational risk exposure of the institution. vi.\t A discussion of qualitative factors and risk mitigants and how they are incorporated into the operational risk framework. vii.\t A discussion of the testing and verification processes and procedures. viii.\t A discussion of other factors that affect the measurement of operational risk. ix.\t Provisions for the review and approval of significant policy and procedural exceptions. x.\t Regular reporting of critical risk issues facing the banks and its control\/mitigations to senior management and Board. xi.\t Top-level reviews of the bank\u2019s progress towards the stated objectives. xii.\t Checking for compliance with management controls. xiii.\t Provisions for review, treatment and resolution of non-compliance issues. xiv.\t A system of documented approvals and authorizations to ensure accountability at an appropriate level of management. xv.\t Define the risk tolerance level for the bank, break it down to appropriate sub- limits and prescribe reporting levels and breach of limits. xvi.\t Indicate the process to be adopted for immediate corrective action. Given the vast advantages associated with effective Operational Risk Management, it is imperative that the strategic approach of the risk management function should be oriented towards: i.\t An emphasis on minimizing and eventually eliminating losses and customer dissatisfaction due to failures in processes. ii.\t Focus on flaws in products and their design that can expose the institution to losses due to fraud etc. iii.\t Align business structures and incentive systems to minimize conflicts between employees and the institution. iv.\t Analyze the impact of failures in technology \/ systems and develop mitigants to minimize the impact. v.\t Develop plans for external shocks that can adversely impact the continuity in the institution\u2019s operations. vi.\t The institution can decide upon the mitigants for minimizing operational risks rationally, by looking at the costs of putting in mitigants as against the benefit of reducing the operational losses","486 Let us sum up 1.\t Risk is the product of likelihood and impact. Financial risk is the possibility of actual return deviating from expected return. Although various risks arise independently, there is interdependency among various types of risks. 2.\t Risk management involves identification of risks that arise during the course of bank\u2019s conduct of business and dealing with them in an effective manner to minimize the losses that may occur. 3.\t A robust risk management framework goes a long way to address these risks and protect banks\u2019 earnings and capital. 4.\t In a bank, the Board of Directors has the ultimate responsibility for oversight and management of risk supported by Executive Committees, line functionaries and internal audit system. 5.\t Every bank has its own risk management policy which sets the tone and philosophy which guide risk management activities. 6.\t The Board also fixes the risk appetite and the limits for various lines of activities and the strategies to achieve them. 7.\t Measurement of risk in the bank is both an art and a science which uses both qualitative and quantitative methods. 8.\t Market risk is the potential loss to the earnings and capital position of a bank caused by changes in the market variables. Market risk can surface broadly in the form of interest rate risk, equity risk, foreign exchange risk and commodity risk. 9.\t Operational risk is caused by four causes namely, (1) inadequate or failed processes, (2) inadequate or failed people, (3) inadequate or failed systems, or (4) external events. 10.\t Risk management is not a one-time exercise. It involves continuous monitoring and follow-up to capture emerging risk Check your Progress 1.\t As per the Known Unknown Risk Matrix which of the following is most difficult to manage: a.\t Known Known b.\t Known Unknown c.\t Unknown Unknown d.\t Unknown Knowns","487 2.\t Who is responsible for implementing operational risk management strategies at the ground level a.\t Board of Directors of the bank b.\t Risk Management Committee to the Board c.\t Operational Risk Management Committee d.\t Audit Committee 3.\t Risk culture is a set of norms and behavior towards risk shared by a.\t Top Management only b.\t Board of Directors only c.\t Risk Management Department only d.\t All employees 4.\t Risk appetite means the aggregate level and types of risk a.\t A bank is willing to take b.\t A bank is required to take c.\t A bank should take d.\t A bank loves to take 5.\t Which of the following is not a part of risk management framework? a.\t Identification of risk b.\t Risk propagation c.\t Risk monitoring d.\t Risk sharing Answers to check your Progress 1.c 2.c 3.d 4. a 5. b","488 VARIOUS TYPES OF RISKS FACED BY BANKS 1.1 RISKS IN BANKS Risk in banking refers to the potential loss that may happen to a bank due to the occurrence of some events. An event may or may not occur, but if it occurs it can cause loss. When we deal with risk in banking, we are primarily concerned with the possibilities of loss or decline in asset value from events like economic slowdown, unexpected change in trade and business policies, adverse movement in the rate of interest, foreign exchange rates, etc. Banking risk has two dimensions (i) the uncertainty- whether an event will occur or not and (ii) the intensity of the impact \u2013 what will be the likelihood of loss if the event happens. 1.2 BUSINESS RISK VS CONTROL RISK Banks face two broad categories of risks: business risks and controlling risks. Business risks comes from banking business. It can be caused by the happening of an expected and unexpected event in financial markets which can adversely impact the profitability, asset value and ultimately the intrinsic worth of the bank. It is known as risk as the happening is uncertain as to the extent and likely impairment of assets and values. The money lent to a customer may not be repaid due to loss incurred in the business. Or the equity value declines due to recession in the economy. The market value of a bond comes down following a rise in the rate of interest. These instances show risk inherent in the business. There are many types of business risk such as credit risk, market risk, operational risk, liquidity risk, reputation risk, etc. (discussed in more detail later) Control risk refers to the inadequacy or failure of control that is put in place to contain the intensity or volume of business risk. Inadequacy in control arises when bank personnel fail to understand the entire business process and, as a result, fail to put effective control measures in place. On the other hand, failure in control arises due to complacency or negligence of the control staff. For example, a bank had projected a Net NPA ratio of 3%. However, due to poor and ineffective control system, the bank resorted to poor and reckless sanction of credit, combined with insufficient collateral support, and poor monitoring. As a result, Net NPA ratio may go up to say 8% instead of coming down to 3% due to rise in NPA. Unless control risk is adequately addressed, financial health of the bank is often adversely affected. 1.3 FINANCIAL RISK VS NON-FINANCIAL RISK Banking risk can also be categorized under two other categories: Financial risk and non- financial risk. Financial risks inflict loss on a bank directly while the non-financial risk affect the financial condition of a bank in an indirect manner. Examples of financial risks are credit risk, market risk, operational risk, liquidity risk, etc. If a bank purchased a bond at ` 1000 and due to rise in the market rate of interest the current price of the bond came down to ` 980, the bank will suffer a loss directly. Non-financial risk, on the other hand, can cause loss to the bank indirectly. Examples of non-financial risk are business risk, strategic risk, reputation risk, legal risk, compliance risk, control risk, technology risk etc. Loss of business","489 due to a scandal affecting a bank, imposition of fine by the regulator because a bank failed to comply with AML Rules, etc. are examples of non-financial risks. Compared to financial risks, it is more difficult to assess the damage of the non-financial risks which could be, at times devastating. Business risks can take the form of both financial risk and non-financial risks. On the other hand, control risk is an example of non-financial risk. Secondly, the impact of financial risk can be measured quantitatively while non-financial risk is difficult to measure in quantitative terms. They are generally assessed by studying the indicative parameters likely to be affected by non-financial risks. For example, non-financial risk in the form of business risk often affects a bank\u2019s financial performance. By looking at the performance of a bank against their expectation\/ estimation, one can assess non-financial risk. It can be assessed in terms of severity such as low, moderate, and high. 1.4 INTERCONNECTEDNESS AMONG BANKING RISKS Though various risks arise independently, it should be recognized that there is interdependency among various types of risks. So, a given risk cannot be studied in isolation for effective management. Take the case of market risk; it can impact companies which may in turn default on repayment of credit resulting in credit risk. But when the forex rates start moving adversely, the bank\u2019s exposure to the customer would increase giving rise to increased default risk on customer. Thus, it is important to understand the relationships of various risks to really appreciate the extent of damage they can cause. As an effective mitigation against market risk may eventually turn into credit risk at a later point in time. Financial institutions should be able to manage risks by taking a holistic approach to read and control all types of risks. 1.4.1 Additional (Nonfinancial) Risk Types are Emerging Although management of financial risks has advanced significantly over the last 20 years, this is not the case for other risk types, particularly nonfinancial ones. The tremendous increase in fines, damages, and legal costs related to operational and compliance risk over the past five years has forced banks to pay much more attention to these risks. This will probably increase even further, due to the regulatory trends discussed earlier and given the expected rise in capital requirements for operational risk. Systematic risk mitigation will conserve the capital and boost the capital adequacy ratios which in turn will increase risk appetite. 1.4.2 Contagion Risk Financial and macroeconomic connectedness makes economies, corporations, and banks more vulnerable to financial contagion. Negative market developments can spread to other parts of a bank, other markets, or involved parties and can cause a bank\u2019s operating environment to deteriorate quickly and significantly. This can occur domestically and across borders, based on","490 international capital flows and the globalization of finance. The more closely the markets are connected, the more quickly volatility spreads. Although central banks are the primary entities that worry about contagion risk, individual banks need to understand how they can be exposed to it. Banks have to measure and track it. Reducing this risk can reduce the bank\u2019s total risk and lower its capital requirements, because a bank\u2019s exposure to contagion risk is one of the main underlying drivers for its classification as a global systemically important bank (G-SIB) and for G-SIB capital surcharges. Whether a bank is classified as D-SIB or not the risks should be managed as if it falls within the category. Such approach helps in ring fencing the organization better. 1.4.3 Model Dependency Risk Banks\u2019 increasing dependence on models requires that risk managers better understand and manage model risk. Increased data availability and advances in computing, modeling, and algorithms have expanded model use. However, errors from suboptimal models can lead to poor decision making and increase banks\u2019 risks. Some banks have experienced model-risk- related losses, although most of these cases are not reported publicly. Model errors stem from issues with data quality, conceptual solidity, technical or implementation errors, correlation or time inconsistencies, and uncertainties about volatility. There are multiple mitigation strategies, which center on more rigorous, sophisticated model development, better execution (with higher-quality data), thorough validation, and constant monitoring and improvement of the model. 1.4.4 Cyber Attacks Most banks have already made protection against cyber attacks a top strategic priority, as these attacks can have devastating consequences. Such breach of cyber security falls under operational risks which have to be managed. This is partially due to the banks\u2019 heavy reliance on software, systems, information technology (IT), and data, but also to the fact that these attacks would risk not only the banks\u2019 operations but also confidential customer data. Given the current geopolitical context and its likely evolution, we expect cyber security risks only to increase in importance and require an even greater deployment of resources at the individual-institution level, as well as much greater cross- industry and industry- government collaboration. 1.5 VARIOUS TYPES OF RISKS FACED BYA BANK Risk is defined as those uncertain events which affect profitability, solvency, and reputation of a bank adversely. Risk can emerge from several distinct sources of uncertainties. It is necessary that the managerial process captures both the uncertainties and potential adverse impacts of these events on profitability and capital of the bank. Banks face different types of risk that require to be identified, understood, measured, and effectively managed.","491 1.5.1 Credit Risk Credit risk is the most obvious risk faced by a bank as the bulk of the bank\u2019s resources are deployed in loan assets. In terms of potential losses, it is typically the largest type of risk. Credit risk is the potential loss a bank would suffer if a borrower or the counterparty fails to meet its financial obligations in accordance with agreed terms. In other words, credit risk arises from the uncertainty involved in repayment of the bank\u2019s dues by the borrower or counterparty in full and in time. Credit risk is also the risk of a decline in the credit standing of an obligor. Credit events can precipitate total or partial loss of the money lent to the borrower. It also gets reflected in the loss of earnings for the bank. For example, a bank had given a loan of ` 100 lakh to a borrower and the borrower failed to repay the loan in time. Finally, the loan became NPA as per RBI norms. The impact of a loan turning into NPA would be to stop booking interest in the account. Secondly, it would have to make provision against the NPA. Thirdly, by enforcing the securities charged to it, the bank might be able to recover part of the dues causing loss. Credit risk has several elements which have been discussed below: 1.5.1.1 Default Risk Default risk is a sub-category of credit risk. It is the risk that the borrower will default or repay its debt on time. It is the amount of potential loss that the bank would suffer on account of such default. There are many reasons for a borrower to default. In most cases, the borrower defaults, when he is in a financially stressed situation due to low and unstable income, high debt burden and, increasing input cost. Apart from quantitative factors, qualitative factors like incorrect market assessment, incompetent management, and stiffer competition may also contribute to the default of borrowers in large measure. Often default can be willful, because the counterparty is unwilling to meet its obligations though he has adequate income. If a loan, for any reason remains unpaid by borrower, credit risk manifests.","492 1.5.1.2 Migration Risk Migration risk is the risk associated with down-gradation of credit rating indicating deterioration of credit quality of the exposure. Credit risk also signifies a decline in the values of credit assets before actual default that arises from deterioration in portfolio or individual credit quality such as a decline in the credit standing of the issuer of a bond or stock, rating down gradation of a borrower. Such deterioration implies that the probability of default increases. It causes loss to the bank because it triggers a value decline. The market value of an asset is the aggregated present value of promised cash flow discounted at the prevailing market rate. With the down gradation of rating of a borrower or a bond issuer, the market interest rate goes up triggering a value decline in the present value of the exposure. Any migration triggers a value change. Adverse migration towards a lower credit rating can trigger loss. 1.5.1.3 Recovery Risk Recovery risk is the amount of loss suffered by a bank as a result of default by the borrower after all recoveries are made. Recovery risk follows a default event. Economically, the amount of recoveries is subject to uncertainty. An exposure with high recovery risk tends to cause higher loss to the bank. It depends on the guarantees and economic conditions of borrowers. The recovery risk can be triggered by macroeconomic conditions such as recession in the economy. Unforeseen events like a fire in the factory can also cause recovery risk. The effectiveness of the recovery process, type of collaterals involved, the value of the collaterals, quality of documentation, etc. also play a great role in determining the level of residual risk in an exposure. Examples of these risks include: i.\t inability to seize, or realize in a timely manner, collateral pledged (on default of the counterparty);","493 ii.\t refusal or delay by a guarantor to pay; and iii.\t ineffectiveness or defective documentation. 1.5.1.4 Settlement Risk Settlement risk is the risk that arises when payments are not exchanged simultaneously. The simplest case is when a bank makes payment to a counterparty but does not get compensated until sometime later, the risk is that the counterparty may default before making the counter- payment. Settlement risk is most pronounced in the foreign exchange markets where payments in different currencies take place during normal business hours in their respective countries. Time zone differences can be sometimes as large as 12 to 14 hours. This type of risk afflicted counterparties of Germany\u2019s Bankhaus Herstatt in 1974, which folded up between receipt and payment on foreign exchange contract. As a result, settlement risk in the forex market is sometimes referred to as Herstatt risk. Mitigation of Settlement Risk There are several ways to mitigate settlement risk which have been made possible by technological development. Some of these initiatives which have been implemented in India are: i. Delivery versus Payment (DvP) system ii. Settle the transaction through a third party such as a Central Counterparty CCP clearinghouse iii. Payment versus Payment (PvP) System. 1.5.1.5 Country Risk Another element of credit risk arising from cross border lending and investment is country risk. Country risk refers to the possibility of loss caused when a sovereign country is unable or unwilling to meet its commitments to foreign lenders. In international activities, credit risk is amplified by country-specific macroeconomic and political developments, including movements in exchange rates. A devaluation of the local currency can negatively affect a borrower that borrowed in a foreign currency if revenues for repayment are generated in the local currency. The risk is particularly high in the case of a country where economy is weak and financial system is fragile and not well regulated. Country risk may affect exposure not only to sovereign governments but also to private borrowers who reside in those countries. Default may be indicated by any of the following: (1) failure to pay principal and interest fully and on time; (2) restructuring or rolling over","494 of debt; or (3) inability of the country to meet its external debt service obligations (actual default). For example, the government may make a unilateral decision to default on its debt for political reasons, such as Russia not recognizing former Soviet Union debt.The default in payment can occur due to restrictions imposed by the government on conversion of domestic currency into foreign currency on account of depletion of foreign exchange reserve or adverse movements in the exchange rates. BoC\u2013BoE Sovereign Default Database: What\u2019s new in 2021? Based on the BOC (Bank of Canada) and BOE (Bank of England) database, the above report was published by Bank of England. Some of the extracts from the report gives an idea about the scale and frequency of sovereign default contrary to popular belief that sovereign debt is free from default risk. \u2018Since 1960, 146 governments\u2014two thirds of the current universe of 215 sovereigns\u2014 have defaulted on their obligations.\u2019 \u2018From the historical record, we know that for over 200 years, the story of sovereign defaults has centered mainly, though not exclusively, on foreign currency bonds and other marketable securities. Cross-border bond financing for governments emerged in the 1820s, when newly independent states in Latin America and other regions, as well as some longer-established sovereigns, began issuing bonds denominated in foreign currency in European financial centres. Defaults soon followed on a substantial scale and persisted well into the 20th century\u2019 \u2018Defaults had the biggest global impact in the 1980s, reaching US$450 billion, or 6.1 percent of world public debt, by 1990. The scale of defaults has fallen substantially since then. Over the past decade, between 0.3 and 0.9 percent of world public debt has been in default. In 2020, the amount was estimated at 0.5 percent. Total sovereign debt in default increased by 48 percent in 2020, considerably outpacing the 13 percent increase in gross world public debt. The data by major creditor categories show that the increase was driven mainly by foreign currency bonds in default, which rose by US$121.2 billion. This reflected: \u25cf\t new defaults by Argentina, Belize, Ecuador and Suriname \u25cf\t a first-time default on foreign currency bonds by Lebanon \u25cf\t a greater amount of interest arrears from ongoing bond defaults by Venezuela and Puerto Rico\u2019 1.5.1.6 Counterparty Credit Risk Counterparty credit risk is the risk that the counterparty to a transaction fails to fulfil his part of the obligation before the final settlement of the transaction\u2019s cash flows. An economic loss would occur if the transactions or portfolio of transactions with the counterparty have a positive economic value at the time of default. Country risk or sovereign risk has a direct","495 impact on the pricing of financial instruments in international markets. The lower the rating, the higher the interest rates. Counterparty credit risk is typically observed in case of two broad categories of transactions: OTC derivatives such as a.\t Interest rate swaps, b.\t FX forwards, and c.\t Credit default swap Securities financing transactions for example a.\t Repos and reverse repos b.\t Securities borrowings and lendings It is imperative to understand the difference between counterparty credit risk and credit risk. In case of credit risk one party gives a loan to another party and the borrower may fail to pay some or all of this due for various reasons. Credit risk is characterized by two key aspects. The notional amount at risk at any time during the lending period is usually known with a degree of uncertainty. For example, in case of a loan facility one can fairly accurately estimate the amount of loss from a default. Only one party takes lending risk. Therefore, credit risk is unilateral by nature. When a bank gives loan, the bank assumes considerable credit risk. The borrower does not face credit risk because of the liquidation of the bank. With counterparty credit risk, like credit risk, the cause of a loss is the obligor being unable or unwilling to meet contractual obligations. However, counterparty credit risk differs from traditional credit risk on two accounts. The value of the contract in future is uncertain, in most cases by a significant amount. The value of a derivative at a potential default date will be the net value of all future cash flows required under that contract. This future value can be positive or negative and is typically highly uncertain as seen from today. Since the value of the contract can be positive or negative, counterparty risk can be bilateral. In other words, in a derivative transaction, each counterparty has risk to the other. The primary distinguishing feature of counterparty credit risk compared with other forms of credit risk is that the value of the underlying contract in future is uncertain, both in magnitude and the parties to the transactions. 1.5.2 Market Risk Market risk is defined as the risk of losses arising from movements in market prices. Specifically, market risk signifies the adverse movement in the market value of trading portfolio exposure during the period required to liquidate the position. Generally, market risk is considered","496 for liquidation period only. Assessment of market risk is made with reference to instability or volatility of market parameters like interest rates, stock exchange indices, exchange rates, etc. Controlling market risk means that the variations in the value of portfolio should be kept within the approved boundary\/tolerance limits. The market intelligence has to be strong to be able to predict the future values of markets instruments. 1.5.2.1 Interest Rate Risk Interest rate risk refers to the current and prospective risk to the capital and earnings of a bank caused by adverse changes in the interest rate. When interest rates change, the present value of a bank\u2019s assets, liabilities and off-balance sheet items also changes. As a result, a bank\u2019s net worth or economic value changes. Changes in the interest rates also affect a bank\u2019s earnings by altering interest rate-sensitive income and expenses; hence its net interest income (NII). It is useful to differentiate interest rate risk used in the context of trading book exposure from banking book exposure. In the trading book, interest rate risk refers to the risk of loss in the values of fixed income securities (like bonds) caused by adverse changes in the interest rates. In the banking book, on the other hand, interest rate risk refers to the potential loss in the values of assets, liabilities, capital, income and expenditure caused by changes in the interest rates. Interest rate risk can surface in many forms which have been discussed below: 1.5.2.1.1 Gap or MisMatch risk GAP Risk is the risk arising from the term structure of instruments in banking book that arises from differences in the timing of their rate changes. The extent of gap risk depends on whether the changes to the term structure of interest rates occur consistently across the yield curve (parallel risk) or differentially by period (non-parallel risk). Gap risk arises from the term structure of banking book instruments. Since rate resets on different instruments occur at different tenors, the risk to the bank arises when the rate of interest paid on liabilities increases before the rate of interest received on assets does so, or the rate received on assets falls before the rate paid on liabilities does. As financial intermediaries, banks encounter interest rate risk in several ways. The primary and most often discussed form of interest rate risk arises from timing differences in the maturity (for fixed rate) and repricing (for floating rate) of bank assets, liabilities and off- balance-sheet (OBS) positions. It exposes the bank to potential loss in interest earnings due to unexpected changes\/volatility in interest rates. Each Bank sets up its own time horizon for assessment of Gap risk and appropriate risk management strategies to manage and mitigate this risk. 1.5.2.1.2 repricinG risk Repricing risk is an offshoot of Gap risk. Repricing risk arises when maturity dates or\/and repricing dates of interest sensitive assets and interest sensitive liabilities are not matched.","497 Consequently, at the time of repricing, risk sensitive assets and liabilities may get repriced at different rates. Repricing risk is the possibility that the net interest of the bank is adversely impacted when a bank has more interest sensitive liabilities than risk sensitive assets (Negative Gap) and there is an upward movement in the interest rate. Similarly, when a bank\u2019s interest sensitive assets are more than its interest sensitive liabilities and there is a fall in the interest rate the net interest earnings of the bank suffers a decline. Instances of this kind as well as market-driven and regulation-driven changes often give rise to interest rate risk. 1.5.2.1.3 Basis Risk The risk that the interest rate of different assets, liabilities and off-balance sheet items may change in different magnitude is termed as basis risk. Basis risk arises from the imperfect correlation in the adjustment of the rates earned and paid on different interest rate sensitive instruments with otherwise similar rate change characteristics. In a perfectly matched Gap position (where Gap\/Mismatch is equal to zero\/NIL), the magnitude of change in the interest cost on liabilities (such as deposits) is assumed to be exactly matched by the magnitude of change in the interest earnings on assets (Loans and Investments). However, interest rates of different instruments will seldom change by the same degree during a given period of time and can also have varying impacts on net interest earnings. Basis risk also arises when bank\u2019s assets and liabilities are being priced on different basis (or benchmark), e.g. while both the assets and the liabilities could be priced for 1-year floating rates\u2014 the relevant asset rate could be the cut off 364-day T-Bill, while the liabilities could be priced off the 1-year bank CD rate. In such a case, the interest rate on deposit linked to 1-year CD may not change exactly same as the change in interest rate on advance linked to 364-day T-Bill which can adversely impact the net interest income. Basis risk is also the potential risk that arises from mismatches in a hedged position. Basis risk occurs when a hedge is imperfect, so that losses in an investment are not exactly offset by the hedge. Certain investments do not have good hedging instruments, making basis risk more of a concern than with other assets. The instruments that are active in the market have compatible hedging facilities for managing risks. 1.5.2.1.4 optionality Risk Optionality risk refers to the risk that arises from adverse price movements in instruments that responds either automatically, or by changes in behavior, in response to changes in interest rates Automatic option risk arises in case of standalone instruments, such as exchange-traded and over-the- counter interest rate option contracts and where the holder will almost certainly exercise the option if it is in the holder\u2019s financial interest to do so. This involves a potential non- linear response to change in the interest rate.","498 The option holder\u2019s ability to choose whether to exercise the option creates an asymmetry in an option\u2019s performance. Generally, option holders exercise their rights only when it is to their benefit. The option holder faces limited downside risk (the premium or amount paid for the option) and unlimited upside reward. The option seller faces unlimited downside risk (an option is usually exercised at a disadvantageous time for the option seller) and limited upside reward (if the holder does not exercise the option and the seller retains the premium). If the bank has written (sold) options to its customers, the bank may have more downside exposure than upside reward, as the amount of earnings or capital value lost from an unfavorable movement in interest rates may exceed the amount gained if rates move in a favorable direction. Behavioral option risk involves transactions where changes in the interest rates can cause behavioral changes in the client. Even with well-matched final maturities, a bank could face interest rate risk if its products (both on the asset and\/or the liability side) carry embedded options. An embedded option is a provision in a financial instrument that provides an issuer or holder of the instrument a certain right but not an obligation to perform some actions at some future time. The liability side of the balance sheet usually carries significant embedded options. For deposits, the most prevalent option given to customers is the right of early withdrawal. Early withdrawal rights are like \u201cput\u201d options on deposits. When rates increase, the market value of customers\u2019 deposits declines, and customers have the right to \u201cput\u201d the deposits back to the bank. For example, if a customer has a 2 year FD with early withdrawal rights, and rates increased at year one, the market value of that FD from the customer\u2019s perspective has declined. The customer has the right to \u201cput\u201d (or exercise) the early withdrawal so that he or she can reinvest the funds at market rates. This option is to the depositor\u2019s advantage. On the asset side of the balance sheet, prepayment options are the most prevalent embedded options. Mortgage prepayments are an option given to homeowners as part of their mortgages at little cost. A client would normally repay his loan to the bank at a time when the rates in the market are lower than the ones contracted, leaving the bank to deploy funds at a lower rate. 1.5.2.1.5 yield curve risk The yield curve is a graphical depiction of the relationship between the yield of the bond of the same quality but different maturity. A yield curve risk is potential loss arising from the exposure of a portfolio to changes in the shape of the yield curve. Yield-curve risk arises from variations in the movement of interest rates across the maturity spectrum. This risk involves changes in the relationship among interest rates of different maturities of the same index or market. The relationships change when the slope and shape of the yield curve for a given market flattens, steepens, or becomes negatively sloped (inverted)","499 during an interest rate cycle. Yield-curve variations can accentuate the bank\u2019s IRR by amplifying the effect of maturity mismatches. For example, a bank that funds long-term assets with short-term liabilities will generally experience a greater decline in the NIM in a flattening yield curve environment versus a parallel shift in the yield curve. In a flattening rate environment, there is usually little benefit in holding a longer-term security as the bank does not gain any excess compensation for the risks associated with holding longer-term assets. 1.5.2.2 Equity Price Risk Equity price risk is the risk that arises from stock price volatility \u2013 the risk of a decline in the value of a security or a portfolio. Stock prices can be very volatile, more than many other asset classes. The price of a security can dip in value very quickly often causing what is known as equity price risk. While there are several factors that affect share prices, there are mainly two types of factors that give rise to equity risk, namely systematic and unsystematic risk. The first is the risk related to the general industry while unsystematic risk pertains to a certain firm. Unsystematic risk can be mitigated through diversification whereas systematic risk cannot be diversified away. For example, a bank bought 1000 shares of ABC stock at `100 per stock with the intention of selling the shares at a higher price. But the unexpected resignation of the CEO causes the share price to drop to `90. If the bank sells its share holdings at that price, it will incur a loss of `10, 000. This is the equity price risk a bank has to bear. 1.5.2.3 Foreign Exchange Risk Foreign Exchange risk is the risk to earnings or capital arising from movement of foreign exchange rates. The conversion risk results from the need to convert all foreign currency- denominated transactions into a base reference currency. Banks buy and sell foreign exchange on behalf of their customers (who need foreign currency to pay for their international transaction or receive foreign currency) and want to exchange it into their own currency. They also hold assets and liabilities in different currencies on their own balance sheet. When a bank holds an open position in the foreign currency and the exchange rate moves against the foreign currency, the bank suffers a loss. The development \/ adoption \/ implementation of appropriate policies on open positions, monitoring forward maturity positions, studying exchange rate movements, visualizing\/forecasting relevant currency rates, etc., are some of the strategies employed for managing forex risk. 1.5.2.4 Commodity Price Risk Commodity price risk is the possibility that commodity price change will cause financial losses for either the commodity buyers or producers. Buyers face the risk that the commodity prices will be higher than expected. Lower commodity prices are a risk for the commodity producers. Fluctuations in commodity prices are primarily caused by external market forces."]
Search
Read the Text Version
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
- 465
- 466
- 467
- 468
- 469
- 470
- 471
- 472
- 473
- 474
- 475
- 476
- 477
- 478
- 479
- 480
- 481
- 482
- 483
- 484
- 485
- 486
- 487
- 488
- 489
- 490
- 491
- 492
- 493
- 494
- 495
- 496
- 497
- 498
- 499
- 500
- 501
- 502
- 503
- 504
- 505
- 506
- 507
- 508
- 509
- 510
- 511
- 512
- 513
- 514
- 515
- 516
- 517
- 518
- 519
- 520
- 521
- 522
- 523
- 524
- 525
- 526
- 527
- 528
- 529
- 530
- 531
- 532
- 533
- 534
- 535
- 536
- 537
- 538
- 539
- 540
- 541
- 542
- 543
- 544
- 545
- 546
- 547
- 548
- 549
- 550
- 551
- 552
- 553
- 554
- 555
- 556
- 557
- 558
- 559
- 560
- 561
- 562
- 563
- 564
- 565
- 566
- 567
- 568
- 569
- 570
- 571
- 572
- 573
- 574
- 575
- 576
- 577
- 578
- 579
- 580
- 581
- 582
- 583
- 584
- 585
