["550 Front Office (The Dealing Room) The Treasury Dealing Room within a bank is generally the clearinghouse for matching, managing and controlling market risks. It may provide funding, liquidity and investment support for the assets and liabilities generated by the regular business of the bank. The Dealing Room is responsible for the proper management and control of market risks in accordance with the authorities granted to it by the bank\u2019s Risk Management Committee. The front office handles deals and buy\/sell\/hedging operations to book trading profits, the most important profit center of a bank. Risks taken by them is monitored by mid office while back office checks the accuracy of deals. Collectively treasury risk is managed. The Dealing Room also is responsible for meeting the needs of business units in pricing market risks for application to its products and services. The Dealing Room acts as the bank\u2019s interface to international and domestic financial markets and generally bears responsibility for managing market risks in accordance with instructions received from the bank\u2019s Risk Management Committee. The Dealing Room may also have been allocated to it by the Risk Management Committee, a discretionary limit within which it may take market risk on a proprietary basis. Critical to a Dealing Room\u2019s effective functioning is all dealers\u2019 access to a comprehensive Dealing Room manual covering all aspects of their day to day activities. A Dealing Room procedures manual should be comprehensive in nature covering operating procedures for all the bank\u2019s trading activities in which the Dealing Room is involved and in particular must cover the bank\u2019s requirements in respect of Code of Conduct prescribed by FEDAI\/ FIMMDA. The Back Office The key controls over market risk activities, and particularly over Dealing Room activities, exist in the Back Office. It is critical that both a clear segregation of duties and reporting lines is maintained between Dealing Room staff and Back Office staff, as well as clearly defined physical and systems access between the two areas. It is essential that critical Back Office controls are executed diligently and completely at all times including: a.\t Control over confirmations both inward and outward:All confirmations for transactions concluded by the Dealing Room must be issued and received by the Back Office only. Discrepancies in transaction details, non-receipts and receipts of confirmations without application must be resolved promptly to avoid instances of unrecorded risk exposure. b.\t The control over dealing accounts (vostros and nostros)\u2014Prompt reconciliation of all dealing accounts is an essential control to ensure accurate identification of risk exposures. Discrepancies, non-receipts and receipts of funds without application must be resolved promptly to avoid instances of unrecorded risk exposure. Unreconciled items and discrepancies in these accounts must be kept under heightened management supervision","551 as such discrepancies may at times have significant liquidity impacts, represent unrecognized risk exposures, or at worst represent collusion or fraud. c.\t Revaluations and marking-to-market of market risk exposures: All market rates used by the bank for marking risk exposures to market, used to revalue assets or for risk analysis models such as Value at Risk analysis, must be sourced independently of the Dealing Room to provide an independent risk and performance assessment. If the bank has an established and independent Middle Office function, this responsibility may properly pass to the Middle Office. d.\t Monitoring and reporting of risk limits and usage: Reporting of usage of risk against limits established by the Risk Management Committee (as well as Credit Department for Counterparty risk limits) should be maintained by the Back Office independently of the Dealing Room. Maintenance of all limit systems must also be undertaken by the Back Office and access to limit systems (such as counterparty limits, overnight limits etc.) must be secure from access and tampering by unauthorized personnel. If the bank has an established and independent Middle Office function, this responsibility may properly pass to the Middle Office. e.\t Control over payments systems: The procedures and systems for making payments must be under at least dual control in the Back Office independent from the dealing function. Payment systems should be at all times secure from access or tampering by unauthorized personnel. 1.10 OPERATIONAL RISK ORGANIZATIONAL FRAMEWORK Ideally, the organizational set-up for operational risk management should include the following: i.\t Board of Directors ii.\t Risk Management Committee of the Board iii.\t Operational Risk Management Committee iv.\t Operational Risk Management Department v.\t Operational Risk Managers vi.\t Support Group for operational risk management 1.10.1\t Board Responsibilities The Board of Directors is primarily responsible for ensuring effective risk management of the bank as a whole, including managing the operational risks. The Board includes a committee","552 to which the Board may delegate specific operational risk management responsibilities. The Board of directors should: i.\t Be aware of the major aspects of the bank\u2019s operational risks as a distinct category that should be managed. ii.\t Provide senior management with clear guidance and direction. iii.\t Approve an appropriate operational risk management framework for the bank and review it periodically. iv.\t The framework should be based on an appropriate definition of operational risk which clearly articulates what constitutes operational risk in the bank and covers the bank\u2019s appetite and tolerance for operational risk. v.\t The framework should also articulate the key processes the bank needs to have in place to manage operational risk. vi.\t Be responsible for establishing a management structure capable of implementing the bank\u2019s operational risk management framework. vii.\t Establish clear lines of management responsibility, accountability and reporting as strong internal controls are essential for operational risk management. In addition, a separation of responsibilities for reporting lines between operational risk control functions, business lines and support functions should be done in order to avoid conflict of interest. viii.\t Ensure that the bank is managing operational risks arising from external market changes, operational risks associated with new products, activities or systems. ix.\t Ensure that the bank has adequate internal audit coverage in place to make sure that policies and procedures have been implemented effectively. x.\t Make sure that the internal audit function is not directly involved in the operational risk processes. 1.10.2 Risk Management Committee of the Board The Board of Directors shall delegate its responsibilities for oversight of risk management to the Risk Management Committee of the Board (RMCB). It is a top driven function and an inclusive activity to sensitize the line management about the day-to-day risks. The RMCB shall determine what risk management matters related to operational risk has to be reported to the full Board of Directors. The meeting agenda on operational risk will include a summary review of operational risk issues and incidents and will focus on any important issues requiring attention at the policy level. In relation to Operational Risk Management, key roles of the RMCB are:","553 i.\t Approve operational risk policies and investments. ii.\t Decide what needs Board approval and forward, as appropriate to the Board. iii.\t Review profiles of operational risk throughout the organization. iv.\t Approve operational risk capital methodology and the resulting attribution. v.\t Set and approve expressions of risk appetite, within overall parameters set by the Board. vi.\t Reinforce the culture and awareness of operational risk management throughout the organization. 1.10.3 Operational Risk Management Committee (ORMC) The Operational Risk Management Committee is an executive committee. It shall have as its principal objective the mitigation of operational risk within the institution by the creation and maintenance of an explicit operational risk management process. ORM policy is designed by this committee and will be put up to board for its approval. The committee will be presented with detailed reviews of operational risk exposures across the corporation. Its goals are to take a cross-business view and ensure that a proper understanding is reached, and actions are taken to meet the stated goals and objectives of operational risk management in the bank. The Committee meets monthly, or more often when necessary. The meetings will focus on all operational risk issues that the bank faces. Key roles of the Committee are: i.\t Review the risk profile, understand future changes and threats, and concur on areas of highest priority related mitigation strategy. ii.\t Assure adequate resources which are assigned to mitigate risks as needed. iii.\t Communicate to business areas and staff components the importance of operational risk management and ensure adequate participation and cooperation. iv.\t Review and approve the development and implementation of operational risk methodologies and tools, including assessments, reporting, capital allocation and loss event databases. v.\t Receive reports\/presentations from the business lines and other areas about their risk profile and mitigation programs. vi.\t When a bank introduces any new products (other than credit and market risk products), this committee should study the risk profile of the product, its mitigation process vis-a- viz the business growth potentials (as put up by the business groups) and recommend\/ not recommend the product to RMCB. This is called \u2018New Product Approval Process\u2019.","554 vii.\t Monitor industry issues and incidents and evaluate the impact on the bank. 1.10.4 Organization-Wide Support Departments It is expected that each business\/functional area will appoint a person responsible for coordinating the management of operational risk. This responsibility may be assigned to an existing job, be it a full time position, or even a team of people, as the size and complexity justify. Business\/Functional areas should determine how this should be organized within their respective areas. Risk Managers will report to their respective departments\/businesses but work closely with ORMD and with consistent tools and risk management framework and policy. The Operational Risk Management Committee will ensure that these Liaisons are appointed and approve their selection. The key responsibilities of the Liaisons are: i.\t Self-Assessments \u2013 Will help facilitate, partake and verify the results of the self- assessment process. ii.\t Risk Indicators \u2013 Design, collection, reporting, and data capture of risk indicators and related reports. Liaisons will monitor results and help work with their respective departments on identified issues. The resulting information will be distributed to both the departments and ORMD on a timely and accurate basis. iii.\t Loss Events \u2013 Coordinate collection, recording and data capture of loss events within the businesses and regular reporting of these events, the details, and the amounts lost in the loss events. iv.\t Gaps\/Issues \u2013 Responsible for the timely follow-up, documentation and status of action plans, open issues (Internal Audit, External Audit, Regulator, and Inspector) and other initiatives waiting to be completed. v.\t Committee Participation \u2013 Must prepare to be called upon to attend the Operational Risk Management Committee meetings, when necessary, to discuss operational risk issues. vi.\t Risk Mitigation \u2013 Responsible for consulting\/advising the business units on ways to mitigate risks. Work with business areas and respective departments on risk analysis and mitigation. 1.10.5 Operational Risk Management Department (ORMD) The ORMD is responsible for coordinating all the operational risk activities of the bank, working towards achievement of the stated goals and objectives. Activities include building an understanding of the risk profile, implementing tools related to operational risk management, and working towards the goals of improved controls and lower risk. ORMD works with the operational liaisons within the business units, staff areas and with the corporate management staff. Specific activities include:","555 Risk Profile \u2013 ORMD will work with all areas of the bank and assemble information to build an overall risk profile of the institution, understand and communicate these risks, and analyze changes\/ trends in the risk profile. ORMD will utilize the following four-pronged approach to develop these profiles: a.\t \u2013 Risk Indicators b.\t \u2013 Self-Assessment c.\t \u2013 Loss Database d.\t \u2013 Capital Model i.\t Tools \u2013 ORMD is responsible for the purchase or development and implementation of tools that the Bank will use in its operational risk management programme. ii.\t Capital \u2013 ORMD is jointly responsible for the development of a capital measurement methodology for operational risks. It will also coordinate the assembly of required inputs, documentation of assumptions, gaining consensus with the business areas, and coordination with other areas of the bank for using the results in the strategic planning, performance measurement, cost benefit analysis, and pricing processes. iii.\t Consolidation and Reporting of Data \u2013 ORMD will collect relevant information from all areas of the Bank, build a consolidated view of operational risk, assemble summary management reports and communicate the results to the risk committees or other interested parties. Key information will include risk indicators, event data and self-assessment results and related issues. iv.\t Analysis of Data \u2013 ORMD is responsible for analyzing the data on a consolidated basis, an individual basis, and a comparative basis. v.\t Best Practices \u2013 ORMD will identify best practices from within the bank or from external sources and share these practices with management and risk specialists across the bank in order to get best advice or practices from them to manage the operational risk. As a part of this role, they will participate in the industry conference surveys, be up to date with rules and regulations, monitor trends and practices in the industry, and maintain a database\/library of articles on the subject. vi.\t Advice\/Consultation \u2013 ORMD will be responsible for working with the Risk Specialists and businesses as a team to give advice on how to apply the operational risk management framework, identify operational risks, work on solving problems, and improving the risk profile of the bank. vii.\t Insurance \u2013 ORMD will work with the bank\u2019s insurance area to determine optimal insurance limits and coverage to ensure that the insurance policies the","556 bank purchases are cost beneficial and align with or mitigate the operational risk profiles of the bank. viii.\tPolicies \u2013 ORMD will be responsible for drafting, presenting, updating and interpreting, the Operational Risk Policy, and other related policies and methodologies. ix.\t Self-Assessment \u2013 ORMD will be responsible for facilitating periodic self- assessments for the purpose of identifying and monitoring operational risks. x.\t Coordination with Internal Audit \u2013 ORMD will work closely with Internal Audit to plan assessments and concerns about risks in the bank. ORMD and Internal Audit will share information and coordinate activities so as to minimize potential overlap of activities. Risk Identification, Measurement, Mitigation, Monitoring & Control 2. RISK IDENTIFICATION PROCESS Risk identification is a deliberate and systematic effort to identify and document the various risks faced by the bank. Risk identification involves capturing risks from all activities, transactions, business locations, and affiliated units. Failure to recognize all risks or partial capture of risks may fail to reveal the true risk profile of a bank. Banks would run the risk of breaching the capital adequacy norm if there is underestimation of risks because of incorrect risk identification procedure. It is crucial to have knowledge of the business before commencing the risk identification process. It is also important to learn from both past experience and experience of others when considering the risks to which a bank may be exposed and the best strategy available for responding to those risks. The risk identification process must identify unwanted events, undesirable outcomes, emerging threats, as well as existing and emerging opportunities. By virtue of an institution\u2019s existence, risks will always prevail, whether the institution has controls or not. At the same time, it is important to remember that \u201crisk\u201d also has an opportunity component. This means that there should also be a deliberate attention to identifying potential opportunities that could be exploited to improve earnings in the bank. Various approaches used by banks to identify risks include the use of checklists, judgments based on experience and records, flow charts, brainstorming, systems analysis, scenario analysis, and system engineering techniques, etc. The risk managers should be groomed and trained to read the riskiness of the business environment so that interventions are made possible. The approach used will depend on the nature of the activities under review, types of risks, and the purpose of the risk management exercise. Team-based brainstorming for example brings to the table different perspectives of an issue","557 and incorporates differing experiences of team members. Risk workshops are useful for filtering and screening of possible risks involved in a product or transaction. It is often desirable that the workshops are supplemented by more sophisticated or structured techniques. Structured techniques such as flow charting, system design review, systems analysis, and operational modelling should be used where the potential consequences are catastrophic, and the use of such intensive techniques is cost effective. For less clearly defined situations, such as the identification of strategic risks, processes with a more general structure, such as \u2018what-if\u2019 and scenario analysis could be used. Where resources available for risk identification and analysis are constrained, the method and approach may be modified to achieve efficient outcomes within budget limitations. For example, where less time is available, a smaller number of key elements may be considered at a higher level, or a checklist may be prepared. The whole process of risk capturing needs to be systematically captured. The risks identified during the risk identification are typically documented in a risk register that, includes: i.\t risk description: description about the occurrence of a possible risk event or a particular set of circumstances; ii.\t cause and consequence of the risk event and its consequences: the factors that can contribute to the likelihood of a risk occurring; and its consequences - the outcome(s) or impact(s) of an event; iii.\t the existing internal controls that may reduce the likelihood or consequences of the risks. If it requires improvement, the weakness of the control is also captured here; iv.\t Treatment prescribes the action required to manage the risk. The document in which the risks are recorded is known as the \u201crisk register\u201d and it is the main output of a risk identification exercise. A risk register is a comprehensive record of all risks faced by the institution across business lines. At the minimum, the risks register records: i.\t the risk; ii.\t risk category; iii.\t how and why the risk is likely to happen \u201ccause of risk\u201d; iv.\t how will the risk impact the institution if it materializes, both qualitative and \/ or quantitative cost involved; v.\t the existing internal controls that may minimize the likelihood of the risk occurring.","558 Once the risks have been identified and existing controls have been assessed and it has been established that controls are inadequate, an assessment of whether the risk is acceptable or whether it needs to be treated and the timeframe for risk treatment. This step is also where opportunities for enhancement or gain across the organization can be. 2.1 RISK MEASUREMENT Risk Measurement is the process of assigning value to the risk. Risk identification and risk measurement are two complementary activities. Once identified, the magnitude of risk will have to be assessed both in terms of the level of risk and the quantum of potential loss that may arise from the assumed risk. Rating models indicate the level of risk and statistical models measure the potential loss. Risk measurement tools will therefore consist of both the rating models and the measurement models. Risk measurement tools and techniques should achieve three basic objectives. First, the measurement tools should quantify the potential loss that the bank may suffer from its total exposure and other commitments under different economic, market, and environmental scenarios. The potential loss consists of both expected and unexpected losses, and it indicates the amount of economic capital that the bank should maintain against its risk-taking activities. The second objective is that the risk measurement tools should be efficient to measure separately borrower- specific, asset-specific, or facility-specific potential losses. The tools that include rating models should also identify the borrowers whose financial strength has deteriorated and who are likely to default in repaying the bank\u2019s dues within an assumed time zone. The accessibility of risk control tools and their usability by the line management has to be kept in view. The third objective is that the risk measurement tools shall enable the bank to calculate the risk-adjusted return on capital in order to evaluate the performance efficiency of different business lines. The risk measurement models should be customized to meet the bank\u2019s specific requirements. The bank should take into account its size, business mix, business volume, range of products and services, and skill set of personnel in choosing the models. The New Basel Capital Accord requires banks to set up separate risk measurement models for estimation of potential losses from credit, market, and operational risks. 2.2 RISK MITIGATION Risk mitigation is defined as the process of reducing risk exposure and minimizing the likelihood of an incident. Mitigation often takes the form of controls, or processes and procedures that regulate and guide an organization. Discipline in risk management implementation is important to ensure that it is pursued on a mission mode. Risk mitigation strategies and techniques are an integral part of the risk management process.","559 In the banking business complete elimination of risk is seldom possible but the impact of risk can be reduced by appropriate risk mitigation strategies. Once risks have been identified and assessed, the possible measures to manage and mitigate the risks may fall into one or more of these four major categories: i.\t Avoid (eliminate, withdraw from or not become involved) ii.\t Reduce (optimize \u2013 mitigate) iii.\t Share (diversify-transfer \u2013 outsource or insure) iv.\t Retain (accept and contain) These actions often involve trade-offs that is considered while taking risk management decisions. Risk Avoidance Perhaps, the most effective measure to contain risk is to avoid it altogether. Risk avoidance means not performing or not taking up an activity that could carry risk.An example would be to avoid giving loan because they carry more than the normal credit risk. Though it appears that avoidance seems to take care of financial risks involved in a transaction, avoiding risks also means losing out on opportunity or potential to earn some income. It is therefore worthwhile to consider alternative risk management strategies which can reduce the likelihood and impact of risk events: i.\t Design and develop alternate business processes with adequate built-in risk control and containment measures. ii.\t Certain risks are accepted as a normal business process (for example credit risk in a lending institution). In such cases, these risks can be contained by appropriate control and prudential measures. iii.\t Transfer risks to an external agency. This is known as risk diversification. Insurance and securitization are examples of risk transfers. Whereas securitization helps in risk diversification, insurance is a post risk loss management strategy. Risk Reduction This is where the majority of effort is generally required to manage risk. Risk control or reduction involves reducing the severity of the impact or loss or the likelihood of the loss from occurring. For example, pre-sanction due diligence helps in reducing the likelihood of credit default. Similarly, taking appropriate collateral helps in reducing the loss in case of default. However, an issue in the risk reduction is the cost involved. The tradeoff between risk and returns must be taken into consideration in evaluating checks and balances in apprehending","560 risks. If the cost of risk management is not reasonable, the benefit of risk management will be nullified. Outsourcing could be an example of risk reduction as this enables packaging the risky portion of the business to another party which demonstrates a greater capability of managing that portion. Risk Optimization Actually, this means optimization of efforts and results of risk management. It must be stated that the impact of events could be positive or negative. Risk connotes the negative impact of the event. If one were to accept that all events could impact the business positively or negatively, then optimizing risks would mean finding an appropriate balance between the negative impacts a risk could have vis a\u0300 vis the benefit of the operation or activity; and between risk reduction and effort applied. Risk Sharing Risk Sharing is defined as \u201csharing with another party the burden of loss or the benefit of gain, from a risk, and the measures to reduce a risk.\u201d Though it is believed that by \u2018risk transfer\u2019 to a third party through insurance or outsourcing, risk is avoided, it is not correct. Risk is not avoided but shared. Risk is not a risk prevention tool but a risk sharing tool. In the case of insurance, the compensation, if any, is received post event. It helps to reduce the loss caused by risk. Risk Retention Retention indicates an inevitable situation, where on account of the high cost of managing the risk, when the risk is too small, it is decided to manage it internally as and when it arises. All risks that are not avoided or transferred and are retained by default. Natural calamities will fall under this category, both because of the difficulty to estimate the probability and also due to the catastrophic impact. But even in such inevitable risk events, the management control has to be strengthened so that strong resilience is built. 2.3 RISK MONITORING AND RISK CONTROL Risk monitoring and control refers to the process of continuously identifying risks and establishing the best methods of dealing with those risks. Risk monitoring precedes risk control, and they complement each other. The quantum and intensity of risks go on changing at frequent intervals as the operating environment and market variables change. By regularly reviewing the effectiveness and efficiency of the risk management activity, it can be ensured that the Bank is using its resources prudently. The bank should have a monitoring group within the organization set up for assessment of risks on a continuing basis. The monitoring group should consist of personnel who are independent of operational responsibilities. Risk monitoring and control machinery may vary between banks depending on the size and","561 the activities. For small banks undertaking traditional banking business, the reporting and the monitoring mechanism may be relatively simple. Risk monitoring activities implement the risk monitoring strategy by gathering information through automated or manual means, alerting or reporting on information relevant to intended purposes for risk monitoring, and providing inputs to ongoing risk assessment and response processes. 2.4 CREDIT RISK MEASUREMENT The development of credit risk measurement tools tries to capture credit risk in two dimensions. The first dimension is to measure the likelihood of an account becoming default, and the second is the development of techniques for measuring potential loss on the bank\u2019s total credit exposure. The probability of default has a direct link with the potential loss to the bank on account of such default. Existing credit risk measurement techniques measure credit risks on a relative scale. The Basel II Accord attempted to transform relative risk measures into absolute risk measures. To support the transformation process, the Basel Accord has identified four drivers of credit risk exposure: probability of default, loss given default, and Effective maturity. They are: a.\t The default probability (PD): The likelihood that the counterparty will default. b.\t Loss Given Default (LGD): The amount of money a bank is likely to lose in case of default. c.\t The exposure (EAD): The amount of money at risk. d.\t The tenor (M): The time period in which some or all of the money is outstanding. 2.5 PROBABILITY OF DEFAULT (PD) Probability of default (PD) is a statistical measure which quantifies the likelihood that a borrower will default during some future period (usually one year). Default does not necessarily lead to immediate losses but may increase the possibility of future default and resultant loss. Default is uncertain. For assessment of credit risk, the first step is to estimate the probability of default over a given time horizon. This can be done only if the pertinent data is authentic and reliable. The data only feeds into the estimation process of probability of default \u2013 the risk reader. Before attempting to estimate probability of default, there are a few fundamental notions which need to be kept in mind. a.\t It is never zero. Very strong entities have little chance to default, but one can never be sure. There is always a possibility that an otherwise reliable entity fails to generate enough revenues to honour its financial obligations. There are many internal and external risk factors which can adversely impact an entity\u2019s cash generation ability. These abilities","562 are again dependent upon external situations which are amenable to change. \t Not too long ago, the prevailing wisdom was that some companies, like Videocon, Indian Airlines were just too strong to default. Similarly, some companies were thought to be too big to fail, meaning that their default would create so much damage to the economy that a solution will always be found to prevent it. \t Similarly, large banks were supposed to be immune from bankruptcy. But collapse of Lehman Brothers (2008) has proved that unless risk is managed efficiently, even large- sized banks can stumble. b.\t Similarly, the ability of highly rated governments to pay down their debt has also come into question in recent years. The common perception was that governments could not default because they have power to raise taxes and to reduce expenses to generate the necessary funds to honor their financial commitments. Yet there are more and more countries, even in the developed world, which relied too much on borrowed money and had to be bailed out by other countries or international institutions. Iceland, Ireland, and Greece are good examples. c.\t Default probabilities increase with time as uncertainties increase. Therefore, it is challenging to estimate default probabilities for a very long period. PD has meaning only when it is defined for a given time period. Say, an entity has a 0.4 percent chance of default within 3 years. But the same entity can have a 0.3 percent chance of default within two years and, say, a 2 percent chance within one year. 2.6 EXPOSURE AT DEFAULT Exposure at default (EAD), indicates the outstanding amount in case the borrower defaults which includes drawn amounts plus likely future drawdowns of yet unused lines. Since default occurs at an unknown future date, this loss is contingent upon the amount to which the bank was exposed to the borrower at the time of default. In the case of a term loan, exposure risk can be considered small because of its fixed repayment schedule. But in the case of committed credit lines (e.g. guarantee, overdraft, letter of credit, etc.) the borrower may draw on these lines of credit within a limit set by the bank as and when borrowing needs arise. The borrower usage trend provides clues to banks to understand risks. Credit line usage has cyclical characteristics, i.e., the use increases in recessions and declines in expansions. The usage rate increases monotonically as the borrower becomes riskier and approaches limit towards default risk. Banks as a lender need to closely monitor the potential exposure to assess the credit risk more prudently. It is in this sense that the estimation of EAD is absolutely necessary for computation of regulatory as well as economic capital. As credit exposure varies from product to product, banks will have to track the drawing power of various facilities both on and off- balance sheet based on historical data.","563 Exposure at Default due to a particular borrower at the time of default is dependent on the following elements: a.\t Outstanding (or drawn amount): The portion of the loan facility that has already been extended to the borrower. b.\t Undrawn amount (or free limit): The undrawn portion of the loan (difference between the line of credit and outstanding amount which has already been disbursed). The borrower can draw from it whenever it faces financial distress. This portion is also called undrawn balance. The difference between credit line and outstanding is termed as the unused line of credit. The undrawn balance are converted to notional outstanding with the help of Credit Conversion Factor (CCF) prescribed under Basel II Standardized Approach. \t Thus, exposure at default can be expressed as: Exposure at Default (EAD) = Outstanding + Undrawn commitments \u00d7 CCF Undrawn limits = Max {0; Limit \u2013 Outstanding} Example Goodluck Ltd enjoys certain facilities fromABC Ltd and his account position on 31.03.2021 has been given below: Facility Limit Outstanding Term Loan ` 50 mln ` 65 mln Cash Credit ` 10 mln ` 6 mln Performance Bank Guarantee ` 3 mln ` 3 mln Calculate the EAD of the above exposure. Solution Facility Limit Outstanding UndrawnCommitment Funded \u00d7 CCF exposure Term Loan ` 50 mln ` 65 mln ` 65.00 mln Cash Credit ` 10 mln ` 6 mln ` 4 mln \u00d7 0.20 ` 6.80 mln Performance ` 3 mln ` 3 mln ` 3 mln \u00d7 0.5 ` 1.50 mln Bank Guarantee TOTAL ` 73.30 mln EAD of Goodluck Ltd as on 31.03.2021 is `73.30 mln 2.7 LOSS GIVEN DEFAULT (LGD)","564 Loss-given-default (LGD) is an important element for measuring credit risk. LGD measures the credit loss incurred if an obligor of the bank defaults. It actually measures the severity of the default loss. If `100 mln is the default outstanding amount and the bank is able to recover `60 mln, the recovery rate (RR) is 60 per cent and loss given default (LGD) will be 40 per cent. Thus, LGD estimates the magnitude of likely loss on the exposure, expressed as a percentage of the exposure at default. Facility level LGD estimates across borrower\/ industry\/regions are key inputs in measurement of the expected and un-expected credit losses and, hence, credit risk capital (regulatory as well as economic) LGD % = (1 \u2212 Recovery Rate %) Once a default event has occurred, loss given default includes three types of losses: a.\t The loss of principal b.\t The carrying costs of non-performing loans, e.g. interest income foregone c.\t Workout expenses (collections, legal, etc.) There are broadly three ways of measuring LGD for an instrument: a.\t Market LGD: observed from market prices of defaulted bonds or marketable loans soon after the actual default event. b.\t Workout LGD: The set of estimated cash flows resulting from the workout and\/or collections process, properly discounted, and the estimated exposure. c.\t Implied Market LGD: LGDs derived from risky (but not defaulted) bond prices using a theoretical asset pricing model. The following factors contribute to recovery and LGD i.\t Facility characteristics: Size of the loan has a positive impact on LGD; fund-based loans have relatively lower LGD than non-fund- based loans. ii.\t Bank-specific factors: The bank\u2019s approach to restructure the loan under stress significantly impact recovery rates and hence LGD. iii.\t Collateral security: The presence of security and the nature of the collateral obtained can be an important distinction in the estimation of LGD. The quality of collateral\u2013 lowers the LGD; more liquid collaterals have low LGD; senior collaterals have lower LGD. iv.\t Firm-specific capital structure: Seniority standing of debt in the firm\u2019s overall capital structure, asset to liability ratio, etc also affects the recovery rate. The assets to liabilities ratio act like a coverage ratio of the funds available versus the claims to be paid. A higher ratio of assets to liabilities is better. Low leverage borrowers have low","565 LGD; similarly, the higher the current ratio, lower the LGD. v.\t Industry factors: It is the value of liquidated assets dependent on the industry of the borrower, industry growth, competitiveness, etc. More competitive industries are associated with stronger recoveries. Assets that can be readily reused by another party have higher liquidation values and help increase recovery rates. vi.\t Regional factors (location): Local or situational factors influence LGD. Regional social, legal framework and economic conditions matter in LGD. vii.\t Macroeconomic factors: IIP growth rate, GDP growth rate, unemployment rate, interest rate and other macro-economic factors that capture economic cycle effect have strong influence on LGD. viii.\tCountry risk: LGD figures may vary across countries due to changing macroeconomic environment, legal structure, and banking behaviour. 2.8 RISK ADJUSTED RETURN ON CAPITAL (RAROC) According to Bankers Trust, the pioneer of the Risk Adjusted Return on Capital (RORAC) concept, successful firms manage the risk just as much as they manage returns. In general, firms that manage risk well have a competitive advantage\u2014whatever their field. If a firm understands risk, it can. a.\t make conscious decisions to embrace or shed risks; b.\t charge a rational price for the risk it assumes; c.\t redeploy capital away from under-performing activities to those that earn risk-adjusted returns in excess of a prescribed target; and d.\t accurately judge how much total capital it needs to hold as a buffer against unexpected losses. \t The well-known principles which ultimately resulted in integration of risk management into decision making are the followings: a.\t By taking a position a banker brings risk into the bank and uses the bank\u2019s capital. b.\t The only reason to take risks is to earn a return; therefore, in taking a position, the banker has the expectation of earning a return. Furthermore, the higher the risk, the higher the return the banker would expect. c.\t To justify the use of shareholders\u2019capital, the banker\u2019s expectation for a return must be consistent with the minimum return for similar risks required by shareholders. \t According to this concept, a bank should carry enough capital to protect itself from unexpected loss. But the readability of UL will enable better risk management with","566 proactive strategies. Capital required for this purpose is called risk capital or economic capital. By comparing the return generated by a transaction to the amount of risk capital that is required, one can calculate the risk-adjusted return on capital for that transaction. Maximizing risk-adjusted return on capital would be an operational proxy for maximizing the return on shareholders\u2019 investments. This process was formally named as \u201crisk-adjusted return on capital\u201d or RAROC. 2.8.1 Credit Risk Mitigation --Basic Guidelines Banks use a number of techniques to mitigate the credit risks to which they are exposed. For example, exposures may be collateralized in whole or in part by cash or securities, deposits from the same counterparty, guarantee of a third party, etc. The only risk in collateral is the reduction in the value of collaterals after they are accepted at the time of credit decision. That precisely is the reason that monitoring of credit rating and value of collaterals assumes significance in managing risks. A firm using the standardized approach may recognize credit risk mitigation in the calculation of risk weighted exposure amounts for the purposes of the calculation of the credit risk capital component. The revised approach to credit risk mitigation allows a wider range of credit risk mitigants to be recognized for regulatory capital purposes than is permitted under the 1988 Framework provided these techniques meet the requirements for legal certainty. The credit risk mitigation approach detailed in this section is applicable to the banking book exposures. This will also be applicable for calculation of the counterparty risk charges for OTC derivatives and repo-style transactions booked in the trading book. The technique used to provide the credit protection together with the actions and steps taken and procedures and policies implemented by a lending firm must be such as to result in credit protection arrangements which are legally effective and enforceable in all relevant jurisdictions i.\tA bank must not recognise credit protection as eligible until it has conducted sufficient legal review confirming that the credit protection arrangements are legally effective and enforceable in all relevant jurisdictions. ii.\tA bank must re-conduct legal reviews as necessary to ensure continuing enforceability and effectiveness. A lending firm must take all appropriate steps to ensure the effectiveness of the credit protection arrangement and to address related risks. Notwithstanding the presence of credit risk mitigation taken into account for the purposes of calculating risk weighted exposure","567 amounts and as relevant expected loss amounts, a firm must continue to undertake full credit risk assessment of the underlying exposure and must be in a position to demonstrate to the appropriate regulator the fulfilment of this requirement. No exposure in respect of which credit risk mitigation is obtained may produce a higher risk weighted exposure amount than an otherwise identical exposure in respect of which there is no credit risk mitigation. Where the risk weighted exposure amount already takes account of credit protection under the standardized approach the calculation of the credit protection must not be further recognized. All documentation used in collateralised transactions and guarantees must be binding on all parties and legally enforceable in all relevant jurisdictions. 2.8.2\t Comprehensive Approach to Risk Mitigation Banks in India shall adopt the Comprehensive Approach, which allows fuller offset of collateral against exposures, by effectively reducing the exposure amount by the value ascribed to the collateral. Under this approach, banks, which take eligible financial collateral (e.g., cash or securities, more specifically defined below), are allowed to reduce their credit exposure to a counterparty when calculating their capital requirements to take account of the risk mitigating effect of the collateral. Credit risk mitigation is allowed only on an account- by- account basis, even within regulatory retail portfolio. Banks need to be watchful about the exposure and rating of borrowers as long term risk management techniques. In the comprehensive approach, when taking collateral, banks will need to calculate their adjusted exposure to a counterparty for capital adequacy purposes in order to take account of the effects of that collateral. Banks are required to adjust both the amount of the exposure to the counterparty and the value of any collateral received in support of that counterparty to take account of possible future fluctuations in the value of either, occasioned by market movements. These adjustments are referred to as \u2018haircuts\u2019. The application of haircuts will produce volatility adjusted amounts for both exposure and collateral. The volatility adjusted amount for the exposure will be higher than the exposure and the volatility adjusted amount for the collateral will be lower than the collateral, unless either side of the transaction is cash. In other words, the \u2018haircut\u2019 for the exposure will be a premium factor and the \u2018haircut\u2019 for the collateral will be a discount factor. 2.9 MARKET RISK MANAGEMENTSTRATEGY,POLICIESANDPROCEDURES Market Risk Management Strategy An institution should develop a sound and well-informed strategy to manage market risk. The strategy should be approved by the institution\u2019s Board of Directors (Board). The Board,","568 based on the recommendation of senior management, should first determine the level of market risk the institution is prepared to assume and the possible losses it is willing to bear. This level should be set with consideration given to, among other factors, the amount of market risk capital set aside by the institution against unexpected losses. Risk appetite is most important to set the limits for risk management. Market and economic intelligence are important to keep market risks within the manageable range. Once its market risk tolerance is determined, the institution should develop a strategy that balances its business goals with its market risk appetite. In setting its market risk strategy, an institution should consider the following factors: a.\t economic, market and liquidity conditions and their impact on market risk; b.\t whether the institution has the expertise to take positions in specific markets and is able to identify, measure, evaluate, monitor, report and control or mitigate the market risk on a timely basis in those markets; and c.\t the institution\u2019s portfolio mix and how it would be affected if more market risk was assumed. \t An institution should be aware that in executing its hedging strategies, offsetting or hedged instruments can still be exposed to market risks when the hedge is not perfect. Hedging strategies generally incorporate and rely on certain assumptions about the correlation between two instruments\/assets. The effectiveness of these strategies will be affected if these assumptions are proved to be inaccurate or no longer hold. The institution should evaluate the impact of a breakdown in these assumptions and critically assess the effectiveness of the strategies. \t An institution should put in place a process by which significant changes in the size or scope of its activities would trigger an analysis of the adequacy of capital supporting the activities. The institution is encouraged to have an internal capital allocation system that meaningfully links identification, monitoring and evaluation of market risks to economic capital. \t An institution\u2019s market risk strategy should be periodically reviewed by the Board and senior management taking into consideration its financial performance, market risk capital and updated market developments. The market risk strategy should be effectively communicated to the relevant staff. There should also be a process to detect and report to the approving authority deviations from the approved market risk strategy, operating bands and target markets. Risk Management Policies An institution should formulate market risk policies which should be approved by the Board.","569 All policies related to market risks have to be regulatory compliant and should be able to balance the risks. These policies, which should be reviewed periodically, should reflect the strategy and processes of the institution, including its approach to controlling and managing market risk. The Board should oversee the institution\u2019s management to ensure that these strategies, policies and processes are implemented effectively and fully integrated into the institution\u2019s overall risk management process. In addition, exceptions to established policies should receive the prompt attention of, and authorization by, the appropriate level of management and the institution\u2019s Board where necessary. The policies should clearly: a.\t prescribe how market risk is measured and communicated, including communication to the Board; b.\t spell out the process by which the Board decides on the maximum market risk the institution is able to take, as well as the frequency of review of risk limits; c.\t set out the scope of activities of the business units assuming market risk; d.\t delineate the lines of authority and the responsibilities of the Board, senior management and other personnel responsible for managing market risk; e.\t establish the processes which the institution determines the appropriate levels of capital against unexpected losses, and f.\t identify and set guidelines on the market risk control limit structure, delegation of approving authority for market risk control limit setting and limit excesses, capital requirements and investigation and resolution of irregular or disputed transactions. Market Risk Management Procedure An institution should establish appropriate procedures to implement the market risk policy, strategy and processes. These should be documented in a manual and the staff responsible for carrying out the procedures should be familiar with the content of the manual. The manual should spell out the operational steps and processes for executing the relevant market risk controls. It should also be periodically reviewed and updated to take into account new activities, changes in systems and structural changes in the market. The procedures should cover all activities that are exposed to market risk. Risk Measurement Monitoring and Control An institution should establish a sound and comprehensive risk management framework and processes. This should, among other things, comprise: a.\t a framework to identify risks; b.\t an appropriately detailed structure of market risk limits that are consistent with the","570 institution\u2019s risk appetite, risk profile and capital strength, and which are understood by, and regularly communicated to, relevant staff; c.\t guidelines and other parameters used to govern market risk-taking; d.\t processes for allocation of positions to the trading book; e.\t appropriate management information system (MIS) for accurate and timely identification, aggregation, monitoring, controlling, and reporting of market risk, including transactions between the institution and its affiliates, to the institution\u2019s Board and senior management; f.\t exception tracking and reporting processes that ensure prompt action at the Board or appropriate level of the institution\u2019s senior management, where necessary; g.\t effective controls around the use of models to identify and measure market risk; and h.\t valuation policies, including policies and processes for considering and making appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities, such as positions that otherwise cannot be prudently valued, including concentrated and less liquid positions. An institution\u2019s risk management system should be able to quantify risk exposures and monitor changes in market risk factors (e.g. changes in interest rates, foreign exchange rates, equity prices and commodity prices) and other market conditions on a daily basis. The rigor with which the risks are stipulated and managed is important.An institution whose risk levels fluctuate significantly within a trading day should monitor its risk profile on an intra- day basis. The system should also enable an institution to identify risks promptly and take quick remedial action in response to adverse and sudden changes in market factors. In measuring and monitoring its market risk, an institution should use a risk management system that is commensurate with the scale and complexity of its risk-taking. The system should be able to measure current exposures, through marked-to-market or marked-to- model pricing, as well as potential market risks. It should be able to accommodate volume increases, new valuation methodologies and new products. The risk management system should provide information on the outstanding positions and unrealized profit or loss as well as, to the extent practicable, the accrued profit or loss on a daily basis. This information should be retained for audit and investigation purposes. As far as possible, the system should also cover information on the positions of customers. An institution that is active in treasury and financial derivatives should have a system that is able to monitor trading positions, market movements and credit exposures daily and preferably on a real-time basis. An institution should consider correlations between markets and between categories of risk","571 when evaluating its risk positions. These correlations could result in the transmission of shocks from stressed conditions in one market to other markets or may significantly increase the aggregate overall risk to the institution, although individual risks, such as market and credit risks, may appear manageable when viewed independently. Due to such correlated risks, an institution\u2019s risk tolerance could be exceeded. An institution could incorporate risk correlations in their risk assessments through appropriately constructed scenarios in stress testing. An institution whose trading and other financial activities are limited in volume, scope and complexity, may use less sophisticated methodologies. An institution should regularly evaluate market risk measurement models and assumptions to ensure that they provide reasonable estimates of market risk. In these reviews, the models should be independently validated, backtested and re-calibrated when necessary. Validation should include verifying the consistency, timeliness,reliability, independence and completeness of data sources; the accuracy and appropriateness of volatility and correlation assumptions; and the accuracy of valuation and risk factor calculations. A back-testing programme should also be conducted regularly to verify that the models are reliable in measuring potential losses over time. Exceptional back-testing may be warranted when there are significant market developments or when there are changes in the model or its major assumptions. The Board and senior management should be cognizant of the strengths and limitations of the institution\u2019s market risk measurement systems, in order to determine the appropriate risk limits. They should also ensure that the material limitations of the models are well understood and provided for. 2.10 OPERATIONAL RISK IDENTIFICATION PROCESS Banks should identify and assess the operational risk inherent in all material products, activities, processes, and systems. Banks should also ensure that before new products, activities, processes, and systems are introduced or undertaken, the operational risk inherent in them is identified clearly and subjected to adequate assessment procedures. Since operational risk is in every part of business, process and productivity, it is necessary to grasp them minutely. Risk identification in an organization should take place both top-down, at senior management level, looking at the large exposures and threats to the business, and bottom-up, at business process level, looking at local or specific vulnerabilities or inefficiencies. Banks can follow a top-down approach for identification of operational risk events and a bottom-up approach for risk mapping, classification, categorization, and aggregation. Under the top-down approach, the bank\u2019s activities are broken into business lines, and activity groups associated with each business line are identified.","572 Thereafter, the products used in each business line are segregated, and risk events associat- ed with each product are identified. Under the bottom-up approach, data on individual risk events are collected and classified into broad event-type categories within each business line, and risks under event-type categories are aggregated to get a comprehensive picture of the operational risk the bank faces. TToopp--DDoowwnnAApppprrooaachch BBoottttoomm--UUppAApppprrooaacchh IdIdenentitfificicaattiioonnooffbubsuinsienseslsisnelisnes RRisiskkaaggggrreeggaattioionn IdIednentitfiifcicaattiioonnooffacatcivtiivtyitgyrogurposups CClalsassisfiifciacatitoionnoffrirsiksekvevnetsnintstointo IdIdeenntitfificicaattiioonooffprpordoudcutscts eevveenntt--ttyyppee ccaatteeggoorryy CClalsassisfiifciacatitoionnoffrirsiksekvevnetsnintstointo nnaatuturree--wwiissee ccaatteeggoorryy IdIdeenntitifficicaattiioonooffrirskisekveenvtesnts CColollelcetcitoionnooffrriisskk eevveennttddaatata 2.10.1 Business Identification Process Banks provide a number of services and products which need to be grouped under different business lines. The Basel Committee on Banking Supervision has suggested adoption of eight business lines for calculation of operational risk capital charges under the Standardized Approach. The groups of businesses should be segregated so that risks of one type can be separated from the other. The lines of business are broadly grouped as under: a.\t Corporate Finance b.\t Trading and Sales c.\t Retail Banking d.\t Commercial Banking","573 e.\t Payment and Settlement f.\t Agency Services g.\t Asset Management h.\t Retail Brokerage Banks may adopt these business lines for operational convenience and assessment of capital adequacy to cover operational risk. Each business line consists of one or more than one broad activity, and each of the activities is assigned to a few activity groups that offer different products and deliver different types of services. For example, under the business line \u201cRetail Banking,\u201d the broad activities are \u201cretail banking, private banking, and card services\u201d and the activity groups are \u201cprivate lending and deposits, banking services, trust and estates, investment advice, merchant\/commercial\/corporate cards, private labels, and retail.\u201d In the New Basel Capital Accord, business lines have been assigned Level 1 category and broad activities Level 2 category. The task of operational risk identification begins with the classification of the bank\u2019s entire activities into appropriate business lines. It will facilitate separation of similar risks into one group to deal with them appropriately. Some banks may not undertake all kinds of activities, and therefore some business lines may not be relevant to them. For example, some banks may not provide agency services or undertake asset management or retail brokerage. The identification of risk events from each product used by activity groups associated with each business line constitutes the core of the identification process. Banks should therefore prepare activity-group lists of operational risk events that have occurred in the past and circulate them among the business heads. The process will familiarize the business line managers with risk events that may occur in a particular business line and eliminate the possibility of omission. 2.10.1.1 Principles for Identification of Business Lines Banks should develop specific policies for mapping a product or an activity to an appropriate business line. The mapping of activities to business lines for calculation of operational risk capital requirements should be consistent with the definition of business lines used for calculation of regulatory capital for credit and market risks. Banks should map the activities to the business lines in a mutually exclusive and jointly exhaustive manner and allocate the ancillary function of an activity to the business line it supports. They may assign the activities that belong to more than one business line to the most prominent or more suitable business line, break the compound activities into components, allot the components to the most suitable business line, and so on. Keeping these principles in view, banks should make a list of all activities and assign them to one of the prescribed business lines. If a bank does not undertake an activity that falls under a specific business line, it may ignore that activity. But segregation of activities into lines","574 of business will enable correct identification of mitigation strategies. Every risk cannot be managed with a similar strategy. Each needs a separate treatment. 2.10.2 Identification of Activity Groups and Products After identification of business lines, banks may identify product teams or activity groups and products used by them for delivery of services falling under that business line. The product teams may carry out functions of general banking, transaction banking, merchant banking, sale-purchase of securities and currencies, debit and credit card services, cash management, wealth management services, and so on. Each product team uses a variety of products for delivery of service. For example, the general banking activity group may use different types of deposit products for individuals, corporations, and institutions, and different types of credit and credit-related products like term loans, overdrafts, letters of credit, purchase and discount of trade bills, and issue of guarantees for different types of clients. But there may be common types of products that fall under more than one business line. For example, retail deposits and wholesale deposits of both individuals and corporations, and overdrafts and term loans may come under both retail banking and commercial banking. 2.10.3 Identification of Risk Events The next step for identification of operational risk is to identify the risk events associated with the products. An operational risk event is an incident or an experience that has caused or has the potential to cause material loss to a bank, either directly or indirectly with other incidents. Examples of risk events are misappropriation of funds, fraudulent encashment of drafts, robbery, computer hacking, computer failure, money laundering, and so on. Risk events could be external or internal. It is necessary to separate operational risk and operations risk to treat them appropriately. Risk events are associated with people, processes, and technology used in the delivery of products, and can be listed from adverse or unfavorable incidents that have taken place in the past either in branch offices, controlling offices, or the head office of a bank. We can even think of an incident that can occur and cause loss of money, assets, or reputation to a bank as a potential risk event. Banks may prepare lists of risk events from regulatory guidelines, their own experiences, and the incidents that have taken place in other banks and financial institutions. The operational risk identification process involves: Step 1: Identify the business line. Step 2: Identify the product team in each business line. Step 3: Identify products used by the product team in each business line. Step 4: List operational risk events associated with the products. Operational risk events arise from people, process, and systems failures and from external events. It is possible to relate each risk event to either of these causes.","575 2.10.4 Cause and Effect Analysis In addition to risk event type, banks are also encouraged to study the operational risk in terms of \u201cEffects\u201d and \u201cCauses\u201d. Effects: The consequences or impact of the event. Effects are a combination of hard losses and indirect consequences such as reputation, service, regulatory exposure or business interruption, which may lead to the below mentioned consequences: i.\t Legal liability ii.\t Regulatory, compliance and taxation penalties iii.\t Loss or damage to assets iv.\tRestitution v.\t Loss of recourse vi.\tWrite-downs. Causes: The underlying cause or control that failed and permitted a risk to be incurred. The four major cause categories of operational risk are briefly described as follows: i.\tPeople \u2013 The risk resulting from the deliberate or unintentional actions or treatment of employees and\/or management. ii.\t Process oriented (Transaction based) causes \u2013 business volume fluctuation, organizational complexity, product complexity, and major changes. iii.\t Process oriented (Operational control based) causes \u2013 inadequate segregation of duties, lack of management supervision, inadequate procedures. iv.\tSystems\/Technology \u2013 The risk resulting from inadequate or failed system infrastructure including all network, hardware, software, communications and their interfaces, obsolete applications, poor design, development, and testing. v.\t External \u2013 The risk resulting from events outside the company\u2019s direct or indirect control or from events that impact an external relationship. This can include natural disasters (Act of God or Force majeure), Operational failure of third party etc. 2.11 ASSESSMENT OF OPERATIONAL RISK In addition to identifying the risk events, banks should assess their vulnerability to these risk events. Effective risk assessment allows a bank to better understand its risk profile and most effectively target risk management resources. Amongst the possible tools that may be used by banks for assessing operational risk are: i.\t Self - Risk Assessment: A bank assesses its operations and activities against a menu of potential operational risk vulnerabilities. This process is internally driven and often","576 incorporates checklists and\/or workshops to identify the strengths and weaknesses of the operational risk environment. Scorecards, for example, provide a means of translating qualitative assessments into quantitative metrics that give a relative ranking of different types of operational risk exposures. Some scores may relate to risks unique to a specific business line while others may rank risks that cut across business lines. Scores may address inherent risks, as well as the controls to mitigate them. ii.\t Risk Mapping: In this process, various business units, organizational functions or process flows are mapped by risk type. This exercise can reveal areas of weakness and help prioritize subsequent management action. iii.\t Key Risk Indicators: Key risk indicators are statistics and\/or metrics, often financial, which can provide insight into a bank\u2019s risk position.These indicators should be reviewed on a periodic basis (such as monthly or quarterly) to alert banks to changes that may be indicative of risk concerns. Such indicators may include the number of failed trades, staff turnover rates and the frequency and\/or severity of errors and omissions. iv.\t Some entities choose to engage external consultants for identification of risks so that even the minutest risks are captured. Risk Management Models 3. TYPES OF MODELS Quality of model output not only depends on the quality data set, but also on the method selected for processing data and generating credit assessments. Financial institutions use various types of credit risk models to determine the potential default of a borrower.","577 Fig. 10.1 Types of Credit Rating Models Some leading private sector banks use a mix of heuristic (or expert-based) methods and other two quantitative models in practice for assessing the risk of commercial loans. 3.1 Heuristic Models Heuristic models attempt to gain insights methodically on the basis of previous experiences. Experience in the lending business helps the banker to predict the future creditworthiness a borrower. In practice, heuristic models are often grouped under the heading of expert systems. The quality of heuristic models thus depends on how accurately they depict the subjective experience of credit experts. In order to predict the risks well, gathering of data, retrieval of past experiences and analysis is necessary. Therefore, not only the factors relevant to creditworthiness are determined heuristically, but their influence and weight in overall assessments are also based on subjective experience. Therefore, different officers could reach different rating conclusions based on the same set of data and factors. This flexibility is both a strength and weakness of this type of model. Thus, this method suffers from transparency and depends on analyst capabilities. 3.2 Statistical Models While heuristic credit assessment models rely on the subjective experience of credit experts, statistical models attempt to verify hypotheses using statistical procedures on an empirical database. Empirical evidence can strengthen the reliability of statistical models provided the data is well tested and authentic. For credit assessment procedures, this involves formulating hypotheses concerning potential creditworthiness criteria using statistical techniques on empirical data set. These hypotheses contain statements as to whether higher or lower values can be expected on average for solvent borrowers compared to insolvent borrowers. Statistical procedures can be used to derive an objective selection and weighting of creditworthiness factors from the available solvency status information. In this process, selection and weighting are carried out with a view to optimizing accuracy in the classification of solvent and insolvent borrowers in the empirical data set. However, the goodness of fit of any statistical model depends heavily on the quality of the empirical data set used in its development. First, it is necessary to ensure that the data set is large enough to enable statistically significant statements. Second, it is also important to ensure that the data used accurately reflect the field in which the credit institution plans to use the model. 3.3 Multivariate Discriminant Analysis The general objective of multivariate discriminant analysis (MDA) within a credit assessment procedure is to distinguish solvent and insolvent borrowers as accurately as possible using a","578 function which contains several independent creditworthiness criteria (e.g. figures from annual financial statements). Multivariate discriminant analysis is explained here on the basis of a linear discriminant function, which is the approach predominantly used in practice. In principle, however, these explanations also apply to nonlinear functions. Data dependency for MDA is very high and credit assessment quality will depend upon the authenticity of the data. In multiple linear regressions, the objective is to model one quantitative variable (called the dependent variable) as a linear combination of other variables (called the independent variables). In most cases the dependent variable consists of two groups or classifications, like, loan defaulting versus non defaulting. Discriminant analysis derives an equation as linear combination of the independent variables that will discriminate best between the groups in the dependent variable. This linear combination is known as the discriminant function. The weights assigned to each independent variable are corrected for the interrelationships among all the variables. The weights are referred to as discriminant coefficients. Fig. 10.2 Multiple Discriminant Model 3.4 Altman\u2019s Z-Score Model Edward Altman\u2019s (1968) original Z-score model is an empirical classificatory model for corporate borrowers that can be used to get a default prediction. Based on a matched sample (by year, size and industry) of 33 bankrupted (or failed) and 33 solvent firms and using a multiple discriminant analysis (MDA) on a list of 22 potentially helpful financial ratios tested over a 20-year period (1946\u201365), Altman developed the best fitting scoring model (or equation) for commercial loans. From the original set of 22 variables, he finally obtained five best predictive ratios and their based combination which has been captured Z score equation. Altman Z Score is an important tool to predict the default position, provided the inputs provided to the model is good. Once the values of the discriminate coefficients (or weights) are estimated, it is possible to calculate discriminant scores for the existing or new","579 borrowers, provided these five financial ratios are available. The final discriminant function obtained by Altman is given below: Z = 1.2X1 + 1.4X2 + 3.3 X3 + 0.6 X4 + 0.999 X5 Where, Z = Discriminant function Example The following ratios are computed for Goodluck Ltd for the FY 2022 a. Working Capital to Total Assets ratio = 25% \u2212 X1. b. Retained Earnings to Total Assets ratio = 15% \u2212 X2. c. Profit Before Interest and Tax to Total Assets = 20% \u2212 X3 d. Market Value of Equity to Book Value of Debt = 120% \u2212 X4. e. Sales to Total Assets = 150% \u2212 X5. Calculate the bankruptcy risk of Goodluck Ltd, based on Altman\u2019s Z-Score. Solution Z = 1.2X1 + 1.4X2 + 3.3X3 + 0.6X4 + 0.999X5 = (1.2 \u00d7 0.25) + (1.4 \u00d7 0.15) + (3.3 \u00d7 0.20) + (0.6 \u00d7 1.20) + (0.999 \u00d7 1.5) =3.3885 Hence the firm is in safe zone. 3.5 Regression Models Like discriminant analysis, regression models serve to model the dependence of a binary variable on other independent variables. The name Logit Model is because the borrower default prediction model is developed by applying Logistic Regression Technique. Logit regression investigates the relationship between binary (default or not default) or ordinal response probability (rating changes, etc.) and explanatory variables (risk factors). The MDA and logit analysis have different assumptions concerning the relationships between the independent variables. While linear discriminant analysis is based on linear combination of independent variables, logit analysis uses the logistic cumulative probability function in predicting default. 3.6 Structural Credit Risk Models Acredit risk model is used by a bank to estimate a credit portfolio\u2019s PDF. In this regard, credit risk models can be divided into two main classes: structural and reduced form models. Structural models are used to calculate the probability of default for a firm based on the value of its assets and liabilities. The basic idea is that a company (with limited liability) defaults if the value of its assets is less than the debt of the company.","580 3.7 Merton Model Following the seminal work of Nobel Prize winners Merton, Black, and Scholes, we now recognize that when a firm raises funds by taking bank loans, it holds a very valuable default or repayment option. That is, if a borrower\u2019s investment projects fail so that it cannot repay the bank, it has the option of defaulting on its debt repayment and turning any remaining assets over to the debtholder. Because of limited liability for equity holders, the borrower\u2019s loss is limited on the downside by the amount of equity invested in the firm. On the other hand, if things go well, the borrower can keep most of the upside returns on asset investments after the promised principal and interest on the debt have been paid. 3.8 Neural Network Neural networks are computer-based systems that use the same data employed in the econometric techniques but arrive at the decision using alternative implementations of a trial- and-error method. Neural networks are invaluable tools for predicting credit risk in situations where statistical or machine learning methods fall short. It takes into account the data gathered by the systems direct from operations and it needs to be reliable. It\u2019s important to emphasize, however, that these credit ratings are not meant to substitute an expert\u2019s analysis of a company\u2019s level of financial risk; rather, they should serve as an empirical complement to the process. An artificial neural network (ANN) is a network of highly interconnected processing elements (neurons) operating in parallel. These elements are inspired by the biological nervous system, and the connections between elements largely determine the network function. A typical back propagation neural network consists of a 3-layer structure: input nodes, output nodes, and hidden nodes. In an ANN system, financial variables are used as the input nodes and rating outcomes as the output nodes. The input layer is used for input training data, the hidden layers transform raw data into high-dimensional non-linear features, and the output layer classifies the data. An ANN-based credit risk identification model can perform online learning as data is accumulated over time\u2014 a task unachievable by traditional credit risk measurement models. TheANN-based model is first trained on the algorithm according to historical data. Then, the model can be used to identify the credit risk of the debtor firms, providing decision supports to credit risk control. Let us sum up \u25cf\t The risk management organization delineates the tasks at three levels, namely Board of Directors, Executive Management and Operating management. Also, there are specific duties performed by audit functionaries from within the bank or outside. \u25cf\t The board of directors is the supreme decision-making body of a bank. It decides on","581 the course of action the bank should follow. It provides the required leadership and the guidance to the organization for achieving its objectives. \u25cf\t The board of directors has the ultimate responsibility for the management and performance of a company and is responsible for its governance. \u25cf\t Every bank will put in place the processes for assessment of risk across the bank in all operations where risk exposure is taken and appropriate control mechanism to manage risk. \u25cf\t Internal audit function undertakes an effectiveness review of risk assessments and the internal controls. An audit of this kind provides valuable feedback to improve the assessment processes as well as internal control. \u25cf\t Risk identification is a deliberate and systematic effort to identify and document the various risks faced by the bank. Risk identification involves capturing risks from all activities, transactions, business locations, and affiliated units. Failure to recognize all risks or partial capture of risks may fail to reveal the true risk profile of a bank. \u25cf\t Risk identification and risk measurement are two complementary activities. Rating models indicate the level of risk and statistical models measure the potential loss. Risk measurement tools will therefore consist of both the rating models and the measurement models. \u25cf\t Risk monitoring and control refers to the process of continuously identifying risks and establishing the best methods of dealing with those risks. Risk monitoring precedes risk control, and they complement each other. \u25cf\t The Basel Accord has identified four drivers of credit risk exposure: probability of default, loss given default, and Effective maturity. \u25cf\t Maximizing risk-adjusted return on capital would be an operational proxy for maximizing the return on shareholders\u2019 investments. This process was formally named as \u201crisk-adjusted return on capital or RAROC. \u25cf\t The Asset-Liability Management Committee, popularly known as ALCO should be responsible for ensuring adherence to the limits set by the Board as well as for deciding the business strategy of the bank in line with bank\u2019s budget and risk management objectives. \u25cf\t A comprehensive risk management structure to address the market risk should be in place in a bank. Among others, the market risk management framework should include risk management policy, strategy, risk appetite, monitoring of market risk and fixation of limits. \u25cf\t The Operational Risk Management Committee is an executive committee. It shall have","582 as its principal objective the mitigation of operational risk within the institution by the creation and maintenance of an explicit operational risk management process. \u25cf\t Financial institutions use credit risk analysis models to determine the probability of default of a potential borrower. The models built on algorithms are able to predict defaults if all inputs are loaded properly and external factors are considered. The models provide information on the level of a borrower\u2019s credit risk at any particular time. Check your Progress 1.\t Operational risk arises at what stage in business process a.\tBeginning b.\tMiddle c.\tEnd d.\t At all stages 2.\t Which of the following is not considered as a part a part of operational risk a.\t Damage to branch building b.\t Legal risk c.\t Business risk d.\t Systemic risk 3.\t Probability of default is measured with the help of a.\t Duration analysis b.\t Convexity c.\t Credit rating d.\t Credit Rating Matrix 4.\t While computing exposure at default, the undrawn commitments are multiplied by a.\t Haircut b.\tCCF c.\tPD d.\t Risk weight 5.\t Which of the following elements is complement of Recovery Rate? a.\tPD","583 b.\t LGD c.\tEAD d.\tM 6.\t Which of the following is not used for computation of expected loss? a.\tPD b.\tEAD c.\t LGD d.\tM Answers to check your Progress 1. d 2. c 3. d 4. b 5.b 6. d","About IIBF Established in 1928 as a Company under Section 26 of the Indian Companies Act, 1913, Indian Institute of Banking & Finance (IIBF), formerly known as The Indian Institute of Bankers (IIB), is a professional body of Banks, Financial Institutions, and their Employees in India. With a total\u00a0membership of over 9.6 lakhs, IIBF is the largest institution of its kind in the world and is working with a Mission \u201cto develop professionally qualified and competent bankers and finance professionals primarily through a process of education, training, examination, consultancy \/ counselling and continuing professional development programs.\u201d During its 95 years of service, IIBF has emerged as a premier institute in banking and finance education for those employed as well as seeking employment in the sector, aiming for professional excellence. Since inception, the Institute has educated numerous members and awarded several banking and finance qualifications, viz., JAIIB, CAIIB, Diploma and Certificates covering diverse and contemporary subjects in the banking & finance domains, which have helped the banking & finance professionals to sustain their professionalism through continuing professional development programs. Indian Institute of Banking & Finance Kohinoor City, Commercial-II, Tower-I, 2nd Floor, Kirol Road, Off L. B. S. Marg, Kurla West, Mumbai - 400 070. Tel. : 022 68507000 Website : www.iibf.org.in"]
Search
Read the Text Version
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
- 465
- 466
- 467
- 468
- 469
- 470
- 471
- 472
- 473
- 474
- 475
- 476
- 477
- 478
- 479
- 480
- 481
- 482
- 483
- 484
- 485
- 486
- 487
- 488
- 489
- 490
- 491
- 492
- 493
- 494
- 495
- 496
- 497
- 498
- 499
- 500
- 501
- 502
- 503
- 504
- 505
- 506
- 507
- 508
- 509
- 510
- 511
- 512
- 513
- 514
- 515
- 516
- 517
- 518
- 519
- 520
- 521
- 522
- 523
- 524
- 525
- 526
- 527
- 528
- 529
- 530
- 531
- 532
- 533
- 534
- 535
- 536
- 537
- 538
- 539
- 540
- 541
- 542
- 543
- 544
- 545
- 546
- 547
- 548
- 549
- 550
- 551
- 552
- 553
- 554
- 555
- 556
- 557
- 558
- 559
- 560
- 561
- 562
- 563
- 564
- 565
- 566
- 567
- 568
- 569
- 570
- 571
- 572
- 573
- 574
- 575
- 576
- 577
- 578
- 579
- 580
- 581
- 582
- 583
- 584
- 585
