In terms of RBI guidelines, banks are required to commence parallel run of Basle II implementation from 01.04.2006 and full implementation w.e.f 31.03.2007.
To begin with, banks are required to adopt Standardised Approach for Credit Risk and Basic Indicator Approach for Operational Risk to compute Capital Charge w.e.f 01.04.2006.
In this connection, Our Bank has issued Circulars 245, 246 of 2005 and 41 of 2006 in respect of Credit Risk and Circular 84/2003, 184/2005 and 98/2006 in respect of Operational Risk. In the following sections, we discuss the finer points in implementation.
Credit Risk
For proper understanding of the Basel II guidelines, the subject of Credit Risk is divided into the following heads.
1. Classification of customer types & application of standard risk weights based on customer types
2. Recognition of collaterals and guarantees as credit risk mitigants
3. Treatment of NPAs
4. Treatment of Non-fund based limits
1. Classification of customer types and their risk weights
According to Basel II norms the borrowers are grouped into different customer types. Further each of the customer types attract a standard risk weight. We are furnishing below the Basel II defined customer types and the Standard risk weights assigned to them.
* For Primary dealers, Public Sector Enterprises and Corporates, risk weights have to be assigned based on the ratings given by credit rating agencies recognized by RBI. RBI is yet to inform the recognized rating agencies. Till such time RBI recognizes the rating agencies and rating of the borrowers are available, the said three categories of customer types may be treated as unrated and a risk weight of 100% would be assigned.
1.1 Sovereigns : Exposure to Sovereigns means the loans granted to Central Government and State Governments. Includes direct exposures to Central & state governments, which will attract 0% risk weight. Direct exposure on RBI, CGTSI, ECGC shall fall under sovereign exposure.
The risk weights advised above to Sovereigns are applicable to Standard assets only. Where the sovereign exposures are categorized as non-performing, they will attract risk weights as applicable to NPAs.
1.2 Exposures on Banks : The exposures on Banks have to be further categorized into those against Scheduled Banks and other than schedules Banks and risk weight should be assigned accordingly. Scheduled banks are those that are included under Schedule 2 of RBI Act 1934. All other Banks shall be classified as other than scheduled Banks.
1.3 Primary Dealers : These are dealers who deal in Government securities. The risk weight application for the exposures on Primary dealers will be based on the ratings assigned by external rating agencies recognized by RBI. Till such time RBI recognizes the rating agencies and ratings are available, they shall be treated as unrated and assigned a risk weight of 100%.
1.4 Public Sector Enterprises: Public Sector Enterprises are those which are wholly or partly (where Government’s participation in the equity of the entity is above 50% ) owned by the Government. Exposures on Public sector entities are also assigned risk weights based on the ratings given by external rating agencies recognized by RBI. In the absence of such a rating they shall be treated as unrated and assigned a risk weight of 100%.
1.5 Mortgage loans : This covers Loans secured by residential property which are either occupied by the borrower or rented/ leased out. Housing loans and Home improvement loans where residential property is taken as collateral security are to be classified under “Mortgage loan” customer type.
A risk weight of 75% is applicable for mortgage loans, only if the following conditions are fulfilled:
· The loan should be for residential purposes
· Existence of substantial margin (Value of security is 125% or above the loan amount) based on strict valuation rules.
When the value of security is less than 125%, then risk weight of 100% is to be applied.
It is important to note that all Housing Loans, Home Improvements Loans including the Housing Loans to Staff shall be classified under this Head.
1.6 Commercial real estate loans : These include loans sanctioned for acquiring real estate for commercial purpose. Since the risk of default is higher in such loans a risk weight of 100% has been prescribed (Refer HO circular 281/05 for definition of commercial real estate).
The loans sanctioned under the schemes like CanRent, Canmortgage are to be included in this head.
1.7 Regulatory Retail Portfolio : For classifying loans as Regulatory Retail portfolio the following four criteria have to be satisfied
Ø Orientation criteria: The exposure should be to an individual person or persons or to a small business (Person means any legal person having contractual capability and includes Individual, HUF, Partnership firm, trust, Pvt. LTD COs, Public Limited COs, Cooperative societies etc. In respect of small business the annual turnover should not exceed RS 50 crores). Hence it is very important that the turnover details are captured without fail in the Customer Master.
Ø Product Criteria: The exposure takes the form of revolving credits, lines of credit, personal term loans, leases, small business facilities and commitments.
Ø Threshold Criteria: The loan amount to each borrower should not exceed RS 5 crores
Ø Granularity Criteria: Aggregate exposure to one borrower should not exceed 0.2% of the overall retail portfolio of the Bank.
From the above criteria one can see that, majority of the loans sanctioned at branches will fall under this head.
The branches can arrive at the retail regulatory segment in their loan portfolio by identifying all loan schemes that satisfy the above definition.
All loans sanctioned under retail lending schemes, with the exception of Canrent/ Canmortgage (classified under “Commercial Real Estate” sector) and housing loan / home improvement loan (classified under “Mortgage Loans”), can be covered under this head.
Staff loans : Staff loans for housing would get covered under “Mortgage loans” and the remaining loans would fall under Retail regulatory portfolio.
1.8 Corporate : All credit exposures above Rs 5 crores which do not fall under any other customer type, irrespective of the constitution of the borrower are to be classified as Corporates. The risk weight to be assigned in respect of Corporate depends on the rating assigned by RBI recognized domestic Credit rating agencies. We are furnishing below the risk weights that are to be applied to Corporates based on the external ratings
RBI has come up with a tentative mapping process using which the ratings given by domestic credit rating agencies (like ICRA, CRISIL etc) can be mapped to the Standardized risk weight framework of Basel II. RBI is yet to inform the recognised rating agencies. Till such time RBI recognizes the rating agencies and rating of the borrowers are available, all loans under Corporate customer type may be treated as unrated and a risk weight of 100% would be assigned.
It is very important to note that in most of our branches, instances or cases of parties enjoying Limits/Loans above Rs 5 Crores are rare. Hence in majority of our branches, the exposure under Corporate could be either NIL or at the minimum.
However in Branches like Overseas, Industrial Finance, Corporate Service Branches and certain other VLBs, ELBs in Metropolitan centres, such exposure may be existing.
1.9 Other Assets : All other credit exposures/assets, which do not fall under
any of the 13 customer types explained above are to be categorized under this head and would attract a uniform risk weight of 100%.
As such there may not be any loans under “Others”, for the reason that almost all loans can be classified under the 13 customer types.
2. Collaterals and credit risk mitigation
2.1 Definition of collateral : Collateral according to Basel II accord means only those
recognized securities satisfying following norms:
Ø Securities taken either as prime or collateral security.
Ø Offered by borrower or a third party
Ø That aid in hedging the credit exposure against default risk in whole or in part
Ø On which banks have a specific lien and legal certainty requirements are met.
2.2 Basel recognized collateral : Basel II recognizes the following securities as eligible for treatment as credit risk mitigants, if taken either as prime or collateral
Code No
Collateral
01
Cash Margin
02
Bank Deposit
03
Gold Jewellery( benchmarked to 99.99 purity)
04
State Government securities
05
Central Government securities
06
NSC, Indira Vikas Patras & Kisan Vikas Patras
07
Debt securities rated
08
Insurance Policies
09
Debt securities unrated
10
Equities (including convertible bonds)
11
Mutual fund securities
Note: It is very pertinent to note that in respect of Standard Assets, Basel II does not recognize Land & Building, Plant & Machinery, Stock and Book Debts as eligible collateral for risk mitigation purposes.
2.3 Haircuts : The securities identified by Basel II have a definite price and this price of securities is subject to variations/changes depending upon the market forces. That is to say that there is a price volatility in the Basel identified securities. In order to take into account the fluctuations in the price, Basel II has prescribed certain cuts to the value of the securities as also the exposures to factor the volatility in the value on account of market movements. This kind of cut in the security value is referred to as haircuts. Standard haircuts have been prescribed by the accord depending on the type of security and the same are furnished below
The standard haircuts for securities issued by the Central or State Governments, Indira Vikas Patras, Kisan Vikas Patras, National Savings certificates will be the same as applicable to AAA rated debt securities.
ü Sovereign will include Reserve Bank of India, ECGC, CGTSI etc, which are eligible for 0% risk weight.
ü In cases where the exposure and the security are denominated in different currencies the standard haircut to be applied is 8%. This is prescribed in order to account for the exchange rate risk of the foreign currency.
ü Deposits with our Bank offered as security will be equivalent to cash & so applicable haircut % is zero.
2.4 Netting of collateral for capital relief : To arrive at the net exposure on which risk weights are to be applied the following details are required
ü Type of collateral
ü Value of the collateral
ü Maturity period of the collateral
ü Haircut applicable to the collateral
ü Haircut for exchange rate mismatch if exposure and security are in different currencies ( RBI has prescribed 8% haircut)
The value of the net credit exposure on which risk weight is applied is obtained by deducting the haircut adjusted collateral value from the gross exposure.
3. Guarantees & Credit risk mitigation
3.1 Basel recognized guarantor types
Basel II accord recognizes the following range of guarantors as credit risk mitigants.
3.2 Substitution approach : Substitution approach is followed in awarding capital relief on account of guarantees. That is to say, the risk weight of the guarantor will replace the risk weight of the borrower provided it results in application of a lower risk weight. Thus only guarantees issued by entities with a lower risk weight will provide credit risk mitigation effect in the form of lower capital charge.
Illustration : Let us take a credit exposure where the Borrower is an unrated corporate and is backed by a State Government guarantee.
In this case as per Basel II the Risk weight applicable to an unrated Corporate is 100% whereas for a State Govt guarantee it is 20%. Here we can substitute the risk weight applicable to the Borrower (unrated corporate) with that of the Guarantor (State Govt) as the latter attracts a lower risk weight than the borrower. That is to say the loan will attract 20% risk weight instead of 100%.
3.3 Proportional cover : Risk mitigation effect will be available to the extent of protection provided by the Guarantor and the remaining unprotected portion will carry the risk weight applicable to the borrower.
For example let us take the case of a credit exposure to an unrated corporate of Rs 1,00,000/- backed by an ECGC guarantee to the extent of 75%. In the instant case the protected portion (75% of 1,00,000) of Rs 75,000 will carry 0% risk weight whereas the unprotected portion of Rs 25,000 will carry a risk weight of 100%.
Thus in order to avail capital relief it is necessary that the following details on guarantors are captured
ü Name of the Guarantor
ü Extent of guarantee cover available
ü Customer type of the guarantor (Basel II defined customer type as given in Para I)
Like in the case of collateral, in respect of Guarantees also 8% haircut is to be applied on the Guaranteed amount for currency mismatch i.e if the exposure and the guarantee are in 2 different currencies.
4. Treatment of Non Fund Based Limits:
1. NFB exposures includes Guarantees, LCs, Bills co-acceptance and Forward exchange contracts.
2. In respect of guarantees/LCs balancing is to be taken party wise as on last day of the month and columns as per format in schedule G of Circular 41/2006 may be drawn in the balancing report itself. Bills co-acceptance exposures are also to be covered here.
3. After arriving at the credit exposure equivalent for each guarantee/ LCs, net exposure to be worked out by deducting the value of Basel recognized securities (after applying haircut) from the credit exposure equivalent.
4. In majority of the cases, margin is either in the form of cash or deposit where hair cut is Zero and hence total amount of the margin may be deducted from the guarantee/LC amount. Margin stipulated as per sanction for different types of guarantees/ LCs may be duly reckoned.
5. For each guarantee/LC security obtained as margin (only Basel defined security as mentioned above ) may be reckoned and haircut applicable may be applied to arrive at the net exposure.
6. Wherever guarantees are invoked and LCs are devolved on the Bank (conversion into FB liability) Branch should ensure that such guarantees/ LCs should not be shown as contingent liability, even if the liability is yet to be reversed.
7. After preparing working sheet for each party and various types of LCs/ Guarantees, consolidation is to be done for each customer type and type of guarantee/ LC as per Schedule G of Circular 41/2006.
Illustration: A party is having secured LC (Documentary LC) liability of Rs 50 lakhs with a margin of Rs 5 lakhs in the form of deposit with us.
Customer type is Regulatory retail (Code 12).
First, apply Credit Conversion Factor (CCF) to the outstanding liability to convert NFB exposure into FB equivalent.
CCF is 20% for Documentary LC. On applying the same the credit exposure amounts to 50 X 20% = Rs 10 lakhs. On deducting the collateral value of Rs 5 lakhs (haircut is 0%), the net exposure will be 10 – 5 = Rs 5 lakhs.
Applicable risk weight is 75% for Regulatory retail and hence RWA is 5X 75% = Rs 3.75 lakhs
11. Forward Exchange Contract: Partywise balancing of forward contracts be taken as per the format furnished in Circular 41/2006 & sent to RO for consolidation of RWA after applying CCF at their end.
Sunday, May 4, 2008
ROLES, RESPONSIBILITIES & ISSUES IN IMPLEMENTATION OF BASEL II
RISK BASED SUPERVISION OF BANKS
The international banking scene has in recent years witnessed strong trends towards globalization & consolidation of the financial systems. Stability of the financial system has become the central challenge to bank regulators and supervisors throughout the world.
The Indian banking scene has also witnessed progressive deregulation, institution of prudential norm & an evaluation of international supervisory best practices. Reserve Bank Of India has been constantly endeavoring to enhance the sophistication & efficiency of its supervisory processes. In that direction RBI would be developing an over all plan for moving towards risk based supervision with the assistance of international consultants.
RBI selected Price Water house Coopers, London, to undertake a review of current regulatory & supervisory processes of the RBI with a view to assisting in the introduction of Risk based regulation & supervision in India. Based on the work of international consultants, RBI intends to move towards a RBS system in stages.
Current Approach: The current supervisory process adopted by the Department of Banking Supervision is applied uniformly to all supervised institutions. The current approach is largely on–site inspection driven/supplemented by off-site monitoring & the supervisory follow-up commences with the detailed findings of annual financial inspection. The process is based on CAMELS approach where Capital adequacy, Asset quality, Management aspects, Earnings, Liquidity, Systems & control are examined keeping in view the requirements of Banking Regulation Act. The on-site inspections are conducted to a large extent with reference to audited balance sheet dates. The off-site & market intelligence play a supplemental role.
Risk Based Supervision – A New Approach: Considering the growing diversities & complexities of banking business in India, number of new & innovative products in the market with complex risks, the RBS approach, the foundation of which is based on CAMELS approach would be more appropriate.
By optimising the synergies from the different activities, including regulatory & supervisory functions, the overall efficiency & effectiveness of the supervisory process can be substantially enhanced.
The RBS approach essentially entails the allocation of supervisory resources and paying supervisory attention in accordance with the risk profile of each institution. The approach is expected to optimize utilization of supervisory resources and to minimize the impact of crisis situation in the financial system.
The RBS process essentially involves continuous monitoring & evaluation of risk profiles of the supervised institutions in relation to their business strategy & exposures.
The central plank for RBS is an accurate risk profiling for each bank. The risk profile would be a document which would contain various kinds of financial and non financial risks faced by a banking institution. The risk assessment would entail the identification of financial activities in which a bank has chosen to engage & the determination of types & quantities of risk to which these activities expose the banking institution. The type of risk that banking institution face individually or in combination include but are not limited to credit, market, liquidity, operational, legal & reputational risks.
The risk profile of each bank will draw upon a wide range of sources of information besides camels rating, such as off-site surveillance and monitoring data, market intelligence reports, adhoc data from external & internal auditors , information from other domestic & overseas supervisors , onsite findings & sanctions applied etc. The data inputs would be assessed for its significance and quality before being fed in to the risk profile. The risk profile would be constantly updated & RBI would undertake a formal assessment of risk profile of each bank on a regular basis. The period of assessments would vary depending on the materiality of the risk profile of the bank, with an average period of one year. However more frequent assessments would be resorted to for higher risk banks and less frequent assessment for lower risk bank.
Supervisory Cycle for Banks & Supervisory Programme: The supervisory process would commence with the preparation of bank risk profile.
The supervision cycle will vary according to the risk profile of each bank, the principle being the higher the risk the shorter will be the cycle. The supervision cycle will remain at 12 months in the short term and will be extended beyond 12 months for low risk banks at a suitable stage. In cases where more frequent application of supervisory process will be necessary, the cycle could even be lesser than 12 months.
RBI would prepare a bank specific supervisory programme which will set out the detailed work plan for the bank. The scope & objectives of the inspection programme will derive from analysis of risk profile. The supervisory programme will be tailored to individual banks and would focus on the highest risk areas as well as specify the need for further investigation in identified problem areas.
The supervisory programme would be prepared at the beginning of the supervisory cycle and would yet be flexible enough to permit amendments warranted by subsequent major developments.
The supervisory programme would include greater offsite surveillance, targeted onsite inspection, structured meetings, specific supervisory directions & commissioned external audits etc. On site inspection would be largely targeted to specific areas unless a full scope inspection is warranted as per the bank specific supervisory programme.
Inspection Process : The risk assessment of individual banks would be performed in advance of onsite supervisory activities. The inspections under the new approach would be largely system based rather than laying emphasis on underlying transactions & asset valuations. The inspection would target identified high risk areas from the supervisory perspective and would focus on the effectiveness of mechanism in capturing, measuring, monitoring & controlling various risks. The inspection procedure would continue to include transaction testing and evaluation the extent of which will depend on the materiality of an activity and the integrity of the risk management system & the control process.
Review, Evaluation, Follow up & Monitorable action: The findings of inspection & other supervisory information on records would be used to produce a comprehensive document of supervisory risks & the bank’s assigned ratings for follow up of supervisory concerns.
The risk profile document of the bank will accordingly be updated in the light of new information. This process will support the issue of the supervisory letter to the bank, which would be discussed with the bank’s Management.
The aim of supervisory follow up would be to ensure that banks take corrective action in time to remedy or mitigate any significant risks that have been identified during the supervisory process. The major device in this respect would be the Monitorable Action Plan. MAPs are used to set out the improvements required in the areas identified during current on-site & off-site supervisory process. MAPs will in many cases include directions to banks on actions to be taken. The remedial action would be outlined, would be tied explicitly to the areas of high risks identified in the risk profiling as well as the supervisory process and should lead to improvements in the systems & controls environment at the bank. If actions & timetable set out in MAP are not met, RBI would consider issuing further directions to the defaulting banks & even impose sanctions & penalties.
Enforcement process & Incentive framework: While the aim of the supervisory follow-up is to ensure that banks take corrective action to mitigate significant risks, the persistence of deficiencies would pose a risk to RBI’s supervisory objectives. A system of incentives & disincentives has been contemplated under the RBS for better attainment of these objectives. Banks with better compliance record and a good risk management & control system could be identified for an incentive package which could be in the form of longer supervisory cycle & lesser supervisory intervention.
The banks, which fail to show improvement, would be subjected to a disincentive package such as more supervisory examination & higher supervisory intervention including directions, sanctions & penalties.
Change management implications: Change management is a key element in ensuring that switch over to RBS takes place in an orderly & effective manner. Banks should have clearly defined standards of corporate governance and documented policies & practices in place so as to clearly demarcate the lines of responsibility & accountability. Banks have to address several organizational issues to realign themselves to meet the requirements of RBS.
RISK BASED INTERNAL AUDIT
The stability of the banking system, national and international, has been recognized as a matter of general public interest. The public interest is protected in the way that banks in all countries are subjected to prudential supervision by central banks or other specific supervisory agencies. Over the years the business of banking is growing in complexity, both nationally and internationally. The evolution of various kinds of financial instruments and setting up of different financial markets have exposed banks to a greater degree of risks associated with their various financial activities. The Basel Committee on banking supervision is advocating a new capital adequacy regime in which risks are recognized and capital adequacy is aligned to those risks. In view complexity of banking operations and greater consciousness towards risk management the task of supervisors and external auditors are becoming more and more demanding.
Internal Control and Internal Audit
Internal control is an essential pre-requisite for an efficient and effective management of any organization. The integrity of bank’s operations, the appropriateness of operating systems and the adherence to policies and procedures are sought to be ensured through effective internal audit system. The internal control must be supplemented by an effective internal audit function that independently evaluates the control systems with in the organization.
Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance process. The Internal audit at its minimum should cover the examination of
compliance by bank/branch and operating staff with the laws and regulations, internal rules and procedures,
recognition of all transactions and proper accounting there of and c) the maintenance and accuracy of the books of accounts to support the balance sheet of the bank/branch.
Need for risk based Internal Audit : The deregulation of control over operations and liberalization of policies and procedures have provided to banks larger autonomy in their operations. Banks have been able to widen the range of products and services as a matter of policy to diversify their operations with in the permissible laws and regulations. The globalization of financial markets and the increase in volume of cross border transactions and the innovation of new products posed formidable challenges to banks as well as to regulators. Banks are now exposed to various types of business risks and control risks including the organizational and managerial risks. Consequently internal audit, which is part of internal control process has to take upon itself the responsibility of assessing systems and procedures for identification, measurement, monitoring and control the risk. There is therefore an urgent need to reorient transaction based internal audit to risk focused internal audit.
Objectives of Risk Based Internal Audit
The risk based internal audit is a process which helps broaden the perspective of internal audit that includes the verification of risk management techniques and efficacy of the internal control system. The risk based internal audit will, therefore, be basically an evaluation of the systems and procedures followed in the bank to accurately identify, measure, monitor and control the risk associated with various financial activities undertaken by the bank.
The risk assessment process should include an assessment of inherent business risks in various activities and an evaluation of the control system from monitoring the business risk.
Under the risk based internal audit, it is not the intention to dispense with the present system of transaction based audit. The transaction testing basically covers three critical areas of the bank’s functioning ie the accuracy of account balances, compliance with internal systems and procedures and a review of the quality of assets. Under risk focused audit transaction testing should be attempted on selective basis and the extent of reliance on individual transaction would be basically governed by the significance and the materiality of an activity.
The extent of transaction testing would also be driven by consideration of volume and the amount of risk to which a bank is exposed. In relation to an activity, which the internal auditor considers higher risk prone, he may subject that area to 100 % transaction testing. An effective internal audit system must identify problem areas of work and alert the management of the impending danger in time.
Benefits of risk based internal audit: The risk based internal audit is an independent appraisal function established with in the bank to examine and evaluate its risk management and internal control systems including control over financial reporting. It provides checks and balances to the risk management and control system. Through identification of risk in each department, each product, the support system, the entities affiliated to the parent, the risk based audit would contribute to the effectiveness of the organization by highlighting the deficiencies and shortcomings to the management. The audit process should suggest ways and means of risk mitigation.
In the ultimate analysis an effective risk based internal audit reduces vulnerability of the financial system and provides comfort to the bank supervisor in ensuring the stability of the financial system.
RISK BASED INTERNAL AUDIT – PROCESS
The process of Risk-based Internal Audit should lead to identification/assessment of Risk at various levels and report the level of Risk, based on the standardized rating norms. The exercise of risk assessment encompasses evaluation of inherent Business risks of each activity besides assessing the effectiveness of Control Systems (Risks) for monitoring the Business Risks.
Risk Profile Format (RPF):
To facilitate compilation of the risk profile of a branch in a comprehensive and structured manner, area specific formats have been developed. The detailed Risk Profile Formats in two parts (Part A and Part B) are intended to assess, evaluate and measure the level of risk in each / specific area of operations.
I S Audit will also be conducted on the Risk Based approach. For this purpose, the IS Auditor will prepare the Risk Profile for IT areas in the proforma separately devised for IT areas (as appended at the end of this booklet for ready reference) and hand over the Profile to the leader of the Regular Inspection team, after discussing with him / her the I T observations.
AREAS OF RISK
è The assessment areas pertain to evaluation of business risks and control risks in a branch.
è Broadly the RISKS have been classified into “Business Risks” and “Control Risks” for the limited purpose of preparing the ‘Risk Profile’ of a branch/office.
è The Business Risks relate to various activities undertaken by the Branch (Deposits, Loans and Advances, etc.) and such risks are inherent in the activities, irrespective of whether the controls are in place or not.
The Business Risks comprises –
i) Credit Risk
ii) Operational Risk
iii) Liabilities
iv) Earnings
è The Control Risks will arise out of inadequate Control Systems, absence of Controls and failure in existing Control Process.
The areas under Control Risks :–
i) Internal Control Risk
ii) Management Risk
iii) Compliance Risk
However, for the purpose of convenience, all the above-cited areas have been amalgamated under a single format namely – Internal Control and Housekeeping.
These identified areas will reflect the major risk factors of the branch and provide a yardstick to gauge the level of risk. In other words the risk profile of the branch is structured by evaluating the risk in identified areas.
MAJOR SEGMENTS
Ø In order to facilitate the assessment of the Business Risk and Control Risk of a given AREA in a meaningful and objective manner, each assessment area is divided into several `MAJOR SEGMENTS’.
Ø The Major Segments in turn will have several Indicators to guide the auditor to focus his attention.
Ø The Indicators will provide the directions to the auditor to examine / evaluate a particular issue and identify the positive (strengths) as well the negative (weaknesses) factors;
Ø All major segments will have to be assessed keeping in view the indicators, which constitute them.
Ø The findings in any given area should not appear in both the places, ie., under ‘positive’ as well as under ‘negative’ factors. Hence, findings should be analyzed and based on such assessment it shall be placed either under positive or negative factor depending upon the impact / weightage.
Ø To assess an area or indicator, the information is sourced from – Inspection findings, periodical review returns, Statistical Statements, directions given by Controlling Offices besides interaction with Branch Officials and customers / public.
Ø Based on the evaluation of indicators the risk level of a Major Segment is arrived at.
Ø Similarly the consolidated view of Major Segments will provide the level of Risk in a given AREA.
Ø In case of Specialized branches like High Tech Agriculture / NSE / NRI / SSB / ARMB and Service Units like Accounts Sections & Clearing Sections, separate Risk Profile Formats have been devised.
RISK PROFILE OF A BRANCH
To facilitate Compilation of Risk Profile of a branch, the structured format is devised in two parts to undertake the assessment of risks to which it is exposed.
Ø The Major Segments of the Risk Area and relative key factors (positive/negative) to record the findings will form Part B of the Risk Profile.
Ø The reflection of positive and negative factors based on the findings (i.e., Part B) and assessment of Risk level of the area forms PART A of the profile.
RISK MANAGEMENT AND INTERNAL CONTROL
Taking and managing risks are fundamental to the business of banking. Risk control does not mean avoidance of risks; it means taking risks up to a prudential level to improve the profitability. A bank should establish a management structure that adequately identifies, measures, monitors and controls the risks involved in various products and lines of business. When supervisor decides to undertake on-site full-scope examination the adequacy of the bank’s risk management processes including internal controls has to be assessed. A significant weight to the quality of risk management practices and internal control has to be attached when evaluating the management and financial condition of a bank.
Elements of Risk Management: Sound risk management should cover the entire spectrum of risks facing a bank, which includes but not limited to credit, market, liquidity and operational, legal and reputational risks.
While judging the quality of risk management in banks the following broad aspect would be kept in view:
1. the existence of a well defined frame work of oversight by the Board of Directors and senior management.
2. The existence of adequate risk management policies, procedures and limits.
3. The adequacy of risk measuring techniques and monitoring
4. The existence of adequate management information systems and the back-up
5. The existence of comprehensive internal controls.
Risk management and internal control systems may vary considerably in sophistication depending on the size and complexity of the banking organization and the level of risk that it accepts. For small sized banks engaged in traditional banking, relatively basic risk management systems may be adequate.
For large banks with complex set of financial activities and products, a more elaborate and formal risk management frame work is required. In case of large banks having foreign branches and domestic or overseas subsidiaries, the risk management process should set specific prudential limits on the principal types of risks relevant to their activities worldwide. Because of diversity of activities and geographical dispersal of operations, the reporting system has to be timely, adequate and rigorous.
For large banks, the integrity of risk management and internal control process needs to be put to test by independent authorities, both internal and external.
The auditors need to ensure the integrity of data used by senior officers for checking compliance with the prudential limits. The risk management system must be independent of the business lines so as to ensure that adequate separation of duties exists and conflicts of interests are avoided.
Management overview and control practices:
The ultimate responsibility of the level of risks taken by the banks rests with the Board of Directors. The Board should approve the overall business strategies and significant policies including policy relating to managing and taking risks. Consequently, the members of the Board should have a clear understanding of the significant risks to which the bank is exposed to and be familiar with the types of risks that the bank will be facing in its day to day operations.
The Board should receive and review reports that identify the size and significance of the risks in terms that are meaningful to them. The quality of oversight can be judged keeping in view the following requirements:
1. The members of the Board and senior management have clear understanding and working knowledge of the types of risks inherent in the bank’s activities.
2. There is an appropriate and timely reporting system to the board.
3. Appropriate policies have been framed to limit the risks inherent in the bank’s various activities and products.
4. The Board is actively reviewing the risk exposure limits from time to time to ensure that the limits conform to the changes in business strategies, addition of new products and changes in market conditions.
5. The senior management is responsible for implementing business strategies in a manner that limits risks associated with the strategy and ensure compliance both with bank’s policies and regulations.
6. The senior management ensures that the risk managers have sufficient knowledge to understand and operate with in the limits.
7. The management ensures that requisite personnel with knowledge, experience and expertise consistent with their nature of duties and volume of operations are in a position to manage the risks. The employees have the integrity and ethical values to conform to management philosophy and operating style.
8. The senior management supervises the day to day activities of risk management/ risk control officers / heads of business lines.
9. The senior management is alive to changes in the operating environment including innovation of products.
10. The senior management ensures that the existing infrastructure, risk management techniques and control are in place before introducing any new products.
Adequacy of Internal Control: The objective of internal control are to promote effective operations, reliable financial and regulatory reporting, safeguarding assets and ensuring compliance with laws, regulations and approved policies. The internal control structure is critical to the safe and sound functioning of the bank and the integrity of its risk management system. The essential element of a sound internal control system is segregation of duties, such as trading, custodial and back office functions etc. The existence of independent loan review mechanism is a case in point. The failure to maintain adequate separation of duties can constitute an unsound and unsafe practice which may result in serious losses or compromise the financial integrity of the bank.
Another element of effective internal control is the regular review of essential controls by personnel independent of the functions they are assigned to review. The ideal situation would be testing and review of the integrity of the control process by an independent internal auditor or an external auditor who directly reports to the Board or its audit committee. The organizational structure of the internal control system may vary between banks owing to size and complexity of operations. The results of audits or reviews, whether conducted by auditors or by other independent personnel as well as management responses to them should be adequately documented. In addition, communication channel should exist that allow reporting of negative and sensitive findings by the line managers or activity heads to the Board or audit committee of the Board. Serious lapses or deficiencies in internal controls may warrant strong supervisory action, including sanctions and penalties.
The internal control structure should address the following requirements:
The internal control system is appropriate to the type and level of risk.
The organizational structure clearly establishes authority and responsibility for monitoring adherence to risk limits, procedures etc.
The operational structure recognizes independence of the control areas and allows freedom to report exceptions and deviations.
The control reports are reliable, accurate and timely.
Internal audit and control review practices are independent and objective.
Internal controls and information systems are put to frequent tests.
The deficiencies and concerns are documented and addressed for corrective action.
The Board of Directors or the Audit Committee of the Board reviews the effectiveness of internal audit and internal control.
OPERATIONAL RISK MANAGEMENT
Operational risk is the risk associated with operating the business. There has to be a clear understanding throughout the bank of what constitutes operational risk. This will facilitate
ü Uniform base for the creation of historical database of loss events
ü Uniformity in risk reporting.
ü Distinguish more clearly operational risk from Market and Credit risk
ü Assess impact of risk mitigating measures in containing the risks
ü Developing policies, procedures and practices to ensure that operational risk is appropriately identified, measured, monitored and controlled.
The definition of operational risk seeks to identify why losses happen and breaks them down based on the four basic sources/causes of operational risk viz, failure of people, processes, systems and external events. It includes legal risk and excludes strategic and reputation risk. Strategic and reputation risk is thought of as resultant product of the above four sources of operational risk. Basel Committee on Banking supervision has deliberately included causes for operational risk in the definition to ensure that the Banks world over understand the meaning of operational risk alike and apply it uniformly both in measuring and managing risk.
Direct V/s Indirect Losses
Direct loss means the financial losses resulting directly from an incident or an event. Eg forgery, fraud etc.
Indirect loss means there is no direct financial loss but requires incurring of financial expenses for setting right the problem resulting from operational risk event (Eg Server crash resulting in business disruption). Indirect loss also includes payment to third parties and write-offs.
Further other types of losses like near misses, latent losses and contingent losses are also to be reckoned both for management and measurement of operational risk.
Operational Risk Management process: Operational risk needs to be managed both qualitatively and quantitatively.
Risk Identification: This process involves looking closely at all bank’s activities and listing out all the risks perceived. This process is known as risk mapping. It provides a common risk language that should be used through out the bank. It is a dynamic exercise in the sense that it requires regular reviews to ensure completeness in coverage and compatibility with the business mix of the Bank
Risk Assessment:: This process involves assessing each risk identified against the controls in place. The identified risks are to be graded into Low and High based on the frequency of occurrence of loss events and the severity of loss. This will give rise to the following loss type combinations
Low frequency High impact events
High frequency Low impact events
Low frequency Low impact events.
High frequency High impact events.
High frequency and High impact events should first be analyzed incident-wise and reasons for occurrence of the events are to be listed out.
The next exercise would be to list out the controls/procedures in place to mitigate the identified risks. This exercise will enable us to know areas where the controls in place are not adequate to contain the risks identified. The gaps in controls in such cases should be plugged through the introduction of fresh and appropriate procedures.
Equally important are incidents where the controls in place are too many in comparison to the risks identified. This may probably be the reason for the particular product or scheme not taking off. In such cases a through study has to be made and unwanted controls can be done away with.
Risk assessment should be a dynamic process involving constant review of systems and procedures. All the existing products/schemes in operation should be constantly reviewed for adequacy of controls and based on the loss experience suitable refinements have to be brought about.
Risk Reporting:: The operational risk management framework should ensure that information is reported on timely basis and in a format that will aid in
ü Monitoring of risk
ü Bringing findings of serious nature to the notice of the Risk Management Committee, the Board and top management for initiating appropriate corrective action
Operational Risk - Quantitative Management
I. Incident Management system:: This process involves detection and reporting of all loss incidents or events of operational risk nature. It is a bottom up approach in the sense loss event information flows from branches/offices to a centralised place at the apex level. For the purpose of reporting, operational risk is taken as any risk event that has or has the potential to cause monetary loss or damage to organisation’s assets or standing
The first and most important aspect in Incident reporting system is designing of a comprehensive format. The format should provide all the required information needed for measuring the loss in monetary terms.
It should also throw light on the causes for the occurrence of an event so that the shortcomings if any in our systems and controls can be assessed and suitable corrective action can be initiated.
The incident management process includes
ü Reporting and capturing of operational loss incidents for the purpose of measurement of operational risk.
ü Reviewing incidents and identifying areas where systems in place are inadequate
ü Implementing improvements in our systems
ü Sharing lessons learnt from the incidents across the organisation so that the entire workforce is made more vigilant.
II. Building historical database:: The major difficulty in operational risk measurement is development of meaningful data. The scope of operational risk encompasses every activity of the bank and as such completeness in data collection can never be achieved. From the experience of banks it is noted that operational risk losses fall under following two broad categories.
Ø Frequent smaller operational losses such as those caused by occasional human errors which are common in many businesses (Eg .Cash shortage, operational errors etc)
Ø Major operational losses, which seem to have low probabilities of occurrence but leave an impact that could be very large, and exceed those of credit and market risk. (E.g. Dacoity, Tsunami, September 11 disaster etc)
Historical loss data on operational risk is built up with the objective of obtaining two major inputs that aid in measurement of operational risk loss and capital charge viz Frequency of loss and Severity of loss.
More the data more realistic and meaningful will be the measurement made. For assessing the frequency i.e. the number of times a particular type of event has occurred it is necessary that all events irrespective of whether they result in loss or not are reported and captured. Historical data collection involves the following steps
Ø Identification of various sources of operational risk
Ø Collection and capturing of data at a centralised place
Ø Mapping of the data into Basel II defined Business lines and loss types.
Ø It is a Top down approach in the sense that loss data is collected at the apex level by identifying the sources of operational risk and obtaining it from user sections.
Issues in data collection
a. Clean and Complete data:: One of the prime necessities for capital charge calculation is availability of clean and large volumes of data for a reasonable stretch of time. For obtaining clean data it is necessary that the definition and scope of operational risk is understood in the same way by all across the bank. It is very difficult to ensure capturing of all material loss data for want of full scale computerization. Further the fear of accountability may also prompt branches to withhold furnishing information of loss events.
b. Near misses:: Many loss events where the loss is recovered in full do not get reported. Such data is essential to estimate the frequency or probability of occurrence of a particular type of loss event. This calls for proper education of the workforce on the importance of reporting such loss events and removing the fear of accountability from their minds
c. External data:: In measuring operational risk, building historical data of loss events, which are less frequent, but of high impact is crucial. Since such data available with each Bank will be sparse it is essential that the same be supplemented by external data. Banks may not be willing to part with such data since it tells directly on their internal control systems. Hence there has to be arrangements for sharing of loss information especially with regard to large loss events, which in statistical terms are referred to as tail events.
d. Threshold limit:: Another issue in data collection is whether all data irrespective of the loss amount is to be collected. This is an issue, which every bank has to assess on a stand-alone basis taking into account the size of operations, risk appetite of the Bank and the number of loss events occurring under each type. If under a particular loss type say frauds number of loss events is few it is advisable to cover all events irrespective of the amount involved because for meaningful estimation of frequency or probability of occurrence of an event it is necessary that sufficient amount of data is available.
Method of Data collection:: Collecting data at a centralised placed on real time basis is an ideal way of collecting data.
f. Mapping to Basel II defined Business lines and Loss types:: Basel Committee on Banking supervision has defined Eight Business Lines and Seven loss types in their New Framework on Capital Adequacy, which is commonly known by the name Basel II Accord. Further each bank has to define its own Business lines depending on the nature of its activities. Hence attaining standardization in this regard is necessary before mapping of the data to the Business lines is attempted.
g. Integrity of data:: Loss data is a very sensitive information, which tells on the image of the bank. As such adequate care should be taken to prevent it from internal and external hacking and from falling into the hands of undesirable persons who may use it against the Bank. Banks should have standard procedures in place to maintain the integrity and safety of loss data.
III. Capital Charge for operational risk:: Calibration/calculation of Capital Charge for Operational Risk is discussed in earlier pages.
IV. Operational Risk Limits:: Limits are like boundaries and tell a business ‘ when to stop’. Limits are an integral part of sound risk management practices and are set with an aim to control all categories of risk including Operational risk.
Limits also give an indication to down the line offices regarding the extent of risk the Bank is prepared to take i.e. risk appetite. The two important aspects to be taken into account while fixing risk limits are ensuring that:
· It comprehensively covers the risks that a bank is exposed to
· It is in line with the risk taking ability (risk appetite) of the organization. To have sound risk limits structure it is essential that the organization’s activities are broken down into business lines and risk types. Given that operational risk measurement is yet to be formally undertaken by most banks in India, fixing of operational risk limits cannot be attempted at this stage. This can be thought of at a later date when banks are able to define business lines and possess credible loss information within each business line.
OPERATIONAL RISK
Operational risks in banks have been increasing in the past few decades due to the following reasons:
Increasing deregulation.
Increased use of technology and automation.
Mergers, de-mergers, acquisitions and consolidation and resultant complex organizational structure.
Increased outsourcing of activities.
Use of more sophisticated financial products
Increasing globalization and spread of activities across different jurisdictions.
These changes have been making the activities of the banks diverse and complex and as a result, operational risk has been one of the main reasons of several large bank failures of recent years. In view of this, increasing supervisory attention being focused on the importance of the sound operational risk management at financial institutions and to a greater prominence of operational risk in banks’ internal capital assessment and allocation processes. The Basel Committee on Banking Supervision has included a proposal for an additional capital charge for operational risk in its proposed New Basel Capital Accord.
Operational risk is defined by the Basel Committee as: ” the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events”.
This definition included legal risk, but strategic and reputational risks were not included for the purpose of a minimum regulatory operational risk capital charge. Concerns were expressed about the exact meaning of direct and indirect loss and since it was the intention to cover all indirect losses or opportunity costs, the reference to direct and indirect losses was dropped. Accordingly Basel Committee redefined operational risk as “ the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”. This definition which does not include systematic risk, is based on the four basic causes/sources of operational risk: internal processes, people, systems and external events.
This casual based definition and more detailed specifications of it, is useful for managing operational risk with in institutions.
Sound Practices for Operational Risk Management: The approach adopted by bank for management of operational risk would depend upon a range of factors such as its size, level of sophistication, nature and complexity of its activities etc.
However common feature of any effective operational risk management programme for any bank, irrespective of size and complexity will have to include good management information systems, a vibrant internal control culture and contingency planning. The Basel Committee has laid down ten basic principles for sound management of operational risk.
Principle 1: The Board of Directors should be aware of the major aspects of the bank’s operational risks as a distinct and controllable risk category and should approve and periodically review the bank’s operational strategy. The strategy should reflect the bank’s tolerance for risk and its understanding of specific characteristics of this risk category. The Board should also be responsible for approving the basic structure of the framework for managing operational risk and ensuring that the senior management is carrying out its risk management responsibilities.
Principle 2: Senior Management should have the responsibility for implementing the operational risk strategy approved by the Board of Directors. The strategy should be implemented consistently through out the whole banking organization, and all levels of staff should understand their responsibilities with respect to operational risk management. Senior management should also have the responsibility for developing policies, processes and procedure for managing operational risk in all of the bank’s products, activities, processes and systems.
Principle 3: Information flows with in the banking organization play a key role in establishing and maintaining an effective operational risk management frame work.
Communication flows with in the bank should establish a consistent operational risk management culture across the bank. Reporting flows should enable senior management to monitor the effectiveness of the risk management system for operational risk and also enable the Board of Directors to oversee senior management performance.
Principle 4: Bank should identify the operational risk inherent in all types of products, activities, processes and systems. Bank should also ensure that before new products, activities, processes and systems are introduced or undertaken the operational risks inherent in them is subject to adequate assessment procedures.
Principle 5: Bank should establish the processes necessary for measuring operational risk.
Principle 6: Bank should implement a system to monitor, on an on-going basis, operational risk exposures and loss events by major business lines.
Principle 7: Banks should have policies, processes and procedures to control or mitigate operational risk. Banks should assess the costs and benefits of alternative risk limitation and control strategies and should adjust their operational risk exposure using appropriate strategies, in light of their over all risk profile.
Principle 8: Banking supervisors should require banks to have an effective system in place to identify, measure, monitor and control operational risks as part of an over all approach to risk management.
Principle 9: Supervisors should conduct, directly or indirectly, regular independent evaluation of bank’s strategies, policies, procedures and practices related to operational risks. Supervisors should ensure that there are effective reporting mechanisms in place which allow them to remain apprised of developments at banks.
Principle 10: Banks should make sufficient public disclosure to allow market participants to assess their operational risk exposure and quality of their operational risk management.
CAPITAL CHARGE FOR OPERATIONAL RISK : Basel Committee on Banking Supervision had suggested in its 1999 Consultative Paper, a Pillar 1 minimum regulatory capital charge for other risk, including operational risk. Following the consultation process and its own analysis, the committee decided that only operational risk should be subject to a capital charge under Pillar 1.
THE SUGGESTED FRAMEWORK : The committee has put forward a framework consisting of three methods for calculating operational risk capital charges in a “ continuum “ of increasing sophistication and risk sensitivity.
These are in the order of their increasing complexity,
i) Basic Indicator Approach
ii) Standard Approach
iii) Advanced Measurement Approaches.
Banks are expected to move along the range toward more sophisticated approaches as they develop more sophisticated operational risk management systems and practices and meeting the prescribed qualifying criteria. Internationally active banks and banks with significant operational risk exposure would be required to use more sophisticated approach than the Basic Indicator Approach. A bank will be permitted to use a combination of approaches, like standard approach for some business lines and an advanced measurement approach for others, subject to a materiality requirement that at least a minimum percentage of the banks business should be in the Advanced Measurement Approach .
THE BASIC INDICATOR APPROACH
Under the Basic Indicator Approach, banks have to hold capital for operational risk equal to a fixed percentage of a single indicator which has currently been proposed to be gross income. Gross income has been selected “for the sake of simplicity, comparability, reduction of arbitrage possibilities and most significantly, a lack of evidence of greater risk sensitivity of other indicators”. The charge may be expressed as follows:
KBIA = El * a, where
KBIA = the capital charge under the Basic Indicator Approach.
El = the level of an exposure indicator for the whole institution, provisionally gross income.
a = a fixed percentage set by the committee, relating the industry wide level of required capital to industry wide level of indicator.
This approach is available for all banks irrespective of their sophistication. However supervisors are not expected to permit international banks with significant operational risks to adopt this approach.
The Standardized Approach:: Under the Standardized Approach, the bank’s activities are divided in to 8 business lines against each of which, a broad indicator is specified to reflect the size or volume of bank’s activities in that area. The table below shows the proposed business lines and indicator.
With in each business line, the capital charge is calculated by multiplying the indicator by a factor ( beta ) assigned to that business line. Beta will be set by the committee and serves as a rough proxy for the industry-wide relationship between the operational risk loss experience for a given business line and aggregate level of the indicator for that business line. If a bank is unable to allocate an activity to a particular business line , the Basel Committee has proposed that the income relating to that activity should be subject to highest beta factor. The total capital charge is calculated as the simple summation of the regulatory capital charges across each of the business lines.
The total capital charge may be expressed as follows:
KTSA = E ( El 1-8 * B 1-8 )
Where
K TSA = the capital charge under the Standardized Approach
El 1-8 = the level of an exposure indicator for each of the 8 business lines.
B 1-8 = a fixed percentage set by the committee, relating to the level of required capital to the level of the gross income for each of 8 business lines.
Advanced Measurement Approaches ( AMA ):: Banks world over are in the process of developing different methodologies for measurement of operational risk capita charge. In view of this the committee has been less prescriptive in respect of the advanced measurement approaches which would be based on an estimate of operational risk derived from a bank’s internal risk measurement system and are there fore expected to be more risk sensitive than the other two approaches.
The committee expects that the advanced approaches would lead to a lesser capital charge as compared to the other two. To ensure this the capital charge would be subject to a floor based on the Standardized Approach capital charge for operational risk which has been proposed to be set initially at 75% of the Standardized Approach capital charge. This is subject to review and elimination in the future, if required.
Under AMA, banks would be allowed to use the output of their internal operational risk management systems, subject to qualitative and quantitative standards set by the committee. For certain event types, banks may need to supplement their internal loss data with external, industry loss data.. The qualitative standards would include a supervisory soundness standard that all internally generated risk estimates would have to meet, as well as criteria for the definition of operational risk embedded in the risk measurement system, the use internal and external data, and validation of parameters and system output. The eligibility criteria for banks wanting to use the AMA will include qualitative standards covering their operational risk management structure, processes and environment, and quantitative standards governing internal estimates used in the AMA calculations.
The approaches that banks are currently developing fall under three broad categories. They are I) Internal Measurement Approaches ( IMA ) 2) Loss Distribution Approaches ( LDA ) and 3) Scorecard Approaches.
INTERNAL MEASUREMENT APPROACHES
The approach assumes a fixed and stable relationship between expected loss ( the mean of the loss distribution ) and unexpected loss ( the tail of the loss distribution ). This relationship may be linear- implying the capital charge would be a simple multiple of expected losses- or non linear – implying that the capital charge would be a more complex function of expected losses. Estimates of operational risk capital are based on measures of expected operational risk losses.
The IMA calculations are generally based on a frame work that divides a bank’s operational risk exposures in to series of business lines and operational risk event types. In such a frame work, a separate expected loss figure is calculated for each business line/ event type combination. Typically expected losses are calculated by combing estimates of loss frequency and severity for various business line/ event type combinations, based on internal and where appropriate, external loss data, along with a measure of the scale of business activities for the particular business line in question.
PE: The probability that an operational risk event occurs some future horizon.
LGE: The average loss given that an event occurs.
EI: An exposure indicator that is intended to capture the scale of the bank’s activities in a particular business line.
LOSS DISTRIBUTION APPROACHES ( LDA )
Under loss distribution approaches, banks estimate, for each business line / risk type cell, or group there of, the likely distribution of the operational risk losses over some future horizon ( for instance for one year ). The capital charge resulting from these calculations is based on a high percentile of the loss distribution. As with internal measurement approaches, this over all loss distribution is typically generated based on assumptions about the likely frequency and severity of operational risk loss events. In particular, LDAs usually involve estimating the shape of the distributions of both the number of loss events and severity of the individual events. These estimates may involve imposing specific distributional assumptions or deriving the distributions empirically through techniques such as boot strapping and Monte Carlo simulation. The over all capital charge may be based on the simple sum of the operational risk “VaR” for each business line /risk type combination- which implicitly assumes perfect correlation of losses across these cells- or by using other aggregation methods that recognize the risk reducing impact of less-than –full correlation.
This method differs from internal measurement approaches in one important aspect: it aims to assess unexpected losses directly rather than via an assumption about the relationship between expected loss and unexpected loss. That is internal measurement approaches estimate a single parameter of the overall loss distribution, expected losses and assume that the relationship between expected and unexpected losses is fixed regardless of the level of expected losses and how the various components of expected loss- frequency, severity and scale- are combined. In contrast, the loss distribution approaches allow this distribution to vary with both the level of expected losses and with variation in its components. Thus there is no need for the determination of a multiplication factor under the approach. At present several kinds of LDA methods are being developed and no industry standard has emerged.
SCORECARD APPROACHES
A range of scorecard approaches is being developed with some banks already operating a system of economic capital allocation based on such approach. In this approach , banks determine an initial level of operational risk capital at the firm or business line level and then modify these amounts over time on the basis of “ scorecards “ that attempt to capture the underlying risk profile and risk control environment of the various business lines. These scorecards are intended to bring a forward looking component to the capital calculations, that is, to reflect improvements in the risk control environment that will reduce both the frequency and severity of future operational risk losses. The scorecards may be based on actual measures of risk, but more usually identify a number of indicators as proxies for particular risk types within business units/lines. The scorecard will normally be completed by line personnel at regular intervals and subject to review by a central risk function.
In order to qualify for AMA, a “ scorecard “ approach must have a sound quantitative basis, with the over all size of the capital charge being based on a rigorous analysis of internal and external loss data.. In some cases, scorecard approaches are based on initial estimation methods that are similar to those used in internal measurement or loss distribution approaches. Where scorecard approach differs from these approaches is that it relies less exclusively on historical loss data in determining capital amounts. Instead, once the size of capital charge is determined, its overall size and its allocation across business lines may be modified on a quantitative basis.
Overall calibration
The committee had initially assessed the possible future level of operational risk regulatory capital at 20% of current minimum regulatory capital (MRC ). This estimate was based on surveys of operational risk and reports from individual institutions. In particular, the figure was based on an average of 20% of economic capital allocated to operational risk, based on data reported by a sample of firms and other sources. Based on this the Committee suggested that alpha under the Basic Indicator Approach at 30% of gross income.
The estimate was subsequently reduced to 12% minimum regulatory capital in view of the overwhelming number of comments arguing for a lower level and also taking in to account the fact that banks make use of insurance to mitigate operational risk. In the light of lower overall calibration level and additional analysis of the relationship between gross income and capital, alpha is likely to be in the range of 17-20% of gross income. Betas are also likely to fall in a range around this level.
The Basel Committee has been making efforts at arriving at the right calibration of the alpha and betas through its Quantitative Impact Studies. The committees efforts at calibrating these at the right level are hindered by the following factors:
a. comparability of economic capital data across banks since these use different methodologies.
b. Operational risk was not captured consistently in the sample.
c. For many banks, insurance instruments cover operational risk and that this may be reflected in economic capital allocations.
d. The small size of the sample of banks providing data and the issue as to whether this is representative of internationally active banks.
e. How and to what extent the Committee should exercise judgment in estimating the betas.
Other Issues:
Data: Implementation of capital charge will be very challenging and will have to overcome several serious hurdles. Firstly, collection of data will have to be consistent across banks and will have to conform to the business lines and event types as given by the Committee. There will also have to be arrangements for sharing of loss information for certain event types.
Overlap with credit and market risks: Certain operational risk loss events may overlap with those of credit or market risk related exposures. For the purpose of better operational risk management and to evolve internal policies, there fore, the Committee expects banks to include all operational risks in the loss event data base.
However for regulatory capital purposes, banks are expected to attribute operational risk related to credit and market loss events to those risk areas for the calculation of regulatory capital requirements. The Committee will calibrate the overall capital charge for operational risk to prevent double counting with the credit capital charge.
INSURANCE: There are long standing types of insurance contracts ( such as blanket bonds ) that have an extensive history of protecting banks against operational losses from events such as frauds and employee theft and new insurance products intended to provide coverage of some of the emerging forms of operational risk. It was partly in response to these comments that the committee decided to reduce the overall level of the operational risk capital charge.
Arguments have been put forward for the explicit recognition of robust and comprehensive insurance of operational risk. The committee is currently of the view that if such recognition of insurance is permitted, it should be limited to those banks that use AMA. This reflects the quality of risk identification, measurement, monitoring and control inherent in the AMA and the difficulties in establishing a rigorous mechanism for recognizing insurance where banks use a simpler regulatory capital calculation technique. The issues involved in considering such a mitigation for operational risk capital charge are the following:
a. what standards should be in place for qualifying insurance companies and insurance products and what is an appropriate formula for recognition of insurance that is risk sensitive but not excessively complex?
b. How to differentiate between commonly used insurance product, with which both banks and supervisors have extensive experience and innovative, untested products that may be developed to provide coverage for emerging operational risks?
It is at present felt that in view of the fact insurance may provide less than perfect coverage of operational risks, due to factors such as delays in payment or legal challenges of contractual terms there should be a limit on the overall impact of insurance risk mitigation. The limit also helps to ensure that the remaining capital charge provides an adequate cushion for residual risk. The current proposal is that the capital reduction stemming from the impact of insurance be included with in the floor of 75% of the standardized capital charge.
MARKET RISK
Market Risk is the possibility of loss to a bank caused by changes in the market variables. Market risk is also defined as “ the risk that the value of on or off balance-sheet positions will be adversely affected by movements in equity and interest rate markets, currency exchange rates & commodity prices.
Thus Market risk is the risk to the banks earnings and capital due to changes in the market level of interest rates or prices of securities, foreign exchange, commodities & equities as well as the volatilities of those prices.
Market Risk Management of a bank thus involves management of Interest rate risk, Foreign exchange risk, Commodity price risk & Equity price risk.
LIQUIDITY RISK : Liquidity of a financial institution is its ability to fund increases in assets and meet payment obligations, as they fall due, both efficiently and economically. Liquidity risk is the potential inability to meet banks liabilities as they become due. It arises when the banks are unable to generate cash to cope with a decline in deposits or increase in assets. It originates from the mismatches in the maturity pattern of assets & liabilities. Liquidity management in a bank is important because:
i. It demonstrates to the market place that bank is safe & is capable of repaying its borrowings. It provides the confidence factor.
ii. It enables the bank to meet its prior loan commitments & thus necessary to nurture relationship.
iii. It enables the bank to avoid unprofitable sale of assets.
iv. It lowers the default risk premium the bank must pay for funds, as a bank with strong balance sheet will be perceived by the market as being liquid & safe.
v. It reduces the need to resort to borrowings from the central bank.
Managing liquidity is among the most important activities conducted by banks since a liquidity short fall at a single institution can have a system wide repercussions. As a result a bank need not only to measure its own liquidity on a on going basis, but also to examine how funding requirements are likely to evolve under various scenarios, including adverse conditions developing in the market. Factors affecting liquidity of a bank can not always be forecast with precision; hence they need to be reviewed frequently to determine their continuing validity, especially given the rapidity of change in financial markets.
Liquidity risk in banks manifest in different dimensions:
i. Funding Risk – need to replace net outflows due to unanticipated withdrawal/ non renewal of deposits.
ii. Time Risk – need to compensate for non- receipt of expected inflows of funds i.e. performing assets turning it to non- performing assets.
iii. Call Risk – due to crystallization of contingent liabilities and unable to undertake profitable business opportunities when desirable.
The first step towards liquidity management is to put in place an effective liquidity management policy which inter alia, should spell out the funding strategies, liquidity planning under alternative scenarios, prudential limits, liquidity reporting/ reviewing etc. Under liquidity management to assess the liquidity risk, the key ratios adopted across the banking system are Loans to Total assets, Loans to Core deposits, Large liabilities minus Temporary investments to Earning assets minus Temporary investments, Purchased funds to Total assets, Loan losses/Net loans etc.
Analysis of liquidity in banks involve tracking of cash flow mismatches. For measuring and managing net funding requirements, the use of maturity ladder & calculation of cumulative surplus or deficit of funds at selected maturity dates is recommended as a standard tool. RBI has prescribed the format under ALM system for measuring cash flow mismatches at different time bands. The cash flows should be placed in different time bands based on future behavior of assets, liabilities and off-balance sheet items.
Banks have to analyse the behavioral maturity profile of various components of on/off- balance sheet items on the basis of assumptions and trend analysis supported by time series analysis. Banks should also undertake variance analysis, at least once in six months to validate the assumptions. Banks should also track the impact of prepayments of loans, pre mature closure of deposits and exercise of options built in certain instruments which offer put/call options after specified times.
For managing the Market Risk certain prudential limits can be put in place to avoid the liquidity crisis such as:
i. Cap on inter bank borrowings, especially call borrowings.
ii. Purchased funds vis-à-vis liquid assets.
iii. Core deposits vis-à-vis Core assets i.e. Cash reserve ratio, Liquidity reserve ratio and loans.
iv. Duration of liabilities and investment portfolio.
v. Maximum cumulative out flows across all time bands.
vi. Commitment ratio – track the total commitments given to corporates/banks and other financial institutions to limit the off- balance sheet exposure.
vii. Swapped fund ratio i.e. extent of Indian rupees raised out of foreign currency sources.
The liquidity profile of the banks could be analyzed on a static basis, where in the assets and liabilities and off- balance sheet items are pegged on a particular day and the behavioral pattern and the sensitivity of these items to changes in market interest rates and environment are duly accounted for. Banks can estimate the liquidity profile on a dynamic way by giving due importance to:
a. Seasonal pattern of deposits/loans.
b. Potential liquidity needs for meeting new loan demands, un-availed credit limits, potential deposit losses, investment obligations, statutory obligations etc.
INTEREST RATE RISK : Deregulation of interest rates has exposed the banks to the adverse impact of interest rate risk. Interest rate risk as far as financial institutions is concerned, is the risk that the value of its assets & liabilities as also its net interest income may get adversely affected on account of movements in interest rates. Any mismatch in cash flows or repricing dates of assets or liabilities, expose banks NII or NIM to variations. The market value undergo changes in response to changes in the interest rates in the market. The realizable value of equity is the difference between the market values of assets & outside liabilities.
For the purpose of measurement & management of Interest rate risk, it is important to distinguish the types of interest rate risks as follows:
i. Mismatch risk or Gap risk.
ii. Basis risk.
iii. Yield curve risk.
iv. Embedded option risk
v. Price risk.
MISMATCH RISK : Banks in the course of their business assume liabilities and create assets which are of different maturities, sizes and carry different prices. The difference between the interest received on assets and the interest paid on liabilities is the banks net income. Usually the assets and liabilities mature or fall due for re-pricing at different time intervals. For instance an investment in five year Government of India security by using funds raised by issuing one year deposit clearly results in liquidity mismatch. In addition there is a re-pricing mismatch between the asset and liability.
The deposits will have to be re-priced, may be at a higher interest rate at the end of one year while the asset will continue to provide the fixed return for the remaining period of four years. If interest rate rises by the time deposit matures, bank will be able to raise new deposit only at a higher interest rate prevailing in the market. This will result in the interest spread between deposit and investment getting reduced and in turn adversely affect the Net Interest Income of the bank.
Deposits, borrowings, loans, investments etc are interest sensitive items, where as premises, stationary, computers etc are non sensitive to changes in interest rates in the market. Often it is difficult to determine the precise point of time when some of the items of interest sensitive asset/liability become due for repricing.
On any day or during a specified period it is possible that there could be more rate sensitive assets getting repriced/ maturing than liabilities or vice-versa, resulting in an interest rate mismatch. If more interest rate sensitive assets re price/mature on a day or over a time interval than the interest sensitive liabilities during the same period, the gap is called “ Positive Gap “ and if more liabilities re price than assets during the period such gaps are called “ Negative Gap “
Basis Risk: Changes in interest rates equally affect both the assets and liabilities due for re-pricing. But in reality, the extent of change in interest rate on re-pricing will depend upon the specific asset/ liability subject to re-pricing.
The risk of different groups of banks assets and liabilities being based on different interest rate basis ( like MIBOR, Treasury bill rates etc ) which change by varying degrees ( in response to a given change in the key interest rates in the market ) is called the Basis Risk. Further changes in deposit interest typically lag behind loan rates. The complex linkages between interest rates in different segments of the market ( call, Repos, CDs, inter bank term money etc ) contribute to the basis risk. Typically, in a falling interest rate scenario, it is possible that interest rates on assets may be lowered generally while the deposits may continue at the contracted higher rate of interest.
Yield Curve Risk: On account of volatility in interest rates, the yield curve unpredictably and often substantially, changes in shape. If the interest rates on assets & liabilities are pegged to the bench mark rates ( like Treasury bills cut-off rates ) there is a risk that the interest spread may decrease as the term spread narrows down.
Embedded Option Risk: Banks provide an option to the depositors to prematurely close the deposits and to borrowers to repay the advances. Customers would be exercising this option at a time most unfavorable to the bank. In other words, depositors may prematurely close the deposits when interest rates increase and redeposit at a higher rates and when interest rates decline borrowers may opt to repay the loans and renew the same at the lower rate. In both the cases banks net interest income is adversely affected.
Reinvestment Risk: The expected yield on investments, generally indicated by yield to maturity, is based on the important assumption that the bond will be held till maturity and during the life of the bond, the periodic coupons received will be reinvested at an interest rate equal to the YTM. This assumption can go wrong in which case income from investments by way of coupons gets reinvested at lower rates in case the interest rates decline.
Price Risk: The values of investments change inversely to interest rates. If interest rates in the market increase, investment suffer depreciation and if interest rates decline investments in the bank’s portfolio gain in value. The price change in investments are on account of the present values of the cash flows in the bond being altered when discounted by the new interest rate. Thus all bonds are subject to price risk which is the potential loss in value on account of changes in interest rates. This concept can be generalised and can be extended to all items of assets and liabilities in a bank’s balance sheet which conceptually constitutes series of expected cash flows and as such, have present values ( market values ) which vary with market interest rates. Thus all items of assets and liabilities are exposed to price risk. Price risk will impact the values of assets and liabilities of a bank and in turn market value of net worth which is the difference between the market value of assets and liabilities.
MANAGEMENT OF INTEREST RATE RISK.
Interest Rate Risk is managed through:
i. Gap Analysis or Traditional Gap Method ( addressing NII aspects )
ii. Duration Gap Analysis ( addresses economic value aspects )
iii. Simulation Method ( addressing both earnings & economic value aspects )
Under Traditional Method limits are put on gaps in different time buckets and also on cumulative gaps. This involves targeting a particular NIM for the performance horizon. The policies on products and pricing which will help achieving the projected NIM will be formulated. The gaps will then be monitored and managed in line with the risk management policy and in particular with the policy on ALM. The gaps will be managed by altering the rate sensitivities by bringing about necessary changes in the interest rate gap profile either on or off balance sheet.
The Duration Gap Method seeks to measure the adverse effects of interest rate changes on the market value of the equity or the economic value of portfolio equity. In this method the gap in duration between assets and liabilities is measured and resultant positive or negative duration gap is managed with the help of derivative products like Forward Rate Agreements, Interest Rate Swaps etc.
Both Traditional Gap Analysis and Duration Gap Analysis are tools for measurement and management of interest rate risk, subject to certain underlying simplifications and assumptions. However neither comprehensively cover both the income ( NII ) and value ( MVE ) impacts simultaneously. Further both the methods consider interest rate as the only variable ignoring the dynamic nature of banks balance sheet.
At a higher level Simulation Techniques are used to measure and manage Interest rate risk. In Simulation Method a financial model of the institution is first developed incorporating inter relationship of assets, liabilities, prices, costs, volume, mix and other related variables. Scenarios about the future and the possible responses thereto are generated which provide the management a number of options to choose from and take decisions. As a result alternative business plans can be designed and their feasibility studied under different interest rate scenario. Simulation analysis can be done for several target parameters like NII, MVE, risk profile, etc. Simulation package takes in to account risk return policies, regulatory frame work, capital strength & profitability, other risks embedded in the balance sheet like credit, liquidity and forex risk. Advantages of the Simulation are that it is forward looking and dynamic, enabling risk management on a proactive basis and lessening the role of crisis management.
FOREIGN EXCHANGE RISK: Foreign Exchange Risk is the risk arising from a foreign exchange exposure. It may be defined as a risk that the bank may suffer losses as result of adverse exchange rate movements during the period in which it has an open position, either spot or forward or a combination of the two in an individual foreign currency. Foreign currency exposures and the attendant risks arise, whenever a business has an income or expenditure or an asset or liability in a currency other than the balance sheet currency.
Exposures will thus include foreign currency denominated items in the balance sheet, contracted purchases and sales, foreign currency denominated receipts and payments which could fructify if the proposed trading activity is realised.
The commonly understood three types of currency exposures are:
a. Transaction exposure: Transaction exposure can be defined as the risk that the base currency value of a foreign currency denominated transaction will vary with changes in exchange rates during the life of the transaction. Transaction exposure arises when a business has foreign currency denominated receipt or payments. The risk here is an adverse movement of exchange rate from the time the transaction is budgeted till the time the exposure is extinuised by sale or purchase of foreign currency against the home currency.
b. Translation exposure: It is also called accounting exposure and concerns the past. It arises from the need to “Translate “ foreign currency assets or liabilities in to home currency for the purpose of finalising the accounts for any given period. It can thus be defined as the risk which will alter the domestic currency value of the assets and liabilities in the balance sheet, which arise when translated at foreign exchange rates, resulting in reported loss or gain.
c. Economic exposure: While transaction and transaction exposures are accounting concepts and can effect the bottom line directly, economic exposure is more a managerial concept. It can be defined as a change in future earning power and cash flow as result of adjustment of currencies. It thus represents a change in competitive position. Economic exposure to an exchange rate is the risk that the change in exchange rates is likely to affect the company’s competitive position in the market and hence indirectly its profits.
Exchange Risk on Open and Mismatched Positions: Banks dealing in foreign exchange market, in course of their dealings with exporters, importers and others, buy and sell currencies and build up open positions in various currencies in which these transactions are denominated. An open position arises when a bank buys or sells currency outright and does not square it up by undertaking an offsetting opposite transaction.
Open currency positions are created by banks through merchant operations or cover operations, proprietary trading or trading operations. When the assets which would include outstanding purchase contracts, exceed liabilities including outstanding sales contracts, a long or “ over bought “ position is created in that currency. Similarly when the liabilities exceed the assets, a short or “ over sold “ position is created in that currency. Movements in exchange rates affect the open currency positions.
GAP RISK: These are risks owing to adverse movements in implied interest rate differentials arising through transactions involving foreign currency deposits, forward contracts, currency swaps, forward rate agreements and through other currency and interest rate derivatives.
Banks not only buy and sell currencies for spot value but also for deliveries extending beyond spot dates. i.e. forward value dates. At times, purchase and sale of a currency for a particular forward value date may not match, which is referred to as a Gap risk or mismatch between foreign currency assets and liabilities. The maturity spread of assets and liabilities may differ i.e. the assets and the contract to purchase the currency may mature in advance of liabilities and contracts to sell that currency or vice-versa. Such maturity gaps arise in the normal course of business and some mis matching of maturities in general is unavoidable. Losses from mismatched securities generally arise because of adverse movements in interest rates or because of movements in forward margins in local market.
The Exchange Risk or Price Risk arising out of open short or long positions can be contained by fixing limits on inter day open positions in each currency, limits on overnight open positions in each currency and a limit on aggregate open positions for all currencies taken together, which would be lower than the total of the currency-wise positions. These limits are referred to as Daylight limits, Overnight limits and Aggregate limits. Daylight limit as the term suggests is the limit on the inter day position given to a dealer by the bank for dealing during a dealing day or business hours. Day light limits should be large enough to cover merchant transactions but should not be too large to provide scope for the dealers to speculate. Overnight limits define the size of the authorised open position at the close of the business hours when the foreign exchange market is closed.
The aggregate limit ensures that long and short positions in various currencies do not result in excessive exposures. The size of these limits is defined in policy documents taking in to account the risk perceptions of the management, size of merchant/ trading volumes, average size of the transactions, liquidity and depth of the market etc.
Gap Risks arising out of open gaps can be contained with in manageable limits by fixing suitable gap limits. The size of the Gap limits is usually linked to a certain percentage of the net worth of the bank, as all losses arising out of foreign currency operations will have to be met out of owned funds of the bank. The over all size of the Gap limit is a function of a number of factors like merchant and trading turn over , size of the overdue exports bills purchased/discounted/ negotiated, size of FCNR portfolio etc.
REGULATORY PRESCRIPTION: The Reserve Bank of India has prescribed guidelines for foreign exchange exposure limits of banks in it’s A.P. ( DIR Series ) Circular no 19 on “ Risk Management and Inter Bank Dealings “ addressed to all authorised dealers in Foreign Exchange. Banks have been advised to adopt the ‘ SHORT HAND METHOD “ which is accepted internationally for arriving the over all net open position. Banks have also been advised to calculate the over all net position as follows:
i. Calculate the net position in each currency.
ii. Convert the net position in to rupees at the FEDIA indicative spot
iii. rates for the day.
iv. Arrive at the sum of all the net positions.
v. Arrive at the sum of all the net long positions.
Over all net foreign exchange position is the higher of ( iii) and ( iv). The overall net exchange position arrived at as above must be kept with in the limit approved by Reserve Bank.
CREDIT RISK: Credit risk arises when a counterpart to a foreign exchange transaction is unable or unwilling to meet his obligations under the contract. A foreign exchange transaction is confirmed by a contract, which stipulates that on a specific date, both the parties to the contract will deliver to each other, specific amounts of currency, in a designated bank for the account of a specific beneficiary. The risk here is that one counter party may not be able to execute his side of the contract before the due date or is unable to execute his side of the contract on the due date. Failure to execution may arise because of the defaulting party is unable to pay.
SETTLEMENT RISK: This is the risk of loss arising when a bank performs on its obligation under a contract before the counter party does so. This arises when the defaulting counter party has received the settlement payment, but has yet make the requisite counter payment in foreign currency. This kind of risk is very frequent in international transactions because of time zone differences. Settlement risk is also referred to as Herstatt or Time–zone risk named after the 1974 failure of Bankhaus Herstatt, a bank in West Germany. In the case of Bankhaus Herstatt, several banks suffered losses under contracts which matured on the day the bank’s operations were shut down by the Banesbank, the German Central bank.
The closure of the bank was after the closure of business hours in Germany, but before the business day had opened in New York. Banks which had sold German marks to Bank Hersatt against Dollars, could not get their dollars in New York.
Credit Risk can be managed through fixing of counter party limits, appropriate measurement of exposures, ongoing credit evaluation and monitoring & following sound operating procedures.
COUNTRY RISK : Dealing in foreign currency with banks domiciled outside India involves country risk. It may be broadly defined as that uncertainty which is created where a foreign entity, private or sovereign may be unwilling or unable to fulfill its foreign obligations for different reasons like a sovereign entity’s immunity from legal process in which case the lender has no legal recourse against the entity who fails to perform on the contractual obligation. A possible change in Government or Government policy could also be responsible for invalidating previous contract. Country risk can be mitigated to some extent by fixing country limits.
OPERATING RISK.: These are the risks arising out of failure and lack of internal controls, human error, frauds etc. R B I had come out with comprehensive guidelines covering all aspects relating to risk control & management of various risks in foreign exchange business.
The guidelines cover aspects relating to dealing through exchange brokers, evaluations of foreign exchange profits & losses, reconciliation of nostro balances, management of risks in vostro account, control over miscellaneous aspects of dealing operations and auditing.
LEGAL RISKS: Legal risk arises from the legal enforceability of contracts. It is thus important that banks & corporates understand these risks and protect themselves. The best way to do this would to insist on exchange of internationally accepted Master Agreements between the parties like ISDA and supported with other relevant documentation.
VALUE AT RISK : Value at Risk is a risk measurement concept for measurement of market risk. It is defined as an estimate of potential loss in a position or asset or portfolio of assets over a given holding period at a given level of certainty. VaR is based on number of statistical concepts such as mean, standard deviation, normal distribution, level of confidence, volatility etc
EQUITY POSITION RISK : Changes in the Equity prices can result in losses to the bank holding an equity portfolio. In India, bank’s are not allowed to sell any security without actually holding the same. Consequently, banks can not have any short positions.
Reserve Bank of India has issued detailed guidelines on banks’ exposure to equity market. The banks are free to acquire shares , convertible debentures of corporates and units of equity oriented mutual funds, subject to a ceiling of 5% of banks total outstanding credit ( excluding inter bank lending & advances outside India ) as on March 31st of previous year. A bank’s Board of Directors are free to adopt a lower ceiling for the bank, keeping in view its overall risk profile. Banks may make investment in shares directly taking in to account the in house expertise available with in the bank as per the investment policy approved by the Board of Directors subject to risk management & internal control guidelines of RBI. Banks may also make investment in units of UTI and SEBI approved other diversified mutual funds with good track records as per the investment policy approved by the Board of Directors.
Banks should make investments in specific schemes of mutual funds / UTI and not place funds with mutual funds / UTI for investments in the capital market on their behalf. Underwriting commitments taken up by the banks in respect of primary issues through book building route would also be with in above over all ceiling. Investment in shares & debentures /bonds should be reckoned for the purpose of arriving at the prudential norm of single borrower and borrower-group exposure ceilings.
EQUITY RISK MANAGEMENT : Banks desirous of making investments in equity shares etc with in the above ceiling and financing of equities should observe the following guidelines:
a. Build up adequate expertise in equity research by establishing a dedicated equity research department, as warranted by their scale of operation.
b. Formulate a transparent policy and procedure for investment in shares etc.
c. Decision in regard to individual investment in shares etc should be taken up by the investment committee set up by the bank. The investment committee should be held accountable for the investment made by the bank.
d. Banks should review on an ongoing basis, their investment in shares with a view to assessing the risks due to volatility in asset prices.
e. As a prudential measure, a bank’s exposure to investment in equities whose prices are subject to volatility should not normally exceed 20% of its net worth.
f. The Board of Directors of the bank should also fix an overall ceiling on advances against shares, i.e. financing of IPOs, advances to individuals and share brokers & market makers, issue of guarantee on behalf of brokers, advances to corporates to meet promoters contribution etc.
The following is excluded for reckoning bank’s aggregate exposure by way of financing of equities:
i. Advances against collateral security of shares.
ii. Advances to individuals for personal purposes like education, housing, consumption etc against the security of shares.
iii. Banks should mark to market their investment portfolio in equities like other investments as per the valuation norms prescribed by RBI. Further banks should disclose the total investments made in shares, convertible debentures and units of equity oriented mutual funds as also aggregate advances against shares etc in the notes to their balance sheet.
COMMODITIES PRICE RISK : A commodity is defined as a physical product which is or can be traded on a secondary market e.g. agricultural products, minerals, oils and precious metals. In India banks have very little exposure to commodities either in their baking or trading books. The price risk in commodities is often more complex and volatile than that associated with currencies and interest rates. Commodity markets may also be less liquid and as a result changes in supply and demand conditions can make the market volatile making effective hedging of commodities risk rather difficult. Banks in developed markets use derivatives to hedge commodity price risk. However, this exposes them to additional risks such as “ basis risk “, “ interest rate risk “ and “ forward gap risk “. As and when Indian banks get exposed to commodity price risk they will have to acquire the skills to manage these complex risk also.
