8/10/2019 Points-Caiib

1/7

Let Us Sum Up1. We may define 'risks' as uncertainties resulting in adverse outcome, adverse in relation to planned objective or expectations.

'Financial Risks' are uncertainties resulting in adverse variation of profitability or outright losses.2. Uncertainties associated with risk elements impact the net cash flow of any business or investment. Under the impact ofuncertainties, variations in net cash flow take place. This could be favourable as well as unfavourable. The possible unfavourableimpact is the 'RISK' of the business. Lower risk implies lower variability in net cash flow with lower upside and downside potential.Higher risk would imply higher upside and downside potential.3. Zero Risk would imply no variation in net cash flow. Return on zero risk investment would be low as compared to other

opportunities available in the market.4. Capital requirement of a business or revenue model would depend upon the risks associated with the business or revenue model

and expected return on the investment would also factor in the risks associated with it. Higher the risks in a business model, greaterwould be the capital requirement and return expectations. The reverse is also True. This is the linkage between risk, return andcapital. Controlling the level of risk to an organisation's capacity to bear the risk is the essence of risk management and it requiresnot only identification of risks but also its measurement, control, mitigation and estimating the costs of risk.Check Your ProgressA) Investment in Post Office time deposit is Zero-risk investmentB) Zero-risk investment implies Investment in bank fixed depositC) Higher the risk-higher would be risk premiumD) Higher the risk in a business, higher would be capital requirementE) Most critical function of Risk Management- Controlling the level of risk to an organization's capacity

Let Us Sum UpA risk management framework provides for facilitating implementation of risk and business policies simultaneously in a consistentmanner so that a balanced view on risks and returns and within the constraints of available capital can be taken. It should includeidentification and its quantification of risks as well as provide for pricing of risks appropriately.

Risk management framework may have well-articulated processes covering the following areas:Organization for Risk Management Risk Identification Risk Measurement Risk PricingRisk Monitoring and Control Risk MitigationThe Board of Directors has the overall responsibility for management of risks. Supervision aspects are overseen by RiskManagement Committee, which is a Board level Sub-Committee. The Committee of senior level executives is responsible forimplementation of risk and business policies simultaneously in a consistent manner. Risk management department functions as asupport group.Risk identification consists of identifying various risks associated with the risk taking at the transaction level and examining itsimpact on the portfolio and capital requirement.The risk measures seek to capture variations in earnings, market value, losses due to default, etc. (referred to as target variables),arising out of uncertainties associated with various risk elements. Quantitative measures of risks can be classified into threecategories:1. Based on Sensitivity2. Based on Volatility

3. Based on Downside PotentialDownside potential is the most comprehensive measure of risk as it integrates sensitivity and volatility with the adverse effect ofuncertainty.Risk pricing implies factoring risks into pricing through capital charge and loss probabilities. This would be in addition to the actualcosts incurred in the transaction. The actual costs incurred are cost of funds that has gone into the transaction and costs incurred ingiving the services, which are incurred by way of maintaining the infrastructure, employees and other relevant expenses.It is equally important to ensure that the organization functions in a manner it has been planned. A feedback of the actualfunctioning is therefore necessary for the purpose of control. In addition to that the feedback received on the actual performancerequires monitoring also to ensure that the divergence between the planned performance and actual performance is kept at thelevel that is acceptable.Risk reduction is achieved by adopting strategies that eliminate or reduce the uncertainties associated with the risk elements. Thisis called 'Risk Mitigation'. Risk mitigation measures aim to reduce downside variability in net cash flow but it also reduces upsidepotential simultaneously. Risks can be mitigated through diversification.

Terminal Questions(A) Capital charge component of pricing accounts for Cost of capital , Loss provision.

(B) Daily volatility of a stock is 0.5%. What is its 10-day volatility? 1.58%

(C) Risk mitigation results in1. Reduction of downside potential*2. Reduction in profit potential*

Let Us Sum Up1. W.r.t risk management point of view, banking business lines may be grouped as:(i) The Banking Book(ii) The Trading Portfolio(iii) Off-balance Sheet Exposures

2. All assets and liabilities in the banking book are normally held until maturity and accrual system of accounting is applied onthem. The banking book is mainly exposed to liquidity risk, interest rate risk, default or credit risk and operational risks.

3. The positions in the trading book are normally held for liquidating them in the market after holding it for a period. The differencebetween market price realised and book value is accounted for as profit/loss. Trading book is mainly exposed to market risk,market liquidity risk, default or credit risk and operational risk.

8/10/2019 Points-Caiib

2/7

4. Off-balance sheet exposures may become fund-based exposure based on certain contingencies. Both contingencies given(where bank provides benefit) and contingencies receivable (where bank is the beneficiary) may form off-balance sheetexposure. Off-balance sheet exposures may have liquidity risk, interest rate risk, market risk, default or credit risk andoperational risk.

Terminal Questions(A) Financial Risk is defined as Variations in net cash flows(B) Strategic Risk is a_________ type of risk(C) A bank funds its assets from a pool of composite liabilities. Apart from credit and operational risks, it faces Basis risk(D) A branch sanctions Rs 1 crore loan to a borrower, branch is taking -Liquidity risk , Interest rate risk

Credit risk, Operational risk

(E) Premature payment of a term loan will result in interest rate risk of type Embedded option risk

Let Us Sum UpBanking and financial services are regulated because banking and financial services are the backbone of an economy. A healthyand strong banking system is a must for any economy to function smoothly and to prosper. Regulations have a decisive impact onrisk management. Regulations seek to improve the safety of the banking industry, ensure a level playing field, promote soundbusiness and supervisory practices, control and monitor 'Systemic Risk' and protect the interest of depositors.Deregulation increased competition between players unprepared by their past experiences, thereby resulting in increasing risks forthe system. Globalisation and cross-border transactions needed a regulatory framework on a cross-country basis, for reconcilingrisk control and yet maintaining a level playing field for fair competition became necessary.In 1988, the Basel Committee published a set of minimal capital requirements for banks, known as the 1988 Basel Accord. The1988 Basel Accord primarily sought to put in place a framework for minimum capital requirement for banks that was linked to creditexposure. Keeping in view different accounting practices in vogue across the world, it also defined the capital for the purpose ofcapital adequacy.In 1996, BCBS published an amentiment to the 1988 Basel Accord to provide an explicit capital cushion for the price risks to which

banks are exposed, particularly those arising from their trading activities. This amentiment was brought into effect in 1998. Linkingof risks with capital in terms of the Basel I Accord needed a revision for the following reasons:1. Credit risk assessment under Basel I is not risk-sensitive.2. It promotes financial decision-making on the basis of regulatory constraints rather than on the basis of economic opportunities.3. It did not recognise the role of credit risk mitigants.The 1988 Accord has been revised with the objectives to develop a fi-amework that would strengthen the soundness and stability ofthe international banking system, to ensure that it does not become a source of competitive inequality among internationally activebanks and yet have a capital adequacy regulation that is sufficiently consistent and to help promote the adoption of stronger riskmanagement practices by the banking industry.10.12.1 Basel-II AccordThe revised accord is also called Basel II. The BCBS has since released the document, "International Convergence of CapitalMeasurement and Capital Standards: A Revised Framework" on 26 June, 2004.Its significant features are: Significantly, more risk-sensitive capital requirements and takes into account operational risk of banks.

Greater use of assessment of risk provided by banks' internal systems as inputs to capital calculations. Provides a range of options for determining the capital requirements for credit risk and operational risk. Capital requirement under new accord is the minimum. It has a provision for supplementary capital that can be adopted by

national regulators. The accord in fact promotes stronger risk management practices by banks by providing capital incentive for banks with better

risk management practices.The Basel-II Accord is based on three pillars -1. Minimum capital requirement2. Supervisory review process3. Market discipline10.12.2 Structure of Basel-IIPillar 1 - Minimum Capital Requirement Capital for credit risk Standardised Approach Internal Ratings Based (IRB) Foundation Approach

Internal Ratings Based (IRB) Advanced ApproachCapital for Market Risk Standardised Approach (Maturity Method) Standardised Approach (Duration Method) Internal models methodCapital for Operational Risk Basic Indicator Approach Standardised Approach Advanced Measurement ApproachPillar 2 - Supervisory Review Process Evaluate risk assessment Ensure soundness and integrity of banks' internal process to assess the adequacy of capital Ensure maintenance of minimum capital - with PCA for shortfall. Prescribe differential capital, where necessary, i.e., where the internal processes are slack.Pillar 3 - Market Discipline

Enhance disclosure Core disclosures and supplementary disclosures Timely - semi-anualTerminal Questions(A) Systemic risk is the risk of Failure of entire banking system

8/10/2019 Points-Caiib

3/7

(B) Central Bank Governors of G-10 countries participate in the Basel Committee on Banking Supervision. Total number ofmembers: 13

(C) 1988 Capital Accord framework accounted for Credit risk , Market Risk , Defined capital component

(D) Back testing is done to Compare model results and actual performance

(E) Under Basel II, capital requirement under the accord isThe capital as specified by the regulatory authority is required to be maintained

(F) Capital charge for credit risk requires input for PD, LGD, HAD and M. Under advanced IRB approach, who provide the input forLGD- Bank

Let Us Sum UpA bank's trading book exposure has the following risks, which arise due to adverse changes in market variables such as interestrates, currency exchange rate, Commodity prices, market liquidity, etc., and their volatilities and impact bank's earnings and capitaladversely.1. Market Risk2. Trading Liquidy Risk(a) Asset Liquidity Risk(b) Market Liquidity Risk3. Credit and Counterparty risksManagement processes for market risk management are sub-divided into following four parts:1. Risk Identification

2. Risk Measurement3. Risk Monitoring and Control4. Risk MitigationMarket risk management framework is dependent upon quantitative measures of risk. The market risk measures seek to capturevariations in market value arising out of uncertainties associated with various risk elements. These provide an objective measure ofmarket risk in a transaction or of a portfolio. Market risk measures are based on- Sensitivity- Downside PotentialBasis Point Value (BPV) and Duration are market risk measures based on sensitivity. VaR is a measure based on downsidepotential.VaR is defined as the predicted worst-case loss at a specific confidence level over a certain period of time assuming 'NormalTrading Conditions'.VaR measures the potential loss in market value under normal circumstances of a portfolio using estimated volatility (rate or pricemove) and correlations (how rates or prices move in relation to each other), for a given horizon (longer the time horizon, more is the

VaR) measured with a given confidence interval. In calculating VaR we consider the volatility of prices and correlation of prices withrespect of all other assets/liabilities in the portfolio. Normal circumstances refer to the fact that VaR is not a measure when marketis under abnormal conditions.VaR is not worst-case scenario. It does not measure losses under any particular market conditions. VaR by itself - is not sufficientfor risk measurement. Measures to get over the limitation include back testing and model calibration and scenario analysis andstress testing.Back tesfing is a process where model based VaR is compared with the actual performance of the portfolio. This is carried out forevaluating a new model or to assess the accuracy of existing models.Stress testing essentially seeks to determine possible changes in the market value of a portfolio that could arise due to non-normalmovement in one or more market parameters. The process involves identifying market parameters to stress, the quanturn of stressand determine the time frame. Once these are determined, it is applied on the portfolio to assess the impact on it.Stress tests produce information summarising the bank's exposure to extreme, but possible, circumstances. The role of riskmanagers in the bank should be assembling and summarising information to enable senior management to understand thestrategic relationship between the firm's risk-taking (such as the extent and character of financial leverage employed) and risk

appetite. Typically, the results of a small number of stress scenarios should be computed on a regular basis and monitored overtime. Some of the specific ways stress tests are used to influence decision-making are to:Manage funding risk - Provide a check on modelling assumptions Set limits for traders Determine capital charges on trading desks' positionsRisk monitoring and control calls for implementation of risk and business policies simultaneously. It consists of setting market risklimits or controlling market risk, based on economic measures of risk while ensuring best risk adjusted return. Controlling marketrisk means keeping the variations of the value of a given portfolio within given boundary values through actions on limits, which areupper bounds imposed on risks.Market risk arises due to volatility of financial instruments. The volatility of financial instrument is instrumental for both profits andrisk. Risk mitigation in market risk, i.e., reduction in market risk is achieved by adopting strategies that eliminate or reduce thevolatility of the portfolio. However, there are couple of issues that are also associated with risk mitigation measures.(a) Risk midgation measures aim to reduce downside variability in net cash flow but it also reduces upside potential or profit

potential simultaneously.

(b) In addition, risk mitigation strategies, which involve counterparty, will always be associated with counterparty risk. Of course,where counterparty is an established 'Exchange' or a central counterparty, counterparty risk gets reduced very substantially. InOTC deals, counterparty risk would depend upon the risk level associated with party to the contract.

Terminal Questions1. A bank expects fall in price of a security if it sells it in the market. What is the risk that the bank is facing?Asset liquidation risk

8/10/2019 Points-Caiib

4/7

2. An 8-year 8% semi-annual bond has a BPV of Rs 125. The yield on the bond has increased by 5 basis points. What is the profitor loss suffered due to increase in yield? A loss of Rs 625

3. 1 day VaR of a portfolio is Rs 500.000 with 95% confidence level. In a period of six months (125 working days) how many timesthe loss on the portfolio may exceed Rs 500.000? 6 days

4. A bank suffers loss due to adverse market movement of a security. The security was how ever held beyond the defeasanceperiod. What is the type of the risk that the bank has suffered? Operational risk

5. A bank holds a security that is rated A+. The rating of the security migrates to A. What is the risk that the bank has faced? Credit

risk

6. A bond with remaining maturity of 5 years is presently yielding 6%. Its modified duration is 5 years. What is its McCauley'sduration?5.30%

7. VaR is not enough to assess market risk of a portfolio. Stress testing is desirable becauseIt helps in assessing risk due to abnormal movement of market parameters

Let Us Sum Up

Credit risk arises from lending activities of a bank. Credit risk arises from potential changes in the credit quality of a borrower. It has

two components: default risk and credit spread risk. Default risk and downgrade risk are transaction level risks. Risks associated

with credit portfolio as a whole is termed portfolio risk. Portfolio risk has two components - Concentration risk, and Systematic or

Intrinsic risk. The counterparty risk arises from non-performance of the trading partners. 'Country Risk' is also a type of credit riskwhere non-performance by a borrower or counterparty arises because of restrictions-imposed by a sovereign.

Since, lending activities are usually spread across all the branches and controlling offices of banks, and lending activities typically

command more than half of all risk taking activities of a bank, management of credit risk is very critical requirement of banks. Credit

risk management processes are sub-divided in to following four parts.

Credit Risk Identification - Credit Risk

Measurement

= Credit Risk Monitoring and Control

Credit Risk Mitigation

Organisation for credit risk management is created with the objective of achieving compatibility in risk and business policies and to

ensure their simultaneous implementation in a consistent manner.

Credit risk measurement is based on credit rating. Credit rating of an account is done with priman objective to determine whether

the account, after the expiry of a given period, would remain a performing asset, i.e., it will continue to meet its obligation to its

creditors, including bank and would not be in default. Acceptability of a rating model is an issue with the regulatory authorities,

rating agencies and other market watchdogs and is tested, based on two counts:

Whether relevant factors (i.e., risk drivers) have been taken into account in the model covering standard rating factors in

the areas of management, financials, past conduct, business-related issues, industry, etc.

Whether rating migration developed, based on the model maps fairly well with market standards, i.e., rating migration

pattern published by rating agencies.

Risk-taking through lending activities needs to be supported by a very effective control and monitoring mechanism, firstly because

this activity is widespread, and secondly, because of very high share of credit risk in the total risk taking activity of a bank. Active

portfolio management is necessary to keep up with the dynamics of the economy.

Loan Review Mechanism is an effective tool for constantly evaluating the quality of loan book and to bring about qualitative

improvements in credit administration. Loan Review Mechanism is used for large value accounts with responsibilities assigned in

various areas such as, evaluating effectiveness of loan administration, maintaining the integrity of credit grading process, assessing

portfolio quality, etc.

Credit risk mitigation is an essential part of credit risk management. This refers to the process through which credit risk is reduced

or it is transferred to counterparty. Strategies for risk reduction at transaction level differ from that at portfolio level.

At transaction level, banks use a number of techniques to mitigate the credit risks to which they are exposed. They are mostly

traditional techniques and need no elaboration. They are, for example, exposures collateralised by first priority claims, either in

whole or in part, with cash or securities, or an exposure guaranteed by a third party. Recent techniques include buying a credit

derivative to offset credit risk at transaction level.

8/10/2019 Points-Caiib

5/7

At portfolio level, asset securitisation, credit derivatives, etc., are used to mitigate risks in the portfolio. They are also used to

achieve desired diversification in the portfolio as also to develop a portfolio with desired characteristic. It must be noted that while

the use of CRM techniques reduces or transfers credit risk, it simultaneously may increase other risks such as legal, operational,

liquidity and market risks. Therefore, it is imperative that banks employ robust procedures and processes to control these risks as

well. In fact, advantages of risk mitigation must be weighed against the risks acquired and its interaction with the bank's overall risk

profile.

Securitisation refers to a transaction where financial securities are issued against the cash flow generated from a pool o f assets.

Generally credit derivatives transfer risks in a credit asset without transferring the underlying asset themselves from the books ofthe originator. Hence, they are off-balance sheet financial instrument and are unfounded.

Terminal Questions

1. Not a type of credit risk? Default risk , Credit spread risk, Intrinsic risk , Basis risk*

2. Risk of a portfolio with over exposure in steel sector will be More than systematic risk

3 How many accounts have suffered rating migration in the following table?

Rating Migration of 100 A Rated Accounts Migration between 31.3.02 and 31.3.03

4. The risk that arises due to worsening of credit quality is Credit spread risk

5. In order to develop our capability to actively manage our credit portfolio one must have in place the

following:

(a) Credit Rating Model (or models for different categories of loans and advances)

(b) Develop and maintain necessary data on defaults of borrowers rating category-wise, i.e.. 'Rating Migration'.

6. The model that combines five financial ratios using reported accounting information and equity

values to produce an objective measure of borrower's financial health is Altman's Z Score

7. A transaction where financial securities are issued against the cash flow generated from a pool of

assets is called Securitization

Let Us Sum Up

Operational risk is one area of risk that is faced by all organisations. More complex the organisation is, more exposed it would be to

operational risk. Operational risk would arise due to deviations from normal and planned functioning of systems, procedures,

technology and human failures of omission and commission. Results of deviation from normal functioning is reflected in the

revenues of the organisation, either by way of additional expenses or by way of loss of opportunities that would be otherwise

feasible. Operational risk may also arise due to inherent faults in systems, procedures and technology, which also impacts

revenues of an organisation adversely. Basel Committee has defined 'Operational Risk' as follows:

"The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events".

Operational risk exists almost everywhere in the organisation, operational risks vary in their components. Some are highoccurrence low value risks, while some are low occurrence high value risks. Operational risks in the organisation continuously

change especially when an organisation is undergoing changes.

The Third Consultative Paper of Basel II suggested classification of operational risks based on events. Event based classifications

are listed below.

1. Internal Fraud

2. External Fraud

Employment practices and workplace safety

3. Clients, products and business practices

4. Damage to physical assets

5. Business disruption and system failures

6. Execution, delivery and process management

8/10/2019 Points-Caiib

6/7

Operational Risk Management Practices may be based on Basel II document, which provides guideline in the matter of operational

risk management practices by way of certain principles that should gover the process. This is called 'Sound Practices for the

Management of Operational Risks'.

These principles assume importance particularly in the context of banks, as adherence to standar practice is the qualitative

requirement of Basel II. The prescribed capital treatments under Basel II ar subject to adherence to achieving qualitative standards

in controlling and managing operational risk. I fact, supervisors have necessary mandate to prescribe additional capital in case

qualitative standards ar not up to their satisfaction.

Operational Risk Management Practices should be based on a well laid out policy duly approved at th board level that

describes the processes involved in controlling operational risks. It should meet th standards set in terms of the

activities should be in place. The policies and procedures should ais be communicated across the organisation.

The policy should cover

Operational risk management structure

Role and responsibilities

Operational risk management processes

= Operational risk assessment/measurement methodologies

Operational risk measurement is by far the most difficult of all risk measurements. Behaviour pattern e operational risk does not

follow the statistically normal distribution pattern and that makes it difficult fi estimate the probability of an event resulting in losses.The historical loss distribution pattern, whic may provide a method to estimate operating losses require a data set that has

statistically acceptabi numbers of loss, related data and that could be captured only over a period. Basel II has recognised ft

difficulties in measurement of operational losses. Consequently, it has provided options in the measuremeri of operational risk for

the purpose of capital allocation purposes. They are:

!. The Basic Indicator Approach

2 - The Standardised Approach

3. Advanced Measurement Approaches (AMA)

A generic approach in estimated level of operational risk could be based on

Estimated probability of occurrence

Estimated potential financial impact

= Estimated impact of internal controls

Operational Risk Mitigation basically lies in the qualitative approach in operational risk framework adopted and its implementation.

Insurance cover, where available, may provide mitigation of risks. Capital allowance under insurance is available only where AMA

has adopted estimating capital for operational risk and is subject to certain conditions.

"Under the AMA, a bank will be allowed to recognise the risk mitigating impact of insurance in the measures of operational risk

used for regulatory minimum capital requirements. The recognition of msurance mitigation will be limited to 20% of the total

operational risk capital charge calculated under the AMA. A bank's ability to take advantage of such risk mitigation will depend on

compliance with the few criteria."

Scenario analysis is also desirable in management of operational risks. Basel II provides necessary guidelines on scenario

analysis. A bank must use scenario analysis based on expert opinion in conjunction with external data to evaluate its exposure to

high-severity events. In addition, scenario analysis should be used to assess the impact of deviations from the correlation

assumptions embedded in the bank's operational risk measurement framework, in particular, to evaluate potential losses arising

from multiple simultaneous operational risk loss events.

Integrated Risk Management

Risk management is a basic necessity for financial institutions of all sizes, and ultimately central to their success and survival. It

integrates an organisation's internal and external business processes by applying standard risk terminology, metrics and reporting

to facilitate optimal risk/return decisions. An integrated approach to risk management centralizes the process of supervising risk

exposure so that the organisation can determine how best to absorb, limit or transfer risk it is an ongoing business process that

calls for standard definitions and methods to identify measure and manage risk across all business units. This information can then

be analyzed to determine the overall nature of organizational risk exposures, including their correlation, dependencies and offsets.

When properly implemented, Integrated Risk Management:

Aligns the strategic aspects of risk with day-to-day operational activities.

8/10/2019 Points-Caiib

7/7

Facilitates greater transparency for investors and regulators.

Enhances revenue and earnings growth. Controls downside risk

potential.

Implementation of Integrated Risk Management has challenges. They are its Real -Time concern, business Challenges and cultural

issues. The Process of Integrated Risk Management consists of

Strategy: Integration of risk management as a key corporate strategy.

= Organisation: Establishment of the Chief Risk Officer position with his/her accountability to the board of directors.

Process: The process of identifying, assessing, controlling and financing risk must be common across the wholeenterprise.

Systems: Risk management systems must be developed to provide information and analytical tools to support the

Enterprise Risk Management functions

1.Operational Risk arises from - Inadequate or failed internal processes , People and systems ,External events

2. The third Consultative Paper recommended for For operational risk. Event based classification

3. Benefits of integrated risk framework are

a) To relate capital and reserves more effectively to their actual level of risk exposure.

b) To evaluate pricing decisions and product profitability

c) In making risk transfer decisions

4. Rewards of proper management of operational risks are Lesser risk capital , Cost reductions in operations ,Competitive edge

5. Given the following

Probability of occurrence = 4

Potential financial impact = 4

Impact of internal controls = 0%

What is the estimated level of operational risk? 4

6. What is the beta factor for corporate finance under Standardised approach? 18%