rizwan chughtai. risk exposure arising from business activities need to effectively manage because...

Rizwan Chughtai

Risk exposure arising from business activities

Need to effectively manage because of Potential business losses Ensure business continuity

Wider and/or complex risk requires more prudent management

Risk appetite determines risk exposure

Optimize risk-reward trade-off rather than minimize/eliminate risk.

Risk taking is inherent activity but neither engage in business with unnecessary

risk nor absorb risk that can be transferred Regulatory Case vs Business Case

Strategic Level Encompasses senior management and BOD

Macro Level Within a business area or across business

lines Micro Level

‘On-the-line’ risk management

Need to have properly structured RM

Introduced in 2003 (BSD Circular 7 of 2003)

Issued to enable financial institutions to establish their own RM procedures

Provide an overview of actions and not intended to detail every control procedure

Flexible and adaptable with the size and complexity of business

Areas covered Credit Risk Market Risk Liquidity Risk Operational Risk

Certain basic principles for risk management applicable to all institutions irrespective of size and complexity

Board and senior Management oversight“The overall responsibility of risk management

vests in the Board of Directors, which shall formulate policies in various areas of operations of the bank. The senior management is, interalia, responsible for devising risk management strategy and well-defined policies and procedures for mitigating/controlling risks, which should be duly approved by the Board. The senior management is also responsible for the dissemination, implementation, and compliance of approved policies and procedures.”

Integration of Risk Management“At operational level, risk assessment may be made

on portfolio or business line basis, however, at the top level the management need to adopt a holistic approach in assessing and managing risk profile of the bank.”

Business Line Accountability“Irrespective of a separate risk review or

management function individuals heading various business lines or units are also accountable for the risk they are taking.”

Risk Evaluation/Measurement“Wherever possible risks should be

quantitatively measured, reported, and mitigated.”

Independent review“The risk review function should be independent

of those who approve and take risk. The review should include, interalia, stress tests exposing the portfolio to unanticipated movements in key variables or major systemic shocks.”

Contingency planning“Banks should have contingency plans for any

unexpected or worst case scenarios.”

• The individuals who take or manage risks clearly understand it.

• The organization’s Risk exposure is within the limits established by Board of Directors.

• Risk taking Decisions are in line with the business strategy and objectives set by BOD.

• The expected payoffs compensate for the risks taken

• Risk taking decisions are explicit and clear.• Sufficient capital as a buffer is available to

take risk.

Board and Senior Management Oversight BoD to approve credit risk strategy and other

significant policies SM to develop and establish credit risk policies

& credit administration procedures and guide staff

Setting up appropriate organization structure and specify duties/responsibilities

Credit management discipline

Credit Origination Assess risk profile before extending credit Cash flows and repayment capacity Appropriate utilization of credit

Limit Setting Credit Administration

Documentation, Disbursement, Monitoring, Repayment, Credit Files, Collateral Documents

Measuring Credit Risk Internal Risk Rating Rating Review Credit Risk monitoring & Control Risk Review Delegation of Authority Managing Problem Credits

Board and Senior Management Oversight Organizational Structure Risk Management Committee Asset-Liability Committee Middle Office Risk Measurement

Interest Rate, Foreign Exchange, Equity

Risk Measurement Repricing Gap Models Measuring Risk to Economic Value Value at Risk

Risk Limits Gap Limits Factor Sensitivity Limits

Board and Senior Management Oversight Early warning indicators of liquidity risk Liquidity Risk Strategy

Composition of Assets & Liabilities Diversification and Stability of Liabilities

ALCO/Investment Committee Liquidity Risk Management Process

Liquidity Risk Measurement & Monitoring Contingency Funding Plans (CPF) Use of CPF for Routine Liquidity Management Use of CPF for Emergency & Distress

Environment Cash Flow Projections Liquidity Ratios and Limits

Operational Risk Management Principles Ultimate accountability with BoD BoD to ensure effective & integrated OpRisk

Management Framework BoD and SM to identify and define all

categories of Operational Risk Document and communicate OpRisk policies

and procedures Integrated business and support functions Diligence of business line

Risk Assessment and Quantification Risk Management and Mitigation Risk Monitoring

Key Risk Indicators (KRIs) Risk Reporting Establish Control Mechanism Contingency Planning

Guidelines in 2004 (BSD Circular 7 of 2004) Properly designed and strictly enforced

system of internal controls helps: protect the organization’s assets and

profitability from operational losses and frauds and forgeries

produces reliable financial and management reports

helps compliance with laws and regulations creates value for the stakeholders

• BSD Circular 13 of 2004• Need for comprehensive BCP arrangements• Key considerations

– Responsibility– Components of BCP– Critical Business Line– Geographic Concentration– Centralization of Operations– Recovery Time Targets– Testing– Updation and Validation– Compliance

• Need to have synchronized and adhesive policies covering different areas

• Consolidated instructions on policy framework (BSD Circular 3 of 2007)– Minimum Areas• Risk Management Policy • Credit Policy• Treasury & Investment Policy• Internal Control System and Audit Policy• I.T. Security Policy • Human Resource Policy• Expenditure Policy• Accounting & Disclosure Policy

• BSD Circular 17 of 2008• ICAAP supplements quantitative risk

assessment in Pillar-1 of Basel II• ICAAP is set of policies, methodologies,

techniques, and procedures to assess the capital adequacy requirements in relation to the bank’s risk profile and effectiveness of its risk management, control environment and strategic planning

Elements of ICAAP Board and senior management oversight Sound capital assessment Comprehensive assessment of risks Monitoring and reporting Internal control review

Core for every angle of Risk Management