Risk Management in Banks

A Project Report

Presented to

Dr. Chandan Das Gupta

Faculty Member

SVKMS NMIMS University

Mumbai

On

March 13, 2008InPartial fulfillment of the academic requirements for the

MBA (Core) Programme

ByMs. Neetika Rajpal (123)

PREFACE

The world of finance has always had an intuitive understanding of risk. Emergence of Risk management in the financial sector especially in the banks following the aggressive push given to De-regulation and Liberalization of Indian banks provides a challenging field of knowledge involving almost every aspect of a commercial bank. The risks that emerge from the increased variety and complexities of banking business, as well as from the various new drivers of growth has pushed the contours of risk management in banks much beyond what would probably have existed in the more traditional forms of banking activity of accepting deposits and lending in relatively stable environments. Internationally, the last two decades or so have witnessed significant changes in the profile of the banking sector, as well the nature of risk management in banks. What perhaps has changed the nature of risk management, particularly are, inter-alia, advances in technology that have aided quantitative approaches to risk management, like models etc., and the increasing volumes of transactions in derivatives and other structured products that are so complex that they are often labeled exotic. India too has responded to this change, tempered with a gradualist, non disruptive approach, that has stood us in good stead over the years.Mumbai, March 13, 2008Neetika Rajpal

ACKNOWLEDGEMENT

I express my sincere gratitude to Dr. Chandan Das Gupta for extending his valuable help, support and guidance to mould my efforts in the shape of this project. The framework and manner of study prescribed by him has helped me to achieve the true objectives of my research.I extend a warm thanks to my alma mater, the institution which made it possible for me to work on this project, in the form of a final opportunity to carry out a meaningful research before I bid farewell to the institute and move into the highly competitive corporate world.I also thank all my peers for their constant support and encouragement throughout this project.Neetika Rajpal

EXECUTIVE SUMMARY

Risk is inherent in any walk of life in general and in financial sector in particular. Till recently, due to regulated environment, banks could not afford to take risks. But of late banks are exposed to a lot of competition and hence are compelled to encounter various kinds of financial and non-financial risks. With growing competition and fast changes in the operating environment impacting the business potentials, banks are compelled to constantly monitor and review their approach to credit, the main earning asset in the balance sheet. With compulsions at peer level in the international standards, the Reserve Bank of India as the central bank has been emphasizing, in the recent years, on risk management and recently, issued a timely warning to bank managements to focus on the efforts for installing effective systems for control of risks, through calling for certification regarding compliance on these aspects.

The rationale for such a proactive and pre-emptive approach is the difference in the objectives of bank and those of regulatory authorities. Expected profitability is a major incentive for taking risks. Individual banks risk creates systematic risk, the risk that the whole banking system fails. Systematic risk results from the high interrelations between banks through mutual lending and borrowing commitments. The failure of a single institution generates a contagion risking the failure of all banks that have ongoing commitments with the defaulting bank.

There are three main categories of risks: Credit Risk, Market Risk and Operational Risk.Credit risk is the first of all in terms of importance. Default risk, a major source of loss, is the risk that customer default, meaning that they fail to comply with their obligations to service debt. Default triggers a total or partial loss of any amount lent to the counter party. Credit risk is also the risk of a decline in the credit standing of an obligor of the issuer of a bond or stock. Such deterioration need not imply default but its probability definitely increases. The view of credit risk differs for the banking portfolio and the trading portfolio.

The major credit risk components are exposure, likelihood of default, or of a deterioration of credit standing, and the recoveries under default. Scarcity of data makes the assessment of these components a challenge. Modeling default probability directly with credit risk models remained a major challenge, not addressed until recent years. A second challenge of credit risk measurement is capturing portfolio effects. Given its importance to banks, it is not surprising that banks, regulators and model designers made a lot of effort to better identify the relevant inputs for valuing credit risk and model diversification effects with portfolio models. Accordingly, a large section of this report addresses credit risk modeling.

Market Risk may be defined as the possibility of loss to bank caused by the changes in the market variables. It is the risk that the value of on/off-balance sheet positions will be adversely affected by movements in equity and interest rate markets, currency exchange rates and commodity prices. Market risk is the risk to the bank's earnings and capital due to changes in the market level of interest rates or prices of securities, foreign exchange and equities, as well as the volatilities, of those prices. Market risk management provides a comprehensive and dynamic frame work for measuring, monitoring and managing liquidity, interest rate, foreign exchange and equity as well as commodity price risk of a bank that needs to be closely integrated with the bank's business strategy.

Operational risk involves breakdown in internal controls and corporate governance leading to error, fraud, and performance failure, compromise on the interest of the bank resulting in financial loss. Putting in place proper corporate governance practices by itself would serve as an effective risk management tool. There are not, at present, sophisticated mathematical tools to deal with operational risk. The general principle for addressing operational risk measurement is to assess the likelihood and cost of adverse events. The practical difficulties lie in agreeing on a common classification of events and on the data gathering process, with several potential sources of event frequencies and costs.

Basel II addresses these three risks and suggests different approaches to measure them. The implementation of the new capital adequacy framework- Basel II has been a long and exacting journey in most of the jurisdictions, and so is the case with India. The countries are at various stages of implementation. In India, having regard to the country context and in tune with the overall approach to regulatory reforms, we have adopted a calibrated approach for a phased implementation of Basel II so as to secure a non-disruptive migration to the new framework. In our journey towards the Basel II Framework, the RBI has adopted a three-track approach to capital adequacy regulation in India, with the norms stipulated at varying degrees of stringency for different categories of banks. Similar differentiated approach has been adopted in some other jurisdictions also. This has been a deliberate choice having regard to the size, nature and complexity of operations and relevance of different types of banks to the Indian financial sector, the need to achieve greater financial inclusion and to provide an efficient credit delivery mechanism. Thus, the commercial banks, which account for the lions share in the total assets of the banking system, will be on Basel II standards while the co-operative banks will remain on Basel I norms for credit risk with surrogate measures for market risk. The Regional Rural Banks, on the other hand, which have limited operations in rural areas, will be on non-Basel standards.

The Basel II framework provides significant incentives to banks to sharpen their risk management expertise to enable more efficient risk-return trade offs; it also presents a valuable opportunity to gear up their internal processes to the international best standards.TABLE OF CONTENTS

2PREFACE

3ACKNOWLEDGEMENT

4EXECUTIVE SUMMARY

6TABLE OF CONTENTS

8TABLE OF FIGURES AND GRAPHS

9CHAPTER 1- INTRODUCTION & RESEARCH METHODOLOGY

91.1Defining Risk

101.2The need to manage risk

101.3Research methodology

101.3.1 Research Objective:

111.3.2 Research Methodology:

12CHAPTER 2- TYPES OF RISKS FACED BY BANKS

122.1 Risks faced by banks

122.1.1Broad categories of risk

132.1.2Major risks explained

162.2Increasing risks in banking

18CHAPTER 3- MANAGING THE RISKS

183.1 Importance of risk management

203.2 Key elements of sound risk management

22CHAPTER 4- NEW BASEL CAPITAL ACCORD

224.1Basel I

224.2Basel 2

224.2.1The imperatives for Basel II

234.2.2 Scope of the New Basel Capital Accord

244.2.3 The objectives of Basel II

254.2.4 Structure of the New Capital Accord

29CHAPTER 5- BASEL II: APPROACHES TO MEASURE CREDIT RISK

295.1 The standardized approach for credit risk

295.2 The internal ratings based approach

30CHAPTER 6- BASEL II: APPROACHES TO MEASURE MARKET RISK

306.1 Standardized approach to market risk

316.2 Internal Models approach

32CHAPTER 7- BASEL II: APPROACHES TO MEASURE OPERATIONAL RISK

337.1 Basic Indicator approach

337.2 Standardized approach to operational risk

347.3 Advanced Measurement approaches (AMA)

35CHAPTER 8- RBIs VIEW ON THE NEW CAPITAL ACCORD

358.1 RBIs Suggestions

368.2 Preparatory measures for Basel II Implementation

378.3 The challenges ahead

45CHAPTER 9- FINDINGS AND RECOMMENDATIONS

459.1 Findings

469.2 Recommendations

47ANNEXURE: A- BCBS PRINCIPLES ON CREDIT RISK MANAGEMENT

50ANNEXURE: B- BCBS PRINCIPLES FOR INTEREST RATE RISK MANAGEMENT

53ANNEXURE: C- VALUE AT RISK (VAR)

56ANNEXURE: D- STRESS TESTING

60BIBLIOGRAPHY

61AUTHORS PROFILE

TABLE OF FIGURES AND GRAPHSFigures

12Figure 2.1: Different Risks Faced by Banks

Tables

25Table 4.1: Risk measurement approaches under Basel II

38Table 8.1: Risk Weight for Corporate Loans and Bonds

38Table 8.2: Mapping for Corporate Loans and Bond Ratings and risk weights

39Table 8.3: ICRAs short term ratings and corresponding risk weights

40Table 8.4: Exposures and risk weights calculations

41Table 8.5: Estimation of capital charge for different banks

42Table 8.6: Estimated regulatory capital after providing operational risk capital charge

CHAPTER 1- INTRODUCTION & RESEARCH METHODOLOGY1.1 Defining RiskThe Oxford dictionary defines risk as: Possibility that something unpleasant will happen or Exposure to danger or loss.

Risk primarily has two components: Uncertainty, and Exposure. If both are not present, there is no risk. A synonym for uncertainty is ignorance. We face risk because we are ignorant about the future. Because ignorance is a personal experience, risk is necessarily subjective.

Risk is the fundamental element that influences financial behavior. In its absence, the financial system necessary for efficient allocation of resources would be vastly simplified. In that world, only a few institutions and financial instruments would be needed, and the practice of finance would require elementary analytical tools. But, of course, in the real world, risk is ubiquitous. Much of the structure of the financial system we see serves the function of the efficient distribution of risk. Much of the financial decision-making by households, business, firms, governments and especially financial institutions is focused on management of risk. Measuring the influence of risk, and analyzing ways of controlling and allocating it, requires a wide range of sophisticated mathematical and computational tools.

Risk is inherent in any walk of life in general and financial sector in particular. Till recently, due to a regulated environment, banks could not afford to take risks. But of late banks are exposed to same competition and hence are compelled to encounter various types of financial and non-financial risks. Risks and uncertainties form an integral part of banking which by nature entails taking risks.

The risk management process involves a series of steps: risk identification, risk analysis and evaluation, risk control, risk financing, and risk administration. Each of these steps is dependent upon the other and that the entire process is active, fluid, and constantly changing. Risk management in banking designates the entire set of risk management processes and models allowing banks to implement risk-based policies and practices. They cover all techniques and management tools required for measuring, monitoring and controlling risks. The spectrum of models and processes extends to all risks: credit risk, market risk, interest rate risk, liquidity risk and operational risk, to mention only major areas. Risk is associated with uncertainty and reflected by way of charge on the fundamental/ basic i.e. in the case of business it is the Capital, which is the cushion that protects the liability holders of an institution. These risks are inter-dependent and events affecting one area of risk can have ramifications and penetrations for a range of other categories of risks.

1.2 The need to manage riskA crucial moment in the development of risk management occurred in February 1995 when it was announced that the Barings PLC, the oldest bank in England had lost over GBP600 million and was insolvent as a result of the derivative trading activities of a single trader in Singapore. At the time of its collapse, Barings was known to be very conservative, well capitalized and historically profitable.

The Barings case brought to light that the real issue was not derivatives per se, but the quality of management and control required in modern financial environment. The collapse called into question the strength of existing internal controls in the investment industry and the aptness and adequacy of external monitoring done by the exchanges and regulators. The event demonstrated very clearly that their existing regulatory frameworks were no longer appropriate for the continuously changing and complex market environment. This led to a critical reassessment of the regulatory approach and brought changes in the banking supervision approaches by the Bank of England and other regulators around the world.

The basic rationale for exercising fairly close regulation and supervision of banking institutions, all over the world, is premised on the fact that the banks are "special" for several reasons. The banks accept uncollateralized public deposits, are part of the payment and settlement system, enjoy the safety net of deposit insurance funded by the public money, and are an important channel for monetary policy transmission. Thus, the banks become a keystone in the edifice of financial stability of the system which is a public good that the public authorities are committed to provide. Preventing the spread of contagion through the banking system, therefore, becomes an obvious corollary of regulating the banks to pre-empt any systemic crisis, which can entail enormous costs for the economy as a whole. This is particularly so on account of the inevitable linkages that the banks have by virtue of the nature of their role in the financial system. Ensuring safety and soundness of the banking system, therefore, becomes a predominant objective of the financial regulators. While the modalities of exercising regulation and supervision over banks have evolved over the decades, in tandem with the market and technological developments, the fundamental objective underlying the exercise has hardly changed. Of course, a well-regulated and efficient banking sector also enhances the allocative efficiency of the financial system, thereby facilitating economic growth.1.3 Research methodology1.3.1 Research Objective:The research aims to understand the kinds of risks faced by the banking sector and the current risk management practices in place. The objective is to gain knowledge of the various techniques used in the banking sector to mitigate the risks. The following are the objectives of my research-1. Types of risks faced by banks2. Why risk management is necessary 3. The new Basel Accord for risk management4. Techniques to measure and mitigate these risks as recommended by Basel 25. Problems/limitations faced by banks in managing these risks1.3.2 Research Methodology:As the topic is largely theoretical in nature, I have used secondary research to explore and comprehend how banks manage risks and the changes Basel 2 is expected to bring about. Sources of secondary research:1) RBI circulars and notifications.

2) Various national and international magazines and journals regarding the topic.

3) Various books on the topic.

4) Use of Internet for collecting latest information on the various topics.

CHAPTER 2- TYPES OF RISKS FACED BY BANKS2.1 Risks faced by banksBanks are subjected to a wide array of risks in the course of their operations, as illustrated by the figure below:Figure 2.1: Different Risks Faced by Banks

2.1.1 Broad categories of riskI. Financial

II. Operational

III. Business and

IV. Event risks.

Financial risks in turn comprise two types of risk. Pure risks - including liquidity, credit, and solvency risks - can result in loss for a bank if they are not properly managed. Speculative risks, based on financial arbitrage, can result in a profit if the arbitrage is correct or a loss if it is incorrect. The main categories of speculative risk are interest rate, currency, and market price (or position) risks.Financial risks are also subject to complex interdependencies that may significantly increase a banks overall risk profile. For example, a bank engaged in the foreign currency business is normally exposed to currency risk, but will also be exposed to additional liquidity and interest rate risk if the bank carries open positions or mismatches in its forward book.

Operational risks are related to a banks overall organization and functioning of internal systems, (including computer-related and other technologies); compliance with bank policies and procedures; and measures against mismanagement and fraud.

Business risks are associated with a banks business environment, (including macroeconomic and policy concerns), legal and regulatory factors, and the overall financial sector infrastructure and payment system.

Event risks include all types of exogenous risks which, if they were to materialize, could jeopardize a banks operations or undermine its financial condition and capital adequacy.

2.1.2 Major risks explained

Credit Risk

It arises when the promised cash flow on loan and securities is not paid in full or not paid in time. Traditionally, credit risk management is the primary challenge for banks in developing countries like India and this risk is usually regulated by well laid down loan policies.

The degree of credit risks tolerance is to be managed by the executives through their sagaciously designed policies, procedure and planning. They are to plan, manage and diversify the credit risks in such a combination to enable the institution to avoid high credit volatility. Quality lending is the first and foremost control factor to manage the credit risks. Quality lending does not mean to obtain sufficient collaterals, which is the general perception of the bankers. The lender should evaluate the borrowers proposal in terms of borrowers character and ability to manage the business profitably in the existing economic social and political environment.

Interest Rate RiskIn the recent past, RBI has considerably reduced the regulatory restrictions on banks in respect of Interest on assets and liabilities. Now the net interest income or the net interest margin (NIM) of banks depends on market interest movements. Any mismatch in cash flow of fixed assets and liabilities or reproaching of floating assets and liabilities expose the banks income to interest rate variation. The earning of assets and costs of liabilities are closely related to market interest rate volatility. Hence, the tolerance of impact of unexpected changes in market interest rate to the cost of liabilities and the earnings of assets is called interest rate risk. Mismatch or Gap is created due to different amounts and different maturities of assets and liabilities. It may also be created due to repricing of floating assets or liabilities. This Gap or Mismatch exposed the bank to uncertain changes in the market interest rates. As the composite loan portfolio of bank is funded out of composite liabilities, there is a high interest rate risk to banks due to volatile conditions in the interest rate market.The banks price their floating interest rate assets and liabilities on the basis of treasury bills, yields, call money rates, fixed deposit rates, MIBOR, LIBOR etc. As the market forces may affect the yield curves of these instruments, the banks net interest income will also be affected. Similarly, any significant changes in market interest rates expose the banks profitability to another risk by inducing borrowers to liquidate their cash credit, terms loans, and demand loans or conversely the depositors may withdraw their deposits prematurely. The excess future cash flow of bank is also to be reinvested. As the interest rate market is volatile, this reinvestment is also exposed to the interest rate risk.

To obviate the interest rate risk, the management should identify and quantify the risk. It may be inferred from balance sheet of the bank. To cope with the interest rate risk all related facets of balance sheet should be probed into including gap/mismatch, future cash flow to be reinvested, yield curves, prices of assets and liabilities etc.

Liquidity RiskLiquidity risk is the potential inability of the bank to generate enough cash to cope up with the decline in the deposits or increase in assets. Though liquidity risk originates from mismatching in the maturity patterns of assets and liabilities, there are obvious relationships between interest rate risk and liquidity risk.

The risk that a sudden change in liability withdrawals may compel a bank to liquidate assets in a very short period of time thereby, incurring loss in liquidity risk. Banks can protest the liquidity position by controlling mismatches in assets and liabilities, focusing on core deposits and achieving wide client base. Since banks assets and liabilities comprise large number of deposit/loan accounts with varied maturity and different risk profiles, they have to strike a reasonable trade off between retaining excess liquidity and being grossly illiquid.

Legal RisksThis kind of risk arises due to legal ramification of transaction, counter party etc. To overcome; awareness is required on banking law, constitutional aspect like environmental and labor laws etc.

Market Risks

It arises when banks actively trade/ hold assets and liabilities and when the adverse movements in market rates affect the face value of its assets/ liabilities. Basically the impact of market risk is observed in the movements of portfolio value. There is a strong relationship between interest rate risk and market variables.

Off Balance Sheet Risk

The risk incurred due to activities related to contingent assets and liabilities is termed as off balance sheet risk. Off balance sheet activities affect the future shape of banks balance sheet as they involve the creation of contingent assets and liabilities. The ability to earn the fee based income while not expanding balance sheet footings is the important factor for the bank to expand off balance sheet items, although this activity is not risk free.

Technology and Operational Risk

Technology risks occur when technological investments do not produce the anticipated cost savings. Operational risks surface when the existing technology or support systems break down or fail. The other two dimensions of technology risks are economies of scale and economies of scope. While economies of scale mean the ability of the bank to lower its average cost of operations by expanding the output, economies of scope relate to banks ability to generate cost synergies by producing more than one output for the same input.

Foreign Exchange Risk

The impact of adverse movement of exchange rate on the banks foreign exchange assets & liabilities is termed as foreign exchange risk. The risk is evident when the banks hold in their portfolio, foreign exchange assets & liabilities of various maturities & in different currencies.

Country or Sovereign Risks

When banks lend against assets in foreign countries they are exposed to country or sovereign risks. Sovereign risks arise when repayment from foreign borrowers are blocked by foreign governments for various reasons including externalization problems.

Commodities risk

This is not relevant for banks in India, as banks are not allowed to trade in commodities.

Capital Risks

Maintaining adequate capital on continuous basis is necessary to ensure that bank has capital to assimilate losses occurred due to normal business risks. RBI has issued stringent guidelines in recent past on maintaining the capital adequacy by banks. Narasimhan committee has recommended that Capital Adequacy norms should be raised in stages to strengthen the health of the banking industry.

Capital risk means the risk of erosion of capital due to losses.

Systemic Risk

Banks are highly inter-related with mutual imbricated commitments. Hence the failure of one institution generates a risk of failure for those other banks, which have committed funds with the defaulting bank. It arises out of industry specific issues like competition, technology risk, business environment, regulatory environment etc.

Equity risk

Equity risk is the risk of loss on account of changes in market prices while holding positions in an individual equity.

Reputation Risk

The risk to earnings or capital that results from negative public opinion of the bank is known as reputation risk.

Solvency Risk

Solvency risk is the risk of being unable to cover losses, generated by all types of risks, with the available capital. Solvency risk is, therefore, the risk of default of the bank. The solvency risk is critical for regulators. The fundamental issue of capital adequacy is to define what level of capital should be associated with the overall risk to sustain an acceptable solvency level.

Effective management of all the above-mentioned risks will determine the success or failure of an institution.2.2 Increasing risks in banking Innovation, Deregulation and Globalization are increasing the risks in Banking. Rapid innovations in financial markets and the internationalization of financial flows have changed the face of banking almost beyond recognition. Technological progress and deregulation have both provided new opportunities for and increased competitive pressures among Banks.

The shift to flexible exchange rates in the late 1960s led to more volatility in exchange rates. As volatility increased, financial markets began to offer a new breed of securities, that is, derivatives such as futures and options, to allow institutions to hedge their exposure to currency fluctuations. The increase in inflation in early 1970s and the advent of floating exchange rates soon began to generate interest rate instability. Again, the markets responded by offering new derivative products to hedge and manage these new risks. Banks found themselves increasingly engaged in risk intermediation and less in traditional maturity intermediation. Banks also started to innovate and offer new customized derivatives instruments, known as Over-the-Counter (OTC) products that both compete with and complement traded derivatives. Banks were becoming more involved in developing new instruments, products and services, and techniques. A prime motivation for innovation has been the introduction of prudential capital requirements.

Traditional banking practice - based on the receipt of deposits and the granting of loans - is today only one part of a typical banks business, and is often its least profitable. New information-based activities, such as trading in financial markets and income generation through fees, are now becoming the major additional sources of a banks profitability. Financial innovation has also led to the increased market orientation and marketability of bank assets, in particular through the introduction of concepts such as loan swaps and sales. This process has been achieved using assets such as mortgages, automobile loans, and export credits as backing for marketable securities, a process known as securitization. Profits associated with some of these instruments are high, and like the financial markets from which they are derived are also highly volatile, and they thus expose banks to new or higher degrees of risk. Today, more general concern exists that financial innovation in banking, especially with regard to off-balance-sheet instruments, may have the effect of concentrating risk and increasing volatility within the banking system as a whole. This is particularly true in the case of currency and interest rate risk. The correlation between different types of risk, both within an individual bank and throughout the banking system, has increased and become more complex. Internationalization and deregulation have increased the possibilities for contagion, as evidenced by the spread of financial crises from Thailand to the rest of Southeast Asia, to East Asia, Eastern Europe, and South America in the late 1990s, and by their effect on banking systems in the rest of the world. The evolution of banking systems and markets has also raised important macro prudential concerns and monetary policy issues. These developments have increased the need for and complicated the function of risk measurement, management, and control.

The increased exposure of banks to risks also presented new challenges to bank supervisors with respect to the structuring of their ongoing supervision. In response, supervisors have developed new methods and processes for monitoring and assessing banks on an ongoing basis. Particular attention is being paid in this regard to improving the quality of bank examinations and to the development of systems that can assist supervisors and examiners in identifying changes, particularly deterioration, in banks financial condition as early as possible. Amongst the various new initiatives that have been taken or are being taken in this respect are the development of more formal, structured and quantified assessments not only of the financial performance of banks but also of the underlying risk profile and risk management capabilities of individual institutions. Collectively these various new approaches can be termed supervisory risk assessment and early warning systems.

CHAPTER 3- MANAGING THE RISKS3.1 Importance of risk management Risk management is more than a regulatory reporting and compliance exercise; it is a necessary risk-reducing tool to promote long-term profitability and stability of the firm and enhance the competitive advantage of firms.

Good internal models provide timely information on how much risk the bank is taking in order to achieve specific business objectives. Internal models must also allow banks to compare and select, on a timely basis, from among the alternative business opportunities or strategies not solely from the profit angle but also from a risk standpoint.

As financial markets progress towards the market transparency mechanism that is promoted under Pillar 3 of Basel 2, risk management will be seen as a potential differentiator and a source of competitive advantage. Ultimately, it will reward banks that manage their risks effectively, and penalize those that do not. Good risk management practice is thus even more essential for banks to maintain competitiveness over the long run.

Corporate governance is not a mere risk compliance measure; it is vital to the institutions health.As far as the banking industry is concerned, corporate governance relates to the manner in which businesses and affairs of the individual banks are directed and managed by the board of directors and senior management. It provides the structure though which the objectives of the institutions are set, the strategy of attaining those objectives is determined and the performance of the institution is monitored.Corporate governance is essential to the institutions health. It seeks to meet legal requirements and uphold fiduciary responsibilities to investors, creditors and depositors. It attracts and retains good senior management, officers and employees. It also makes the organization attractive to investors, clients and business partners.Equally important, corporate governance reduces exposure to reputational risks or the potential that a negative publicity regarding an institutions business practices will cause a decline in the customer base or lead to costly litigation.

Risk management matters are necessary parts and parcel of sound strategic planning.The need to include risk management in strategic planning cannot be overemphasized as a lot of banks have got into trouble where the root cause can be traced to inconsistencies between the banks strategic goals and risk management objectives or simply the lack of risk management objectives.Sound strategic planning should involve not only setting targets such as revenue, assets under management, and the number of new accounts, but also include the establishment of control and risk management systems.

Specifically strategic planning should lead to an objective assessment of the institutions risk profile and highlight areas of strengths and weaknesses. It should help the firm determine the risks it wants exposure to, the risk it cannot avoid, risks that the firm is not prepared to face and the risks it can reduce.Strategic planning should involve the use of internal risk assessment as such could uncover natural hedges, or counter cyclicality, that exist across different businesses of a firm. Such knowledge helps the firm focus on its net exposures and more effectively allocate resources.Risk assessment often results in a better understanding of the internal and external environment, which can be a source of competitive advantage by the uncovering of business opportunities or the early assessment of threats which in turn allow the firm to have competitive lead over less informed competitors.

Stress testing enhances management of risks.Banks can prepare for risks well in advance it if they know how it would impact on them, if and when it comes, and plan in advance the right level of resources to withstand it. They can do this if they have the capability to perform on a regular basis, the suitable stress testing and scenario analyses.

A proactive risk culture must exist in an institution to ensure effective risk managementA proactive risk culture means there is awareness of risk within an institution which permeates the actions and words of all the members of the firm. This can be done through regular risk awareness activities, education, open communication lines among units/groups concerned, and continuous interaction with senior management.When considering the importance of risk culture, it may be asked why some firms fared better than others at risk management. Nick Leesons actions at Barings would have been less likely if a meaningful risk culture had been in place which institutionalized management oversight, upheld segregation of duties, and permitted closer monitoring of the trading in books that appeared to be profitable. Risk culture is important today because the complexity of modern financial instruments makes it possible for even a single, unsupervised trader to gamble and lose the entire capital of a firm.3.2 Key elements of sound risk managementAlthough, models are critical to understanding the nuances of risks embedded in complex financial transactions and portfolios, sophisticated techniques cannot be relied upon without the proper risk-management foundation. Integral to this foundation are timely and accurate information and the will and ability to act on it. Since the fortunes of even the most technically sophisticated financial institutions ultimately depend on the decisions and judgments of individual managers and traders, senior management must ensure that the right incentives are in place so that risk taking is appropriately captured in business-line performance evaluation and employee compensation. Senior management must understand the risks assumed by each individual business line and communicate the firm's strategy and risk appetite back down to those business lines. At the same time, senior management must send each business-line manager clear signals about which risk levels are tolerable and which practices are not acceptable. In this way, information and incentives are threads of sound risk management that must be woven into the fabric of each firm's management culture.

Enterprise-wide risk assessments A good risk-management structure must encompass risks across the entire firm, gathering and processing information on an enterprise-wide basis in real time. Good information is the lifeblood of sound risk management. In short, it is vital to know the risks to be able to manage them. Managers of financial institutions need to ensure that they fully understand the risks assumed by each of their institutions' business lines, and for that they need high-quality information both qualitative and quantitative. Aggregating information across a large, diversified financial institution is not easy and should be done with appropriate care and with adequate resources for checking timeliness and veracity. Risk managers should live by the adage "Trust but verify," being careful not to rely on assessments or data from others without conducting proper due diligence.

It is also worth noting that financial institutions should gather a wide range of relevant information before they see market troubles brewing. In other words, scrambling for information once turbulence sets in is not good practice. Understanding a firm's true risk exposures requires examining not just risks on the balance sheet, but also off-balance-sheet risks that are sometimes more difficult to identify and often not so easy to quantify. Latent risks from certain complex products and certain risky activities should be properly recognized, because they can manifest themselves when market turbulence sets in. Stress testing and scenario analysis are of paramount importance here.

Even when risks are properly identified and measured, that information needs to be presented to senior management and to others in the firm who can use it in their decision making, and presented in a timely way. In other words, information should be adequately distributed both vertically and horizontally. Adequate distribution of information allows for an enterprise-wide perspective on risks that affect the whole organization. Information must be provided up to senior management, but their views and analysis then must be sent back down through the business lines. To put it another way, institutions should develop an "information circulatory system" to ensure the flow of information that is crucial to the health of the firm.

Governance structure To ensure sound risk management, boards of directors and senior management at financial institutions must also establish overall governance and control structure that is credible, robust, and consistent throughout the firm. It is critical that senior management set the tone at the top, communicate it, and lead by example. This strategy should be clearly articulated and should be recognizable in the actions of the firm's employees. Business lines should be held equally accountable and there should not be any special treatment for "star" employees, even if they are bringing sizable revenues into the institution in a particularly year.

While certain financial institutions may choose to conduct business on a decentralized basis, they must always remember that in the end the exposures and obligations are rolled up and combined into one consolidated legal entity. In addition, the institution's commitment to and emphasis on risk management should be eminently visible both within and outside of the organization. For example, the firm should demonstrate that its risk managers have direct access to top management and play a key role in decision making. They also must be able to speak authoritatively about the risk profile and risk-management strategy of the whole organization to market participants and counterparties.

Durability of risk-management structures Risk-management structures are successful only if they are sturdy and durable. These structures and their associated strategies should be embedded in the firm's culture and not be dependent on just one or a few people. They should be part of the fabric of the organization, not just a few catchy phrases repeated from time to time. For example, understanding and living up to the firm's risk-management standards should be a prerequisite for advancement to a senior management position. Effective risk management remains sturdy and durable only if supported by strong and independent risk functions that produce unbiased information. Having independent risk managers with a certain amount of authority allows for clear, dispassionate thinking about the entire firm's risk profile, with no favoritism toward any business unit. Senior management should encourage risk managers to dig deep to uncover latent risks and point out cases in which certain business lines are assuming too much risk.

Ensuring adherence to risk-management practices Any successful organization needs to develop appropriate mechanisms to ensure adherence to and sustainability of its risk-management structures, and incentives structures are a key mechanism for this purpose. Appropriate incentives reward good behavior and penalize inappropriate behavior. Of course, incentives work best when they are known well in advance, that is, when they serve as ex ante signals of what should and should not be done. Naturally, in very large organizations it is difficult for senior management to monitor each individual, so incentives need to be consistent, permeate even the lowest levels of the organization, and remind each individual that his or her risk-taking affects the whole enterprise. CHAPTER 4- NEW BASEL CAPITAL ACCORD4.1 Basel I

The role of capital in a bank is to act as a buffer against unidentified losses in future, and thereby protect the interests of the depositors. Hence, the amount of capital held by a bank must cover unexpected losses. In 1988, a common minimum framework was introduced across countries to determine appropriate capital levels for banking institutions. The Basel Committee on Banking Supervision (the Committee) gave this framework, known as the 1988 Basel Accord. The underlying principle of the Accord is that institutions should hold a minimum level of capital that is linked to the risks to which they are exposed.

The 1988 Accord requires that banks maintain a ratio of capital to risk weighted assets of at least 8%. The definition of capital is broadly set in two tiers. Tier I consists of shareholders equity and disclosed reserves. Tier II comprises supplementary capital and includes undisclosed reserves, revaluation reserves and general provisions. It also includes hybrid debt instruments and subordinated debt. The Accord also specifies that at least 50% of a banks capital must be Tier I capital which means that Tier II capital should not exceed 100% of Tier I capital. A portfolio approach is taken to measure risk with assets classified into four buckets (0%, 20%, 50% and 100%) according to the debtor category. Techniques are also specified for converting off-balance sheet exposures such as guarantees, commitments, etc. into on-balance sheet equivalents using credit conversion factors which are then weighted according to the counterpartys risk weighting.

During the 1990s, the Accord became an acceptable world standard with over 100 countries applying it to their banking system. By subjecting all the banks to a common risk measurement framework, the Accord ensured securing the goals of simplicity, comparability and verifiability.

4.2 Basel 2

4.2.1 The imperatives for Basel IIWith the passage of time, it was realized that the Basel I framework had several limitations. The limitations related mainly to the underlying approach as also a less-than-comprehensive scope of the Accord in capturing the entire risk universe of the banking entities.

They are follows:

It adopts a one-size-fits-all approach to assessing risk, i.e. it attempts to monitor the soundness of banks by using a common standardized risk measurement framework. It is argued that capital adequacy must vary according to the quality of banks assets, the competence of its management and the environment in which it operates.

The risk measurement framework does not generate a capital advantage for banks that have well-diversified portfolios. The theory of finance indicates that such banks should be treated as less risky compared to the banks with concentrated portfolios.

There is lack of differentiation between different kinds of private sector customers. This means that a loan to a blue-chip multinational and a loan to a small enterprise carry the same weight (100%).

It is concerned primarily with credit risk and ignores other important risks to which the banks are exposed, e.g. operational risk.

It does not sufficiently recognize credit risk mitigation techniques such as collateral and guarantees. Also, financial innovations such as securitization and credit derivatives are not captured in the framework.

The different risk weightings assigned to the Organization for Economic Co-operation and Development (OECD) and non-OECD members are criticized on the grounds that they are arbitrary and politically motivated. Mexico and Korea are examples of countries suffering from severe financial crises subsequent to being admitted to the OECD.

In January 1996, an amendment was made to the Accord to incorporate market risks. For the first time, the banks were allowed to use their own systems to measure their market risks. Due to technological developments and innovations in the financial markets, the Committee decided that more fundamental changes were required in the Accord. Therefore, in June 1999, it released a proposal to replace the 1988 Accord with a more risk-sensitive framework. This proposal was known as the First Consultative Package on the New Accord. More than 200 comments were received on it. Reflecting those comments, the Second Consultative Package was published in January 2001.

The new framework intends to improve safety and soundness in the financial system by placing more emphasis on banks own internal control and management, the supervisory review process and market discipline.4.2.2 Scope of the New Basel Capital Accord

The New Basel Capital Accord (the New Accord) will be applied on a consolidated basis to internationally active banks.

The scope will be extended to include, on a fully consolidated basis, holding companies that are parents of banking groups. Banking groups are groups that are predominantly engaged in banking activities.

In case of a bank that owns an insurance subsidiary, its investment therein will be deducted while measuring regulatory capital.

Significant minority-owned equity investments in non-insurance financial entities, where control does not exist, will be excluded from the banking groups capital by deduction of equity and other regulatory investments. The Committee has stipulated that reciprocal cross-holdings of bank capital artificially designed to inflate the capital positions of banks will be deducted for capital adequacy purposes.

4.2.3 The objectives of Basel IIIn order to better appreciate the impact of Basel II on the banking industry, it is worth recalling the objectives of the Basel Committee regarding the overall level of capital requirements. According to the revised framework, issued in June 2004:

The objectives are to broadly maintain the aggregate level of minimum capital requirements, while also providing incentives to adopt more advanced risk-sensitive approaches of the revised framework.

Governor Susan Schmidt Bies of the Federal Reserve System of the USA has described the objectives of Basel II in the following words:

The major objectives of Basel II include creating a better linkage between the minimum regulatory capital and risk, enhancing market discipline, supporting a level playing field in an increasingly integrated global financial system, establishing and maintaining a minimum capital cushion sufficient to foster financial stability in periods of adversity and uncertainty, and grounding risk measurement and management in actual data and formal quantitative techniques. Let me emphasize that last objective, since it is often overlooked. Critical to Basel II is the effort to improve risk measurement and management, especially at our largest, most complex organizations.

Thus, it would be reasonable to infer that the main focus of the new framework is on providing the right incentives to the banks to adopt data-based, quantitative risk management systems to be able to adopt the advanced risk-sensitive approaches of the revised framework, which, in turn, would contribute to systemic and financial stability. Hence, inducing the adoption of advanced risk management systems by the banking institutions would seem to lie at the heart of the new framework.

4.2.4 Structure of the New Capital Accord

The New Capital Accord is based on three complementary elements or pillars. Pillar 1 covers regulatory capital requirements for credit, market and operational risk. Pillar 2 comprises the supervisory review process, which intends to ensure that each bank has sound internal processes in place to assess its capital adequacy. Pillar 3 emphasizes the potential for market discipline to reinforce capital regulation and other supervisory efforts in promoting safety and soundness in banks.Pillar 1: Minimum Capital RequirementsThe first pillar sets out the total minimum capital requirements for credit, market and operational risk. The proposals are based on fundamental elements of the 1988 Accord viz. a common definition of regulatory capital and minimum ratio of capital to risk weighted assets of 8 %. The revision focuses on improvements in the measurement of risks. The new framework proposes a measure for operational risk for the first time.

In calculating the capital adequacy ratio, the denominator will consist of three parts: the sum of all risk-weighted assets for credit risk, plus 12.5 times the sum of the capital charges for market risk and operational risk. Thus,

Capital Adequacy = Total capital (Tier I + II + III) = 8% (minimum)

Credit risk + Market risk + Operational risk

Tier III capital mainly consists of short-term subordinated debt and shall be applicable only for calculation of capital charge for market risks. To be eligible as Tier III capital, the short-term subordinated debt must be unsecured, fully paid-up and have an original maturity of at least two years. This capital should not exceed 250% of banks Tier I capital required to support market risks.

The approaches suggested for measurement of risks are as follows, of which approaches for measurement of Market and Credit Risk are explained simultaneously, while that of Operational Risk is detailed later in the report under the head Operational Risk:

Table 4.1: Risk measurement approaches under Basel IICREDIT RISKMARKET RISKOPERATIONAL RISK

Standardized ApproachStandardized ApproachBasic Indicator Approach

Foundation Internal Rating

Based ApproachInternal Models ApproachStandardized Approach

Advanced Internal Rating Based ApproachAdvanced Measurement Approach

Pillar 2: Supervisory Review ProcessThe supervisory review process of the New Accord encourages banks to develop and use better risk management techniques in monitoring and managing their risks. The Committee recognizes that it is the responsibility of bank management to ensure that the bank has adequate capital to support all the risks in its business. Supervisors are expected to evaluate how well banks are assessing their capital needs.

The Committee has identified four key principles of supervisory review. These are:

Principle 1Banks should have a process for assessing their overall capital adequacy in relation to their risk profile and a strategy for maintaining their capital levels.

Principle 2Supervisors should review and evaluate banks internal capital adequacy assessments and strategies as well as their ability to monitor and ensure their compliance with regulatory capital ratios. Supervisors should take appropriate action if they are not satisfied with the results of this process.

Principle 3Supervisors should expect banks to operate above the minimum regulatory capital ratios and should have the ability to require banks to hold capital in excess of minimum.

Principle 4Supervisors should seek to intervene at an early stage to prevent capital from falling below the minimum levels required to support the risk characteristics of a particular bank and should require rapid remedial action if capital is not maintained or restored.Other aspects of the supervisory review process

Supervisory transparency and accountability The supervisors must take care to carry out their obligations in a highly transparent and accountable manner. The criteria to be used in the review of banks internal capital assessments should be made publicly available.

Interest rate risk in the banking bookThe Committee has decided that interest rate risk in the banking book should be treated under Pillar 2 of the New Accord. The revised guidance recognizes banks internal systems as principal tool for the measurement of this risk. If supervisors determine that a bank is not holding capital commensurate with the level of interest rate risk, they must require the bank to reduce its risk, to hold a specific additional amount of capital, or to combine the two remedies.

Pillar 3: Market DisciplineThe third pillar of the new framework aims to bolster market discipline through enhanced disclosure by banks. The purpose of this pillar is to complement the operation of minimum capital requirements (Pillar 1) and the supervisory review process (Pillar 2). The Committee aims to encourage market discipline by developing a set of disclosure recommendations (and requirements) which will allow market participants to assess key pieces of information on the scope of application, capital, risk exposures, risk assessment and management processes, and hence the capital adequacy of the institution. The Committee believes that such disclosures have particular relevance under the New Basel Capital Accord, where reliance on internal methodologies gives banks more discretion in assessing capital requirements, and therefore set out separate disclosures where internal methodologies are used. The Committee does not expect the incremental costs of making such information public to be high, since banks will be collecting this data for internal purposes and they will be benefiting from the more risk sensitive capital requirements that result from the use of bank specific inputs.Core and supplementary disclosuresCore disclosures are those that convey vital information and all institutions will be expected to disclose this information, subject to materiality, for the basic operation of market discipline. Information would be considered material if its omission or misstatement could influence or change the assessment or decision of a user relying on that information. Supplementary disclosures are important for some but not all institutions depending on their nature of risk exposure, capital adequacy and methods adopted to calculate the capital requirement. This division between core and supplementary disclosures reduces the disclosure burden on institutions.

For instance regarding disclosures about the structure of capital, banks should disclose: -

Core Disclosures (Quantitative)

The amount of Tier I capital, with separate disclosure of:

Paid-up share capital/ common stock

Disclosed reserves

Minority interests in the equity of subsidiaries

Goodwill and other amounts deducted from Tier I

The total amount of Tier II and Tier III capital. Core Disclosures (Qualitative)

The accounting policies for the valuation of assets and liabilities, provisioning and income recognition.

Information on consistency of accounting principles between years.

Whether unrealized gains and unrealized losses have been included and deducted from Tier I capital respectively. Supplementary Disclosures

The amount of Tier II capital (split between Upper and Lower Tier II), with separate disclosure of material components.

The amount of Tier III capital.

For both core and supplementary disclosures, banks should disclose summary information about the terms and conditions of the main features of all the capital instruments like maturity, level of seniority, interest or dividend deferrals, cumulative characteristics, etc.

The New Accord attempts to narrow the gap between economic and regulatory capital. It places greater reliance on internal risk measurement and control systems. The three pillars are a package. Therefore, all the pillars will have to be in place for the New Accord to be considered fully implemented.

CHAPTER 5- BASEL II: APPROACHES TO MEASURE CREDIT RISKFor the measurement of credit risk, two options are proposed. The first is the standardized approach, and the second is the internal rating based (IRB) approach. There are two variants of the IRB approach foundation and advanced.

5.1 The standardized approach for credit riskThis approach is a revision to the 1988 Accords approach to credit risk where assets are assigned risk weights depending on the category of borrower (i.e. sovereign, bank or corporate). Under the New Accord, the risk weights will depend on the rating provided by an external credit assessment institution (ECAI).

The Committee has also proposed to apply a preferential risk weight to banks short-term claims on other banks (having an original maturity of three months or less), provided they are denominated and funded in the local currency.

The Committee anticipates that large number of banks around the globe will use this approach. Therefore, it is simple and broad-brush and suitable to be applied by banks of varying degrees of size and sophistication. Supervisors would be responsible for evaluating the methodologies used by ECAI. 5.2 The internal ratings based approach

Under this approach, banks will be allowed to use their internal estimates of borrower creditworthiness to assess credit risk in their portfolios, subject to strict methodological and disclosure standards. Banks will be required to categorize their exposures into six broad classes of assets viz., corporate, bank, sovereign, retail, project finance and equity. For each exposure class, the treatment would be based on three main elements: risk components (PD, LGD and EAD), a risk-weight function which converts the risk components into risk weights to be used by banks in calculating risk-weighted assets and a set of minimum requirements that a bank must meet to be eligible for IRB treatment. The two variants of the IRB approach are foundation and advanced.

In the foundation methodology, banks would estimate the probability of default (PD) associated with each borrower and the supervisors will supply other inputs. In the advanced methodology, a bank with sufficiently developed internal capital allocation process will be permitted to supply other necessary inputs as well.

CHAPTER 6- BASEL II: APPROACHES TO MEASURE MARKET RISKAs per the 1996 amendment to the Accord, banks are required to measure and apply capital charges in respect of their market risks in addition to their credit risks. The risks subject to this requirement are:

the risks pertaining to interest rate related instruments and equities in the trading book foreign exchange risk and commodities risk throughout the bankUnder the New Accord, the market risk measure remains unchanged.

In measuring their market risks, a choice between two broad methodologies is permitted, subject to the approval of the national authorities. One option is to measure the risks in a standardized manner. The alternative methodology allows banks to use risk measures derived from their own internal risk management models, subject to the following conditions:

Certain general criteria concerning the adequacy of the risk management system;

Qualitative standards for internal oversight of the use of models, notably by management;

Guidelines for specifying an appropriate set of market risk factors (i.e., the market rates and prices that affect the value of banks' positions);

Quantitative standards setting out the use of common minimum statistical parameters for measuring risk;

Guidelines for stress testing;

Validation procedures for external oversight of the use of models;

6.1 Standardized approach to market riskUnder this method, the Committee has prescribed capital charge for General Market Risk Exposures and also for Specific Risk. General Market risk (also known as Systematic Market risk) is the risk that price of an instrument (e.g. equities, bonds, etc.) will be volatile. Specific Market risk (Unsystematic risk) includes

The risk that an individual debt or equity security moves by more or less than the general market in day-to-day trading

Event risk where the price of an individual debt or equity security moves precipitously relative to the general market.

The capital charge is calculated by applying standardized risk weights to various exposures having different maturities.

6.2 Internal Models approach

This approach permits banks to use internal risk measurement models for measuring market risk. The methodology involves making assumptions on the probability distribution of potential outcomes. A distribution is a set of probabilities attached to all possible values of a random variable. From the shape of the distribution, the value of loss that cannot be exceeded in more than a given fraction of all possible events can be estimated. This maximum value, given some confidence level, is a measure of the downside risk (adverse deviations in earnings). It is also called Value at Risk (VaR). Thus, VaR is an estimate of maximum potential losses in a given time horizon at a given level of confidence. For example, stating that VaR is 100 at 95% confidence level means that the chance that future losses will exceed 100 is 5%. The VaR methodology integrates several dimensions of risks in a single figure. These dimensions include sensitivity to market movements, gaps, etc. Depending on the VaR figure, a minimum amount of capital is set aside as a multiple of the loss estimate. This multiplication factor is to be decided by the supervisory authorities subject to an absolute minimum of 3.

Banks will have flexibility in devising the precise nature of their models, but will have to apply the following minimum standards for the purpose of calculating their capital charge: -

"Value-at-risk" must be computed on a daily basis.

In calculating the value-at-risk, a 99th percentile, one-tailed confidence interval is to be used.

In calculating value-at-risk, the minimum "holding period" will be ten trading days.

Banks will have to update their data sets no less frequently than once every three months and also reassess them whenever market prices are subject to material changes.

The model used should capture all the material risks run by the bank.The New Accord stipulates that the capital charge, thus arrived by using either of the two methods is to be multiplied by 12.50.

CHAPTER 7- BASEL II: APPROACHES TO MEASURE OPERATIONAL RISKOperational risk is one of the oldest forms of risk, which a bank faces. In fact, it is the first risk that the bank manages, even before they make their first loan or affect their first trade.

In recent years, supervisors and the banking industry have recognized the importance of operational risk in shaping the risk profiles of financial institutions. Developments such as the use of more highly automated technology, the growth of e-commerce, large-scale mergers and acquisitions that test the viability of newly integrated systems, the emergence of banks as very large-volume service providers, the increased prevalence of outsourcing and the greater use of financing techniques that reduce credit and market risk, but that create increased operational risk, all suggest that operational risk exposures may be substantial and growing.

This recognition has led to an increased emphasis on the importance of sound operational risk management at financial institutions and to greater prominence of operational risk in banks internal capital assessment and allocation processes. In fact, the banking industry is currently undergoing a surge of innovation and development in these areas.

It is only in the last few years; it has been viewed as an independent risk discipline. There is still no consensus on the general definition of Operational Risk and it differs from one Financial Institution to other, depending upon their perceptions.

BCBS in its New Capital Accord has defined OR as the the risk of Direct or Indirect loss resulting from inadequate or failed internal processes, people and systems or from external events.

Spectrum of coverage of Operational Risk:

At the macro level, OR covers issues like quality of management, organizational structure and systems. At the operating level, the most important operational risks ranges from events data input error, documentation error, omissions, disasters, etc to a breakdown of internal controls involving fraud, overstepping of authority, unethical practices, etc.

All the above mentioned events have a serious impact on corporate governance. In order to control operational risk, RBI had issued guidelines to all banks to strengthen their Internal Control Mechanism. This would in some measure, address the operating risk mitigation process.

Models of handling Operational Risk:

At the international level, managing OR is done in 3 below mentioned models:

1. Centralized functioning through head office

2. Decentralized approach, with dedicated staff

3. Internal audit playing the lead role in OR function

Out of all the above-mentioned models of managing OR, Centralized model is gaining wider acceptance.

Under New Basel Capital Accord, the following approaches have been proposed for measurement of Operational Risk.

Operational risk has now been brought under regulatory capital requirement. The Committee has adopted a common industry definition of operational risk, namely: the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Strategic and reputation risk is not included in this definition for the purpose of a minimum regulatory operational risk capital charge.

Three different approaches of increasing sophistication have been identified to measure operational risk. 7.1 Basic Indicator approach

This approach is intended to be applicable to bank of any size and sophistication. It links the capital charge for operational risk to a single indicator that serves as a proxy for the banks overall risk exposure. Gross income is proposed as the indicator, with each bank holding capital for operational risk equal to the amount of a fixed percentage, ( (alpha factor), multiplied by its individual amount of gross income.7.2 Standardized approach to operational risk

Under this approach, banks activities are divided into a number of standardized business units and business lines (e.g. corporate finance and retail banking). Within each business line, the capital charge is calculated by multiplying an indicator of operational risk by a fixed percentage, ( (beta factor). The beta factor serves as a rough proxy for the relationship between the industrys operational risk loss experience for a given business line and the broad financial indicator representing the banks activity in that business line, calibrated to a desired supervisory soundness standard. The indicator and beta factor may differ across business lines. The total capital charge for operational risk will be the sum of the regulatory capital charges across each of the business lines.

The banks will have to meet the following standards to be eligible for the standardized approach:

existence of an independent risk control and audit functions

effective use of risk reporting systems

active involvement of Board of Directors and senior management

appropriate documentation of risk management systems

Thus, the Standardized Approach is able to reflect better the differing risk profiles across banks as reflected by their broad business activities.

7.3 Advanced Measurement approaches (AMA)

Introduced in September 2001, the AMA permits banks to calculate their regulatory capital requirements for operational risk based on internally generated risk estimates. The banks would be allowed to use the output of their internal operational risk measurement systems, subject to qualitative and quantitative standards set by the Committee.

There are three broad types of approaches proposed under AMA. These are:

Internal Measurement ApproachHere, banks generate estimates of operational risk capital based on measures of expected operational risk losses. That is, the approach assumes a fixed and stable relationship between expected losses (the mean of the loss distribution) and unexpected losses (the tail of the loss distribution). This relationship may be linear implying the capital charge would be a simple multiple of expected losses or non-linear implying that the capital charge would be a more complex function of expected losses. Banks will collect three data inputs for a specified set of business lines and risk types: - an operational risk exposure indicator (EI), probability that a loss event occurs (PE) and loss given such events (LGE). To calculate the capital charge, the bank will apply to the product of the data inputs, a fixed percentage, ( (gamma factor) specified by banks (possibly via consortia) subject to acceptance by supervisors. The overall capital charge will be the sum of capital requirements for each business line.

Loss Distribution ApproachThis method aims to assess unexpected losses directly without making an assumption about the relationship between expected and unexpected losses. Here, banks estimate for each business line the likely distribution of operational risk losses over some future horizon (for instance, one-year). The capital charge resulting from these calculations is based on a high percentile of loss distribution.

Scorecard approachIn this approach, banks determine an initial level of operational risk capital at the firm or business line level and then modify these amounts over time on the basis of scorecards that attempt to capture the underlying risk profile of various business lines. The scorecards usually identify a number of indicators as proxies for particular risk types within business units/lines and thereby reflect the improvements in the risk control environment of these business lines.

CHAPTER 8- RBIs VIEW ON THE NEW CAPITAL ACCORD8.1 RBIs Suggestions

RBI feels that the complexity and sophistication of the proposals of the New Accord, restricts its universal application in emerging markets. Therefore, in its comments on the New Accord, RBI has suggested the following:

National supervisors should have discretion to implement the New Accord in a phased manner.

Some of the recommendations require modifications/ flexibility to fully reflect the macro economic environment, structural rigidities and concerns of emerging markets.

The increasing reliance on external ratings undermines the initiatives of banks in enhancing their risk management policies and control systems. Thus, a simplified Standardized approach based on internal rating systems of the banks may be evolved and applied to banks, which are not internationally active. Under this approach, standardized risk weights in the range of 20% to 150% could be assigned, subject to mapping of such ratings with the benchmark Probability of Default (PD) estimated by the supervisor on the basis of pooled data from select banks.

The first option of risk weighting bank exposures does not achieve the objective of aligning capital adequacy assessment with the key elements of risk. The mere location may not necessarily be a good indicator of a banks creditworthiness. Therefore, the risk weighting of banks should be de-linked from that of the credit rating of sovereigns in which they are incorporated. Instead, preferential risk weights in the range of 20-50%, on a graded scale, should be assigned on the basis of their underlying strength and credit-worthiness.

The proposal to assign risk weights to claims on corporates on the basis of ratings has a limitation that the population of rated entities is very few in many countries, especially in emerging countries. It is of the view that preferential risk weights could be assigned to corporates, above a material limit, on the basis of risk assessments by domestic rating agencies.

Discretion to the national supervisors to prescribe a material limit up to which cross-holdings could be permitted.

The proposal to assign 150% risk weight on unsecured portion of any asset that is past due for more than 90 days, net of specific provisions would increase the risk-weighted assets of the Indian banking system by US$ 3.2 billion which would adversely affect the capital position of the banks. Therefore, these assets should not be given a higher risk weight.

The risk weights should be applied only on the basis of solicited ratings, as unsolicited ratings are generally superficial.

The national supervisors should have the discretion and flexibility in defining the exposure classes, viz. Corporate, retail, sovereign, project finance, etc. in the case of IRB approach.

Each financial institution should critically assess its capital adequacy requirements and the supervisors should have methods for such assessments.

The banks have just begun adopting risk management systems. It remains to be seen when the whole banking system would be able to attain the level of risk management envisaged in the New Accord.

8.2 Preparatory measures for Basel II ImplementationThough the Indian banks became fully compliant with Basel I Accord in March 2005, the RBI had initiated preparatory measures even prior to that. In August 2004, soon after the new framework was released by the BCBS, the banks were advised to conduct a self-assessment of their risk management systems and to initiate remedial measures, as needed, keeping in view the requirements of the Basel II framework. Further, to secure a consultative and participative approach for a non-disruptive migration to Basel II, a Steering Committee was constituted in October 2004, comprising senior officials from 14 select banks (a mix of public sector, private sector and foreign banks). It formed several sub-groups to address specific issues under Basel II and made its recommendations to the Reserve Bank. Based on these inputs, in February, 2005, the RBI issued the draft guidelines, for public comments, on implementation of Pillar 1 and Pillar 3 requirements of the Basel II framework. In the light of the feedback received from a wide spectrum of banks and other stake holders, the draft guidelines were revised and again placed in public domain on March 20, 2007 for a second round of consultations. Keeping in view the additional feedback received, the guidelines were finalized and issued on April 27, 2007. As regards the Pillar 2, the banks have been asked to put in place the requisite Internal Capital Adequacy Assessment Process (ICAAP) with the approval of their Boards. Even before the final guidelines were issued, the RBI had asked the banks in May 2006 to begin conducting parallel runs, as per the draft guidelines, so as to familiarize them with the requirements of the new framework. During the period of parallel run, the banks are required to compute, parallely, on an on going basis, their capital adequacy ratio both under Basel I norms, currently applicable, as well as the Basel II guidelines to be applicable in future. This analysis, along with several other prescribed assessments, is to be placed before the Boards of the banks every quarter and is also transmitted to the RBI. These reports received in the RBI indicate that implementation of Basel II in the banks is in the process of getting stabilized.

The minimum capital adequacy ratio prescribed under the Basel II norms continues to be at nine per cent, at solo as well as consolidated level. This, however, is subject to the stipulated prudential floors for the first three years of implementation to guard against any significant decline in the capital ratios of the banks arising from the capital relief that they might accrue to them under Basel II. The banks are, however, expected to operate at a level well above the minimum capital requirement. The banks are also required to achieve the Tier I capital ratio of six per cent not later than March 31, 2010, both on solo as well as consolidated basis. A two-stage implementation of the guidelines is envisaged to provide adequate lead time to the banking system. Accordingly, the foreign banks operating in India and the Indian banks having operational presence outside India are required to migrate to the Standardized Approach for credit risk and the Basic Indicator Approach for operational risk with effect from March 31, 2008. All other Scheduled commercial banks are encouraged to migrate to these approaches under Basel II in alignment with them, but, in any case, not later than March 31, 2009. It has been a conscious decision to begin with the simpler approaches available under the framework. As regards the market risk, the banks will continue to follow the Standardized-Duration Method, already adopted under the Basel I framework, under Basel II also.

8.3 The challenges ahead Increase in overall regulatory capital:

The new norms might, in some cases, lead to an increase in the overall regulatory capital requirements for the banks, particularly under the simpler approaches adopted in India, if the additional capital required for the operational risk is not offset by the capital relief available for the credit risk. This would of course depend upon the risk profile of the banks portfolios and also provide an incentive for better risk management but the banks would need to be prepared to augment their capital through strategic capital planning.

Standardized approach as suggested by RBI may not significantly alter Credit Risk measurement for Indian banks:

In the Standardized approach proposed by Basel II Accord, credit risk is measured on the basis of the risk ratings assigned by external credit assessment institutions, primarily international credit rating agencies like Moodys Investors Service (refer Table 8.1). This approach is different from the one under Basel I in the sense that the earlier norms had a one size fits all approach, i.e. 100% risk weight for all corporate exposures. Thus, the risk weighted corporate assets measured using the standardized approach of Basel II would get lower risk weights as compared with 100% risk weights under Basel I.Table 8.1: Risk Weight for Corporate Loans and Bonds (Standardized ApproachBasel II Accord)

Basel II gives a free hand to national regulators (in Indias case, the RBI) to specify different risk weights for retail exposures, in case they think that to be more appropriate. To facilitate a move towards Basel II, the RBI has also come out with an indicative mapping of domestic corporate long term loans and bond credit ratings against corporate ratings by international agencies like Moodys Investor Services (refer Table 8.2). Going by this mapping, the impact of the lower risk weights assigned to higher rated corporates would not be significant for the loans & advances portfolio of banks, as these portfolios mainly have unrated entities, which under the new draft guidelines continue to have a risk weight of 100%. However, given the investments into higher rated corporates in the bonds and debentures portfolio, the risk weighted corporate assets measured using the standardized approach may get marginally lower risk weights as compared with the 100% risk weights assigned under Basel I.

Table 8.2: Mapping for Corporate Loans and Bond Ratings and risk weights as indicated by the RBI

For retail exposureswhich banks in India are increasing focusing on for asset growthRBI has proposed a lower 75% risk weights (in line with the Basel II norms) against the currently applicable risk weights of 125% and 100% for personal/credit card loans, and other retail loans respectively. For mortgage loans secured by residential property and occupied by the borrower, Basel II specifies a risk weight of 35%, which is significantly lower than the RBIs draft prescription of 75% (if margins are 25% or more) and 100% (if margins