Risk Management in Banks

Adit S. Joshi – TYBBI Sem5 – Risk Management in Banks

1

CHAPTER 1

1.1 What is Risk?

Risk can be defined as the chance of loss or an unfavorable outcome

associated with an action. Uncertainty is not knowing what will happen in the

future. The greater the uncertainty, the greater the risk. For an individual

farm manager, risk management involves optimizing expected returns

subject to the risks involved and risk tolerance.

Risk is what makes it possible to make a profit. If there was no risk, there

would be no return to the ability to successfully manage it.

Risk is what makes it possible to make a profit. If there was no risk, there

would be no return to the ability to successfully manage it. For each decision

there is a risk-return trade-off. Anytime there is a possibility of loss (risk),

there should also be an opportunity for profit. Growers must decide between

different alternatives with various levels of risk. Those alternatives with

minimum risk may generate little profit. Those alternatives with high risk may

generate the greatest possible return but may carry more risk than the

producer will wish to bear. The preferred and optimal choice must balance

potential for profit and the risk of loss. It all comes down to management, and

there are no easy answers.

The meaning of ‘Risk’ as per Webster’s comprehensive dictionary is “a

chance of encountering harm or loss, hazard, danger” or “to expose to a

chance of injury or loss”. Thus, something that has potential to cause harm or

loss to one or more planned objectives is called Risk.

The word risk is derived from an Italian word “Risicare” which means “To

Dare”. It is an expression of danger of an adverse deviation in the actual

result from any expected result.


2

Banks for International Settlement (BIS) has defined it as- “Risk is the threat

that an event or action will adversely affect an organization’s ability to

achieve its objectives and successfully execute its strategies.”

Risk Management: Risk Management is the process of identifying,

quantifying and managing the risks than an organization faces. As the

outcome of business activities are uncertain, they are said to have some

element of risk. These risks includes strategic failures, financial failures,

market disruptions, environment disasters and regulatory violations. Risk is

the statistical concept that are related to unknown future. Almost all

investments are exposed to it.

Risk Management involves identifying the type of risk exposure within the

company, measuring those potential risks, proposing means to hedge, insure

to mitigate some of the risks, estimating the impact of various risks on the

future earnings of the company.

While it is impossible that companies remove all the risks from the

organization, it is important that they properly understand and manage the

risks that they are willing to accept in the context of the overall corporate

strategy. The management of the company is primarily responsible for risk


3

management but the board of directors, internal auditor, external auditor,

and general council also play critical role.

Risk can be managed in a number of ways: by the buying of insurance, by

using derivatives instruments as hedges, by sharing risks with others, or by

avoiding risky positions altogether.

Assess what could go wrong

Determine which risks are important to deal with

Implement strategies to deal with those risks

Source: i.investopedia.com


4

1.2 RISK MANAGEMENT in Banks:

Source: image.slidesharecdn.com

Indian Banking Industry is going through a transformation process in its

transitional journey from the era of protected economy to the tough world of

market economy. Banks are expanding their operations, entering new market

and trading in new asset types. The changes in financial system, product and

structures have created new opportunities along with new risks. Risk

Management has become an internal part of financial activity of Bank and

other market participants. These risks can’t be ignored and either has to be

managed by market participants as part of Asset Liability Management or

hedge. Under these circumstances, creating an environment that promotes

risk management assumes critical importance. This requires addressing

certain policy and institutional issues in developing in India.

First and foremost a well-developed market, repo market constitutes an

important prerequisite for the promotion of risk management practice among


5

market participants. Regulatory gaps and overlaps in debt markets need to

be sorted out quickly to facilitate the repeal of the 1969 notification which will

go a long way in aiding the process of Asset Liability Management for Banks.

Indian conditions are suitable for introduction of credit default swap in India.

It offers advantages of hedging credit risk without impairing the relationship

with the borrower. Forward rate agreements and interest rate swaps enable

users to lock into spreads. The RBI has already permitted interest rate

swaps. A major reason for lack of term money market is the absence of the

practice of Asset Liability Management system among bank for identifying

mismatches in carious time periods. The recent RBI guidelines to lend on a

term and also offer two-way quotes in the market. The advisory group on

banking supervision constituted by RBI recommended greater orientation of

banks management. OECD principles of corporate governance recognized

the risk management as area of increasing importance for Board, which is

related to corporate strategy.

Source: www.curling.com


6

1.3 DEFINITIONS:

According to Denis Waitely “Life is inherently risky. There is only one big risk

you should avoid at all costs and that is the risk or doing nothing”

Risks associated with financial institutions are becoming more and more

diverse and complicated due to changes taking place in the operating

environment. In response, and in recognition of the fact that risk cannot be

entirely avoided.

Source: www.housingwire.com

“It is the process for identifying the risk the business faces, evaluating them

according to the likely hood of their occurring and the damage. They would

ensure deciding whether to wear, avoid, control or ensure against then,

allocating responsibility for dealing with them ensuring that the process

actual works and reporting material problems as early as possible to the right

level”.

The operation of bank inevitably means facing risk of many kinds risk. Risk is

inherent in bank but it is far from routine, nor is it one-dimensional. All round

the globe, market risks, technical risk, operational risk, political risk, legal

risks, and change rapidly and continually. A recent survey in USA revealed


7

that the directors are not focusing enough on risk management. Most of the

bank did not have a formal enterprise wide risk management process.

However, directors are not expected to understand ever-small aspect of the

management process orb monitor every transaction. Nevertheless, they have

the responsibility to oversee the risk management function and internal

control system of the bank. There can be no one size-fit all risk management

system due to diversity in the size of balance sheet and risk appetite among

banks. Each bank must design and develop its own system to suit its specific

needs depending upon the size and complexity of business, risk philosophy,

market perception and level of capital.

Source: http://cdn2.hubspot.net


8

1.4 Objectives of Risk Management:

Source: servicestation.co.uk

The very basic objective of risk management system is-

1. To put in place and operate a systematic process to give a reasonable

degree of assurance to the top management that the ultimate corporate goals

that are vigorously pursued by it would be achieved in the most efficient

manner.

2. In this way, all the risk that come in the way of institution achieving the

goals it has to set for itself would managed properly by the risk management

system.

3. In the absence of such a system, no institution can exist in the long run

without being able to fulfill the objective for which it was set up.


9

CHAPTER 2 2.1 DIFFERENT TYPES OF RISK:

1. Financial Risk:

The risk of loss from holding positions that is subject to change in value with

changing market conditions. This risk includes all changing, in market

Different Types Of Risk

Financial Risk Market Risk Others

Operational Risk & Control System

Settlement Risk

Asset Liability Management Risk

Fin

anci

al R

isk

Credit Risk

Trading Credit Risk

Commercial Credit Risk


10

conditions, such as prices, volatility, liquidity, and credit risk, the ability and

willingness of counterparties to honor their contractual obligations.

Lloyd’s of London provided re-insurance without protracted and significant

losses for 300 years. The equity holders in these enterprises started to think

they were purchasing annuities rather than placing their considerable assets

at risk. With a history of profits without significant loss that spans centuries,

such a belief is understandable. Lloyd’s accumulated $8.6 billion in losses in

the three years from 1988 through 1990. The equity holders achieved a better

understanding of the financial risk they were incurring.

I. Credit risk

Source: www.origo.ie

Credit risk is defined as the potential that a borrower or counterparty will

fail to meet its obligation in accordance with agreed terms. RBI has been

extremely sensitive to the credit risk it faces on the investment of foreign

currency assets and gold in the international markets. Investments in

bonds/treasury bills, which represent debt obligations of Triple-A rated

sovereigns and supranational entities do not give rise to any substantial

credit risk. Placement of deposit with BIS and other central banks like Bank


11

of England is also considered credit risk-free. However, placement of

deposits with commercial banks as also transactions in foreign exchange and

bonds/treasury bills with commercial banks/investment banks and other

securities firms give rise to credit risk. Stringent credit criteria are,

therefore, applied for selection of counterparties. Credit exposure vis-à-vis

sanctioned limit in respect of approved counterparties is monitored on line.

The basic objective of an on-going tracking exercise is to identify any

institution (which is on the RBI’s approved list) whose credit quality is under

potential threat and to prune down the credit limits or de-list it altogether, if

considered necessary. A quarterly review exercise is also carried in respect

of counterparties for possible inclusion/deletion.

II. Trading credit Risk

Source: www.openlink.com

This is the risk of loss from the failure of a trading counterparty to perform its

trading obligations as agreed. The largest exposures for this risk typically

occur between major global trading counterparties e.g. liquidity providers in

several markets. Unlike traditional lending, these exposures change values

with changing market conditions (prices, volatility). Note, however, the

largest risk of loss is linked but not directly proportional to the largest

exposures. Credit risk combines exposure with default and recoveries. Thus

a lower exposure can have a higher risk if the default probability is much

higher.


12

III. Commercial credit Risk

Source: http://www.clker.com

This is the risk of loss form providing credit to corporate counterparties.

Extensions of credit can take the form of direct loans and contingencies or

guarantees.

2. Market Risk:

This is the risk that positions can lose value due to changing market

conditions including prices, volatility, and market liquidity. It also includes

basis risk for hedge positions. Market risk, along with credit risk are the two

major components of financial risk. Market risk, which consists primarily of

price risk and volatility risk, occurs within the major market sectors.

Mar

ket

Ris

k

Commodity Market Risk

Currency Market Risk

Interest Rate Risk

Market Liquidity Risk

Equity Market Risk


13

I. Commodity market Risk

Source: c1327221.myzen.co.uk

This is the risk of loss from having positions in any of the commodity markets.

There are certainly tremendous variety of them, ranging from agricultural

markets, which include various grains, meats, produce, and wood products

to minerals and metals. More recently, the energy market has undergone an

expansion as electricity has deregulated and become a commodity whose

price fluctuates.

II. Currency market Risk


14

Source: http://cdn2.hubspot.net/

This is the risk of loss from having positions in any of the currency markets.

The risk can be from outright positions. It can also reside on the balance

sheet or in the income flows of a company. Many Thai companies were

carrying currency risk on their balance sheets with assets in Thai baht and

liabilities/ loans in U.S. dollars. In the summer of 1997, they were bankrupted

overnight by a 20% reduction in their dollar liabilities. Other firms suffer large

fluctuations in income when earnings denominated in foreign currencies

must be converted and reported in dollars.


15

Example of Currency Rate Swaps: Suppose a U.S. MNC wants to finance a €40,000,000 expansion of a

German plant.

They could borrow dollars in the U.S. where they are well known and

exchange for dollars for euros.

o This will give them exchange rate risk: financing a euro project with

dollars.

They could borrow euro in the international bond market, but pay a

premium since they are not as well-known abroad.

If they can find a German MNC with a mirror-image financing need they

may both benefit from a swap.

If the spot exchange rate is S0($/ €) = $1.30/ €, the U.S. firm needs to

find a German firm wanting to finance dollar borrowing in the amount of

$52,000,000.


16

Source: www.imf.org

Source: www.imf.org


17

III. Interest Rate Risk

Source: bconnect24.com

The crucial aspect of the management of interest rate risk is to protect the

value of the investments as much as possible from the adverse impact of the

interest rate movements. The focus of the investment strategy revolves

around the overwhelming need to keep the interest rate risk of the portfolio

reasonably low with a view to minimizing losses arising out of adverse

interest rate movements, if any. This approach is warranted as reserves are

viewed as a market stabilizing force in an uncertain environment.

Interest Rate Swaps in India:

An Interest rate swap is a contractual agreement entered into between two

counterparties under which each agrees to make periodic payment to the

other for an agreed period of time based upon a notional amount of principal.

The principal amount is notional and is required in order to compute the

actual cash amounts that will be periodically exchanged.

Under the commonest form of interest rate swap, a series of payments

calculated by applying a fixed rate of interest to a notional principal amount is

exchanged for a stream of payments similarly calculated but using a floating

rate of interest. This is a fixed-for-floating interest rate swap. Alternatively,

both series of cash flows to be exchanged could be calculated using floating

rates of interest but floating rates that are based upon different underlying

indices. Examples might be the overnight interest rate (MIBOR) and


18

commercial paper or Treasury bills and this form of interest rate swap is

known as a basis or money market swap.

In India interest rate swaps are commonly traded on 2 benchmarks viz MIBOR

and MIFOR.

(i) Overnight Index Swaps (OIS): This swap consists of exchange of a fixed

rate for the NSE MIBOR rate. The tenor of the swap may extend from 1 month

to 10 years however the most actively traded swaps are for 1 year and 5 year

maturity. The MIBOR rate is compounded daily and interest exchanges on the

notional principal (generally Rs 25 crore) are exchanged half-yearly. The OIS

swap rates track the underlying G-sec yields of relevant maturity. The market

witnesses average daily volumes of Rs 6,000-Rs 8,000 crore and includes

foreign banks, private sector, banks, primary dealers and few nationalized

banks as the major participants.

ii) MIFOR swaps: The MIFOR is another popular benchmark that has

developed into a proxy for the AAA corporate funding cost in India. MIFOR is

derived from USD Libor and the USD/INR Forward Premia and is simply the

Indian equivalent of USD Libor and the USD Interest Rate Swaps market.

MIFOR behaves like an interest rate benchmark and not a forex benchmark.


19

There are a large number of Indian Corporates who now regularly use this

benchmark to actively manage the interest rate risk on their debt portfolios,

and access funding at better rates.

Dollar Interest Rate Swap

Interest Rate Swap 1-year

Interest Rate Swap 5-year


20

Source: www.barchart.com/economy/swaps.php

Interest Rate Swaps Outside India:

Source: www.global-rates.com

An interest rate swap is a contractual agreement between two parties to

exchange interest payments.

How it works/Example:

The most common type of interest rate swap is one in which Party A agrees to

make payments to Party B based on a fixed interest rate, and Party B agrees

to make payments to Party A based on a floating interest rate. The floating

rate is tied to a reference rate (in almost all cases, the London Interbank

Offered Rate, or LIBOR).

http://www.investinganswers.com/financial-dictionary/debt-bankruptcy/reference-rate-6326

http://www.investinganswers.com/financial-dictionary/debt-bankruptcy/london-interbank-offered-rate-libor-75


21

For example, assume that Charlie owns a $1,000,000 investment that pays

him LIBOR + 1% every month. As LIBOR goes up and down, the payment

Charlie receives changes.

Now assume that Sandy owns a $1,000,000 investment that pays her 1.5%

every month. The payment she receives never changes.

Charlie decides that that he would rather lock in a constant payment and

Sandy decides that she'd rather take a chance on receiving higher payments.

So Charlie and Sandy agree to enter into an interest rate swap contract.

Under the terms of their contract, Charlie agrees to pay Sandy LIBOR + 1%

per month on a $1,000,000 principal amount (called the "notional principal"

or "notional amount"). Sandy agrees to pay Charlie 1.5% per month on the

$1,000,000 notional amount.

Let's see what this deal looks like under different scenarios.

Scenario A: LIBOR = 0.25%

Charlie receives a monthly payment of $12,500 from his investment

($1,000,000 x (0.25% + 1%)). Sandy receives a monthly payment of $15,000

from her investment ($1,000,000 x 1.5%).

Now, under the terms of the swap agreement, Charlie owes Sandy $12,500

($1,000,000 x LIBOR+1%), and she owes him $15,000 ($1,000,000 x 1.5%).

The two transactions partially offset each other and Sandy owes Charlie the

difference: $2,500.

http://www.investinganswers.com/financial-dictionary/investing/investment-4904

http://www.investinganswers.com/financial-dictionary/businesses-corporations/swap-1640

http://www.investinganswers.com/financial-dictionary/debt-bankruptcy/term-5890

http://www.investinganswers.com/financial-dictionary/debt-bankruptcy/principal-928

http://www.investinganswers.com/financial-dictionary/stock-market/x-6392

http://www.investinganswers.com/financial-dictionary/options-derivatives/offset-5644


22

Scenario B: LIBOR = 1.0%

Now, with LIBOR at 1%, Charlie receives a monthly payment of $20,000 from

his investment ($1,00,000 x (1% + 1%)). Sandy still receives a monthly

payment of $15,000 from her investment ($1,000,000 x 1.5%).

With LIBOR at 1%, Charlie is obligated under the terms of the swap to pay

Sandy $20,000 ($1,000,000 x LIBOR+1%), and Sandy still has to pay Charlie

$15,000. The two transactions partially offset each other and now Charlie

owes Sandy the difference between swap interest payments: $5,000.


23

Note that the interest rate swap has allowed Charlie to guarantee himself a

$15,000 payout; if LIBOR is low, Sandy will owe him under the swap, but if

LIBOR is higher, he will owe Sandy money. Either way, he has locked in a

1.5% monthly return on his investment.

Sandy has exposed herself to variation in her monthly returns. Under

Scenario A, she made 1.25% after paying Charlie $2,500, but under Scenario

B she made 2% after Charlie paid her an additional $5,000. Charlie was able

to transfer the risk of interest rate fluctuations to Sandy, who agreed to

assume that risk for the potential for higher returns.

One more thing to note is that in an interest rate swap, the parties never

exchange the principal amounts. On the payment date, it is only the

difference between the fixed and variable interest amounts that is paid; there

is no exchange of the full interest amounts.

http://www.investinganswers.com/financial-dictionary/debt-bankruptcy/note-5082

http://www.investinganswers.com/financial-dictionary/estate-planning/will-4974

http://www.investinganswers.com/financial-dictionary/economics/money-5074


24

IV. Market Liquidity Risk:

Source: http://www.regulatory-risk.com/

This is the risk of loss from being unable to buy or sell positions easily, at a

low transaction cost. The speed and ease with which a buyer or seller can

convert assets into cash and vice versa varies with each class of assets in the

market. Gold, for example, is much more liquid than real estate. In addition,

liquidity fluctuates over time. During August and September 1998, some of

the most liquid markets, such as the U.S. government bond market and the

swap markets became considerably less liquid.

In the early 1990’s a steep spike in interest rates caused large losses in many

trenches of mortgaged- backed securities (MBS). The market for these

instruments froze because no one was interested in bidding for them, even at

huge discounts to their remaining fair market value. That liquidity freeze

helped keep MBS prices depressed for a long time.


25

V. Equity market Risk:

This is the risk of loss from holding positions in the equity markets. This is

investor risk and almost everyone is familiar with it. Like the other markets it

contains price, volatility, and liquidity.

3. Operational risk and control system

Internally, there is a total separation of the front office and back office

functions and the internal control systems ensure several checks at the

stages of deal capture, deal processing and settlement. There is a separate

set up responsible for risk measurement and monitoring, performance

evaluation and concurrent audit. The deal processing and settlement system

is also subject to internal control guidelines based on the principle of one

point data entry and powers are delegated to officers at various levels for

generation of payment instructions. There is a system of concurrent audit for

monitoring compliance in respect of all the internal control guidelines.

Further, reconciliation of accounts is done regularly.

In addition to annual inspection by the internal machinery of the RBI for this

purpose and statutory audit of accounts by external auditors, there is a

system of appointing a special external auditor to audit dealing room


26

transactions. The main objective of the special audit is to see that risk

management systems and internal control guidelines are adhered to.

There exists a comprehensive reporting mechanism covering all significant

areas of activity/operations relating to reserve management. These are

being provided to the senior management periodically, viz., on daily, weekly,

monthly, quarterly, half-yearly and yearly intervals, depending on the type

and sensitivity of information.

4. Settlement Risk:

Source: www.rbnz.govt.nz

This is the risk of loss from failure of a trading counterparty to perform as

obligated during the settlement process. Most settlement processes for

financial transactions have established safeguards to greatly reduce this

risk. For Ex. Most equity and debt purchases settle through clearing houses

that hold delivers until payment is received. Other financial products

frequently settle on a net difference basis. In most swaps, just the difference

between the fixed and floating leg is transmitted. Daily settlement amounts

between the biggest traders i.e. liquidity provider, especially when they do

not occur on a net basis, are very large. The failure of a major financial


27

institution to honor its side of these trades of these trades could cause

significant loss and serious market disruption.

In 1974, a small bank in Germany, Bank Herstatt, which had $60 million in FX,

trades settling the next day closed its doors. The three days of increasing

payment system gridlock that followed served as a waked-up call to the

industry and its regulators.

5. Asset liability Risk:

Source: http://image.slidesharecdn.com

This is the risk that current obligations cannot be met with current assets.

This is a fundamental risk in all organizations, which must maintain liquidity,

or they become insolvent. In financial institutions, this risk is quite significant

because many liabilities can be accelerated if the market perceives a

weakness. Markets and regulators have demanded that financial institutions

maintain a high level of capital to protect the fund providers and a high level

of reserves to safeguard against “runs”. Most of the risk arises as a result of

mismatch of assets and liability. If the assets of a bank exactly matched its

liability of identical maturity, interest rate conditions and currency risk could

have been avoided. However in practice it’s near impossible to have such a

perfectly matched balance sheet. A banker, therefore, has to keep different


28

types of risk within acceptable limits. It requires the ability to forecast future

changes in the environment and formulate suitable action plans to protect the

bet worth of the organization form the impact of these risks. It is by no means

an easy task. If he is proving wrong in his judgment the whole process of risk

management may go haywire. Few would disagree with the statement that

“being a banker is like being a country hound dog. If you stand still you get

kicked. If you run, they throw rocks at you”.

5. Basis Risk (Hedged Positions):

This is the risk of loss from hedging market exposures with instruments

whose changes in value do not exactly offset value changes in the position

being hedged. The mismatch could be in terms of maturity, the underlying

instrument e.g. short a government bond to hedge a long corporate bond

position, or some other characteristic. These “small” differences can

sometimes cause the combined position to be much more risky than thought.

On May 1, 1997, L.P.Morgan lost $20 to $40 million due to basis risk on one

trade. The trader sold a yen/dollar option, and bought the same option from

counterparty. Both the bought and sold option carried the same “knock-out”

feature. The change rate is canceled if the dollar/yen exchange rate is

Other Risk

Presettlement Risk

Commercial Credit Risk

Loan Riak

New Product And Risks

Portfolio Defaults

Global Portfolio Risk

Portfolio Recovery

Gurantee Risk

Portfolio Exposure

Hedged Risk


29

greater than 127.3. This looks like one of those perfect hedges, rumored to

occur only in Japanese gardens. The problem was mismatch in maturity. The

sold option expired six hours before the bought option. The exchange rate

was below 127.3 yen when the sold leg matured but moved above that barrier

by the time the bought leg matured. The hedge, the bought leg, was knocked

out by the shift in dollar yen rates, leaving J.P. Morgan with an unhedged loss.

Ironically, if the deals had not contained the “knock-out” feature, Morgan

would have made money on the basis risk timing it was holding.

6. Pre settlement Risk:

This is the risk of loss from failure of a trading counterparty to perfume as

obligated, but before the trade actually settles. If counterparty to a deal that

matures in six years, defaults after three years, the other counterparty may

have to go into the marketplace and “replace” the defaulted deal. This

potential replacement cost is based on the market prices and other factors,

like applicable netting agreements and collaterals, at the time of the default.

Source: www.unomaha.edu


30

7. Commercial Credit Risk:

Source: www.communitybankeruniversity.com

This is the risk of loss form providing credit to corporate counterparties.

Extensions of credit can take the form of direct loans and contingencies or

guarantees.

Bankers don’t make loans—they make portfolio decisions and the quality of

those decisions impact bank performance over time. In a constantly changing

world, credit risk management becomes a more important focus for your

bank. Therefore, it is critical that you manage portfolio risk at both the bank

and banker level. This workshop is designed for community bankers who are

in a position to impact credit outcomes in your bank. You will learn a

framework and process for managing credit risk to give you a better

understanding of the factors impacting portfolio quality at the bank level, and

tools for better risk management at the transaction level.

Commercial banking and commercial credit in the marketplace

Economic and marketplace factors that impact portfolio quality

Strategy impact on credit quality

Strategic credit risk management framework

Credit process framework


31

Credit decision-making process and its impact on credit quality

Assessing your bank’s risk management situation

8. Loan Risk:`

Source: www.riskmanagementmonitor.com

This is the risk of loss from loaning money and having the borrower fail to

repay, either due to default or because they are not willing to repay. Most

analysis in commercial lending considers how the borrower will repay.

9. Guarantee Risk:

This is the risk or loss from providing guarantees or letters of credit. These

are from of contingent credit exposure (e.g. the exposure is contingent on

other events occurring).

Guarantees are designed to help extend the reach of private financing by

mitigating perceived risk and encourage private sector involvement in

developing countries. Guarantees provide support to lenders or project

companies against a government’s (or government entity’s) failure to meet

specific contractual obligations to a private or public project. World Bank

guarantees require a counter-guarantee from the Government. The

guarantee is “Partial:” The Bank only assumes a portion of risk. The Bank


32

Guarantee is a flexible instrument: different currencies (Local currency or

Forex), any sector, variety of structures available to match specific needs of

individual transactions. Guarantees are an integral part of Country

Assistance Strategies (CAS) / Country Partnership Strategies (CPS).

10. Portfolio Exposure:

Source: valueofcommodity.com

A measure of the possible loss that could occur with each given

counterparty and with groups of counterparties, for ex. Industries, countries,

and economics regions. When traditional credit products, such as, loans,

leases, letters of credits and guarantee are transacted the exposure is known

as static. Capturing credit exposure for the corporate counterparties that

typically use these traditional credit products is fairly straightforward and

consideration quickly shifts to “default risk” for them.

When the portfolio contains a significant proportion of derivative trades,

exposure might undergo large shifts with changes in market conditions.

Therefore, measuring portfolio exposure to the dealer or banks where

derivative trades predominate, is a much more difficult the sum deal by deal


33

exposures, due to portfolio effects, close out netting agreements and margin

or collateral agreement.

11. Portfolio Defaults:

A measure of the rate at which exposure convert in to losses due to default.

Default consideration occurs on both a granular level, “counterparty by

counterparty” and at various portfolio levels. At the granular level, the credit

managers rate the counterparty ability to repay loans. At the portfolio levels,

credit managers consider how defaults might correlate.

12. Portfolio Recovery:

A measure of how much credit risk is ameliorated by loan recoveries, which

reduce the loss when counterparty defaults. Loans can contain features and

structures that create higher recovery rates, significantly reducing credit

risk. The two-loan structure considerations that most directly impact

recovery rates are seniority where the loan is situated within the borrowing

firm’s internal capital structure and security what collateral secures the loan.

Source: www.radiusworldwide.com


34

13. Global Portfolio Risk:

This is the risk of loss from all financial risks, including the combination of

credit and market risks. There are fundamental factors, like economic

conditions, which create a link between them. Market and credit risks are not

independent from each other, yet most financial firm’s measures and manage

them separately.

14. New Products and Risks

With the introduction of new products like plastic cards, credit, debit, smart

card, etc. The risk of fraud has increased manifold. According to estimation

in an active issuing bank card, fraud is likely to claim the lion’s share of fraud

being experienced in general and could well dominate average operating

losses as a whole worldwide frauds occurred due to loss or steal of plastic

cards that cause the greatest losses. The second largest sources and the

fastest growing source of loss is use of counterfeit card. Emerging areas of

E-commerce and Internet banking are also a matter of concern.

Source: 1.bp.blogspot.com


35

CHAPTER 3

3.1 RISK MANAGEMENT PROCESS:

1) IDENTIFICATION

2) ANALYSE and PRIORITIZE

3) PLAN and SCHEDULE

4) TRACK and REPORT

5) CONTROL

6) LEARN

Source: i-technet.sec.s-msft.com/dynimg/IC119053.gif

Risk can be defined as the potential that events expected or

anticipated may have adverse impact on banks’ capital or earnings.

Therefore proper identification of existing risk and risk that may arise from

new business is crucial to the risk management process.

Accurate and timely measurement of risk enables a bank to quantify

the risk for controlling and monitoring risk level.


36

It is administered by establishment and communication of limits for risk

taking units through policies standards and procedures. There should be a let

out system to authorize accretion in controlling the risk.

It is affected through risk reporting to ensure timely review of risk

positions and acceptations. Monitoring report should be concise, frequent,

timely and reasonably accurate. The purpose of monitoring is to present right

information to the right people.

With respect to risk management, the Bank places great importance on

implementing the following processes. When commencing new businesses or

handling new products, the Bank also ascertains legal compliance as well as

the application of an adequate risk management system.

1. Risk Identification:

Source: www.riskmanagementmonitor.com

Risk identification allows individuals to identify risks so that the operations

staff becomes aware of potential problems. Not only should risk identification

be undertaken as early as possible, but it also should be repeated frequently.


37

2. Risk Analyzing and Prioritizing:

Source: corporatecomplianceinsights.com

Risk analysis transforms the estimates or data about specific risks that

developed during risk identification into a consistent form that can be used to

make decisions around prioritization. Risk prioritization enables operations

to commit resources to manage the most important risks.

3. Risk Planning and Schedule: Risk planning takes the information obtained from risk analysis and uses it to

formulate strategies, plans, change requests, and actions. Risk scheduling

ensures that these plans are approved and then incorporated into the

standard day-to-day processes and infrastructure.

4. Risk Tracking and Report:


38

Risk tracking monitors the status of specific risks and the progress in their

respective action plans. Risk tracking also includes monitoring the

probability, impact, exposure, and other measures of risk for changes that

could alter priority or risk plans and ultimately the availability of the service.

Risk reporting ensures that the operations staff, service manager, and other

stakeholders are aware of the status of top risks and the plans to manage

them. 5. Risk Controlling:

Source: www.larims.org

Risk control is the process of executing risk action plans and their associated

status reporting. Risk control also includes initiating change control requests

when changes in risk status or risk plans could affect the availability of the

service or service level agreement (SLA). It deals with setting up of limits to each one of the risks and monitoring to

ensure that the actual exposure to each one of the risks defined is within the

limits prescribed in the risk management policy. Any violation of limits needs

to be thoroughly investigated to ascertain the reason for violation and to

avoid such violation in future.


39

The traditional control based risk management ends with the above-

mentioned steps. The modern risk management, which strives to align risk

management with overall corporate objectives and strategies, involves two

addition steps in the form of allocation and risk adjusted performance

measurement.

6. Risk Learning:

Source: blogs.qub.ac.uk

Risk learning formalizes the lessons learned and uses tools to capture,

categorize, and index that knowledge in a reusable form that can be shared

with others.


40

3.2 Steps in the risk management process:

Identification

A first step in the process of managing risk is to identify potential risks. The

risks must then be assessed as to their potential severity of loss and to the

probability of occurrence. Risks are about events that, when triggered, will

cause problems. Hence, risk identification can start with the source of

problems, or with the problem itself.

STEPS IN RISK MANAGEMENT PROCESS

IDENTIFICATION ASSESSMENT

Source Analysis

Problem Analysis

Objective-Based Risk

Identification

Scenario-based Risk

Identification

Texomony-based Risk

Identification


41

Source analysis Risk sources may be internal or external to the system

that is the target of risk management. Examples of risk sources are:

stakeholders of a project, employees of a company or the weather over an

airport.

Problem analysis Risks are related to identified threats. For example:

the threat of losing money, the threat of abuse of privacy information or the

threat of accidents and casualties. The threats may exist with various

entities, most important with shareholder, customers and legislative bodies

such as the government.

When either source or problem is known, the events that a source may

trigger or the events that can lead to a problem can be investigated. For

example: stakeholders withdrawing during a project may endanger funding of

the project; privacy information may be stolen by employees even within a

closed network; lightning striking a Boeing 747 during takeoff may make all

people onboard immediate causalities.

The chosen method of identifying risks may depend on culture, industry

practice and compliance. The identification methods are formed by templates

or the development of templates for identifying source, problem or event.

Common risk identification methods are:

Objectives-based Risk Identification Organizations and project teams

have objectives. Any event that may endanger achieving an objective partly

or completely is identified as risk. Objective-based risk identification is at the

basis of COSO's

Scenario-based Risk Identification In scenario analysis different

scenarios are created. The scenarios may be the alternative ways to achieve

an objective, or an analysis of the interaction of forces in, for example, a

market or battle. Any event that triggers an undesired scenario alternative is

identified as risk - see Futures Studies for methodology used by Futurists.

http://www.toseeka.com/stats/scripts/wikiRedir.php?q=Futures%20Studies&sk=Risk_Management&randstr=8c2f00c0dd1163b2b5c1e25a3e8f3d06

http://www.toseeka.com/stats/scripts/wikiRedir.php?q=Futurists&sk=Risk_Management&randstr=8c2f00c0dd1163b2b5c1e25a3e8f3d06


42

Taxonomy-based Risk Identification The taxonomy in taxonomy-based

risk identification is a breakdown of possible risk sources. Based on the

taxonomy and knowledge of best practices, a questionnaire is compiled. The

answers to the questions reveal risks.

Common-risk Checking: In several industries lists with known risks are

available. Each risk in the list can be checked for application to a particular

situation. An example of known risks in the software industry is the Common

Vulnerability and Exposures list found at http://cve.mitre.org.

Assessment

Source: www.risk-soft.com

Once risks have been identified, they must then be assessed as to their

potential severity of loss and to the probability of occurrence. These

quantities can be either simple to measure, in the case of the value of a lost

building, or impossible to know for sure in the case of the probability of an

unlikely event occurring. Therefore, in the assessment process it is critical to

make the best educated guesses possible in order to properly prioritize the

implementation on the risk management plan.


43

The fundamental difficulty in risk assessment is determining the rate of

occurrence since statistical information is not available on all kinds of past

incidents. Furthermore, evaluating the severity of the consequences (impact)

is often quite difficult for immaterial assets. Asset valuation is another

question that needs to be addressed. Thus, best educated opinions and

available statistics are the primary sources of information. Nevertheless, risk

assessment should produce such information for the management of the

organization that the primary risks are easy to understand and that the risk

management decisions may be prioritized. Thus, there have been several

theories and attempts to quantify risks. Numerous different risk formulae

exist, but perhaps the most widely accepted formula for risk quantification is:

Rate of occurrence multiplied by the impact of the event equals risk.

Later research has shown that the financial benefits of risk

management are not so much dependent on the formulae used. The most

significant factor in risk management seems to be that:

1.) Risk assessment is performed frequently and

2.) It is done using as simple methods as possible.

Source: independentaudit.com

http://www.toseeka.com/stats/scripts/wikiRedir.php?q=risk&sk=Risk_Management&randstr=8c2f00c0dd1163b2b5c1e25a3e8f3d06

http://www.toseeka.com/stats/scripts/wikiRedir.php?q=risk%20assessment&sk=Risk_Management&randstr=8c2f00c0dd1163b2b5c1e25a3e8f3d06


44

In business it is imperative to be able to present the findings of risk

assessments in financial terms. Robert Courtney Jr. (IBM, 1970) proposed a

formula for presenting risks in financial terms. The Courtney formula was

accepted as the official risk analysis method for the US governmental

agencies. The formula proposes calculation of ALE (Annualized Loss

Expectancy) and compares the expected loss value to the security control

implementation costs (cost-benefit analysis).

3.3 Possible actions available:

Once risks have been identified and assessed, all techniques to manage the

risk fall into one or more of these four major categories:

Avoidance

Reduction

Retention

Transfer

Ideal use of these strategies may not be possible. Some of them may involve

tradeoffs that are not acceptable to the organization or person making the

risk management decisions.

Risk Avoidance

Risk Reduction

Risk Retention

Risk Transfer


45

Risk avoidance

Includes not performing an activity that could carry risk. An example would

be not buying a property or business in order to not take on the liability that

comes with it. Another would be not flying in order to not take the risk that the

planes were to be hijacked. Avoidance may seem the answer to all risks, but

avoiding risks also means losing out on the potential gain that accepting

(retaining) the risk may have allowed. Not entering a business to avoid the

risk of loss also avoids the possibility of earning the profits.

Source: http://secure360.org

Risk reduction

Source: www.chp-inc.com

Involves methods that reduce the severity of the loss. Examples include

sprinklers designed to put out a fire to reduce the risk of loss by fire. This

method may cause a greater loss by water damage and therefore may not be

suitable. Halon fire suppression systems may mitigate that risk, but the cost

may be prohibited by the strategy.

http://www.toseeka.com/stats/scripts/wikiRedir.php?q=sprinkler&sk=Risk_Management&randstr=8c2f00c0dd1163b2b5c1e25a3e8f3d06

http://www.toseeka.com/stats/scripts/wikiRedir.php?q=fire&sk=Risk_Management&randstr=8c2f00c0dd1163b2b5c1e25a3e8f3d06

http://www.toseeka.com/stats/scripts/wikiRedir.php?q=Halon&sk=Risk_Management&randstr=8c2f00c0dd1163b2b5c1e25a3e8f3d06


46

Modern software development methodologies reduce risk by developing and

delivering software incrementally. Early methodologies suffered from the fact

that they only delivered software in the final phase of development; any

problems encountered in earlier phases meant costly rework and often

jeopardized the whole project. By developing in increments, software

projects can limit effort wasted to a single increment. A current trend in

software development, spearheaded by the Extreme Programming

community, is to reduce the size of increments to the smallest size possible,

sometimes as little as one week is allocated to an increment.

Risk retention:

Source: csbcorrespondent.com

Involves accepting the loss when it occurs. True self-insurance falls in this

category. Risk retention is a viable strategy for small risks where the cost of

insuring against the risk would be greater over time than the total losses

sustained.

All risks that are not avoided or transferred are retained by default. This

includes risks that are so large or catastrophic that they either cannot be

insured against or the premiums would be infeasible. War is an example since

http://www.toseeka.com/stats/scripts/wikiRedir.php?q=Extreme%20Programming&sk=Risk_Management&randstr=8c2f00c0dd1163b2b5c1e25a3e8f3d06

http://www.toseeka.com/stats/scripts/wikiRedir.php?q=self%20insurance&sk=Risk_Management&randstr=8c2f00c0dd1163b2b5c1e25a3e8f3d06

http://www.toseeka.com/stats/scripts/wikiRedir.php?q=War&sk=Risk_Management&randstr=8c2f00c0dd1163b2b5c1e25a3e8f3d06


47

most property and risks are not insured against war, so the loss attributed by

war is retained by the insured. Also any amount of potential loss (risk) over

the amount insured is retained risk. This may also be acceptable if the

chance of a very large loss is small or if the cost to insure for greater

coverage amounts were so great it would hinder the goals of the organization

too much.

Risk transfer

Source: discoveringif.files.wordpress.com

Means causing another party to accept the risk, typically by contract

Insurance is one type of risk transfer. Other times it may involve contract

language that transfers a risk to another party without the payment of an

insurance premium. Liability among construction or other contractors is very

often transferred this way.

Some ways of managing risk fall into multiple categories. Risk retention pools

are technically retaining the risk for the group, but spreading it over the

whole group, involves transfer among individual members of the group. This

is different from traditional insurance, in that no premium is exchanged

between members of the group.

http://www.bambooweb.com/articles/c/o/Contract.html

http://www.bambooweb.com/articles/i/n/Insurance.html


48

For example, whenever someone purchases home insurance, he or she is

essentially paying an insurance company to take the risk involved with

owning a home. In the event that something does happen to the house, such

as property damage from a fire or natural disaster, the insurance company

will be responsible for dealing with any resulting consequences.

In today's financial marketplace, insurance instruments have grown more

and more intricate and complex, but the transfer of risk is the one

requirement that is always met in any insurance contract.

Create the plan

Source: michellemacconnell.com

Decide on the combination of methods to be used for each risk. Each risk

management decision should be recorded and approved by the appropriate

level of management. For example, a risk concerning the image of the

organization should have top management decision behind it whereas IT

management would have the authority to decide on computer various risk.

The risk management plan should propose applicable and effective security

controls for managing the risks. For example, an observed high risk of

computer viruses could be mitigated by acquiring and implementing anti-

virus software. A good risk management plan should contain a schedule for


49

control implementation and responsible persons for those actions. The risk

management concept is old but is still not very effectively measured.

Implementation

Source: www.innovationgames.com

Follow all of the planned methods for mitigating the effect of the risks.

Purchase insurance policies for the risks that have been decided to be

transferred to an insurer, avoid all risks that can be without sacrificing the

entity's goals, reduce others, and retain the rest.

Review and evaluation of the plan.

Initial risk management plans will never be perfect. Practice, experience, and

actual loss results, will necessitate changes in the plan and contribute

information to allow possible different decisions to be made in dealing with

the risks being faced.

Limitations.

If risks are improperly assessed and prioritized, time can be wasted in

dealing with risk of losses that are not likely to occur. Spending too much

time assessing and managing unlikely risks can divert resources that could

be used more profitably. Unlikely events do occur, but if the risk is unlikely

enough to occur, it may be better to simply retain the risk, and deal with the

result if the loss does in fact occur. Prioritizing too highly the Risk

management processes it could potentially keep an organization from ever


50

completing a project or even getting started. This is especially true if other

work is suspended until the risk management process is considered

complete.

Source: 2.bp.blogspot.com


51

CHAPTER 4

4.1 SYSTEM RISK MANAGEMENT:

Source: www.hedgefundexchange.net

Computer systems have become indispensable in banking operations, which

are not only growing more diverse and sophisticated, but are encompassing

large increases in transaction volumes. Accordingly, safety measures to

avoid system risks are extremely crucial for providing customers with high-

quality services. From January 2004, the Bank transitioned its core computer

system to a new system with the most advanced functions at the NTT Data

Banking Center for Regional Banks.

This center has established solid safety measures that include the adoption

of a mutual backup system using its two centers in eastern and western

Japan. The Bank takes all possible measures against system risks through

utilization of a program that specifies detailed responses in case of system

failure and internal rules for preventing computer crimes and malfunctions.

The Bank also employs external audits of its system risk management. By

undergoing strict checking of our system risk management by an


52

independent institution, we are further ensuring that our risk management is

maintained at the highest level while increasing the sophistication of our

system risk management.

Source: ougaz.files.wordpress.com


53

4.2 REPUTATION RISK MANAGEMENT

Reputational risk is defined as the current or prospective risk to earnings and

capital arising from an adverse perception of financial institutions on the part

of existing and potential transactional stakeholders, i.e. clients, trading

counterparties, employees, suppliers, regulators/governmental bodies, and

investors.

Tangential stakeholders such as the media, NGOs, trade unions, competitors,

and the general public influence how the bank’s activities are perceived by

transactional stakeholders. All of a bank's activities and decisions can lead to

reputational risk, if they are perceived as controversial by the bank's

stakeholders.

Stakeholders’ Adverse Perceptions of the Bank's Activities Lead to

Reputational Risk

Source: www.garp.org

Reputational Risk Has a Bottom Line Financial Impact


54


Reputational Risk Framework



55

Most banks, but also other types of organizations such as insurance

companies, have reputational risk management processes in place. The

larger organizations have made their environmental and social criteria public

(at least partly), or have announced that they are withdrawing from specific

types of business / sectors.

Source: thumbs.dreamstime.com


56

4.3 INFORMATION SECURITY RISK MANAGEMENT

Source: www.esecuritytogo.com

Recent advances in IT have led to a rapid increase in and diversification of

information-processing environments and objectives, including the use of the

Bank's internal LAN and connection to the Internet. Therefore, strengthening

the management system to maintain information security against system

threats such as information leakage, unauthorized changes and destruction

of information is becoming extremely crucial.

To respond to these circumstances, the Bank formulated an Information

Security Policy as a basic policy on safety measures concerning the

protection of information assets (information and information systems). The

Bank has also formulated Information Security Standards as its specific

safety standards for information security.

In addition, in February 2005, the Bank formulated new Regulations on the

Handling of Personal Information and established a Privacy Policy (a

statement on protection of personal information), while seeking to further

reinforce its systems for adequately protecting personal information in line

with the enactment of the Personal Information Protection Act as of April 1,

2005.


57

CHAPTER 5

Minimum Capital

Requirement

Three Basic PillarsThree Basic Pillars

Supervisory

Review Process

Supervisory

Review Process

Market Discipline

Requirements

Market Discipline

Requirements

The New Basel Capital Accord


58

5.1 Banking Risks & Capital Accords

The extent of risk taken by a bank and the amount of capital required to be

maintained by the bank for such risk-taken is all about capital adequacy

standards. Prior to the implementation of the Basel’s first capital accord in

the beginning of the 1990s, there was no relationship between capital and

risk taking. Banking businesses, being one of the highly levered businesses,

is the significantly prone to stocks. Moreover, banking business is the

business of public confidence. If public confidence erodes, it becomes

difficult for a bank to be in business. Basel Committee, with a view to

protecting banks from vulnerabilities and to maintain financial stability,

recommended a minimum capital to risk-weighted assets ratio, thereby

limiting the risk exposure to availability of capital. Initially the capital accord

recognized only credit risk. Subsequently, the market risks also brought

under the capital accord. Recently in the Basel Accord-2, sweeping changes

have been suggested for the computation of capital adequacy as Basel

Accord-1 miserably failed to achieve its objectives of promoting safety and

soundness of the financial system. Apart from credit and market risks, the

operational risk would also require minimum capital to be maintained under

Basel Accord-II.

To achieve these objectives, Basel Committee proposed a three-pillared

framework as under:

Pillar 1: Minimum Capital Requirements: Under this, in the current accord, a

minimum capital has been prescribed to be maintained. To arrive at the

capital for various types of risks, a number of approaches, widely classified

as standardized approach, have been prescribed. The critical issues in the

internal approach in which the banks are free to develop their own approach

to measures risks, validating the internal approach and ensuring consistency

across banks.


59

Pillar 2: Supervisory Review Process: This puts responsibility on the bank

supervisor to ensure that bank follow rigorous processes, measure their risk

exposures correctly and maintain capital in accordance with risk exposure.

The recent initiatives of the RBI in the introduction of Risk Based Supervision

and Risk Based internal Audit are in conformity with this pillar.

Pillar 3: Market Discipline: This aims to strengthen the safety and soundness

of the banking system through better disclosure of risk exposure and capital

maintained. This is expected to help the market participants to better assess

the position of banks.

Source: comps.canstockphoto.com


60

5.2 Why Basel II?

The essence of Basel II is to manage the risk profitably and align the risks

undertaken/assumed by the bank to the economic capital of the bank.

The new accord is designed to introduce safety and soundness into the

banking system. Banks need to measure risk, diversify exposures and

manage risks in an optimum manner that fetches them adequate

compensation, improves bottom-line in the short-term and helps them to

maximize the stakeholders value in the long-run.

Banks have been compelled to review and overhaul the Risk Managements is

also emerging as an important business differentiator in the face of rapid

economic growth that is being witnessed in the global economy and is

capable of ensuring orderliness in the global financial scenario if

implemented properly. The keystone of Basel initiative is to achieve this

objective and to ensure that banks are not strapped for capital to cover the

risks they assume.

Basel II framework provides a methodology for transforming banks into

vibrant and stable entities in the globally competitive and dynamic financial

markets. It points towards RAPM (Risk Adjusted Performance Management)

methodology and RAROC (Risk Adjusted Return on Capital).

All the three pillars are intended to be equal in importance. The first pillar

echoes Basel I in terms of minimum prescriptive levels of regulatory capital,

across credit and market risks, but also introduces operational risk charges

for the first time. With increasing transactional complexities, multiplicity of

technology platforms and various product innovations, banks face a number

of operational risks which could affect their market reputation. Pillar II is

actually the next sieve for any of the risks not captured under Pillar I with a

Supervisory Review Process (SRP) designed for this. Pillar III brings into play


61

the importance of market driven disclosures to peers and other stakeholders.

As the saying goes, it is a “Risk Determined Code of Conduct”, signifying

among others, the status of the bank in terms of adoption of sophisticated

risk management practices.

Source: s3.amazonaws.com


62

5.3 Basel-II

A Need for Existence

The Indian Scenario

A feature, which is unique to our Indian financial system, is the diversity of its

composition. We have the dominance of government ownership coupled with

significant private shareholding in the public sector banks, which in turn

continue to have a dominate share in the total banking system. These public

sector banks, especially the new ones are continuously trying to be at par

with international standards and norms. We also have cooperative banks

whose numbers are large. There are Regional Rural Banks with links to their

parent commercial banks. The foreign banks operate profitably and have

uniform regulatory standards. Now banking has become a one-stop shop of

varied financial services.

In this scenario, Reserve Bank of India has been setting prudential norms in

convergence to international standard. India has to aim for global standards

across the banking sector in order to manage risk. This is the guiding

principle in Basel-II Accord.

In the annual policy statement in May this year, the RBI announced that Indian

banks should come out with a framework by the end of December 2006 for

migrating their standards of supervision, accountability and best practice

guidelines in line with the provision of the Basel-II Accord. Moreover, the

framework adopted by the banks must be adaptable to changes in business

size, market dynamics, and introduction of newer products in future.


63

To ensure that Indian banks must:

Make an in-depth analysis of the option available under Basel-II.

Adopt ‘standardized approach ‘for credit risk.

Adopt ‘basic indicator approach’ for operational risk.

Review the progress at quarterly intervals.

Install comprehensive and rigorous system to assess borrower’s risk.

Source: pbs.twimg.com


64

5.4 Issue in implementing Basel II by the Indian banking Industry

“Implementation OF Basel II is no longer a possibility, it is a certainty. Thus,

the Indian banking industry has to gear up towards it and ensure that it is

implemented well in time-or else the cost of being left behind will be too large

to bear”

The draft Basel II Accord has finally been accepted and is applicable to all

banks in member countries from January 1, 2007, and India is no exception.

In fact, India’s association with the Basel Committee on Banking Supervision

dates back to 1997 when it was among the 16 non-member countries that

were consulted in the drafting of the Basel Core Principles. Reserve Bank of

India (RBI) became a member of the Core Principle Liaison Group in 1998 and

subsequently became a member of the Core Principle Working Group on

capital. Within the CPWG, RBI had the privilege of leading a group of 6 major

non G-10 supervisors who presented a proposal on a simplified approach for

Base II to the committee.

The main addition or improvement fund in Basel II over Basel I is that it

recognizes both credit and operational risks apart from market risk as the

primary sources of risks and directs banks to allocate adequate amount of

capital for these types of risks. RBI’s approach to implementing the

prudential norms has been one of gradual convergence with international

best practices with appropriate adaptations. RBI wants to achieve this in a

phased manner through a consultative process evolved within the country.

RBI, in its annual policy statement in May 2004, had announced that banks in

India should examine, in depth, the option available under Basel II and draw a

road map by the end of December 2004 for migration to Basel II by December

2006, and review the progress made thereof at quarterly intervals. Further,

the RBI will be closely monitoring the progress made by the banks in this

direction. Hence, all banks in India, to begin with, will be directed to adopt the


65

Standardized Approach for Credit Risk and the Basic Indicator Approach for

Operational Risk. After adequate skills are developed, both in banks as well

as at the supervisory levels, some banks may be allowed to migrate to the

Integrated Risk Based (IRB) approach.

The regulatory initiatives taken by RBI towards implementing Basel II

include:

Ensuring that banks have a suitable risk management framework

oriented towards their requirements as dictated by the size and complexity of

their business, risk philosophy, market perceptions and expected level of

capital. The framework adopted by the banks has to be one that can be

adoptable to changes, if required.

Introduction of Risks Based Supervision (RBS) in 23 banks on pilot

basis.

Encouraging banks to formalize their Capital Adequacy Assessment

Program (CAAP) in alignment with their business plan and performance

budgeting systems.

Enhancing the area of disclosure, so as to have greater transparency,

of the financial position and the risk profit of the banks. The areas of greater

disclosure include capital ratios, profitability ratios, non-performing loans,

provision for non-performing loans, etc.

Improvement the level of corporate governance standards in banks.

Building capacity for ensuring the regulator’s ability to identify and

permit eligible banks for IRB/Advanced Measurement approach.


66

5.5 RBI Initiatives

RBI has initiatives concepts like:

Risk-Based Supervision (RBS) in 23 banks on pilot basis.

Encouraging banks to formulate Capital Adequacy Assessment

Program.

Improving corporate governance in banks.

RTGS System: Many Indian banks (11to be precise) are going in for

Real Time Gross Settlement (RTGS) system, e.g., ING Vysya Bank. This

system will allow the clients to transfer funds instantaneously across RTGS-

enabled Banks in India, thus putting their funds to better use because of a

quicker realization as compared to current instrument based fund transfers.

Also the bank can manage intraday liquidity effectives.

Nevertheless, there are many challenges that Indian banks faces by virtue of

its culture diversity and lack of infrastructure.

Source: environmentalrisk.org


67

5.6 Requirement for an Effective Risk Management System

The Basel Committee on Banking Supervision has set out the requirement for

an effective risk management system as under:

Well-informed board of directors and oversight of board

Capable management

Adequate risk management policies and processes

High quality MIS for risk management and

Appropriate staffing of the risk management function

The job of the board is to establish bank’s strategic direction and define risk

tolerances for various type of risk. The risk management policies and

standards need to be approved by the board. The senior management of the

board is responsible for implementation, integrity and maintenance of the risk

management system.

Source: s3.amazonaws.com


68

CHAPTER 6

6.1 Challenges

The Indian financial system, the banking system in particular, is vastly

diverse. There is a simultaneous existence of the huge government

ownership along with significant private shareholders in public sector banks,

which have a huge presence in total banking system. Apart from the public

sector banks there are the relatively new private sector banks-most of which

are multinationals. There are also many Co-operative Banks and the Regional

Rural Banks and branches of foreign banks (these branches are, by and

large, hugely profitable operations for the present banks). The process of

providing financial services is also changing rapidly from traditional banking

to a one-stop shop of varied financial services, and the old institutional

demarcations are increasingly getting blurred.

To implement Basel II norms in India, the following challenges are envisaged:

Implementation of Basel II Accord, especially the IRB approach, will be

a major challenge as banks will have to substantially upgrade their

information system, risk management systems as well as technical skills of

the staff.

In terms of operational risk, the banks will have to prioritize risk control

among different business lines. Given the complexities and data

requirements, may banks will be compelled to use the standardized

Approach, which means that the capital charge for operational risk will only

be an add-on to the overall capital.

The issue of credit rating has to be streamlined. Though there are a few

players in the credit rating arena in India, the credit rating methodology used

by these agencies need to be strengthened and applied universally. Also,

encouraging the ratings of issuers could turn out to be a challenge.


69

Basel II allows the supervisor to prescribe higher minimum capital

levels for banks for, amongst other things, interest rate in the banking book

and concentration of risk exposures. RBI has already initiated action to

identify these issues in banks. But given the huge magnitude of this task in

the Indian context, the task is, at a very last, daunting.

Issues of cross-border capital have to be sorted out-this will

particularly affect foreign banks (currently foreign banks are statutorily

required to be maintain local capital).

o Note that this list of challenges is not exhaustive, but in all likelihood

refers to the major challenges that would need to be addressed in the

process of implementation of Basel II.

Source: sameerdhanrajani.files.wordpress.com


70

6.2 Impact

RBI in various documents has pointed out that Basel II will involve a shift from

direct supervisory focus to implementation issues, and that banks and

supervisors will be required to invest large resources in upgrading

technology and human resources to meet the minimum standards. Assuming

that banks and supervisors can switch over to the Basel II norms without a

problem, Indian banks, especially the public sector banks, will become more

efficient and globally competitive.

Implementation of Basel II will, in general, lead to decrease in the required

capital with respect to operational risks. However, in India, several factors

may raise the required capital even for credit risks (one example to this effect

could be the use of real estate as collateral for loans attracting a 150% risk

weight on non-performing loans). On the contrary, a 75% risk weight on retail

lending to SMEs and a 35% risk weight on home loans might lead to some

reduction in the capital requirements.

As per Basel II, the bulk of the borrowers in the Indian market fall in the

speculative grade-this might cause a dramatic rise in the debt costs and

heightened cyclicality of bank credit. Augmenting the capital requirements of

the banks could have adverse impact on the credit portfolios of the banking

sectors.

Another issue could be the introduction of the Economic Capital Based (ECB)

models to help banks in capital budgeting, deal pricing and performance

management in a “risk adjusted” framework. Though this will be a useful tool,

it would require banks and supervisors to understand the two elements of

economic capital assessment; namely:

Calculation of aggregate economic capital across all sources of risk.


71

Allocation of capital to individual business units or profit centers on a

risk-efficient basis.

These are some of the major impacts that are going to be felt by all the banks

including the RBI in implementing Basel II. However, there is no doubt that a

successful implementation of Basel II will ensure that the banks would benefit

from the economic capital framework. IT will further provide the banks with a

platform to develop models for managing their business efficiently and

complete with the more sophisticated players. It will also help banks learn to

use their capital in the most efficient manner, which will definitely be the key

to survival in a global, unconstrained and ruthless environment in the

financial service sector.

Source: trauma.massey.ac.nz


72

6.3 Improved Risk Management (RM) Process

Basel II is normally seen largely as a compliance driven issue and only a small

number of banks have fully exploited business efficiency and integrity. In fact,

Base II affords a good opportunity to undertake a thorough review of RM

processes and consolidated them. While implementing to comply, we can

implement to gain. We can implement for reduced overall cost, increased

RAROC and improved decision-making process. It also helps build a

transparent corporate accountability and enables management of risk in

accordance with the risk appetite enabling economic capital saving, a

precursor to development of integrated risk management capability across

the bank. It creates an increased level of transparency around disclosure of

risk. Hence, banks need to use the opportunity to implement effective RM

system to achieve competitive efficiency.

As Basel II helps banks differentiate customers by risk, advantages and

disadvantages are likely to accrue for bank customers.

Those with possible advantage:

Prime customer

Well-rated entities.

Small and medium- sized business.

High-quality liquidity portfolios.

Collateralized and hedged exposures

Low credit and operational loss exposures.

Strong risk management processes.

Those with possible disadvantages:

Higher credit risk individuals.

Uncollateralized credit.

Specialized lending (in some cases).

High historical credit and operational loss experience.

Weak risk management processes.


73

6.4 Challenges Ahead

Infrastructure

In a recent survey conducted by the Federation of Indian Chambers of

Commerce and Industry (FICCI), 55% of the respondents’ claims that Indian

banks lack adequate preparedness to be able to confirm to the Basel-II

provision by 2006. Whereas, 50% of public sector banks have expressed their

preparedness in meeting these guidelines, only 25% of the old and new

private sector and foreign banks are likely to be ready to meet them by 2006.

According to the survey, concerns of the Indian banks in implementing these

norms are:

51.6% said due to low levels of computerization,

87% said due to absence of robust internal credit rating mechanism,

80.6% said due to lack a strong management information system,

And 58% said due to the lack of sufficient training and education to

reach the levels to conform to the provision of Basel-II.

Source: bocahbancar.files.wordpress.com


74

6.5 Effect on Indian Banks

State Bank of India, Bank of Baroda, and Bank of India

Vivek Srivastava, senior bank analyst at Fitch Ratings, Mumbai, is more

skeptical. Collecting the necessary data is going to take some time, he says.

So far, the RBI has told only the internationally active banks that they to be

ready to comply with Basel-II from the outset. And, there are only about three

banks that fall into this category, even loosely defined: The State Bank of

India, Bank of Baroda, and Bank of India (all public sector banks). These

banks will probably adopt the standardized approach to credit risk

management he says.

In addition, some of the progressive new generation of private sector banks,

which have the most advanced technology platforms because they entered

the business late, will also want to apply the new Accord from the outset.

HDFC Bank

This is confirmed by Paresh Sukthankar, head of credit and market risk, at

HDFC Bank, one of the largest of the new generation of private sector (it is

eight years old). Fully automated and growing at an annual compound rate of

20-25%, HDFC Bank has had a grading model in a place to rate its corporate

portfolio for some time. Sukthankar says he is still waiting for final guidelines

from the RBI, buts expects that banks will initially be required to adopt the

standardized approach for credit risk, with a more advanced approach being

introduced a year or two later. “We will be at the forefront in implementing the

new guidelines as they are rolled out by the central bank,” he says.

ABN AMRO

ABN AMRO has decided to adopt the A-IRB approach, under the new accord,

for calculating the minimum capital required against its credit risk, reveals

Jan Sijbrand in the interview with GRR. But the bank has not yet decided


75

whether it would adopt the AMA approach for operational risk. If it does not,

this could raise difficulties over its regulation in the US.

Adopting the A-IRB means that the bank will attract “seriously lower” capital

charge on its mortgage retail business-its main strength in the US mid-west –

than its local competitors, who will face the higher capital charges

associated with Basel-I.

CITIGROUP

Citigroup will be on the advanced approach for all risk types. It planes to run

parallels of Base-II from 2006 onwards and go live from 2007. This will give it

a strategic edge by reaping advantages through the “learning curve”

throughout 2006. From data collection and implementation standpoint, it will

be more challenging for Citigroup, given over 50% of Citigroup’s exposures

reside outside of the US. Citigroup will be the most complex Basel-II

implementation in the world.


76

CHAPTER 7

7.1 From Risk Management to Value Management

The subject of finance suggests that the ultimate objective of commercially

oriented enterprise is ‘shareholder wealth maximization’. This means that all

the decisions should be towards maximizing the market the value of equity

shares traded in the market in the long run. Accounting measures of

performance evaluation such as Net Profit Margin, Return on Assets, Return

on Equity, Earnings per Share, etc. are at best useless as they are only return

measures. They do not consider the actual risk taken to earn the return

earned. The measures of shareholder wealth maximization, broadly called as

SWM measures, consider both the return and risk in its framework and are

superior to the accounting measures in a number of ways.

The following description explains the relationship between the expected

return, actual return and addition to shareholder wealth in a given time

period:

AR > ER: Addition to existing wealth of shareholders

AR < ER: Destruction of existing wealth of shareholders

AR = ER: Maintenance of existing wealth of shareholders

Where, AR = Actual rate of return on shareholders’ capitals

ER = Expected Rate of Return on shareholders’ capitals

As it can be seen, wealth maximization takes place only when the actual

return is higher than the expected return. Actual return for this purpose is an

economic measure, not an accounting measure. The term ‘expected return’

denotes the rate of return expected by the shareholders for the level of risk

they are exposed to in their investment. There are a number of approaches to

estimating the expected return such as Capital Asset Pricing Model (CAPM),

Arbitrage Pricing Theory (APT), etc.


77

There has been a shift gradually from accounting based measures to SWM

measures in many industries. Banking is not an exception to this. The most

popular SWM measure in the banking industry is Risk Adjusted Return On

Capital (RAROC) and its variants. RAROC has its numerator the return earned

and capital allocated in its denominator. Given the importance of SWM

measures, the traditional control oriented risk management system should

have pave the way for value based risk management system. In order to

achieve this, the two steps need to be added to the existing list of steps in risk

management:

1. Capital Allocation: Under this step, activities of a blank would be

broken down to various major businesses, retail banking, corporate banking,

government business, proprietary trading, etc. Each one can be viewed as a

Strategic Business Unit (SBU) with targets of return performance. Each one

of the SBUs is allocated a portion of the bank’s equity capital. The allocation

of capital is based on the contribution of each SBU to various risk of the bank.

Higher the contribution of an SBU to the risk of the bank, higher will be the

capital allocated.

2. Risk-adjusted Performance Measurement: Having allocated capital to

each SBU commensurate with its contribution to the overall risk of the bank,

a target return on the capital allocated needs to be set. The question of

whether the target returns to be achieved by each SBU dependent upon risk

contribution is the most contentious issue occupying the attention of the risk

management community.

Source: www.gvm.net.au


78

7.2 Integration of Risks Leading to EWRM System:

Source: www.pwc.com.au

Enterprise-wide risk management (EWRM) is defined as a structured,

consistent and continuous process across the whole organization for

identifying, assessing, deciding on responses to and reporting on

opportunities and threats that affect the achievement of its objectives.

Institutions are finding that they need to manage risk in a more proactive way

to avoid losses and gain advantage in an increasingly competitive

environment.

The traditional approach to risk management, driven largely by regulatory

pressure and the desire to avoid losses, is no longer considered


79

sufficient. Quit recently, risks were, managed on a departmental basis, eg by

the H&S department or the Financial department. These departments then

focused mainly on policies, procedures, methodologies and systems and

separately on operational management, financial control and financial risk

management.

A gap occurred in terms of sharing of information throughout the

organization, and applying risk management principles to the management

practices of the company. EWRM should identify how the organization as a

whole could be affected by risks and what actions should be taken to avoid

major losses.

Enterprise Risk Management Value

Effective and efficient structures to govern and oversee the

organization and achieve the strategy creating synergies between different

risk management activities.

Increased risk awareness which facilitates better operational and

strategic decision-making.

Ensuring that risk-taking decisions across the organization are within

and aligned to the nature and level of risk that stakeholders in the

organization are willing to take.

More informed/risk-based decision-making.

Each one of the risk is interrelated to the other. It has been observed that

one type of risk can transfer itself into some other type, if not managed

properly thereby causing losses to the bank. For example, it has been

generally observed that when interest rate go up in the economy, the credit

risk also increases as increase in the interest rates on loan increases the

burden of the borrower to pay. Similarly, the market risk and liquidity risk are

highly interrelated. It has been witnessed that when the markets crash, the

liquidity of the traded securities in the market dries up drastically. The recent

example in the Indian market highlighting the interrelationship between


80

operational risk and market risk (of adverse price change) was the fall in the

market value of ONGC stocks when wrong allotments were made due to error

in the software used by the registrar of the issue.

When risk are interrelated strongly, managing each one of them under a ‘silo’

approach can leads to losing the focus on interrelationship as each one the

risk management function would be concentrating only on a particular risk.

To prevent this leakage, RBI has suggested that the banks should move

towards an integrated risk management system in which the mentioned

interrelationships are analyzed prior to ascertaining the impact of risk. The

current risk management practices under the ‘silo’ approach do not pave the

way for identifying the tool. This means that there is a need for a thorough

overhauling of the entire risk management system rather than merely making

cosmetic changes to the existing system.

Source: www.amicuscompliance.co.uk


81

7.3 Technology and Risk Management

Technology can be very effectively employed in measurement and

management of various risks in banks.

‘Liquidity risk’ can be controlled by proper deployment of technology for

centralized operations with networking of branches, payment system

reforms, implementation of technology-oriented schemes like electronic

clearing services, electronic fund transfer, real-time gross settlement

systems, centralized fund management systems, public debt office

negotiated dealing system etc. measures which can mitigate ‘credit risk’

include analysis of industry data, software-based preventive monitoring

system for borrower accounts, straight through processing, implementation

of know your customer guidelines of RBI etc.

‘Product/Services risk’ can be controlled by proper customer relationship

management, implementing data warehousing and data mining, proper

market analysis, emphasis on proper deployment of delivery channels.

Technology has a major role in deployment of product and services.


82

CASE STUDY

I.Northern Rock

Northern Rock emerged as an important player in UK mortgage lending

following its creation from a merger of two mutual building societies in the

1960s and subsequent demutualization in October 1997. It grew rapidly from

around £ 15 bill assets after demutualization to £ 100 bill assets in 2006. It

had 8% of the mortgage market and 2% of £ bank deposits in 2007, and it sold

19% of all new home mortgages in the UK in the first half of 2007. It focused

on home mortgage lending, using an “originate to distribute” model, whereby

mortgages originated would be securitized and sold into wholesale markets.

It was an “aggressive” lender providing high loan to valuation loans. Retail

deposits were just over 20% of total assets.

Source: www.apec.org.au

Total equity (including subordinated notes) was £ 3,382 mill. Total assets of £

113,503 mill comprised £96,659 mill of advances, of which around £50,000

mill were securitized (although included on the consolidated balance sheet –

due to residual exposure) and the rest either funded directly on balance sheet

or by way of covered bonds. 1 Early in 2007, Northern Rock received

approval from the FSA to use the internal ratings based approach for

calculation of capital adequacy requirements.

In August 2007, interbank loan interest rates and wholesale market rates

increased substantially.


83

“It should be recognized that the key dependency for Northern Rock was not

its use of wholesale funding per se. In terms of its net short term wholesale

funding to balance sheet asset ratio it was not a significant outlier in relation

to other UK banks. Rather, its key dependency was its use of securitization;

its securitization product was a simple one, based on high quality assets. The

market disruption did not affect Northern Rock's existing securitizations, but

the market for new securitizations had largely closed. Neither did the market

disruption lead to a cessation of Northern Rock's wholesale funding, but

rather to a shortening of its duration and an increase in its price. The

combination of these factors led the Northern Rock Board to seek assurance

that contingency funding from the Bank of England would be available. The

large retail outflows in mid-September led to a significant and sudden

deterioration in Northern Rock's liquidity and required it to draw on the Bank

of England facility. So it is clear that a combination of circumstances led to

the position which Northern Rock is now in, rather than any single event.”

http://www.fsa.gov.uk/pubs/other/tsc.pdf 5 Oct, 2007.

Options identified for dealing with Northern Rock’s funding difficulties

included (a) Northern Rock’s own dealings in short term money markets (b)

arranging takeover by a larger player (c) accessing liquidity support facilities

from the government.

Source: m.ft-static.com


84

Source: im.ft-static.com

Retail depositors “ran” on the bank on Sept 14, 2007. The UK authorities had

announced a liquidity support package, but not assured depositors that their

funds were safe, relying on a deposit insurance scheme which fully

guaranteed GBP 2,000 plus 90% of the next 33,000 of deposits. The Tripartite

(Treasury, Bank of England, FSA) statement said “The FSA judges that

Northern Rock is solvent, exceeds its regulatory capital requirement and has

a good quality loan book.” On September 17, the UK government announced

a complete guarantee of deposits in Northern Rock.

The CEO of the FSA commented in October that “In terms of the probability of

this organization getting into difficulty, we had it as a low probability.”


85

On February 17th, 2008 the government announced plans to nationalize the

bank following the failure of alternative private sector takeover proposals to

be approved.

Extracts from the FSA Summary (26 Mar 08) of its Internal Audit of its

supervision of Northern Rock

From early August 2007, conditions in credit markets deteriorated and

Northern Rock experienced increasing difficulty in securing wholesale

market funding. From 9-August, the FSA took part in daily discussions with

the other tripartite authorities to discuss the latest market conditions. The

significance of 9 August, therefore, is that it was the start 2 of what can be

termed ‘the crisis period’. The scope of this review excludes the crisis period.

The extent of the market disruption that occurred in the crisis period –

to wholesale funding markets, including securitization markets – was

generally not foreseen by commentators. It was the crystallization of a low

probability, high impact risk. It prompted the need for Northern Rock to seek

emergency liquidity assistance from the Bank of England; ultimately, it

prompted the run on Northern Rock’s retail deposits.

In April 2004, the FSA effected a major re-organization,

From the start of our review period to June 2006, Northern Rock was

supervised in a department whose primary responsibility was for insurance

groups. Between June 2006 and February 2007, Northern Rock was

supervised by a team which had responsibility for one other group – an

insurance group. From February 2007 to the end of the review period, it was

supervised with deposit-taking peers. As a consequence of these moves,

Northern Rock was the responsibility of three heads.

[The supervisory process (review held at 20 Feb 2006)] included an

overview of the firm’s strategy and business, its principal activities, capital


86

and liquidity positions, and nature of funding, as well as a summary of

management and of the control environment. We were unable to assess the

content of the analysis alongside what key Northern Rock executives and the

external auditors had contributed during the discovery work because,

contrary to ARROW I and ARROW II standard practice, formal records of key

meetings were not prepared

[No developed Financial Analysis was provided to the supervisory

team]. Comparison would have shown Northern Rock, relative to its peers, as

having a high public target for asset growth (15-25% year-on-year) and for

profit growth; a low net interest margin; a low cost; income ratio; and

relatively high reliance on wholesale funding and securitization.

[Decided] not to issue a Risk Mitigation Programme (RMP), …

lengthening the supervisory period to 36 months, from the 24 months

proposed … against a backdrop of the FSA’s publicly stated objective that

‘we should create incentives for firms to do the right thing in return for a

regulatory dividend – that is less regulatory intervention’3 where the FSA

judged that their behavior (including in their regulatory relationship) and the

quality of their management, merited it.

Issues that would be addressed in its Close and Continuous (C&C)

supervision. These included: the viability of the firm’s strategy in the

prevailing market conditions, and the firm’s capacity to deliver its strategic

objectives whilst ensuring that its credit risk profile remained consistent with

its risk appetite; that its access to funding, particularly through

securitization, was maintained; the adequacy of its stress-testing; on-going

developments of the firm’s risk management framework, particularly with

respect to Basel; the operational risks arising from its rapid pace of growth;

and the mitigation of the internal and external risks associated with the

impending retirement of the Finance Director.


87

The Panel process resulted in a number of the key risks – among them

the viability of the firm’s strategy, including its need to maintain its access to

funding, particularly through securitization – being drawn out for the

supervisory team to pursue;

Those risks were not effectively pursued by the supervisory team in

line with Northern Rock’s increasing business risk profile and control

framework;

The lack of formal risk re-assessment, of recording of issues in IRM and

of escalation of the risks which emerged during the supervisory period meant

that there was no trigger to re-assess the level of supervisory resource nor to

increase FSA management scrutiny;

The FSA’s approach to liquidity reflected a presumption that, in the

event of a crisis like that experienced in August 2007, general market liquidity

provided by the Bank of England would be increased and, in extremis,

liquidity would be provided for systemically important institutions.

II. The Dearth of Ethics and the Death of Lehman Brothers

History and Facts

Many believe the beginning of the end for Lehman Brothers was when

Washington repealed the Glass-Steagall Act. This landmark legislation from

the Great Depression separated the interests of commercial and investment


88

banks, preventing them from competing against each other (2) and protecting

their balance sheets by allowing each sector to focus on the business and

transactions that it did best. For investment banks, that typically meant highly

liquid, asset-light portfolios, leaving commercial banks to handle capital-

intensive portfolios, including real estate or corporate investments.

Additionally, the act insulated the economy from mass collapse in the event of

one sector’s failure by preventing the other from being dragged down in tow.

But in 1999, President Clinton signed the Gramm-Leach-Bliley Act into law,

allowing commercial and investment banks to compete head-to-head for the

first time in 60 years (2). The arms race that ensued would prove disastrous

for Lehman Brothers, the financial community, and the global economy at

large.

With the repeal of Glass-Steagall, Lehman Brothers became a key player in

the United States housing boom. From 2004 to 2006, Lehman Brothers

experienced a 56 percent surge in revenues from real estate businesses

alone (1). The firm recognized profits from 2005 to 2006, and in 2007 it

reported a record net income of $4.2 billion on revenues of $19.3 billion. In

the same year, Lehman Brothers’ stock reached an all-time high of $86.18 per

share, giving it a market capitalization close to $60 billion (1). This proved

exceptional to the surrounding climate, however, and the housing market

began to show signs of a pending bubble burst.

In March 2007, the stock market experienced its biggest single-day plunge in

five years, while the number of mortgage defaults simultaneously rose to the

highest percentage in almost a decade. Bear Stearns, Lehman Brothers’

most comparable Wall Street rival, experienced the total failure of two hedge

funds in August. Despite rapidly deteriorating marketing conditions, Lehman

Brothers continued writing mortgage-backed securities and touting its

financial strength to the press and shareholders while decrying the notion

that domestic and global economies were in danger. Meanwhile, its

operations were reckless, as illustrated by its $11.9 billion in tangible equity

and $308.5 billion in tangible assets on balance sheets in 2003 that yielded a

leverage ratio of 26 to 1. Four years later, its $20 billion in tangible equity and


89

$782 billion in tangible assets sent its leverage ratio skyrocketing to 39 to 1

(4). Even with storms brewing in every direction, Lehman Brothers failed to

trim its portfolio of high-risk, illiquid assets, and when crisis erupted in 2007,

Lehman Brothers had missed its chance. Instead of acknowledging this

misstep, executives took internal action to preserve a rosy façade.

Source: anticap.files.wordpress.com

By means of deliberate accounting sleight-of-hand, concealment, and

communication of misleading information, until 2008 Lehman Brothers

maintained the appearance of underdog success to the investment

community. The primary means by which Lehman Brothers disguised its

distress was through implementation of what was known to insiders as “Repo

105.” This legal but shady accounting device helped create favorable net

leverage and liquidity measures on the balance sheet, which was key for

credit rating agencies and consumer confidence. By utilizing Repo 105,

Lehman Brothers raised cash by selling assets to a behind-the-scenes

phantom company called Hudson Castle, which appeared to be an

independently run organization but was actually controlled by Lehman

Brothers executives. In accordance with Repo 105 terms, assets were sold to

Hudson Castle and repurchased between one and three days later (3).

Because the assets were valued at 105 percent of the cash received, GAPP


90

accounting rules allowed the transactions to be treated as sales, thus

removing the assets from Lehman Brothers’ balance sheet altogether.

Under the direction of Chief Financial Officer Erin Callan and the certification

of Chief Executive Officer Richard S. Fuld, Jr., Lehman Brothers applied this

technique at the end of the first and second fiscal quarters of 2008 to transfer

a combined total of $100 billion, amending its leverage ratio from 13.9 to a far

more favorable 12.1. Thanks to creative accounting and clever public

relations, Lehman Brothers was able to report a positive view of its net

leverage, including a $60 billion reduction in net assets on the balance sheets

and a deep liquidity pool. Each of these quarterly balance sheet spins was

intended to offset the effect of announcing — for the first time in years — a

loss of $2.8 billion from write-downs on assets, decreased revenues, and

losses on hedges (1). Application of Repo 105 allowed Lehman Brothers to

avoid having to report selling assets at a loss.

During the bankruptcy investigation, the company’s global finance controller

admitted that, “there was no substance to [Repo 105] transactions (5).” Fuld,

Callan, and their respective teams concealed the use of this tactic from

ratings agencies, investors, and the board of directors. The one party in on

the scheme was Ernst & Young, Lehman Brothers’ audit firm, which failed to

alert either internal or external parties to the manipulation that was taking

place, even when explicitly questioned. They could not maintain the illusion

for long, however, and in September 2008, Lehman Brothers’ situation finally

came to a head.


91

Source: media.cagle.com

On September 10, 2008, just three months after reporting second-quarter

successes, Lehman Brothers announced that its supposedly robust liquidity

amounted to approximately $40 billion, but only $2 billion constituted assets

that could be readily monetized. The remainder was tied up on so-called

“comfort deposits” with various clearing banks, and though the firm

technically had the right to recall said deposits, the validity of Lehman

Brothers’ work with these institutions was questionable at best (2). By

August, the deposits had been converted into actual pledges.

A few months prior, Fuld began coming to terms with Lehman Brothers’

negative outlook. In a last-ditch effort, he made a public offering that yielded

$6 billion in new capital for the firm. However, by the by the time third fiscal

quarter financial statements were due, Lehman Brothers was projecting

additional losses of $3.9 billion. Its stock price had plummeted to $3.65 per

share, a 94 percent decrease from January 2008. Fuld announced a plan to

spin off the majority of the company’s real estate holdings into a new public

company, but there were no prospective buyers (Holdings, Inc.). On Sept. 13,

the United States Treasury made it clear that Lehman Brothers would not be


92

the recipient of bailout money. Instead, a number of financial institutions,

including Barclays and Bank of America, were being encouraged to acquire

the faltering company, invigorate it with much-needed capital, and bring it

back from the edge of collapse (3). Each potential acquirer declined. On Sept.

15, 2008, Fuld admitted defeat and finally heeded private advice from

Treasury Secretary Henry Paulson, Jr. At 1:45 a.m., he filed for Chapter 11

bankruptcy protection, just before the opening of Asian markets (1).

Source: s.wsj.net

In the days following the largest bankruptcy filing in United States history, the

American market experienced a shock unlike any it had felt since the Great

Depression. When the domestic stock market opened on Sept. 15, the Dow

Jones dropped 504 points. The following day, Barclays agreed to buy Lehman

Brothers’ United States capital markets division for the bargain price of $1.75

billion. Meanwhile, insurance giant AIG was on the verge of total collapse,

forcing the federal government to step in with a financial bailout package that

ultimately cost $182 billion (3). On Sept. 16, the Primary Fund announced that

due to its Lehman Brothers exposure, its price had plummeted to less than $1

per share. The ripple effect of Lehman Brothers’ failure was widespread,

giving rise to a confidence crisis in global banks and hedge funds. Credit


93

markets froze, forcing international governments to step in and attempt to

ease concerns. Domestically, this resulted in the controversial passage of the

Trouble Asset Relief Program, a $700 billion federal rescue aid package, on

Oct. 3, 2008 (5).

Source: www.telegraph.co.uk

Ethical Issues Examined

So what went wrong? The collapse of Lehman Brothers was not the result of a

single lapse in ethical judgment committed by one misguided employee. It

would have been nearly impossible for an isolated incident to bring the Wall

Street giant to its knees, especially after it successfully withstood so many

historical trials.

Instead its demise was the cumulative effect of a number of missteps

perpetrated by several individuals and parties. These offenses can be

categorized into three acts: Lies told by Chief Executive Officer Richard Fuld;

concealment endorsed by Chief Financial Officer Erin Callan; and negligence

on behalf of Ernst & Young.

Three Wrongs

1. When the housing marketing began faltering in 2007, Fuld was

entrenched in a highly aggressive and leveraged business model, not unlike

many other Wall Street players at the time. Unlike the competitors, a few of

whom had the foresight to identify the pending collapse and evaluate possible


94

consequences of mortgage defaults, Fuld did not rethink his strategy. Instead

he proceeded into mortgage-backed security investments, continuously

increasing Lehman Brothers’ asset portfolio to one of unreasonably high risk

given market conditions. In short, he was obstinate, but when the time came

to recognize his error, he did not assume responsibility or admit wrongdoing.

Fuld had an opportunity in 2007 to voice concerns about his bank’s short-

term financial health and its heavy involvement in risky loans, and he

squandered it in favor of communicating to investors and Wall Street that no

foreseeable concerns existed. Had he been truthful, more competitive

solutions — along with the benefit of time — would have been available, likely

helping prevent or minimize the financial hemorrhage that loomed on the

horizon. For example, commercial banks, such as Barclays and Bank of

America, which were approached for a snap acquisition decision, would have

had more time to evaluate whether the move would complement their long-

term strategies. They also would have had more time and opportunity to

resuscitate Lehman Brothers than they did a few quarters down the road.

Additionally, while the immediate effects of admitting a shaky outlook would

have been negative, two repercussions must be considered. First, large

capital investors would have been appreciative of the transparency, and after

getting past the initial shock, they would have taken action to get the bank

back on track. Second, had the general public — including the federal

government — been aware of the situation and the actionable measures

being taken to rectify it, more intellectual and financial aid would have been

available to minimize losses and potentially avoid total collapse. This was not

the case, however, and by choosing to paint an unrealistically optimistic

picture of Lehman Brothers’ financial situation, Fuld forfeited the opportunity

to take advantage of various solutions that would have cut the company’s

losses. Had he acted more prudently, Lehman Brothers’ story may have

ended differently.

2. The second ethical lapse, which was perhaps the most premeditated

and fundamentally wrong, was Callan’s approval of siphoning assets away


95

from Lehman Brothers accounts and into Hudson Castle, the phantom

subsidiary created for the benefit of its parent company’s balance sheet. This

blatant misrepresentation of financial health, perpetrated through the

employment of Repo 105, was an attempt to grossly manipulate the bank’s

many stakeholders and also clearly indicative of a much bigger problem.

Even more telling is the fact that this technique was used in two consecutive

quarters.

Various documents examining the collapse of Lehman Brothers, including

congressional testimonies and investigative reports, confirm that the purpose

of Repo 105 was not to diminish earnings for tax benefits or similar effects.

Instead, moving assets away from the balance sheet was intended to create

the illusion of a company that was stable and secure. Had Lehman Brothers’

executive team been capable of managing the issue, this tactic would have

been a temporary stay until reorganizational measures were taken and

accurate statement releases could be resumed. Instead, for six consecutive

months, the bank’s leverage was so dangerously high that it had no choice

but to intentionally mislead its shareholders if it hoped to maintain any

semblance of confidence in its operation. As with Fuld’s decision to lie about

the company’s state of affairs, Lehman Brothers would have been better

served by fully and accurately disclosing the details of its finances. With the

benefit of credibility and time to strategize, the likelihood of receiving much-

needed aid would have been far greater.

3. Finally, Ernst & Young, the only third party privy to the happenings at

Lehman Brothers, failed to reveal the extensive steps taken by executive

leadership to conceal financial problems. As a firm of certified public

accountants expected to honor and uphold an industry-wide code of ethics,

Ernst & Young may be accused of being responsible for gross negligence and

lack of corporate responsibility. Why would such a highly respected

organization risk its own reputation and turn a blind eye on behavior that is

clearly unethical? Obviously Lehman Brothers was a sizeable (and

presumably lucrative) client of the firm. But past scandals involving


96

questionable accounting observances, such as Enron, have demonstrated

firsthand that inaction is as equally reprehensible as direct involvement in the

scheme itself. More than just a paycheck was at risk, and failure to act

successfully discredited Ernst & Young on the basis of ethical and industry

standards.

As an accounting firm, Ernst & Young is charged with certifying that

companies deliver accurate and reliable information to shareholders. In this

regard, Ernst & Young failed completely, as executives were aware of behind-

the-scenes bookkeeping and the extent to which it was occurring. In this

situation, concern for ethical behavior was of minimal or nonexistent

concern. Therefore, the company’s shareholders were deliberately deceived

for the purpose of preserving a paycheck, and in that regard, the team of

accountants who chose not to act disappointed more than just their company;

they let down the entire industry and each of the right-minded professionals

within it.

The story of Lehman Brothers’ demise is unfortunate, and not just because its

collapse meant the end of a Wall Street institution. The real tragedy lies in the

lack of ethical behavior of its executives and professional advisors. They

made conscious decisions to deceive and manipulate, and the consequences

proved too dire to preserve the historic investment bank’s existence.

The perennial lesson of the Lehman Brothers case is that no matter how dire

the circumstances may appear, transparency and accountability are

paramount. Right action up front may sting initially, but as history has

repeatedly shown, gross unethical business practices rarely endure in the

long term. A global financial crisis such as that of 2008 may not be prevented

from happening again. What can be improved, in large measure through

ethics education, is how corporations behave. Wall Street should take note of

the case of Lehman Brothers to ensure history does not find a way to repeat

itself.


97

Newspaper Article:

Source: asset.tovima.gr

Source: resources1.news.com.au


98

CONCLUSION

The objective of risk management is not to prohibit or prevent risk taking, but

to ensure that the risks are consciously taken with full knowledge, clear

purpose and understanding so that it can be measured and mitigated. The

purpose of managing risk is to prevent an institution from suffering

unacceptable loss causing an institution to fail or materially damage its

competitive position. Functions of risk management should actually be bank

specific dictated by the size and quality of balance sheet, complexity of

functions, technical / professional manpower and the status of MIS in place in

the bank. They may not be one-size-fits-all risk management module for all the

banks to be made applicable uniformly.

As in the international practice, a committee approach may be adopted to

manage various risks. Risk Management Committee, Credit Policy

Committee, Asset Liability Management Committee, etc., are such committee

that handles the risk management aspects. To the extent the bank can take

risk more consciously, anticipates adverse changes and hedges accordingly,

it becomes a source of competitive advantage, as it can offer its products at a

better price than its competitors. What can be measured can also be

managed. It should be clearly understood that risk mitigation is more

important than capital allocation against inadequate risk management

system.

The effectiveness of risk measurement depends on efficient Management

Information System, computerization and networking of the branch activities.

An objective and reliable data base has to be built up for which bank has to

analyze its own past performance data relating to loan defaults, trading

losses, operational losses etc., and come out with benchmarks so as to

prepare themselves for the future risk management activities.


99

BIBILOGRAPHY

BOOKS REFERRED o RISK MANAGEMENT – S.B. VERMA

MAGAZINES

o INSTITUTE AND FACULTY OF ACTUARIES,UK

NEWSPAPERS

o ECONOMICS TIMES

o FINANCIAL TIMES

o WALL STREET JOURNALS


100

WEBILOGRAPHY

http://www.communitybankeruniversity.com/CBU/managing-

commercial-credit-risk

http://web.worldbank.org/external/default/main?theSitePK=3985219&p

iPK=64143448&pagePK=64143534&menuPK=64143504&contentMDK=20191

686

https://technet.microsoft.com/en-us/library/cc535304.aspx

http://www.investopedia.com/terms/t/transferofrisk.asp

http://www.garp.org/media/1106495/reputationalriskmanagement_raul

manjarin_112712.pdf

http://christelfouche.com/ewrm-explained/

http://www.pwc.com.au/consulting/risk-

controls/management/enterprise-wide-risk-mgt.htm

http://lexicon.ft.com/Term?term=risk-management

http://www.investinganswers.com/financial-

dictionary/optionsderivatives/interest-rate-swap-2252

http://stcipd.com/interestrate1.aspx

http://sevenpillarsinstitute.org/case-studies/the-dearth-of-ethics-and-

the-death-of-lehman-brothers

https://www.imf.org/external/np/fin/data/rms_mth.aspx?SelectDate=20

15-09-30&reportType=REP

Risk Management in Banks

Documents