Académique Documents
Professionnel Documents
Culture Documents
In the course of their operations, banks are invariably faced with different
types of risks that may have a potentially negative effect on their
business. Risk management in bank operations includes risk
identification, measurement and assessment, and its objective is to
minimize negative effects risks can have on the financial result and
capital of a bank. Banks are therefore required to form a special
organizational unit in charge of risk management. Also, they are requ ired
to prescribe procedures for risk identification, measurement and
assessment, as well as procedures for risk management.
Liquidity risk is the risk of negative effects on the financial result and
capital of the bank caused by the banks inability to meet all its due
obligations.
Credit risk is the risk of negative effects on the financial result and
capital of the bank caused by borrowers default on its obligations to the
bank.
Interest rate risk is the risk of negative effects on the financial result and
capital of the bank caused by changes in interest rates.
A special type of market risk is the risk of change in the market price of
securities, financial derivatives or commodities traded or tradable in the
market.
Operational risk is the risk of negative effects on the financial result and
capital of the bank caused by omissions in the work of employees,
inadequate internal procedures and processes, inadequate management of
information and other systems, and unforeseeable external events.
RISK MANAGEMENT
The last few years have witnessed sea changes in the Indian banking sector. Indian
banking and financial system has been gradually liberalised. Interest rates have been
deregulated, new players, new instruments and new institutions have been
introduced. Moreover, prudential regulations have been expanded and supervision
has been strengthened at various levels. In the sphere of external financial policy, the
exchange rate is market driven, there has been a progressive liberalisation of FDI and
FII investment, and there are now only minimum restrictions on inflow of capital into
the economy, or its repatriation and servicing.
In the new liberalized economy in India, Banks and regulators in recent years have
been making sustained efforts to understand and measure the increasing risks they are
exposed to. With the Indian economy becoming global, the Banks are realising the
importance of different types of risks. Some of the risk are credit risks, market
risks, operational risks, reputational risks and legal risks, using quantitative
techniques in risk modeling. RBI issued the first set of guidelines to Banks on Risk
Management on October 20, 1999.
What is Risk
A risk can be defined as an unplanned event with financial consequences resulting in
loss or reduced earnings. Therefore, a risky proposition is one with potential profit or
a looming loss. Risk stems from uncertainty or unpredictability of the future. In
commercial and business risk generates profit or loss depending upon the way in
which it is managed. Risk can be defined as the volatility of the potential
outcome. Risk is the possibility of something adverse happening. Risk management
is the process of assessing risk, taking steps to reduce risk to an acceptable level and
maintaining that level of risk.
Thus, we can say that after the risks have been identified, risk management attempts
to lessen their effects. This is done by applying a range of management
techniques. For example, the risk may be lessened by taking out insurance or using
derivatives or re-plan the whole project.
Having understood what is risks we will now state the aspect of measuring risks.
Measurement of risk is a very important step in risk management process. Some risk
can be easily quantified like exchange risk, interest rate risk etc. While some risks like
country risk, operational risk etc. cannot be mathematically deduced. They can only
be qualitatively compared and measured. Some risks like gap risk in forex operations
can be measured using modern mathematical and statistical tool like value at risk etc.
Therefore it is important to identify and appreciate the risk and quantify it. Only then
the next step management of risk can be attempted. The management is a process
consisting of the following steps.
(1) Credit Risk - This is the risk of non recovery of loan or the risk of
reduction in the value of asset. The credit risk also includes the pre-
payment risk resulting in loss of opportunity to the bank to earn higher
interest interest income. Credit Risk also arises due excess exposure to a
single borrower, industry or a geographical area. The element of
country risk is also present which is the risk of losses being incurred due
to adverse foreign exchange reserve situation or adverse political or
economic situations in another country
(2) Interest Rate Risk-This risk arises due to fluctuations in the interest
rates. It can result in reduction in the revenues of the bank due to
fluctuations in theinterest rates which are dynamic and which change
differently for assets and liabilities. With the deregulated era interest
rates are market determined and banks have to fall in line with the market
trends even though it may stifle their Net Interest margins
In risk management exercise the top management has to lay down clear cut
policy guidelines in quantifiable and precise terms - for different layers line
personnel business parameters, limits etc. It is very important for the
management to plant at the macro level what the organisations is looking in for
in any business proposition or venture and convert these expectations into micro
level factors and requirements for field level functionaries only then they will be
able to convert these expectations into reality. A very important assumption is
made but normally omitted or over looked is provision of infra-structural
support and conductive climate. Ultimately top management has a greater role to
play in any risk management process
Introduction[edit]
A Widely used vocabulary for risk management is defined by ISO Guide 73:2009,
"Risk management. Vocabulary."[3]
In ideal risk management, a prioritization process is followed whereby the risks with
the greatest loss (or impact) and the greatest probability of occurring are handled first,
and risks with lower probability of occurrence and lower loss are handled in
descending order. In practice the process of assessing overall risk can be difficult, and
balancing resources used to mitigate between risks with a high probability of
occurrence but lower loss versus a risk with high loss but lower probability of
occurrence can often be mishandled.
Intangible risk management identifies a new type of a risk that has a 100% probability
of occurring but is ignored by the organization due to a lack of identification ability.
For example, when deficient knowledge is applied to a situation, a knowledge risk
materializes. Relationship risk appears when ineffective collaboration occurs.
Process-engagement risk may be an issue when ineffective operational procedures are
applied. These risks directly reduce the productivity of knowledge workers, decrease
cost-effectiveness, profitability, service, quality, reputation, brand value, and earnings
quality. Intangible risk management allows risk management to create immediate
value from the identification and reduction of risks that reduce productivity.
Risk management also faces difficulties in allocating resources. This is the idea
of opportunity cost. Resources spent on risk management could have been spent on
more profitable activities. Again, ideal risk management minimizes spending (or
manpower or other resources) and also minimizes the negative effects of risks.
Method[edit]
For the most part, these methods consist of the following elements, performed, more
or less, in the following order.
1. identify, characterize threats
2. assess the vulnerability of critical assets to specific threats
3. determine the risk (i.e. the expected likelihood and consequences of specific
types of attacks on specific assets)
4. identify ways to reduce those risks
5. prioritize risk reduction measures based on a strategy
Principles of risk management[edit]
create value resources expended to mitigate risk should be less than the
consequence of inaction, or (as in value engineering), the gain should exceed the
pain
be an integral part of organizational processes
be part of decision making process
explicitly address uncertainty and assumptions
be a systematic and structured process
be based on the best available information
be tailorable
take human factors into account
be transparent and inclusive
be dynamic, iterative and responsive to change
be capable of continual improvement and enhancement
be continually or periodically re-assessed
Process[edit]
According to the standard ISO 31000 "Risk management Principles and guidelines
on implementation,"[4] the process of risk management consists of several steps as
follows:
Establishing the context[edit]
This involves:
Identification
After establishing the context, the next step in the process of managing risk is to
identify potential risks. Risks are about events that, when triggered, cause problems or
benefits. Hence, risk identification can start with the source of our problems and those
of our competitors (benefit), or with the problem itself.
Problem analysis[citation needed] - Risks are related to identified threats. For example:
the threat of losing money, the threat of abuse of confidential information or the
threat of human errors, accidents and casualties. The threats may exist with
various entities, most important with shareholders, customers and legislative
bodies such as the government.
When either source or problem is known, the events that a source may trigger or the
events that can lead to a problem can be investigated. For example: stakeholders
withdrawing during a project may endanger funding of the project; confidential
information may be stolen by employees even within a closed network; lightning
striking an aircraft during takeoff may make all people on board immediate casualties.
The chosen method of identifying risks may depend on culture, industry practice and
compliance. The identification methods are formed by templates or the development
of templates for identifying source, problem or event. Common risk identification
methods are:
Assessment[edit]
Once risks have been identified, they must then be assessed as to their potential
severity of impact (generally a negative impact, such as damage or loss) and to the
probability of occurrence. These quantities can be either simple to measure, in the
case of the value of a lost building, or impossible to know for sure in the case of the
probability of an unlikely event occurring [clarify]. Therefore, in the assessment process
it is critical to make the best educated decisions in order to properly prioritize the
implementation of the risk management plan.
Even a short-term positive improvement can have long-term negative impacts. Take
the "turnpike" example. A highway is widened to allow more traffic. More traffic
capacity leads to greater development in the areas surrounding the improved traffic
capacity. Over time, traffic thereby increases to fill available capacity. Turnpikes
thereby need to be expanded in a seemingly endless cycles. There are many other
engineering examples where expanded capacity (to do any function) is soon filled by
increased demand. Since expansion comes at a cost, the resulting growth could
become unsustainable without forecasting and management.
The fundamental difficulty in risk assessment is determining the rate of occurrence
since statistical information is not available on all kinds of past incidents.
Furthermore, evaluating the severity of the consequences (impact) is often quite
difficult for intangible assets. Asset valuation is another question that needs to be
addressed. Thus, best educated opinions and available statistics are the primary
sources of information. Nevertheless, risk assessment should produce such
information for senior executives of the organization that the primary risks are easy to
understand and that the risk management decisions may be prioritized within overall
company goals. Thus, there have been several theories and attempts to quantify risks.
Numerous different risk formulae exist, but perhaps the most widely accepted formula
for risk quantification is: "Rate (or probability) of occurrence multiplied by the impact
of the event equals risk magnitude."
The above formula can also be re-written in terms of a composite risk index, as
follows:
composite risk index = impact of risk event x probability of occurrence
The impact of the risk event is commonly assessed on a scale of 1 to 5, where 1 and 5
represent the minimum and maximum possible impact of an occurrence of a risk
(usually in terms of financial losses). However, the 1 to 5 scale can be arbitrary and
need not be on a linear scale.
The probability of occurrence is likewise commonly assessed on a scale from 1 to 5,
where 1 represents a very low probability of the risk event actually occurring while 5
represents a very high probability of occurrence. This axis may be expressed in either
mathematical terms (event occurs once a year, once in ten years, once in 100 years
etc.) or may be expressed in "plain English" (event has occurred here very often;
event has been known to occur here; event has been known to occur in the industry
etc.). Again, the 1 to 5 scale can be arbitrary or non-linear depending on decisions by
subject-matter experts.
The composite risk index thus can take values ranging (typically) from 1 through 25,
and this range is usually arbitrarily divided into three sub-ranges. The overall risk
assessment is then Low, Medium or High, depending on the sub-range containing the
calculated value of the Composite Index. For instance, the three sub-ranges could be
defined as 1 to 8, 9 to 16 and 17 to 25.
Note that the probability of risk occurrence is difficult to estimate, since the past data
on frequencies are not readily available, as mentioned above. After all, probability
does not imply certainty.
Likewise, the impact of the risk is not easy to estimate since it is often difficult to
estimate the potential loss in the event of risk occurrence.
Further, both the above factors can change in magnitude depending on the adequacy
of risk avoidance and prevention measures taken and due to changes in the external
business environment. Hence it is absolutely necessary to periodically re-assess risks
and intensify/relax mitigation measures, or as necessary. Changes in procedures,
technology, schedules, budgets, market conditions, political environment, or other
factors typically require re-assessment of risks.
Risk options[edit]
Risk mitigation measures are usually formulated according to one or more of the
following major risk options, which are:
1. Design a new business process with adequate built-in risk control and
containment measures from the start.
2. Periodically re-assess risks that are accepted in ongoing processes as a normal
feature of business operations and modify mitigation measures.
3. Transfer risks to an external agency (e.g. an insurance company)
4. Avoid risks altogether (e.g. by closing down a particular high-risk business
area)
Later research[citation needed] has shown that the financial benefits of risk management
are less dependent on the formula used but are more dependent on the frequency and
how risk assessment is performed.
In business it is imperative to be able to present the findings of risk assessments in
financial, market, or schedule terms. Robert Courtney Jr. (IBM, 1970) proposed a
formula for presenting risks in financial terms. The Courtney formula was accepted as
the official risk analysis method for the US governmental agencies. The formula
proposes calculation of ALE (annualized loss expectancy) and compares the expected
loss value to the security control implementation costs (cost-benefit analysis).
Potential risk treatments[edit]
Once risks have been identified and assessed, all techniques to manage the risk fall
into one or more of these four major categories:[11]
Hazard prevention refers to the prevention of risks in an emergency. The first and
most effective stage of hazard prevention is the elimination of hazards. If this takes
too long, is too costly, or is otherwise impractical, the second stage is mitigation.
Risk reduction[edit]
Risk reduction or "optimization" involves reducing the severity of the loss or the
likelihood of the loss from occurring. For example, sprinklers are designed to put out
a fire to reduce the risk of loss by fire. This method may cause a greater loss by water
damage and therefore may not be suitable. Halon fire suppression systems may
mitigate that risk, but the cost may be prohibitive as a strategy.
Acknowledging that risks can be positive or negative, optimizing risks means finding
a balance between negative risk and the benefit of the operation or activity; and
between risk reduction and effort applied. By an offshore drilling contractor
effectively applying HSE Management in its organization, it can optimize risk to
achieve levels of residual risk that are tolerable.[13]
Modern software development methodologies reduce risk by developing and
delivering software incrementally. Early methodologies suffered from the fact that
they only delivered software in the final phase of development; any problems
encountered in earlier phases meant costly rework and often jeopardized the whole
project. By developing in iterations, software projects can limit effort wasted to a
single iteration.
Outsourcing could be an example of risk reduction if the outsourcer can demonstrate
higher capability at managing or reducing risks.[14] For example, a company may
outsource only its software development, the manufacturing of hard goods, or
customer support needs to another company, while handling the business management
itself. This way, the company can concentrate more on business development without
having to worry as much about the manufacturing process, managing the development
team, or finding a physical location for a call center.
Risk sharing[edit]
Briefly defined as "sharing with another party the burden of loss or the benefit of
gain, from a risk, and the measures to reduce a risk."
The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief
that you can transfer a risk to a third party through insurance or outsourcing. In
practice if the insurance company or contractor go bankrupt or end up in court, the
original risk is likely to still revert to the first party. As such in the terminology of
practitioners and scholars alike, the purchase of an insurance contract is often
described as a "transfer of risk." However, technically speaking, the buyer of the
contract generally retains legal responsibility for the losses "transferred", meaning that
insurance may be described more accurately as a post-event compensatory
mechanism. For example, a personal injuries insurance policy does not transfer the
risk of a car accident to the insurance company. The risk still lies with the policy
holder namely the person who has been in the accident. The insurance policy simply
provides that if an accident (the event) occurs involving the policy holder then some
compensation may be payable to the policy holder that is commensurate with the
suffering/damage.
Some ways of managing risk fall into multiple categories. Risk retention pools are
technically retaining the risk for the group, but spreading it over the whole group
involves transfer among individual members of the group. This is different from
traditional insurance, in that no premium is exchanged between members of the group
up front, but instead losses are assessed to all members of the group.
Risk retention[edit]
Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self
insurance falls in this category. Risk retention is a viable strategy for small risks
where the cost of insuring against the risk would be greater over time than the total
losses sustained. All risks that are not avoided or transferred are retained by default.
This includes risks that are so large or catastrophic that they either cannot be insured
against or the premiums would be infeasible. War is an example since most property
and risks are not insured against war, so the loss attributed by war is retained by the
insured. Also any amounts of potential loss (risk) over the amount insured is retained
risk. This may also be acceptable if the chance of a very large loss is small or if the
cost to insure for greater coverage amounts is so great it would hinder the goals of the
organization too much.
Risk management plan[edit]
Main article: Risk management plan
Select appropriate controls or countermeasures to measure each risk. Risk mitigation
needs to be approved by the appropriate level of management. For instance, a risk
concerning the image of the organization should have top management decision
behind it whereas IT management would have the authority to decide on computer
virus risks.
The risk management plan should propose applicable and effective security controls
for managing the risks. For example, an observed high risk of computer viruses could
be mitigated by acquiring and implementing antivirus software. A good risk
management plan should contain a schedule for control implementation and
responsible persons for those actions.
According to ISO/IEC 27001, the stage immediately after completion of the risk
assessment phase consists of preparing a Risk Treatment Plan, which should
document the decisions about how each of the identified risks should be handled.
Mitigation of risks often means selection of security controls, which should be
documented in a Statement of Applicability, which identifies which particular control
objectives and controls from the standard have been selected, and why.
Implementation[edit]
Implementation follows all of the planned methods for mitigating the effect of the
risks. Purchase insurance policies for the risks that have been decided to be
transferred to an insurer, avoid all risks that can be avoided without sacrificing the
entity's goals, reduce others, and retain the rest.
Review and evaluation of the plan[edit]
Initial risk management plans will never be perfect. Practice, experience, and actual
loss results will necessitate changes in the plan and contribute information to allow
possible different decisions to be made in dealing with the risks being faced.
Risk analysis results and management plans should be updated periodically. There are
two primary reasons for this:
Limitations[edit]
Prioritizing the risk management processes too highly could keep an organization
from ever completing a project or even getting started. This is especially true if other
work is suspended until the risk management process is considered complete.
It is also important to keep in mind the distinction between risk and uncertainty. Risk
can be measured by impacts x probability.
If risks are improperly assessed and prioritized, time can be wasted in dealing with
risk of losses that are not likely to occur. Spending too much time assessing and
managing unlikely risks can divert resources that could be used more profitably.
Unlikely events do occur but if the risk is unlikely enough to occur it may be better to
simply retain the risk and deal with the result if the loss does in fact occur. Qualitative
risk assessment is subjective and lacks consistency. The primary justification for a
formal risk assessment process is legal and bureaucratic.
the cost associated with the risk if it arises, estimated by multiplying employee
costs per unit time by the estimated time lost (cost impact, C where C = cost
accrual ratio * S).
the probable increase in time associated with a risk (schedule variance due to
risk, Rs where Rs = P * S):
Sorting on this value puts the highest risks to the schedule first. This is
intended to cause the greatest risks to the project to be attempted first so that
risk is minimized as quickly as possible.
This is slightly misleading as schedule variances with a large P and small S
and vice versa are not equivalent. (The risk of the RMS Titanic sinking vs. the
passengers' meals being served at slightly the wrong time).
the probable increase in cost associated with a risk (cost variance due to
risk, Rc where Rc = P*C = P*CAR*S = P*S*CAR)
sorting on this value puts the highest risks to the budget first.
see concerns about schedule variance as this is a function of it, as illustrated
in the equation above.
Risk in a project or process can be due either to Special Cause Variation or Common
Cause Variation and requires appropriate treatment. That is to re-iterate the concern
about extremal cases not being equivalent in the list immediately above.
Medical device risk management[edit]
For medical devices, risk management is a process for identifying, evaluating and
mitigating risks associated with harm to people and damage to property or the
environment. Risk management is an integral part of medical device design and
development, production processes and evaluation of field experience, and is
applicable to all types of medical devices. The evidence of its application is required
by most regulatory bodies such as FDA. The management of risks for medical devices
is described by the International Organization for Standardization (ISO) in ISO
14971:2007, Medical DevicesThe application of risk management to medical
devices, a product safety standard. The standard provides a process framework and
associated requirements for management responsibilities, risk analysis and evaluation,
risk controls and lifecycle risk management.
The European version of the risk management standard was updated in 2009 and
again in 2012 to refer to the Medical Devices Directive (MDD) and Active
Implantable Medical Device Directive (AIMDD) revision in 2007, as well as the In
Vitro Medical Device Directive (IVDD). The requirements of EN 14971:2012 are
nearly identical to ISO 14971:2007. The differences include an Annex that refers to
the new MDD and AIMDD, the requirement for risks to be reduced as low as
possible, and the requirement that risks be mitigated by design and not by labeling on
the medical device (i.e., labeling can no longer be used to mitigate risk).
Typical risk analysis and evaluation techniques adopted by the medical device
industry include hazard analysis, fault tree analysis (FTA), failure mode and effect
analysis (FMEA), hazard and operability study (HAZOP), and risk traceability
analysis for ensuring risk controls are implemented and effective (i.e. tracking risks
identified to product requirements, design specifications, verification and validation
results etc.)
FTA analysis requires diagramming software. FMEA analysis can be done using
a spreadsheet program. There are also integrated medical device risk management
solutions.
Through a draft guidance, FDA has introduced another method named "Safety
Assurance Case" for medical device safety assurance analysis. The safety assurance
case is structured argument reasoning about systems appropriate for scientists and
engineers, supported by a body of evidence, that provides a compelling,
comprehensible and valid case that a system is safe for a given application in a given
environment. With the guidance, a safety assurance case is expected for safety critical
devices (e.g. infusion devices) as part of the pre-market clearance submission, e.g.
510(k). In 2013, FDA introduced another draft guidance expecting medical device
manufacturers to submit cybersecurity risk analysis information.
Risk management activities as applied to project management[edit]
Main article: project risk management
An example of the Risk Register for a project that includes 4 steps: Identify, Analyze,
Plan Response, Monitor and Control. [15]
Planning how risk will be managed in the particular project. Plans should include
risk management tasks, responsibilities, activities and budget.
Assigning a risk officer a team member other than a project manager who is
responsible for foreseeing potential project problems. Typical characteristic of
risk officer is a healthy skepticism.
Maintaining live project risk database. Each risk should have the following
attributes: opening date, title, short description, probability and importance.
Optionally a risk may have an assigned person responsible for its resolution and a
date by which the risk must be resolved.
Creating anonymous risk reporting channel. Each team member should have the
possibility to report risks that he/she foresees in the project.
Preparing mitigation plans for risks that are chosen to be mitigated. The purpose
of the mitigation plan is to describe how this particular risk will be handled
what, when, by whom and how will it be done to avoid it or minimize
consequences if it becomes a liability.
Summarizing planned and faced risks, effectiveness of mitigation activities, and
effort spent for the risk management.
Risk management for megaprojects (infrastructure)[edit]
It is important to assess risk in regard to natural disasters like floods, earthquakes, and
so on. Outcomes of natural disaster risk assessment are valuable when considering
future repair costs, business interruption losses and other downtime, effects on the
environment, insurance costs, and the proposed costs of reducing the risk.[21] There
are regular conferences in Davos to deal with integral risk management.
Risk management of information technology[edit]
Main article: IT risk management
For the offshore oil and gas industry, operational risk management is regulated by
the safety case regime in many countries. Hazard identification and risk assessment
tools and techniques are described in the international standard ISO 17776:2000, and
organisations such as the IADC (International Association of Drilling Contractors)
publish guidelines for HSE Case development which are based on the ISO standard.
Further, diagrammatic representations of hazardous events are often expected by
governmental regulators as part of risk management in safety case submissions; these
are known as bow-tie diagrams. The technique is also used by organisations and
regulators in mining, aviation, health, defence, industrial and finance.[25]
Risk management as applied to the pharmaceutical sector[edit]
The principles and tools for quality risk management are increasingly being applied to
different aspects of pharmaceutical quality systems. These aspects include
development, manufacturing, distribution, inspection, and submission/review
processes throughout the lifecycle of drug substances, drug products, biological and
biotechnological products (including the use of raw materials, solvents, excipients,
packaging and labeling materials in drug products, biological and biotechnological
products). Risk management is also applied to the assessment of microbiological
contamination in relation to pharmaceutical products and cleanroom manufacturing
environments.[26]
Risk communication[edit]
The digital era brings a paradigm shift. Digital risk is risk arising from increased
dependency on information technology systems and digital processes. It will become
a major challenge for the new evolving executive role of digital risk officer.
Executives are accountable for both operational performance and achieving strategic
objectives. There is now a need for executives to understand the direct alignment of
digital risks with the strategic business goals of the enterprise. Digital risk
management is the next evolution in digital risk and security strategies. It is about
re-defining corporate governance and digital perpetuation Digital perpetuation and
should form part of the digital risk management plan.
References[edit]
According to the Bank for International Settlements (BIS), credit risk is defined as the
potential that a bank borrower or counterparty will fail to meet its obligations in
accordance with agreed terms. Credit risk is most likely caused by loans,acceptances,
interbank transactions, trade financing, foreign exchange transactions, financial
futures, swaps, bonds, equities, options, and in the extension of commitments and
guarantees, and the settlement of transactions. In simple words, if person A borrows
loan from a bank and is not able to repay the loan because of inadequate income, loss
in business, death, unwillingness or any other reasons, the bank faces credit risk.
Similarly, if you do not pay your credit card bill, the bank faces a credit risk.
Hence, to minimize the credit risk on the banks end, the rate of interest will be higher
for borrowers if they are associated with high credit risk. Factors like unsteady
income, low credit score, employment type, collateral assets and others determine the
credit risk associated with a borrower. As stated earlier, credit risk can be associated
with interbank transactions, foreign transactions and other types of transactions
happening outside the bank. If the transaction at one end is successful but
unsuccessful at the other end, loss occurs. If the transaction at one end is settled but
there are delays in settlement at the other end, there might be lost investment
opportunities.
Look at it like person A sending US dollars to his family in India at the rate of 60 INR
(Indian Rupee) per dollar. The person B, who is the recipient however receives the
payment late and doesnt get the exchange rate of 60 INR. Instead he receives the
money at the exchange rate of 58 INR. This means they incurred a loss in the
transaction. Similar situations occur during big transactions in banks. If the bank is
not able to settle a transaction at an expected time or during an expected time
duration, they may incur a credit risk. However, this kind of risk is called Settlement
Risk and it is closely associated with credit risk. It depends on the timing of the
exchange of value, payment/settlement finality and the role of intermediaries and
clearing houses.
While some credit risk is a result of macro forces affecting the economy or specific
markets or even specific individuals, there is another important risk that can be
classified under credit risk: this is the risk of deliberate fraud that is usually borne by
the banks who issue credit products such as credit cards.
Market risk
McKinsey defines market risk as the risk of losses in the banks trading book due to
changes in equity prices, interest rates, credit spreads, foreign-exchange rates,
commodity prices, and other indicators whose values are set in a public market. Bank
for International Settlements (BIS) defines market risk as the risk of losses in on- or
off-balance sheet positions that arise from movement in market prices. Market risk is
prevalent mostly amongst banks who are into investment banking since they are
active in capital markets. Investment banks include Goldman Sachs, Bank of
America, JPMorgan, Morgan Stanley and many others.
Market risk can be better understood by dividing it into 4 types depending on the
potential cause of the risk:
Interest rate risk: Potential losses due to fluctuations in interest rate
Equity risk: Potential losses due to fluctuations in stock price
Currency risk: Potential losses due to international currency exchange rates (closely
associated with settlement risk)
Commodity risk: Potential losses due to fluctuations in prices of agricultural,
industrial and energy commodities like wheat, copper and natural gas respectively
Operational risk
According to the Bank for International Settlements (BIS), operational risk is defined
as the risk of loss resulting from inadequate or failed internal processes, people and
systems or from external events. This definition includes legal risk, but excludes
strategic and reputation risk. Operational risk can widely occur in banks due to human
errors or mistakes. Examples of operational risk may be incorrect information filled in
during clearing a check or confidential information leaked due to system failure.
Operational risk can be categorized in the following way for a better understanding:
Human risk: Potential losses due to a human error, done willingly or unconsciously
IT/System risk: Potential losses due to system failures and programming errors
Processes risk: Potential losses due to improper information processing, leaking or
hacking of information and inaccuracy of data processing
Operational risk may not sound as bad but it is. Operational risk caused the decline of
Britains oldest banks, Barings in 1995. Since banks are becoming more and more
digital and shifting towards information technology to automate their processes,
operational risk is an important risk to be taken into consideration by the banks.
Security breaches in which data is compromised could be classified as an operational
risk, and recent instances in this area have underlined the need for constant
technology investments to mitigate the exposure to such attacks.
Liquidity risk
Investopedia defines liquidity risk as the risk stemming from the lack of marketability
of an investment that cannot be bought or sold quickly enough to prevent or minimize
a loss. However if you find this definition complex, the term liquidity risk speaks for
itself. It is the risk that may disable a bank from carrying out day-to-day cash
transactions.
Look at this risk like person A going to a bank to withdraw money. Imagine the bank
saying that it doesnt have cash temporarily! That is the liquidity risk a bank has to
save itself from. And this is not just a theoretical example. A small bank in Northern
England and Ireland was taken over by the government because of its inability to
repay the investors during the 2007-08 global crisis.
Reputational risk
The Financial Times Lexicon defines reputation risk as the possible loss of the
organisations reputational capital. The Federal Reserve Board in the US defines
reputational risk as the potential loss in reputational capital based on either real or
perceived losses in reputational capital. Just like any other institution or brand, a bank
faces reputational risk which may be triggered by banks activities, rumors about the
bank, willing or unconscious non-compliance with regulations, data manipulation, bad
customer service, bad customer experience inside bank branches and decisions taken
by banks during critical situations. Every step taken by a bank is judged by its
customers, investors, opinion leaders and other stakeholders who mould a banks
brand image.
Business risk
In general, Investopedia defines business risk as the possibility that a company will
have lower than anticipated profits, or that it will experience a loss rather than a
profit. In the context of a bank, business risk is the risk associated with the failure of a
banks long term strategy, estimated forecasts of revenue and number of other things
related to profitability. To be avoided, business risk demands flexibility and
adaptability to market conditions. Long term strategies are good for banks but they
should be subject to change. The entire banking industry is unpredictable. Long term
strategies must have backup plans to avoid business risks. During the 2007-08 global
crisis, many banks collapsed while many made way out it. The ones that collapsed
didnt have a business risk management strategy.
Systemic risk and moral hazard are two types of risks faced by banks that do not
causes losses quite often. But if they cause losses, they can cause the downfall of the
entire financial system in a country or globally.
Systemic risk
The global crisis of 2008 is the best example of a loss to all the financial institutions
that occurred due to systemic risk. Systemic risk is the risk that doesnt affect a single
bank or financial institution but it affects the whole industry. Systemic risks are
associated with cascading failures where the failure of a big entity can cause the
failure of all the others in the industry.
Moral hazard
Moral hazard is a risk that occurs when a big bank or large financial institution takes
risks, knowing thatsomeone else will have to face the burden of those
risks. Economist Paul Krugman described moral hazard as any situation in which
one person makes the decision about how much risk to take, while someone else bears
the cost if things go badly. Economist Mark Zandi of Moodys Analytics described
moral hazard as a root cause of the subprime mortgage crisis of 2008-09
Risk management in Indian banks is a relatively newer practice, but has already shown
to increase efficiency in governing of these banks as such procedures tend to increase
the corporate governance of a financial institution. In times of volatility and fluctuations in
the market, financial institutions need to prove their mettle by withstanding the market
variations and achieve sustainability in terms of growth and well as have a stable share
value. Hence, an essential component of risk management framework would be to
mitigate all the risks and rewards of the products and service offered by the bank. Thus
the need for an efficient risk management framework is paramount in order to factor in
internal and external risks.[1]
The financial sector in various economies like that of India are undergoing a monumental
change factoring into account world events such as the ongoing Banking Crisis across
the globe. The 2007present recession in the United Stateshas highlighted the need for
banks to incorporate the concept of Risk Management into their regular procedures. The
various aspects of increasing global competition to Indian Banks by Foreign banks,
increasing Deregulation, introduction of innovative products, and financial instruments as
well as innovation in delivery channels have highlighted the need for Indian Banks to be
prepared in terms of risk management.[2]
Indian Banks have been making great advancements in terms of technology, quality, as
well as stability such that they have started to expand and diversify at a rapid rate.
However, such expansion brings these banks into the context of risk especially at the
onset of increasing Globalization and Liberalization. In banks and other financial
institutions, risk plays a major part in the earnings of a bank. The higher the risk, the
higher the return, hence, it is essential to maintain a parity between risk and return.
Hence, management of Financial risk incorporating a set systematic and professional
methods especially those defined by the Basel II becomes an essential requirement of
banks. The more risk averse a bank is, the safer is their Capital base.
Risk Ratio[edit]
Risk ratio would be defined as the ratio of the probability of an issue occurring as against
to an issue not occurring.[3]
Total impact of the risk (TIR) occurring would entail as the impact (I), the risk would
cause multiplied by the Risk Ratio. It is essentially how much a bank would be
impacted in the chance that the risk did occur. This essentially helps ascertain what
is the total value of their investments that may be subject to risk and how it would
impact them.[4]
The ratio is in simplest terms calculated by dividing the amount of profit the
trader expects to have made when the position is closed (i.e. the reward) by the
amount he or she stands to lose if the price moves in the unexpected direction
(i.e. the risk).
To calculate the total risk ensuing with the total expected return, a favored
method is the use of variance or standard deviation. The larger the variance, the
larger the standard deviation, the more uncertain the outcome. The standard
deviation, E is a measure of average difference between the expected value and
the actual value of a random variable (or unseen state of nature).
Here, n stands for a possible outcome, x stands for the expected outcome
and P is the probability (or likelihood) of the difference between n and X
occurring.[5]
Types of Risk[edit]
The term Risk and the types associated to it would refer to mean financial
risk or uncertainty of financial loss. The Reserve Bank of India guidelines
issued in Oct. 1999 has identified and categorized the majority of risk into
three major categories assumed to be encountered by banks. These belong
to the clusters:[6]
Credit risk
Market risk
Operational risk
Non-Financial risks would entail all the risk faced by the bank in its regular
workings, i.e. Operational Risk, Strategic Risk,Funding Risk, Political Risk,
and Legal Risk.[2]
See also[edit]
References[edit]
Introduction
1. While financial institutions have faced difficulties over the years for a multitude of reasons, the
major cause of serious banking problems continues to be directly related to lax credit standards for
borrowers and counterparties, poor portfolio risk management, or a lack of attention to changes in
economic or other circumstances that can lead to a deterioration in the credit standing of a bank's
counterparties. This experience is common in both G-10 and non-G-10 countries.
2. Credit risk is most simply defined as the potential that a bank borrower or counterparty will fail
to meet its obligations in accordance with agreed terms. The goal of credit risk management is to
maximise a bank's risk-adjusted rate of return by maintaining credit risk exposure within
acceptable parameters. Banks need to manage the credit risk inherent in the entire portfolio as well
as the risk in individual credits or transactions. Banks should also consider the relationships
between credit risk and other risks. The effective management of credit risk is a critical component
of a comprehensive approach to risk management and essential to the long-term success of any
banking organisation.
3. For most banks, loans are the largest and most obvious source of credit risk; however, other
sources of credit risk exist throughout the activities of a bank, including in the banking book and in
the trading book, and both on and off the balance sheet. Banks are increasingly facing credit risk
(or counterparty risk) in various financial instruments other than loans, including acceptances,
interbank transactions, trade financing, foreign exchange transactions, financial futures, swaps,
bonds, equities, options, and in the extension of commitments and guarantees, and the settlement
of transactions.
4. Since exposure to credit risk continues to be the leading source of problems in banks world-
wide, banks and their supervisors should be able to draw useful lessons from past experiences.
Banks should now have a keen awareness of the need to identify, measure, monitor and control
credit risk as well as to determine that they hold adequate capital against these risks and that they
are adequately compensated for risks incurred. The Basel Committee is issuing this document in
order to encourage banking supervisors globally to promote sound practices for managing credit
risk. Although the principles contained in this paper are most clearly applicable to the business of
lending, they should be applied to all activities where credit risk is present.
5. The sound practices set out in this document specifically address the following areas: (i)
establishing an appropriate credit risk environment; (ii) operating under a sound credit-granting
process; (iii) maintaining an appropriate credit administration, measurement and monitoring
process; and (iv) ensuring adequate controls over credit risk. Although specific credit risk
management practices may differ among banks depending upon the nature and complexity of
their credit activities, a comprehensive credit risk management program will address these four
areas. These practices should also be applied in conjunction with sound practices related to the
assessment of asset quality, the adequacy of provisions and reserves, and the disclosure of credit
risk, all of which have been addressed in other recent Basel Committee documents.
6. While the exact approach chosen by individual supervisors will depend on a host of factors,
including their on-site and off-site supervisory techniques and the degree to which external
auditors are also used in the supervisory function, all members of the Basel Committee agree that
the principles set out in this paper should be used in evaluating a bank's credit risk management
system. Supervisory expectations for the credit risk management approach used by individual
banks should be commensurate with the scope and sophistication of the bank's activities. For
smaller or less sophisticated banks, supervisors need to determine that the credit risk management
approach used is sufficient for their activities and that they have instilled sufficient risk-return
discipline in their credit risk management processes.
7. The Committee stipulates in Sections II through VI of the paper, principles for banking
supervisory authorities to apply in assessing bank's credit risk management systems. In addition,
the appendix provides an overview of credit problems commonly seen by supervisors.
8. A further particular instance of credit risk relates to the process of settling financial transactions.
If one side of a transaction is settled but the other fails, a loss may be incurred that is equal to the
principal amount of the transaction. Even if one party is simply late in settling, then the other party
may incur a loss relating to missed investment opportunities. Settlement risk (i.e. the risk that the
completion or settlement of a financial transaction will fail to take place as expected) thus includes
elements of liquidity, market, operational and reputational risk as well as credit risk. The level of
risk is determined by the particular arrangements for settlement. Factors in such arrangements that
have a bearing on credit risk include: the timing of the exchange of value; payment/settlement
finality; and the role of intermediaries and clearing houses.
What is Risk?
Risk refers to a condition where there is a possibility of undesirable occurrence
of a particular result which is known or best quantifiable and therefore
insurable. A risk can be defined as an unplanned event with financial consequences
resulting in loss or reduced earnings. An activity which may give profits or result in
loss may be called a risky proposition due to uncertainty or unpredictability of the
activity of trade in future.
In other words, it can be defined as the uncertainty of the outcome. As risk is directly
proportionate to return, the more risk a bank takes, it can expect to make more money.
Type of Risks
The major risks in banking business as commonly referred can be broadly classified
into:
Liquidity Risk
Interest Rate Risk
Market Risk
Credit or Default Risk
Operational Risk
Liquidity Risk
The liquidity risk of banks arises from funding of long-term assets by short-term
liabilities, thereby making the liabilities subject to rollover or refinancing risk.
(a) Funding Risk: Funding Liquidity Risk is defined as the inability to obtain funds
to meet cash flow obligations. For banks, funding liquidity risk is crucial. This arises
from the need to replace net outflows due to unanticipated withdrawal/ non-renewal
of deposits (wholesale and retail).
(b) Time Risk: Time risk arises from the need to compensate for non-receipt of
expected inflows of funds i.e., performing assets turning into non-performing assets.
(c) Call Risk: Call risk arises due to crystallisation of contingent liabilities. It may
also arise when a bank may not be able to undertake profitable business opportunities
when it arises.
2. Interest Rate Risk
Interest Rate Risk arises when the Net Interest Margin or the Market Value of
Equity (MVE) of an institution is affected due to changes in the interest rates.
IRR can be viewed in two ways its impact is on the earnings of the bank or its
impact on the economic value of the banks assets, liabilities and Off-Balance Sheet
(OBS) positions. Interest rate Risk can take different forms.
3. Market Risk
The risk of adverse deviations of the mark-to-market value of the trading portfolio,
due to market movements, during the period required to liquidate the transactions is
termed as Market Risk. This risk results from adverse movements in the level or
volatility of the market prices of interest rate instruments, equities, commodities, and
currencies. It is also referred to as Price Risk.
The term Market risk applies to (i) that part of IRR which affects the price of interest
rate instruments, (ii) Pricing risk for all other assets/ portfolio that are held in the
trading book of the bank and (iii) Foreign Currency Risk.
(a) Forex Risk: Forex risk is the risk that a bank may suffer losses as a result of
adverse exchange rate movements during a period in which it has an open position
either spot or forward, or a combination of the two, in an individual foreign currency.
(b) Market Liquidity Risk: Market liquidity risk arises when a bank is unable to
conclude a large transaction in a particular instrument near the current market price.
4. Default or Credit Risk
Credit risk is more simply defined as the potential of a bank borrower or counterparty
to fail to meet its obligations in accordance with the agreed terms. For most
banks, loans are the largest and most obvious source of credit risk. It is the most
significant risk, more so in the Indian scenario where the NPA level of the banking
system is significantly high.
Now, lets discuss the two variants of credit risk
(a) Counterparty Risk: This is a variant of Credit risk and is related to non-
performance of the trading partners due to counterpartys refusal and or inability to
perform. The counterparty risk is generally viewed as a transient financial risk
associated with trading rather than standard credit risk.
(b) Country Risk: This is also a type of credit risk where non-performance of a
borrower or counterparty arises due to constraints or restrictions imposed by a
country. Here, the reason of non-performance is external factors on which the
borrower or the counterparty has no control
Credit Risk depends on both external and internal factors.
The internal factors include Deficiency in credit policy and administration of loan
portfolio, Deficiency in appraising borrowers financial position prior to lending,
Excessive dependence on collaterals and Banks failure in post-sanction follow-up,
etc.
The major external factors are the state of Economy, Swings in commodity price,
foreign exchange rates and interest rates, etc.
Credit Risk cant be avoided but can be mitigated by applying various risk-mitigating
processes
(a) Transaction Risk: Transaction risk is the risk arising from fraud, both internal
and external, failed business processes and the inability to maintain business
continuity and manage information.
(b) Compliance Risk: Compliance risk is the risk of legal or regulatory sanction,
financial loss or reputation loss that a bank may suffer as a result of its failure to
comply with any or all of the applicable laws, regulations, codes of conduct and
standards of good practice. It is also called integrity risk since a banks reputation is
closely linked to its adherence to principles of integrity and fair dealing.
6. Other Risks
Apart from the above-mentioned risks, following are the other risks confronted by
Banks in course of their business operations
(a) Strategic Risk: Strategic Risk is the risk arising from adverse business decisions,
improper implementation of decisions or lack of responsiveness to industry changes.
(b) Reputation Risk: Reputation Risk is the risk arising from negative public
opinion. This risk may expose the institution to litigation, financial loss or decline in
customer base.
Risk Management
Risk Management is actually a combination of management of uncertainty, risk,
equivocality and error. Uncertainty where the outcomes cannot be estimated even
randomly, arises due to lack of information and this uncertainty gets transformed into
risk (where the estimation of outcome is possible) as information gathering
progresses.
Initially, the Indian banks have used risk control systems that kept pace with legal
environment and Indian accounting standards. But with the growing pace of
deregulation and associated changes in the customers behaviour, banks are exposed
to mark-to-market accounting.
Capital Adequacy
Asset Quality
Management
Earnings Quality
Liquidity
Sensitivity to Market risk
The CAMEL was recommended for the financial soundness of bank in 1988 while the
sixth component called sensitivity to market risk (S) was added to CAMEL in 1997.
In India, the focus of the statutory regulation of commercial banks by RBI until the
early 1990s was mainly on licensing, administration of minimum capital
requirements, pricing of services including administration of interest rates on deposits
as well as credit, reserves and liquid asset requirements.
RBI in 1999 recognised the need of an appropriate risk management and issued
guidelines to banks regarding assets liability management, management of credit,
market and operational risks. The entire supervisory mechanism has been realigned
since 1994 under the directions of a newly constituted Board for Financial
Supervision (BFS), which functions under the aegis of the RBI, to suit the
demanding needs of a strong and stable financial system.
A process of rating of banks on the basis of CAMELS in respect of Indian banks and
CACS (Capital, Asset Quality, Compliance and Systems & Control) in respect of
foreign banks has been put in place from 1999.
Credit risk
A credit risk is the risk of default on a debt that may arise from a borrower failing to
make required payments.[1] In the first resort, the risk is that of the lender and includes
lost principal and interest, disruption to cash flows, and increasedcollection costs. The
loss may be complete or partial and can arise in a number of circumstances,[2] for
example:
A consumer may fail to make a payment due on a mortgage loan, credit card, line of
credit, or other loan.
A company is unable to repay asset-secured fixed or floating charge debt.
A business or consumer does not pay a trade invoice when due.
A business does not pay an employee's earned wages when due.
A business or government bond issuer does not make a payment on a coupon or
principal payment when due.
An insolvent insurance company does not pay a policy obligation.
An insolvent bank won't return funds to a depositor.
A government grants bankruptcy protection to an insolvent consumer or business.
To reduce the lender's credit risk, the lender may perform a credit check on the
prospective borrower, may require the borrower to take out appropriate insurance, such
as mortgage insurance, or seek security over some assets of the borrower or
a guarantee from a third party. The lender can also take out insurance against the risk or
on-sell the debt to another company. In general, the higher the risk, the higher will be
the interest rate that the debtor will be asked to pay on the debt. Credit risk mainly arises
when borrowers unable to pay due willingly or unwilingly.
Credit default risk The risk of loss arising from a debtor being unlikely to pay its
loan obligations in full or the debtor is more than 90 days past due on any material
credit obligation; default risk may impact all credit-sensitive transactions, including
loans, securities and derivatives.
Concentration risk The risk associated with any single exposure or group of
exposures with the potential to produce large enough losses to threaten a bank's
core operations. It may arise in the form of single name concentration or industry
concentration.
Country risk The risk of loss arising from a sovereign state freezing foreign
currency payments (transfer/conversion risk) or when it defaults on its obligations
(sovereign risk); this type of risk is prominently associated with the country's
macroeconomic performance and its political stability.
The money lent to a customer may not be repaid due to the failure of a
business. Also, money may not be repaid because the market value of bonds
or equities may decline due to an adverse change in interest rates. Another
reason for no repayment is that a derivative contract to purchase foreign
currency may be defaulted by a counter party on the due date. These types of
risks are inherent in the banking business.
1. Credit risk
2. Market risk
3. Operational risk
4. Liquidity risk
5. Business risk
6. Reputational risk
7. Systemic risk
8. Moral hazard
Out of these eight risks, credit risk, market risk, and operational risk are the
three major risks. The other important risks are liquidity risk, business risk,
and reputational risk. Systemic risk and moral hazard are unrelated to routine
banking operations, but they do have a big bearing on a banks profitability
and solvency.
Credit risk
The Basel Committee on Banking Supervision (or BCBS) defines credit risk
as the potential that a bank borrower, or counter party, will fail to meet its
payment obligations regarding the terms agreed with the bank. It includes
both uncertainty involved in repayment of the banks dues and repayment of
dues on time.
Enlarge Graph
All banks face this type of risk. This includes full-service banks like JPMorgan
(JPM), traditional banks like Wells Fargo (WFC), investment banks like
Goldman Sachs (GS) and Morgan Stanley (MS), or any other financials
included in an ETF like the Financial Select Sector SPDR Fund (XLF).
Dimensions of credit risk
The default usually occurs because of inadequate income or business failure.
But often it may be willful because the borrower is unwilling to meet its
obligations despite having adequate income.
Credit risk signifies a decline in the credit assets values before default that
arises from the deterioration in a portfolio or an individuals credit quality.
Credit risk also denotes the volatility of losses on credit exposures in two
formsthe loss in the credit assets value and the loss in the current and
future earnings from the credit.
Banks create provisions at the time of disbursing loan (see Wells Fargos
provision chart above). Net charge-off is the difference between the amount of
loan gone bad minus any recovery on the loan. An unpaid loan is a risk of
doing the business. The bank should position itself to accommodate the
expected outcome within profits and provisions, leaving equity capital as the
final cushion for the unforeseen catastrophe.
Major banks all over the globe suffered similar losses due to incorrectly
assessing the likelihood of default on mortgage payments. This inability to
assess or respond correctly to credit risk resulted in companies and
individuals around the world losing many billions of U.S. dollars.
Market risk
The Basel Committee on Banking Supervision defines market risk as the risk
of losses in on- or off-balance sheet positions that arise from movement in
market prices. Market risk is the most prominent for banks present in
investment banking. These investment banks include Goldman Sachs (GS),
Morgan Stanley (MS), JPMorgan (JPM), Bank of America (BAC), and other
investment banks in an ETF like the Financial Select Sector SPDR
Fund (XLF). This is because they are generally active in capital markets.
Enlarge Graph
Equity risk
Its the potential loss due to an adverse change in the stock price. Banks can
accept equity as collateral for loans and purchase ownership stakes in other
companies as investments from their free or investible cash. Any negative
change in stock price either leads to a loss or diminution in investments
value.
Commodity risk
Its the potential loss due to an adverse change in commodity prices. These
commodities include agricultural commodities (like wheat, livestock, and
corn), industrial commodities (like iron, copper, and zinc), and energy
commodities (like crude oil, shale gas, and natural gas). The commodities
values fluctuate a great deal due to changes in demand and supply. Any bank
holding them as part of an investment is exposed to commodity risk.
The chart above shows how Goldman Sachs measures its various market
risk. In the next part of the series, well look at what is probably the most
important day-to-day risk for a bankoperational risk.
Operational risk
The Basel Committee on Banking Supervision defines operational risk as the
risk of loss resulting from inadequate or failed internal processes, people and
systems or from external events. This definition includes legal risk, but
excludes strategic and reputation risk.
Full-service banks like JPMorgan (JPM), traditional banks like Wells Fargo
(WFC), investment banks like Goldman Sachs (GS) and Morgan Stanley (MS),
or any other banks included in an ETF like the Financial Select Sector SPDR
Fund (XLF) face operational risk.
Operational risk occurs in all day-to-day bank activities. Operational risk
examples include a check incorrectly cleared or a wrong order punched into a
trading terminal. This risk arises in almost all bank departmentscredit,
investment, treasury, and information technology.
Nick was able to authorize his own trades and enter them into the banks
system without any supervision due to weak and inefficient internal auditing
and control measures. His supervisors were alerted after the losses became
too huge. By that time, it wasnt possible to keep the trades and the losses a
secret.
It was only able to fund a small part of its new loans from deposits. So it
financed new loans by selling the loans that it originated to other banks and
investors. This process of selling loans is known as securitization.
Northern Rock would then take short-term loans to fund its new loans. So the
bank was dependent on two factorsdemand for loans, which it sold to other
banks, and availability of credit in financial markets to fund those loans. When
markets were under pressure in 20072008, the bank wasnt able to sell the
loans it had originated. At the same time, it also wasnt able to secure short-
term credit.
Due to the financial crisis, a lot of investors took out their deposits, causing
the bank to have a severe liquidity crisis. Northern Rock got a credit line from
the government. But the problems persisted, and the government took over
the bank.
Reputational risk
Reputational risk is the risk of damage to a banks image and public standing
that occurs due to some dubious actions taken by the bank. Sometimes
reputational risk can be due to perception or negative publicity against the
bank and without any solid evidence of wrongdoing. Reputational risk leads to
the publics loss of confidence in a bank.
By buying such large quantities, the bank was able to control the price that
investors paid for these securities. In 1991, the government caught the bank
in its act. Salomon Brothers suffered considerable loss of reputation. The U.S.
government fined Salomon Brothers to a tune of $290 million, the largest fine
ever levied on an investment bank at the time.
Must-know: Business risksits all about a
banks strategy
By Saul Perez Sep 1, 2014 11:37 am EST
Business risk
Business risk is the risk arising from a banks long-term business strategy. It
deals with a bank not being able to keep up with changing competition
dynamics, losing market share over time, and being closed or acquired.
Business risk can also arise from a bank choosing the wrong strategy, which
might lead to its failure.
Systemic risk
Systemic risk is the name of the most nightmarish scenario you can think of.
This type of scenario happened in 2008 across the world. Broadly, it refers to
the risk that the entire financial system might come to a standstill. It can also
be stated as the possibility that default or failure by one financial institution
can cause domino effects among its counter parties and others, threatening
the stability of the financial system as a whole.
Recap
In this series, weve learned about eight different types of risks that are
inherent in a banking system. A bank can exercise a large degree of control
over some types of risks like operational risk by having strong systems and
processes. A bank can also control risk by ensuring stringent audits and
compliance.
There are other types of risks that a bank has little control over, such as
systemic risk. The only things a bank can do to avoid such risks are to have a
strong capital base, to have the best-in-class processes, and to hope for the
best.
Other risks
There are some other minor types of risks that a bank carries. These arent
as important as the previous risks discussed, but well mention them in this
article.
Legal risk
A bank can be exposed to legal risk. Legal risk can be in the form of financial
loss arising from legal suits filed against the bank or by a bank for applying a
law wrongly.
Country risk
A bank that operates in many countries also faces country risk when theres a
localized economic problem in a certain country. In such a scenario, the
banks holding company may need to bear losses in case it exceeds the
capital of a subsidiary in an another country. The holding company in certain
cases may also need to provide capital.
All large banks that operate in many countries bear country risks. These
banks include JPMorgan (JPM), Citigroup (C), Goldman Sachs(GS), Morgan
Stanley (MS), and banks in an ETF like the Financial Select Sector SPDR
Fund (XLF).
Look at the above chart to see the results of uncontrolled risks for Lehman
Brothers. So we can say that a successful bank is one thats able to manage
various risks successfully and continuously evolve with the changing needs in
the banking landscape.
Controlling risks
So far in this series, weve learned all about banking risks. Now lets turn our
attention to ways of controlling risks. There are many ways risks can be
controlled. There are two broad categories for controlling risks:
But no matter how robust the rules, systems, and processes might be, they
leave a bank open to risk. Banking risks can quickly become a contagion and
lead to a collapse in financial markets. Such situations impact the whole
economy of a country, and in many large cases the reverberations are felt
across the globe.
As an investor, you must know about these regulations in detail. Itll help you
understand the sector better and help you analyze and select the correct
stocks to invest in.
Quantitative Risk Management Tools
Trading Market Risk Requirements
In December 2011 we received model approvals, from the
BaFin, for the stressed value-at-risk, incremental risk
charge and comprehensive risk measure models. These are
additional methods we use to measure market
risk exposures.
Stressed value-at-risk: calculates a stressed value-at-risk
measure based on a continuous 1 year period of significant
market stress.
Incremental Risk Charge: captures default and credit
migration risks in addition to the risks already captured in
value-at-risk for credit-sensitive positions in the trading book.
Comprehensive Risk Measure: captures incremental risk for
the correlation trading portfolio calculated using an internal
model subject to qualitative minimum requirements as well
as stress testing requirements.
Market Risk Standardized Approach: calculates regulatory
capital for securitizationsand nth-to-default credit derivatives.
Stressed value-at-risk, incremental risk charge and the
comprehensive risk measure are calculated for all relevant
portfolios. The results from the models are used in the day-
to-day risk management of the bank, as well as for defining
regulatory capital.
Stressed Value-at-Risk
We calculate a stressed value-at-risk measure using a
99 % confidence level and a holding period of one day. For
regulatory purposes, the holding period is ten days.
Our stressed value-at-risk calculation utilizes the same
systems, trade information and processes as those used for
the calculation of value-at-risk. The only difference is that
historical market data from a period of significant financial
stress (i.e., characterized by high volatilities) is used as an
input for the Monte Carlo Simulation. The time window
selection process for the stressed value-at-risk calculation is
based on the identification of a time window characterized by
high levels of volatility and extreme movements in the top
value-at-risk contributors. The results from these two
indicators (volatility and number of outliers) are combined
using chosen weights intended to ensure qualitative aspects
are also taken into account (i.e., inclusion of key crisis
periods).
Incremental Risk Charge
The incremental risk charge is based on our own internal
model and is intended to complement the value-at-risk
modeling framework. It represents an estimate of the default
and migration risks of unsecuritized credit products over a
one-year capital horizon at a 99.9 % confidence level, taking
into account the liquidity horizons of individual positions or
sets of positions. We use a Monte Carlo Simulation for
calculating incremental risk chargeas the 99.9 % quantile of
the portfolio loss distribution and for allocating contributory
incremental risk charge to individual positions. The model
captures the default and migration risk in an accurate and
consistent quantitative approach for all portfolios.
We calculate the incremental risk charge on a weekly basis.
The charge is determined as the higher of the most recent
12 week average of incremental risk charge and the most
recent incremental risk charge. The market and position data
are collected from front office systems and are subject to
strict quality control. The incremental risk charge figures are
closely monitored and play a significant role in the
management of the covered portfolios. Additionally, the
incremental risk charge provides information on the
effectiveness of the hedging positions which is reviewed by
the risk managers.
The market and position data are collected from front office
systems and are subject to strict quality control. The
comprehensive risk measure figures are closely monitored
and play a significant role in the management of the
correlation trading portfolio. We use historical market data to
estimate the risk drivers to the comprehensive risk measure
with a history of up to three years.
Value-at-Risk at Postbank
Postbank also uses the value-at-risk concept to quantify and
monitor the market risk it assumes. Value-at-risk is
calculated using a Monte Carlo Simulation. The risk factors
taken into account in the value-at-risk include interest rates,
equity prices, foreign exchange rates, and volatilities, along
with risks arising from changes in credit spreads. Correlation
effects between the risk factors are derived from equally-
weighted historical data.
Postbanks trading book value-at-risk is currently not
consolidated into the value-at-risk of the remaining Group.
However, it is shown separately in the internal value-at-risk
report.