Submitted to: Submitted by:

Prof. Dhiraj Sharma Silkina Singla

MBA 2 C

Rollno-5866
THE EVOLUTION OF RISK MANAGEMENT

The field of risk management emerged in the mid-1970s, evolving from the older field of
insurance management. The term risk management was adopted because the new field has a
much wider focus than simply insurance management. Risk management includes activities
and responsibilities out-side of the general insurance domain, although insurance is an
important part of it and insurance agents often serve as risk managers. Insurance management
focused on protecting companies from natural disasters and basic kinds of exposures, such as
fire, theft, and employee injuries, whereas risk management focuses on these kinds of risks as
well as other kinds of costly losses, including those stemming from product liability,
employment practices, environmental degradation, accounting compliance, offshore
outsourcing, currency fluctuations, and electronic commerce. In the 1980s and 1990s, risk
management grew into vital part of company planning and strategy and risk management
became integrated with more and more company functions as the field evolved. As the role of
risk management has increased to encompass large-scale, organization-wide programs, the
field has become known as enterprise risk management.

INTRODUCTION

Risk Management is defined as the systematic way of ensuring protection of business

resources and income against losses so that the aim, goals and vision of the company can be
reached. Thus, Risk Management creates stability and contributes to growth and assures
profitability of the organization. Some risk managers define risk as the possibility that a
future occurrence may cause harm or losses, while noting that risk also may provide possible
opportunities. By taking risks, companies sometimes can achieve considerable gains.
However, companies need risk management to analyze possible risks in order to balance
potential gains against potential losses and avoid expensive mistakes. Risk management is
best used as a preventive measure rather than as a reactive measure. Companies benefit most
from considering their risks when they are performing well and when markets are growing in
order to sustain growth and profitability.

Risk management is the identification, assessment, and prioritization of risks (defined in ISO
31000 as the effect of uncertainty on objectives, whether positive or negative) followed by
coordinated and economical application of resources to minimize, monitor, and control the
probability and/or impact of unfortunate events or to maximize the realization of
opportunities. Risks can come from uncertainty in financial markets, project failures, legal
liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from
an adversary. Several risk management standards have been developed including the Project
Management Institute, the National Institute of Science and Technology, actuarial societies,
and ISO standards. Methods, definitions and goals vary widely according to whether the risk
management method is in the context of project management, security, engineering, industrial
processes, financial portfolios, actuarial assessments, or public health and safety.

The strategies to manage risk include transferring the risk to another party, avoiding the risk,
reducing the negative effect of the risk, and accepting some or all of the consequences of a
particular risk.
In ideal risk management, a prioritization process is followed whereby the risks with the
greatest loss and the greatest probability of occurring are handled first, and risks with lower
probability of occurrence and lower loss are handled in descending order. In practice the
process can be very difficult, and balancing between risks with a high probability of
occurrence but lower loss versus a risk with high loss but lower probability of occurrence can
often be mishandled.

OBJECTIVES

Broadly the Risk Management studies are conducted with the following objectives:

 To carry out a systematic, critical appraisal of all potential risks involving personnel,
plant, services and operations.
 To review the insurance coverage and to identify areas of coverage to optimize
the risk exposure.

ADVANTAGES OF RISK MANAGEMENT

Risk management provides a clear and structured approach to identifying risks. Having a
clear understanding of all risks allows an organization to measure and prioritize them and
take the appropriate actions to reduce losses. Risk management has other benefits for an
organization, including:

 To achieve the objectives of the Organization.

 To ensure that the goals short term and long term are achieved without any disruption
or delay.
 To have knowledgeable of insurance arrangements and have considered decisions on
insurances to be availed.
 Saving resources: Time, assets, income, property and people are all valuable resources
that can be saved if fewer claims occur.
 Protecting the reputation and public image of the organization.
 Preventing or reducing legal liability and increasing the stability of operations.
 Protecting people from harm.
 Protecting the environment.
 Enhancing the ability to prepare for various circumstances.
 Reducing liabilities.
 Assisting in clearly defining insurance needs.

An effective risk management practice does not eliminate risks. However, having an effective
and operational risk management practice shows an insurer that your organization is
committed to loss reduction or prevention. It makes your organization a better risk to insure.
PRINCIPLES OF RISK MANAGEMENT

The International Organization for Standardization (ISO) identifies the following principles
of risk management. Risk management should:

 create value
 be an integral part of organizational processes
 be part of decision making
 explicitly address uncertainty
 be systematic and structured
 be based on the best available information
 be tailored
 take into account human factors
 be transparent and inclusive
 be dynamic, iterative and responsive to change
 be capable of continual improvement and enhancement

POTENTIAL RISK TREATMENTS

Once risks have been identified and assessed, all techniques to manage the risk fall into one
or more of these four major categories:

 Avoidance (eliminate, withdraw from or not become involved)

 Reduction (optimize - mitigate)
 Sharing (transfer - outsource or insure)
 Retention (accept and budget)

Ideal use of these strategies may not be possible. Some of them may involve trade-offs that
are not acceptable to the organization or person making the risk management decisions.

Risk avoidance

This includes not performing an activity that could carry risk. An example would be not
buying a property or business in order to not take on the legal liability that comes with it.
Another would be not being flying in order to not take the risk that the airplane was to be
hijacked. Avoidance may seem the answer to all risks, but avoiding risks also means losing
out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a
business to avoid the risk of loss also avoids the possibility of earning profits.

Risk reduction

Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood
of the loss from occurring. For example, sprinklers are designed to put out a fire to reduce the
risk of loss by fire. This method may cause a greater loss by water damage and therefore may
not be suitable. Halon fire suppression systems may mitigate that risk, but the cost may be
prohibitive as a strategy.
Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher
capability at managing or reducing risks. For example, a company may outsource only its
software development, the manufacturing of hard goods, or customer support needs to
another company, while handling the business management itself. This way, the company can
concentrate more on business development without having to worry as much about the
manufacturing process, managing the development team, or finding a physical location for a
call center.

Risk sharing

It is briefly defined as "sharing with another party the burden of loss or the benefit of gain,
from a risk, and the measures to reduce a risk."

The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you
can transfer a risk to a third party through insurance or outsourcing. In practice if the
insurance company or contractor go bankrupt or end up in court, the original risk is likely to
still revert to the first party. As such in the terminology of practitioners and scholars alike, the
purchase of an insurance contract is often described as a "transfer of risk." However,
technically speaking, the buyer of the contract generally retains legal responsibility for the
losses "transferred", meaning that insurance may be described more accurately as a post-
event compensatory mechanism. For example, a personal injuries insurance policy does not
transfer the risk of a car accident to the insurance company. The risk still lays with the policy
holder namely the person who has been in the accident. The insurance policy simply provides
that if an accident (the event) occurs involving the policy holder then some compensation
may be payable to the policy holder that is commensurate to the suffering/damage.

Risk retention

It involves accepting the loss, or benefit of gain, from a risk when it occurs. True self
insurance falls in this category. Risk retention is a viable strategy for small risks where the
cost of insuring against the risk would be greater over time than the total losses sustained. All
risks that are not avoided or transferred are retained by default. This includes risks that are so
large or catastrophic that they either cannot be insured against or the premiums would be
infeasible. War is an example since most property and risks are not insured against war, so
the loss attributed by war is retained by the insured. Also any amount of potential loss (risk)
over the amount insured is retained risk. This may also be acceptable if the chance of a very
large loss is small or if the cost to insure for greater coverage amounts is so great it would
hinder the goals of the organization too much.

ROLE OF RISK MANAGERS

The task of the risk manager is to predict, and enact measures to control or prevent, losses
within a company. The risk-management process involves identifying exposures to potential
losses, measuring these exposures, and deciding how to protect the company from harm
given the nature of the risks and the company's goals and resources. While companies face a
host of different risks, some are more important than others. Risk managers determine their
importance and ability to be affected while identifying and measuring exposures. For
example, the risk of flooding in Arizona would have low priority relative to other risks a
company located there might face. Risk managers consider different methods for controlling
or preventing risks and then select the best method given the company's goals and resources.
After the method is selected and implemented, the method must be monitored to ensure that it
produce the intended results.

Key activities of risk managers in any sector comprise:

 planning, designing and implementing an overall risk management process for the
organization by developing operating models;

 risk assessment which involves managing the process of analyzing upside and
downside risks as well as identifying, describing and estimating the quantitative and
qualitative risks affecting the business;

 risk evaluation which involves comparing estimated risks with risk criteria established
by the organization such as costs, legal requirements and environmental factors;

 risk reporting in an appropriate way for different audiences, for example to the board
of directors so they understand the most significant risks, to business heads to ensure
they are aware of risks relevant to their parts of the business and to individuals to
understand their accountability for individual risks;

 corporate governance involving external risk reporting to stakeholders;

 decision making;

 risk treatment by selecting and implementing measures to control and mitigate risks
including activities to avoid risks, transfer risks and finance risks;

 monitoring and reviewing processes to ensure risk and compliance arrangements are
in place;

 conducting audits of policy and compliance to standards, including liaison with

internal and external auditors;

 at a strategic level, contributing to process mapping in order to understand business

processes and linkage to areas of risk

 providing support, education and training to staff, commonly at management level

EMERGING AREAS OF RISK MANAGEMENT

In the 1990s, new areas of risk management began to emerge that provide managers with
more options to protect their companies against new kinds of exposures. According to the
Risk and Insurance Management Society (RIMS), the main trade organization for the risk
management profession, among the emerging areas for risk management were operations
management, environmental risks, and ethics.

As forecast by RIMS, risk managers of corporations started focusing more on verifying their
companies' compliance with federal environmental regulations in the 1990s. According to
Risk Management, risk managers began to assess environmental risk such as those arising
from pollution, waste management, and environmental liability to help make their companies
more profitable and competitive. Furthermore, tighter environmental regulations also goaded
businesses to have risk managers check their compliance with environmental policies to
prevent possible penalties for noncompliance.

Companies also have the option of obtaining new kinds of insurance policies to control risks,
which managers and risk managers can take into consideration when determining the best
methods for covering potential risks. These nontraditional insurance policies provide
coverage of financial risks associated with corporate profits and currency fluctuation. Hence,
these policies in effect guarantee a minimum level of profits, even when a company
experiences unforeseen losses from circumstances it cannot control (e.g., natural disasters or
economic downturns). Moreover, these nontraditional policies ensure profits for companies
doing business in international markets, and hence they help prevent losses from fluctuations
in a currency's value.

Risk managers can also help alleviate losses resulting from mergers. Stemming from the
wave of mergers in the 1990s, risk managers became a more integral part of company merger
and acquisition teams. Both parties in these transactions rely on risk management services to
determine and control or prevent risks. On the buying side, risk managers examine a selling
company's expenditures, loss history, insurance policies, and other areas that indicate a
company's potential risks. Risk managers also suggest methods for preventing or controlling
the risks they find.

Finally, risk managers have been called upon to help businesses manage the risks associated
with increased reliance on the Internet. The importance of online business activities in
maintaining relationships with customers and suppliers, communicating with employees, and
advertising products and services has offered companies many advantages, but also exposed
them to new security risks and liability issues. Business managers need to be aware of the
various risks involved in electronic communication and commerce and include Internet
security among their risk management activities.
LIMITATIONS

If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of
losses that are not likely to occur. Spending too much time assessing and managing unlikely
risks can divert resources that could be used more profitably. Unlikely events do occur but if
the risk is unlikely enough to occur it may be better to simply retain the risk and deal with the
result if the loss does in fact occur. Qualitative risk assessment is subjective and lacks
consistency. The primary justification for a formal risk assessment process is legal and
bureaucratic.

Prioritizing the risk management processes too highly could keep an organization from ever
completing a project or even getting started. This is especially true if other work is suspended
until the risk management process is considered complete.

It is also important to keep in mind the distinction between risk and uncertainty. Risk can be
measured by impacts x probability.

TYPES OF RISK

Risk takes many forms. You take risk every time you act, from crossing the street to buying a
stock to getting on an airplane to drinking a glass of pasteurized milk. Generally when people
talk about risk, however, they focus on financial risk. This answer therefore addresses both
types and measurement of financial risk.

There a number of differing types of risk that can affect your investments. While some of
these risks can be reduced through a number of avenues - some of them simply have to be
accepted and planned for in any investment decision.

On a macro (large scale) level there are two main types of risk:

 Systematic risk is the risk that cannot be reduced or predicted in any manner and it is
almost impossible to predict or protect yourself against this type of risk. Examples of
this type of risk include interest rate increases or government legislation changes. The
smartest way to account for this risk is to simply acknowledge that this type of risk
will occur and plan for your investment to be affected by it.

 Unsystematic risk is risk that is specific to assets features and can usually be
eliminated through a process called diversification. Examples of this type of risk
include employee strikes or management decision changes.
Now that we've determined the fundamental types of risk, let's look at more specific types of
risk, particularly when we talk about stocks and bonds:

Credit Risk:

Meaning

Credit risk is the risk of loss of principal or loss of a financial reward stemming from a
borrower's failure to repay a loan or otherwise meet a contractual obligation. Credit risk
arises whenever a borrower is expecting to use future cash flows to pay a current debt.
Investors are compensated for assuming credit risk by way of interest payments from the
borrower or issuer of a debt obligation. Government bonds, especially those issued by the
federal government, have the least amount of default risk and the lowest returns,
while corporate bonds tend to have the highest amount of default risk but also higher interest
rates. Bonds with a lower chance of default are considered to be investment grade, while
bonds with higher chances are considered to be junk bonds.

Assessing credit risk

Significant resources and sophisticated programs are used to analyze and manage risk. Some
companies run a credit risk department whose job is to assess the financial health of their
customers, and extend credit (or not) accordingly. They may use in house programs to advice
on avoiding, reducing and transferring risk. They also use third party provided intelligence.
Companies like Standard & Poor's, Moody's, Fitch Ratings, and Dun and Bradstreet provide
such information for a fee.

Most lenders employ their own models (credit scorecards) to rank potential and existing
customers according to risk, and then apply appropriate strategies. With products such as
unsecured personal loans or mortgages, lenders charge a higher price for higher risk
customers and vice versa. With revolving products such as credit cards and overdrafts, risk is
controlled through the setting of credit limits. Some products also require security, most
commonly in the form of property.

Credit risk management process

The word `process’ connotes a continuing activity or function towards a particular result. The
process is in fact the last of the four wings in the entire risk management edifice – the other
three being organizational structure, principles and policies. In effect it is the vehicle to
implement a bank’s risk principles and policies aided by banks organizational structure, with
the sole objective of creating and maintaining a healthy risk culture in the bank.

The risk management process has four components:

1. Risk Identification.
2. Risk Measurement.
3. Risk Monitoring.
4. Risk Control.
Risk identification:

While identifying risks, the following points have to be kept in mind:

 All types of risks (existing and potential) must be identified and their likely effect in
the short run be understood.
 The magnitude of each risk segment may vary from bank to bank.

The geographical area covered by the bank may determine the coverage of its risk content. A
bank that has international operations may experience different intensity of credit risks in
various countries when compared with a pure domestic bank. Also, even within a bank, risks
will vary in it domestic operations and its overseas arms

Risk measurement:

Measurement means weighing the contents and/or value, intensity, magnitude of any object
against a yardstick. In risk measurement it is necessary to establish clear ways of evaluating
various risk categories, without which identification would not serve any purpose. Using
quantitative techniques in a qualitative framework will facilitate the following objectives:

 Finding out and understanding the exact degree of risk elements in each category in
the operational environment.
 Directing the efforts of the bank to mitigate the risks according to the vulnerability of
a particular risk factor.
 Taking appropriate initiatives in planning the organization’s future thrust areas and
line of business and capital allocation. The systems/techniques used to measure risk
depend upon the nature and complexity of a risk factor. While a very simple
qualitative assessment may be sufficient in some cases, sophisticated
methodological/statistical may be necessary in others for a quantitative value.

Risk monitoring:

Keeping close track of risk identification measurement activities in the light of the risk,
principles and policies is a core function in a risk management system. For the success of the
system, it is essential that the operating wings perform their activities within the broad
contours of the organizations risk perception. Risk monitoring activity should ensure the
following:

 Each operating segment has clear lines of authority and responsibility.

 Whenever the organizations principles and policies are breached, even if they may be
to its advantage, must be analyzed and reported, to the concerned authorities to aid in
policy making.
 In the course of risk monitoring, if it appears that it is in the banks interest to modify
existing policies and procedures, steps to change them should be considered.
 There must be an action plan to deal with major threat areas facing the bank in the
future.
 The activities of both the business and reporting wings are monitored striking a
balance at all points in time.
 Tracking of risk migration is both upward and downward.
Risk control:

There must be appropriate mechanism to regulate or guide the operation of the risk
management system in the entire bank through a set of control devices. These can be
achieved through a host of management processes such as:

 Assessing risk profile techniques regularly to examine how far they are effective in
mitigating risk factors in the bank.
 Analyzing internal and external audit feedback from the risk angle and using it to
activate control mechanisms.
 Segregating risk areas of major concern from other relatively insignificant areas and
exercising more control over them.
 Putting in place a well drawn-out-risk-focused audit system to provide inputs on
restraint for operating personnel so that they do not take needless risks for short-term
interests.

It is evident, therefore, that the risk management process through all its four wings facilitate
an organization’s sustainability and growth. The importance of each wing depends upon the
nature of the organizations activity, size and objective. But it still remains a fact that the
importance of the entire process is paramount.

Mitigating credit risk

Lenders mitigate credit risk using several methods:

Risk-based pricing: Lenders generally charge a higher interest rate to borrowers who are
more likely to default, a practice called risk-based pricing. Lenders consider factors relating
to the loan such as loan purpose, credit rating, and loan-to-value ratio and estimate the effect
on yield.

Covenants: Lenders may write stipulations on the borrower, called covenants, into loan
agreements:

 Periodically report its financial condition

 Refrain from paying dividends, repurchasing shares, borrowing further, or other
specific, voluntary actions that negatively affect the company's financial position
 Repay the loan in full, at the lender's request, in certain events such as changes in the
borrower's debt-to-equity ratio or interest coverage ratio

Credit insurance and credit derivatives: Lenders and bond holders may hedge their credit
risk by purchasing credit insurance or credit derivatives. These contracts the transfer risk
from the lender to the seller (insurer) in exchange for payment. The most common credit
derivative is the credit default swap.
Tightening: Lenders can reduce credit risk by reducing the amount of credit extended, either
in total or to certain borrowers. For example, a distributor selling its products to a troubled
retailer may attempt to lessen credit risk by reducing payment terms from net 30 to net 15.

Diversification: Lenders to a small number of borrowers (or kinds of borrower) face a high
degree of unsystematic credit risk, called concentration risk. Lenders reduce this risk by
diversifying the borrower pool.

Deposit insurance: Many governments establish deposit insurance to guarantee bank

deposits of insolvent banks. Such protection discourages consumers from withdrawing
money when a bank is becoming insolvent, to avoid a bank run, and encourages consumers to
holding their savings in the banking system instead of in cash.
Liquidity Risk:

Liquidity risk is the risk stemming from the lack of marketability of an investment that
cannot be bought or sold quickly enough to prevent or minimize a loss.

Typically the bid-offer spread (the difference between where you buy and sell a product) is a
good indication of liquidity risk. For example, if you can buy a stock at $100 and sell it at
$99.95, the bid-offer spread is $0.05, and getting out of the trade is considered relatively
easy. However, if you could buy a bond at $100 but sell it at $80, the bid-offer spread is $20,
and the bond would be considered illiquid.

Causes of liquidity risk

Liquidity risk arises from situations in which a party interested in trading an asset cannot do it
because nobody in the market wants to trade that asset. Liquidity risk becomes particularly
important to parties who are about to hold or currently hold an asset, since it affects their
ability to trade.

Manifestation of liquidity risk is very different from a drop of price to zero. In case of a drop
of an asset's price to zero, the market is saying that the asset is worthless. However, if one
party cannot find another party interested in trading the asset, this can potentially be only a
problem of the market participants with finding each other. This is why liquidity risk is
usually found higher in emerging markets or low-volume markets.

Liquidity risk is financial risk due to uncertain liquidity. An institution might lose liquidity if
its credit rating falls, it experiences sudden unexpected cash outflows, or some other event
causes counterparties to avoid trading with or lending to the institution. A firm is also
exposed to liquidity risk if markets on which it depends are subject to loss of liquidity.

Liquidity risk tends to compound other risks. If a trading organization has a position in an
illiquid asset, its limited ability to liquidate that position at short notice will compound its
market risk. Suppose a firm has offsetting cash flows with two different counterparties on a
given day. If the counterparty that owes it a payment defaults, the firm will have to raise cash
from other sources to make its payment. Should it be unable to do so, it too will default. Here,
liquidity risk is compounding credit risk.

Liquidity risk has to be managed in addition to market, credit and other risks. Because of its
tendency to compound other risks, it is difficult or impossible to isolate liquidity risk. In all
but the most simple of circumstances, comprehensive metrics of liquidity risk do not exist.
Certain techniques of asset-liability management can be applied to assessing liquidity risk. A
simple test for liquidity risk is to look at future net cash flows on a day-by-day basis. Any day
that has a sizeable negative net cash flow is of concern. Such an analysis can be
supplemented with stress testing. Look at net cash flows on a day-to-day basis assuming that
an important counterparty defaults.

Analyses such as these cannot easily take into account contingent cash flows, such as cash
flows from derivatives or mortgage-backed securities. If an organization's cash flows are
largely contingent, liquidity risk may be assessed using some form of scenario analysis. A
general approach using scenario analysis might entail the following high-level steps:
  Construct multiple scenarios for market movements and defaults over a given period
of time
 Assess day-to-day cash flows under each scenario.
 Because balance sheets differ so significantly from one organization to the next, there
is little standardization in how such analyses are implemented.
 Regulators are primarily concerned about systemic and implications of liquidity risk.

Measures of liquidity risk

Liquidity gap

Culp defines the liquidity gap as the net liquid assets of a firm. It is the excess value of the
firm's liquid assets over its volatile liabilities. A company with a negative liquidity gap
should focus on their cash balances and possible unexpected changes in their values. As a
static measure of liquidity risk it gives no indication of how the gap would change with an
increase in the firm's marginal funding cost.

Liquidity risk elasticity

Culp denotes the change of net of assets over funded liabilities that occur when the liquidity
premium on the bank's marginal funding cost rises by a small amount as the liquidity risk
elasticity. Problems with the use of liquidity risk elasticity are that it assumes parallel
changes in funding spread across all maturities and that it is only accurate for small changes
in funding spreads.

Managing Liquidity Risk

Liquidity-adjusted value at risk

Liquidity-adjusted VAR incorporates exogenous liquidity risk into Value at Risk. It can be
defined at VAR + ELC (Exogenous Liquidity Cost). The ELC is the worst expected half-
spread at a particular confidence level.

Another adjustment is to consider VAR over the period of time needed to liquidate the
portfolio. VAR can be calculated over this time period. The BIS mentions "... a number of
institutions are exploring the use of liquidity adjusted-VAR, in which the holding periods in
the risk assessment are adjusted by the length of time required to unwind positions."

Liquidity at risk

Greenspan (1999) discusses management of foreign exchange reserves. The Liquidity at risk
measure is suggested. A country's liquidity position under a range of possible outcomes for
relevant financial variables (exchange rates, commodity prices, credit spreads, etc.) is
considered. It might be possible to express a standard in terms of the probabilities of different
outcomes. For example, an acceptable debt structure could have an average maturity—
averaged over estimated distributions for relevant financial variables—in excess of a certain
limit. In addition, countries could be expected to hold sufficient liquid reserves to ensure that
they could avoid new borrowing for one year with certain ex ante probability, such as 95
percent of the time.
Scenario analysis-based contingency plans

The FDIC discuss liquidity risk management and write "Contingency funding plans should
incorporate events that could rapidly affect an institution’s liquidity, including a sudden
inability to securitize assets, tightening of collateral requirements or other restrictive terms
associated with secured borrowings, or the loss of a large depositor or counterparty".
Greenspan's liquidity at risk concept is an example of scenario based liquidity risk
management.

Diversification of liquidity providers

If several liquidity providers are on call then if any of those providers increases its costs of
supplying liquidity, the impact of this is reduced. The American Academy of Actuaries wrote
"While a company is in good financial shape, it may wish to establish durable, ever-green
(i.e., always available) liquidity lines of credit. The credit issuer should have an appropriately
high credit rating to increase the chances that the resources will be there when needed.

Derivatives

Bhaduri, Meissner and Youn discuss five derivatives created specifically for hedging
liquidity risk:

 Withdrawal option: A put of the illiquid underlying at the market price.

 Bermudan-style return put option: Right to put the option at a specified strike.
 Return swap: Swap the underlying's return for LIBOR paid periodically.
 Return swap option: Option to enter into the return swap.
 Liquidity option: "Knock-in" barrier option, where the barrier is liquidity metric.
Interest Rate Risk:

It is the risk that an investment's value will change due to a change in the absolute level of
interest rates, in the spread between two rates, in the shape of the yield curve or in any other
interest rate relationship. Such changes usually affect securities inversely and can be reduced
by diversifying (investing in fixed-income securities with different durations) or hedging (e.g.
through an interest rate swap). This risk affects the value of bonds more directly than stock.
One way to measure interest rate risk is to measure the volatility of interest rates. The easiest
way to do this (though not necessarily the most correct) is to look at the historic volatility of
interest rates. A more complex way to do this is to use mathematical models to forecast
interest rate scenarios.

Measurement of Interest Rate Risk

Managing interest rate risk requires a clear understanding of the amount at risk and the
impact of changes in interest rates on this risk position. To make these determinations,
sufficient information must be readily available to permit appropriate action to be taken
within acceptable, often very short, time periods. The longer it takes an institution to
eliminate or reverse an unwanted exposure, the greater the possibility of loss.

Each institution needs to use risk measurement techniques that accurately and frequently
measure the impact of potential interest rate changes on the institution. In choosing
appropriate rate scenarios to measure the effect of rate changes, the institution should
consider the potential volatility of rates and the time period within which the institution could
realistically react to close the position.

Gap analysis, duration analysis and stimulation models are interest rate risk measurement
techniques. Each institution should use at least one, and preferably a combination of these
techniques in managing its interest rate risk exposure. Each technique provides a different
perspective on interest rate risk, has distinct strengths and weaknesses, and is more effective
when used in combination with another.

Sources of Interest Rate Risk

Repricing risk: As financial intermediaries, banks encounter interest rate risk in several
ways. The primary and most often discussed form of interest rate risk arises from timing
differences in the maturity (for fixed rate) and repricing (for floating rate) of bank assets,
liabilities and off-balance-sheet (OBS) positions. While such repricing mismatches are
fundamental to the business of banking, they can expose a bank's income and underlying
economic value to unanticipated fluctuations as interest rates vary. For instance, a bank that
funded a long-term fixed rate loan with a short-term deposit could face a decline in both the
future income arising from the position and its underlying value if interest rates increase.
These declines arise because the cash flows on the loan are fixed over its lifetime, while the
interest paid on the funding is variable, and increases after the short-term deposit matures.

Yield curve risk: Repricing mismatches can also expose a bank to changes in the slope and
shape of the yield curve. Yield curve risk arises when unanticipated shifts of the yield curve
have adverse effects on a bank's income or underlying economic value. For instance, the
underlying economic value of a long position in 10-year government bonds hedged by a short
position in 5-year government notes could decline sharply if the yield curve steepens, even if
the position is hedged against parallel movements in the yield curve.

Basis risk: Another important source of interest rate risk (commonly referred to as basis risk)
arises from imperfect correlation in the adjustment of the rates earned and paid on different
instruments with otherwise similar repricing characteristics. When interest rates change, these
differences can give rise to unexpected changes in the cash flows and earnings spread
between assets, liabilities and OBS instruments of similar maturities or repricing frequencies.
For example, a strategy of funding a one year loan that reprices monthly based on the one
month U.S. Treasury Bill rate, with a one-year deposit that reprices monthly based on one
month Libor, exposes the institution to the risk that the spread between the two index rates
may change unexpectedly.

Optionality: An additional and increasingly important source of interest rate risk arises from
the options embedded in many bank assets, liabilities and OBS portfolios. Formally, an
option provides the holder the right, but not the obligation, to buy, sell, or in some manner
alter the cash flow of an instrument or financial contract. Options may be stand alone
instruments such as exchange-traded options and over-the-counter (OTC) contracts, or they
may be embedded within otherwise standard instruments. While banks use exchange-traded
and OTC-options in both trading and non-trading accounts, instruments with embedded
options are generally most important in non-trading activities. They include various types of
bonds and notes with call or put provisions, loans which give borrowers the right to prepay
balances, and various types of non-maturity deposit instruments which give depositors the
right to withdraw funds at any time, often without any penalties. If not adequately managed,
the asymmetrical payoff characteristics of instruments with optionality features can pose
significant risk particularly to those who sell them, since the options held, both explicit and
embedded, are generally exercised to the advantage of the holder and the disadvantage of the
seller. Moreover, an increasing array of options can involve significant leverage which can
magnify the influences (both negative and positive) of option positions on the financial
condition of the firm.

Effects of Interest Rate Risk

 Earnings perspective: In the earnings perspective, the focus of analysis is the impact
of changes in interest rates on accrual or reported earnings. This is the traditional
approach to interest rate risk assessment taken by many banks. Variation in earnings
is an important focal point for interest rate risk analysis because reduced earnings or
outright losses can threaten the financial stability of an institution by undermining its
capital adequacy and by reducing market confidence.

 In this regard, the component of earnings that has traditionally received the most
attention is net interest income (i.e. the difference between total interest income and
total interest expense). This focus reflects both the importance of net interest income
in banks' overall earnings and its direct and easily understood link to changes in
interest rates. However, as banks have expanded increasingly into activities that
generate fee-based and other non-interest income, a broader focus on overall net
income - incorporating both interest and non-interest income and expenses - has
become more common. The non-interest income arising from many activities, such as
 loan servicing and various assets securitization programs can be highly sensitive to
market interest rates. For example, some banks provide the servicing and loan
administration function for mortgage loan pools in return for a fee based on the
volume of assets it administers. When interest rates fall, the servicing bank may
experience a decline in its fee income as the underlying mortgages prepay. In
addition, even traditional sources of non-interest income such as transaction
processing fees are becoming more interest rate sensitive. This increased sensitivity
has led both bank management and supervisors to take a broader view of the potential
effects of changes in market interest rates on bank earnings and to factor these broader
effects into their estimated earnings under different interest rate environments.

 Economic value perspective: Variation in market interest rates can also affect the
economic value of a bank's assets, liabilities and OBS positions. Thus, the sensitivity
of a bank's economic value to fluctuations in interest rates is a particularly important
consideration of shareholders, management and supervisors alike. The economic
value of an instrument represents an assessment of the present value of its expected
net cash flows, discounted to reflect market rates. By extension, the economic value
of a bank can be viewed as the present value of bank's expected net cash flows,
defined as the expected cash flows on assets minus the expected cash flows on
liabilities plus the expected net cash flows on OBS positions. In this sense, the
economic value perspective reflects one view of the sensitivity of the net worth of the
bank to fluctuations in interest rates.

 Since the economic value perspective considers the potential impact of interest rate
changes on the present value of all future cash flows, it provides a more
comprehensive view of the potential long-term effects of changes in interest rates than
is offered by the earnings perspective. This comprehensive view is important since
changes in near-term earnings - the typical focus of the earnings perspective - may not
provide an accurate indication of the impact of interest rate movements on the bank's
overall positions.

 Embedded losses: The earnings and economic value perspectives discussed thus far
focus on how future changes in interest rates may affect a bank's financial
performance. When evaluating the level of interest rate risk it is willing and able to
assume, a bank should also consider the impact that past interest rates may have on
future performance. In particular, instruments that are not marked to market may
already contain embedded gains or losses due to past rate movements. These gains or
losses may be reflected over time in the bank's earnings. For example, a long term
fixed rate loan entered into when interest rates were low and refunded more recently
with liabilities bearing a higher rate of interest will, over its remaining life, represent a
drain on the bank's resources.
Controls and supervision of interest rate risk management

Banks are required to have adequate internal controls to ensure the integrity of their interest
rate risk management process. These internal controls should be an integral part of the
institution’s overall system of internal control. They should promote effective and efficient
operations, reliable financial and regulatory reporting and compliance with relevant laws,
regulations and institutional policies. An effective system of internal control for interest rate
risk includes:

 A strong control environment;

 An adequate process for identifying and evaluating risk;
 The establishment of control activities such as policies, procedures and methodologies
 Continual review of adherence to established policies and procedures.

With regard to control policies and procedures, attention should be given to appropriate
approval processes, exposure limits, reconciliations, reviews and other mechanisms designed
to provide a reasonable assurance that the institution’s interest rate risk management
objectives are achieved. Many attributes of a sound risk management process, including risk
measurement, monitoring and control functions are key aspects of an effective system of
internal control.

In addition, an important element of a bank’s internal control system over its interest, rate
risk management process is regular evaluation and review. This includes ensuring that
personnel are following established policies and procedures, as well as ensuring that the
procedures that were established actually accomplish the intended objectives.

Management should ensure that all such reviews and evaluations are conducted regularly by
individuals who are independent of the function they are assigned to review.

Banks particularly those with complex risk exposures, should have their measurement,
monitoring and control functions reviewed on a regular basis by an independent party (such
as an internal or external auditor).
Market Risk:

This is the most familiar of all risks. Also referred to as volatility, market risk is the the day-
to-day fluctuations in a stock's price. Market risk applies mainly to stocks and options. As a
whole, stocks tend to perform well during a bull market and poorly during a bear market -
volatility is not so much a cause but an effect of certain market forces. Volatility is a measure
of risk because it refers to the behavior, or "temperament", of your investment rather than the
reason for this behavior. Because market movement is the reason why people can make
money from stocks, volatility is essential for returns, and the more unstable the investment
the more chance there is that it will experience a dramatic change in either direction. The
associated market risks are:

 Equity risk, the risk that stock prices and/or the implied volatility will change.
 Interest rate risk, the risk that interest rates and/or the implied volatility will change.
 Currency risk, the risk that foreign exchange rates and/or the implied volatility will
change.
 Commodity risk, the risk that commodity prices (e.g. corn, copper, crude oil) and/or
implied volatility will change.

Measuring the potential loss amount due to market risk

As with other forms of risk, the potential loss amount due to market risk may be measured in
a number of ways or conventions. Traditionally, one convention is to use Value at Risk. The
conventions of using Value at risk are well established and accepted in the short-term risk
management practice.

However, it contains a number of limiting assumptions that constrain its accuracy. The first
assumption is that the composition of the portfolio measured remains unchanged over the
specified period. Over short time horizons, this limiting assumption is often regarded as
reasonable. However, over longer time horizons, many of the positions in the portfolio may
have been changed. The Value at Risk of the unchanged portfolio is no longer relevant.

The Variance Covariance and Historical Simulation approach to calculating Value at Risk
also assumes that historical correlations are stable and will not change in the future or
breakdown under times of market stress.

In addition, care has to be taken regarding the intervening cash flow, embedded options,
changes in floating rate interest rates of the financial positions in the portfolio. They cannot
be ignored if their impact can be large.
Foreign-Exchange Risk:

Foreign exchange risk management is designed to preserve the value of currency inflows,
investments and loans, while enabling international businesses to compete abroad. Although
it is impossible to eliminate all risks, negative exchange outcomes can be anticipated and
managed effectively by individuals and corporate entities. Businesses do so by becoming
familiar with the typical foreign exchange risks, demanding hard currency, diversifying
properly and employing hedging strategies. When investing in foreign countries you must
consider the fact that currency exchange rates can change the price of the asset as
well. Foreign-exchange risk applies to all financial instruments that are in a currency other
than your domestic currency. As an example, if you are a resident of America and invest in
some Canadian stock in Canadian dollars, even if the share value appreciates, you may lose
money if the Canadian dollar depreciates in relation to the American dollar.

Types of foreign exchange risk

Risks associated with foreign exchange may be broadly classified as:

 Transaction risk
 Position risk
 Settlement or credit risk
 Mismatch or liquidity risk
 Operational risk
 Sovereign risk
 Cross- country risk

Transaction risk:

Any transaction leading to future receipts in any form or creation of long term asset. This
consists of a number of:

 Trading items (foreign currency, invoiced trade receivables and payables)

 Capital items (foreign currency dividend and loan payments)
 Exposure associated with the ownership of foreign currency denominated assets and
liabilities.

Position risk:

Bank dealings with customers continuously, both on spot and forward basis, results in
positions (buy i.e. long position or sell i.e. short position) being created in currencies in
which these transactions are denominated. A position risk occurs when a dealer in bank has
an overbought (long) or an oversold (short) position. Dealers enter into these positions in
anticipation of a favorable movement. The risk arising out of open positions is easy to
understand. If one currency is overbought and it weakens, one would be able
to square the overbought position only by selling the currency at a loss. The same would be
the position if one is oversold and the currency hardens.
Settlement or credit risk:

Also known as time zone risk, this is a form of credit risk that arises from transactions where
the currencies settle in different time zones. A transaction is not complete until settlement has
taken place in the latest applicable time zone. This is also referred to as “Herstatt Risk”.
Technically, this is a credit risk where only one side of the transaction has settled. If
counterparty fails before any settlement of a contract occurs, the risk is limited to the
difference between the contract price and the current market price (i.e. an exchange rate risk).
Settlement risk is the risk of a counterparty failing to meet its obligations in a financial
transaction after the bank has fulfilled its obligations on the date of settlement of the contract.
Settlement risk exposure potentially exists in foreign exchange or local currency money
market business.

Mismatch or liquidity risk:

In the foreign exchange business it is not always possible to be in an ideal position where
sales and purchases are matched or according to maturity and there are no mismatched
situations. Some mismatching of maturities is in general unavoidable. Liquidity risk' arises
from situations in which a party interested in trading an asset cannot do it because nobody in
the market wants to trade that asset. Liquidity risk becomes particularly important to parties
who are about to hold or currently hold an asset, since it affects their ability to trade.
Manifestation of liquidity risk is very different from a drop of price to zero. In case of a drop
of an asset's price to zero, the market is saying that the asset is worthless. However, if
one party cannot find another party interested in trading the asset, this can potentially be only
a problem of the market participants with finding each other. This is why liquidity risk is
usually found higher in emerging markets or low-volume markets.

Liquidity risk is financial risk due to uncertain liquidity. An institution might lose liquidity if
its credit rating falls, it experiences sudden unexpected cash outflows, or some other event
causes counterparties to avoid trading with or lending to the institution. A firm is also
exposed to liquidity risk if markets on which it depends are subject to loss of liquidity.

Liquidity risk tends to compound other risks. If a trading organization has a position in an
illiquid asset, its limited ability to liquidate that position at short notice will compound its
market risk. Suppose a firm has offsetting cash flows with two different counterparties on a
given day. If the counterparty that owes it a payment defaults, the firm will have to raise cash
from other sources to make its payment. Should it be unable to do so, it too will default. Here,
liquidity risk is compounding credit risk.

Operational risk:

Operational risk is related to the manner in which transactions are settled or handled
operationally. Some of the risks are discussed below:

 Dealing and settlement: This function must be properly separated, as otherwise there
would be inadequate segregation of duties.
 Confirmation: Dealing is usually done by telephone/telex/Reuters or some other
electronic system. It is essential that these deals are confirmed by written
 confirmations. There is a risk of mistakes being made related to amount, rate, value,
date and the likes.
 Pipeline transactions: There are, at times, faults in communication and often cover is
not available for pipeline transactions entered into by branches. There can be delays in
conveying details of transactions to the dealer for a cover resulting in the actual
position of the bank being different from what is shown by the dealers’ position
statement.
 Overdue bills and forward contracts: The trade finance departments of banks
normally monitor the maturity of export bills and forward contracts. A risk exists in
that the monitoring may not be done properly.

Sovereign risk:

Another risk which banks and other agencies that deal in foreign exchange have to be aware
of is sovereign risk- the risk on the government of a country.

Cross-country risk:

It is often not prudent to have large exposures on any one country may go through troubled
times. In such a situation, the bank/entity that has an exposure could suffer large losses. To
control and limit risks arising out of cross country exposures, management normally lay
down cross country exposure limits. Risk management in foreign exchange is imperative as
the lack of these could even result in the bankruptcy and closure of the organization.

Should firms manage foreign exchange risk?

Many firms refrain from active management of their foreign exchange exposure, even though
they understand that exchange rate fluctuations can affect their earnings and value. They
make this decision for a number of reasons.

 First, management does not understand it. They consider any use of risk management
tools, such as forwards, futures and options, as speculative. Or they argue that such
financial manipulations lie outside the firm's field of expertise. "We are in the
business of manufacturing slot machines, and we should not be gambling on
currencies." Perhaps they are right to fear abuses of hedging techniques, but refusing
to use forwards and other instruments may expose the firm to substantial speculative
risks.

 Second, they claim that exposure cannot be measured. They are right -- currency
exposure is complex and can seldom be gauged with precision. But as in many
business situations, imprecision should not be taken as an excuse for indecision.

 Third, they say that the firm is hedged. All transactions such as imports or exports are
covered, and foreign subsidiaries finance in local currencies. This ignores the fact that
 the bulk of the firm's value comes from transactions not yet completed, so that
transactions hedging is a very incomplete strategy.
 Fourth, they say that the firm does not have any exchange risk because it does all its
business in dollars (or yen, or whatever the home currency is). But a moment's
thought will make it evident that even if you invoice German customers in dollars,
when the mark drops your prices will have to adjust or you'll be undercut by local
competitors. So revenues are influenced by currency changes.

 Finally, they assert that the balance sheet is hedged on an accounting basis--especially
when the "functional currency" is held to be the dollar.
Operational risk:

An operational risk is, as the name suggests, a risk arising from execution of a company's
business functions. It is a very broad concept which focuses on the risks arising from the
people, systems and processes through which a company operates. It also includes other
categories such as fraud risks, legal risks, physical or environmental risks.

A widely used definition of operational risk is the one contained in the Basel II regulations,
the means by which the European Capital Requirements Directive has been implemented
across the European banking sector. This definition states that operational risk is the risk of
loss resulting from inadequate or failed internal processes, people and systems, or from
external events.

The approach to managing operational risk differs from that applied to other types of risk,
because it is not used to generate profit. In contrast, credit risk is exploited by lending
institutions to create profit, market risk is exploited by traders and fund managers, and
insurance risk is exploited by insurers. They all however manage operational risk to keep
losses within their risk appetite - the amount of risk they are prepared to accept in pursuit of
their objectives. What this means in practical terms is that organizations accept that their
people, processes and systems are imperfect, and that losses will arise from errors and
ineffective operations. The size of the loss they are prepared to accept, because the cost of
correcting the errors or improving the systems is disproportionate to the benefit they will
receive, determines their appetite for operational risk.

Determining appetite for operational risk is a discipline which is still in its infancy. Some of
the issues and considerations around this process are outlined in this Sound Practice paper
published by the Institute for Operational Risk in December 2009.

The Basel Committee defines operational risk as:

"The risk of loss resulting from inadequate or failed internal processes, people and systems or
from external events."

However, the Basel Committee recognizes that operational risk is a term that has a variety of
meanings and therefore, for internal purposes, banks are permitted to adopt their own
definitions of operational risk, provided the minimum elements in the Committee's definition
are included.

Scope exclusions

The Basel II definition of operational risk excludes, for example, strategic risk - the risk of a
loss arising from a poor strategic business decision.

Other risk terms are seen as potential consequences of operational risk events. For example,
reputational risk (damage to an organization through loss of its reputation or standing) can
arise as a consequence (or impact) of operational failures - as well as from other events.
Difficulties

It is relatively straightforward for an organization to set and observe specific, measurable

levels of market risk and credit risk because models exist which attempt to predict the
potential impact of market movements, or changes in the cost of credit. It should be noted
however that these models are only as good as the underlying assumptions, and a large part of
the recent financial crisis arose because the valuations generated by these models for
particular types of investments were based on incorrect assumptions.

By contrast it is relatively difficult to identify or assess levels of operational risk and its many
sources. Historically organizations have accepted operational risk as an unavoidable cost of
doing business. Many now though collect data on operational losses - for example through
system failure or fraud - and are using this data to model operational risk and to calculate a
capital reserve against future operational losses. In addition to the Basel II requirement for
banks, this is now a requirement for European insurance firms who are in the process of
implementing Solvency II, the equivalent of Basel II for the banking sector.

Methods of operational risk management

Basel II and various Supervisory bodies of the countries have prescribed various soundness
standards for Operational Risk Management for Banks and similar Financial Institutions. To
complement these standards, Basel II has given guidance to 3 broad methods of Capital
calculation for Operational Risk:

 Basic Indicator Approach - based on annual revenue of the Financial Institution

 Standardized Approach - based on annual revenue of each of the broad business lines
of the Financial Institution
 Advanced Measurement Approaches - based on the internally developed risk
measurement framework of the bank adhering to the standards prescribed (methods
include IMA, LDA, Scenario-based, Scorecard etc.)

The Operational Risk Management framework should include identification, measurement,

and monitoring, reporting, control and mitigation frameworks for Operational Risk.
CONTRIBUTIONS OF RISK MANAGEMENT TO THE BUSINESS

 Achievement of objectives/ goals

 Reduced anxiety due to losses are of reasonable magnitude and does not cause
serious loss situations
 Goodwill is maintained by meeting the obligations
 The business is able to survive competition
 Successful and continued operations
 Resultant growth and sustained earnings
 Better care for employees and society at large
 Reduction of expenses
 Better relationships between customers, suppliers, employees