A

PROJECT REPORT
ON
CREDIT RISK MANAGEMENT OF BANKS

Submitted in partial fulfillment of the requirement of

Master of Business Administration Programme

University School of Management Studies

Guru Gobind Singh Indraprastha University

Kashmere Gate, Delhi-110006

Under the guidance of: Dr. Deepak Tandon

Submitted by:
ManasKaushik

Roll no.04316608909

MBA(B&I)
1
CERTIFICATE

The project study titled Credit Risk Management of Banks, submitted by

Manaskaushik, in partial fulfillment for the Two Year MBA, 2009-2011, is a

record of original work conducted by her/him, under my guidance and

supervision.

The work has not been submitted elsewhere for award of any degree/diploma.

Faculty Guide:

Dr. Deepak Tandon

2
 ACKNOWLEDGEMENT

I feel great privilege & pleasure to express my sincere gratitude to my

respected guide Dr. Deepak Tandonfor his thorough help & valuable guidance.
He has been a pillar of strength right from foundation of the project & till the
preparation of this report. He helped me by boosting the morale so that I could
surmount the difficulties that came across during the completion of project.

I would also like to express sincere thanks to Prof. Anu Singh

Lather,Dean Guru Gobind Singh Indraprastha University, University school of
Management Studies, for providing me the opportunity to do this project.

I would like to express my sincere thanks to all the staffs&my friends

for their valuable suggestions & help in the various phases of project.

3
 Preface

Decision making is a fundamental part of the research process. Decisions regarding that what

you want to do, how you want to do, what tools and techniques must be used for the

successful completion of the project. In fact it is the researcher’s efficiency as a decision

maker that makes project fruitful for those who concern to the area of study.

Basically when we are playing with computer in every part of life, I used it in my project not

for the ease of my but for the ease of result explanation to those who will read this project.

The project presents that how risk is managed in the banks,specialy the credit risk and what

are the which can be used to manage it.

I had toiled to achieve the goals desired. Being a neophyte in this highly competitive

world of business, I had come across several difficulties to make the objectives a reality. I

am presenting this hand carved efforts in black and white. If anywhere something is

found not in tandem to the theme then you are welcome with your valuable suggestions.

4
 INDEX

1. Introduction

2. Principles of Credit Risk

3. Banks Covered

 ICICI

 HDFC

 Standard Chartered

 State Bank of India

 Union bank

4. Basel 2 norms

5. Preparing for Basel 3

6. Research Methodology

7. Seven Forces of Continuity and Change analysis

8. Conclusion

9. Refrence

10. Questionnaire

5
 INTRODUCTION

Credit risk is the possibility of loss due to changes in quality of

counterparties. Because there are many types of counterparties—from
individuals to sovereign governments—and many different types of
obligations—from auto loans to derivatives transactions—credit risk
takes many forms. Institutions manage it in different ways.
Many banks, investment managers and insurance companies hire their
own credit analysts who prepare credit ratings for internal use. Other
firms—including Standard & Poor's, Moody's and Fitch—are in the
business of developing credit ratings for use by investors or other
third parties. Institutions that have publicly traded debt hire one or
more of them to prepare credit ratings for their debt. Those credit
ratings are then distributed for little or no charge to investors. Some
regulators also develop credit ratings The various parameters to
evaluate credit risk would be specified in the study.
While financial institutions have faced difficulties over the years for a
multitude of reasons, the major cause of serious banking problems
are:
1. Lax credit standards for borrowers and counterparties
2. Poor portfolio risk management
3. Lack of attention to changes in economic or other circumstances
that can lead to deterioration in the credit standing of a bank’s
counterparties. This experience is common in both G-10 and
non-G-10 countries.

6
Credit Risk
Credit risk is most simply defined as the potential that a bank
borrower or counterparty will fail to meet its obligations in
accordance with agreed terms.
The goal of credit risk management is to maximise a bank’s risk-
adjusted rate of return by maintaining credit risk exposure within
acceptable parameters.
Banks need to manage the credit risk inherent in the entire portfolio
as well as the risk in individual credits or transactions. Banks should
also consider the relationships between credit risk and other risks. The
effective management of credit risk is a critical component of a
comprehensive approach to risk management and essential to the
long-term success of any banking organisation.
For most banks, loans are the largest and most obvious source of
credit risk; however, other sources of credit risk exist throughout the
activities of a bank, including in the banking book and in the trading
book, and both on and off the balance sheet.
Since exposure to credit risk continues to be the leading source of
problems in banksworld-wide, banks and their supervisors should be
able to draw useful lessons from past experiences. Banks should now
have a keen awareness of the need to identify, measure, monitor and
control credit risk as well as to determine that they hold adequate
capital against these risks and that they are adequately compensated
for risks incurred.

7
A comprehensive credit risk management program should address
these four areas. These practices should also be applied in conjunction
with sound practices related to the assessment of asset quality, the
adequacy of provisions and reserves and the disclosure of credit risk.

1. Establishing an appropriate credit risk environment;

2. Operating under a sound credit granting process;
3. Maintaining an appropriate credit administration,
measurement and monitoring process;
4. Ensuring adequate controls over credit risk

8
PRINCIPLES OF CREDIT RISK MANAGEMENT

A. Establishing an appropriate credit risk environment

Principle 1:
The board of directors should have responsibility for approving and
periodically reviewing the credit risk strategy and significant credit
risk policies of the bank. The strategy should reflect the bank’s
tolerance for risk and the level of profitability the bank expects to
achieve for incurring various credit risks.
Principle 2:
Senior management should have responsibility for implementing the
credit risk strategy approved by the board of directors and for
developing policies and procedures for identifying, measuring,
monitoring and controlling credit risk. Such policies and procedures
should address credit risk in all of the bank’s activities and at both the
individual credit and portfolio levels.
Principle 3:
Banks should identify and manage credit risk inherent in all products
and activities. Banks should ensure that the risks of products and
activities new to them are subject to adequate procedures and controls
before being introduced or undertaken, and approved in advance by
the board of directors or its appropriate committee.

9
B. Operating under a sound credit granting process
Principle 4:
Banks must operate under sound, well-defined credit-granting
criteria.These criteria should include a thorough understanding of the
borrower or counterparty, as well as the purpose and structure of the
credit, and its source of repayment.
Principle 5:
Banks should establish overall credit limits at the level of individual
borrowers and counterparties, and groups of connected counterparties
that aggregate in a comparable and meaningful manner different types
of exposures, both in the banking and trading book and on and off the
balance sheet
Principle 6:
Banks should have a clearly-established process in place for
approving new credits as well as the extension of existing credits.
Principle 7:
All extensions of credit must be made on an arm’s-length basis. In
particular, credits to related companies and individuals must be
monitored with particular care and other appropriate steps taken to
control or mitigate the risks of connected lending.

10
C. Maintaining an appropriate credit administration, measurement and
monitoring process.
Principle 8:
Banks should have in place a system for the ongoing administration of
their various credit risk-bearing portfolios.
Principle 9:
Banks must have in place a system for monitoring the condition of
individual credits, including determining the adequacy of provisions
and reserves.
Principle 10: Banks should develop and utilise internal risk rating
systems in managing credit risk. The rating system should be
consistent with the nature, size and complexity of a bank’s activities.
Principle 11:
Banks must have information systems and analytical techniques that
enable management to measure the credit risk inherent in all on- and
off-balance sheet activities. The management information system
should provide adequate information on the composition of the credit
portfolio, including identification of any concentrations of risk.
Principle 12:
Banks must have in place a system for monitoring the overall
composition and quality of the credit portfolio.
Principle 13:
Banks should take into consideration potential future changes in
economic conditions when assessing individual credits and their
credit portfolios, and should assess their credit risk exposures under
stressful conditions.

11
D. Ensuring adequate controls over credit risk
Principle 14:
Banks should establish a system of independent, ongoing credit
review and the results of such reviews should be communicated
directly to the board of directors and senior management.
Principle 15:
Banks must ensure that the credit-granting function is being properly
managed and that credit exposures are within levels consistent with
prudential standards and internal limits. Banks should establish and
enforce internal controls and other practices to ensure that exceptions
to policies, procedures and limits are reported in a timely manner to
the appropriate level of management.
Principle 16:
Banks must have a system in place for managing problem credits and
various other workout situations.
E. The role of supervisors
Principle 17:
Supervisors should require that banks have an effective system in
place to identify, measure, monitor and control credit risk as part of
an overall approach to risk management.Supervisors should conduct
an independent evaluation of a bank’s strategies, policies, practices
and procedures related to the granting of credit and the ongoing
management of the portfolio. Supervisors should consider setting
prudential limits to restrict bank exposures to single borrowers or
groups of connected counterparties.

12
 ICICI Bank

Risk Management in ICICI Bank

As a financial intermediary, ICICI Bank is exposed to risks that are

particular to its lending and trading businesses and the environment
within which it operates. ICICI Bank’s goal in risk management is to
ensure that it understands measures and monitors the various risks
that arise and that the organization adheres strictly to the policies and
procedures which are established to address these risks. As a financial
intermediary, ICICI Bank is primarily exposed to credit risk, market
risk, liquidity risk, operational risk and legal risk.

ICICI Bank has a central Risk, Compliance and Audit Group with a
mandate to identify, assess, monitor and manage all of ICICI Bank’s
principal risks in accordance with well-defined policies and
procedures. The Head of the Risk, Compliance and Audit Group
reports to the Executive Director responsible for the Corporate
Center, which does not include any business groups, and is thus
independent from ICICI Bank’s business units. The Risk, Compliance
and Audit Group coordinate with representatives of the business units
to implement ICICI Bank’s risk methodologies.

Committees of the board of directors have been constituted to oversee

the various risk management activities. The Audit Committee of
ICICI Bank’s board of directors provides direction to and also
monitors the quality of the internal audit function. The Risk
Committee of ICICI Bank’s board of directors reviews risk
management policies in relation to various risks including portfolio,
liquidity, interest rate, off-balance sheet and operational risks,
investment policies and strategy, and regulatory and compliance
issues in relation thereto. The Credit Committee of ICICI Bank’s
board of directors reviews developments in key industrial sectors and
ICICI Bank’s exposure to these sectors.

13
The Asset Liability Management Committee of ICICI Bank’s board
of directors is responsible for managing the balance sheet and
reviewing the asset-liability position to manage ICICI Bank’s market
risk exposure. The Agriculture & Small Enterprises Business
Committee of ICICI Bank’s board of directors, which was constituted
in June 2003 but has not held any meetings to date, will, in addition to
reviewing ICICI Bank’s strategy for small enterprises and agri-
business, also review the quality of the agricultural lending and small
enterprises finance credit portfolio.
As shown in the following chart, the Risk, Compliance and Audit
Group is organized into six subgroups:

Credit Risk Management, Market Risk Management, Analytics,

Internal Audit, Retail Risk Management and Credit Policies and
Reserve Bank of India Inspection. The Analytics Unit develops
proprietary quantitative techniques and models for risk measurement

14
RISK MANAGEMENT GROUPS AND SUBGROUPS OF ICICI BANK

Audit/ Risk/ Credit/Agriculture

& Small Enterprises Business
Managing Director and CEO Committee of the Board

Executive Director/Corporate Center

Head Risk Compliance & Audit Group

Analytics Internal Credit Retail Risk Market Risk Credit Risk

Audit Policies{RBI Managemen Management Management
} t

15
Risk Management and SME lending of ICICI Bank

Risk of ICICI bank in SME lending is:

 Opaque financials - tax planning oriented

 Asymmetric financial data - cannot be extrapolated for
projections
 Credit risk correlated with parent industry segment as well as
parent corporate
 SME loans have high credit process costs
 Exhibit high variation in expected losses within segments

Risk Management is crucial to SME portfolio due to the following

reasons:

 Pricing presently flat across risk spectrum

 Need for risk adjusted pricing
 SME portfolio capital intensive with high potential losses
 Capital charges will in future be related to credit exposure and
potential losses (Basle II)
 Credit risk needs to be handled at portfolio level
 Asset classes rather than individual loans
 Transaction history crucial input for portfolio supervision and
monitoring

The approach to risk assessment

 Industry : Correlation with industry trends, Corporate linkages

and length of relationships
 Business : length of operations, sustainable levels
 Management : Promoter family, Collateral, market standing
(trade references)
 Financial : Sales, cash flows, availability of informal credit
 Transactional : Payment history, cash flows, defaults, return of
collections etc.

16
Managing Risk with the GIS system (For the purpose of Insurance)

Risk management is defined as the process of planning, organising,

leading and controlling the activities of an organisation in order to
minimize the effects of risk on the said organisation’s capital and
earnings. Enterprise risk management expands this process to include
not just the risks associated with accidental losses, but also financial,
strategic, operational, and other risks as well.

ICICI Lombard used a Risk Management System (RMS) that helped

it zoom into spatial level risk data representing real-world entities
including both geo-referenced and quantitative attributes attached to it
at a national scale. It also used GIS solutions to use tools, maps, and
latest census demographic data.

This helped the company get a clearer picture of the levels of risks
associated not just with financial information, but also with natural
risk-prone geographies. It allowed the company to understand its
customers better and make strategies according to the more accurate
levels of perception offered by the solution.

The use of a GIS-based RMS was essentially to identify areas on a

map with high population density, a large concentration of rental
properties, or other demographic characteristics that affect whether to
underwrite a property for fire or burglary insurance. For an insurance
organisation like us it makes sense to have such systems as it helps in
determining the correct details of a property.

The RMS helps to zoom into spatial level risk data representing real-
world entities including both geo-referenced and quantitative
attributes attached to it at a national scale. This application helps to

17
manage risks in a better way, and operate more efficiently by
geographically assessing and analysing information about
underwriting, risk management, and customer service.

MapInfo, a Geographical Information System (GIS) based desktop

application is used for deploying the RMS and help assess and
analyse information related to policy and customer concentrations. It
includes risk information and analysis of different nature, such as
estimated impact of frequency and severity of earthquakes or other
natural calamities, which ultimately leads to efficient management of
risk and correct pricing of policies.

18
 HDFC BANK

Risk Management in HDFC Bank

HDFC Bank has formulated a Risk Management Framework. The

Risk Management Committee (RMC) apprises the Audit Committee
and the board of the risk assessment and mitigation mechanisms of
the Corporation. The RMC comprises the Executive Director as
chairperson and senior management heading key functional areas as
members of the committee. During the year, the Audit Committee and
the board reviewed the efficacy of the Risk Management Framework,
the key risks associated with the business of the Corporation and the
measures in place to mitigate the same.
The audit committee formulated a Risk Management Framework. The
Risk Management Committee (RMC) apprises the Audit Committee
and the board of the risk assessment and mitigation mechanisms of
the Corporation. The RMC comprises the Executive Director as
chairperson and senior management heading key functional areas as
members of the committee. During the year, the Audit Committee and
the board reviewed the efficacy of the Risk Management Framework,
the key risks associated with the business of the Corporation and the
measures in place to mitigate the same.

19
Risk Management through ALM technique
There are three different but related ways of managing financial risks.

 The first is to purchase insurance. But this is viable only for

certain type of risks such as credit risks, which arise if the party
to a contract defaults.

 The second approach refers to asset liability management

(ALM). This involves careful balancing of assets and liabilities.
It is an exercise towards minimizing exposure to risks by
holding the appropriate combination of assets and liabilities so
as to meet earnings target of the firm.

 The third option, which can be used either in isolation or in

conjuction with the first two options, is hedging. It is to an
extent similar to ALM. But while ALM involves on-balance
sheet positions, hedging involves off-balance sheet positions.
Products used for hedging include futures, options, forwards and
swaps.
It is ALM, which requires the most attention for managing the
financial performance of banks. Asset-liability management can be
performed on a per-liability basis by matching a specific asset to
support each liability. Alternatively, it can be performed across the
balance sheet. With this approach, the net exposure of the bank’s
liabilities is determined, and a portfolio of assets is maintained, which
hedges those exposures.

20
Asset-liability analysis is a flexible methodology that allows the bank
to test interrelationships between a wide variety of risk factors
including market risks, liquidity risks, actuarial risks, management
decisions, uncertain product cycles, etc. However, it has the
shortcoming of being highly subjective. It is up to the bank to decide
what mix would be suitable to it in a given scenario. Therefore,
successful implementation of the risk management process in banks
would require strong commitment on the part of the senior
management to integrate basic operations and strategic decision
making with risk management.
The scope of ALM function can be described as follows:

 Liquidity risk management.

 Management of market risks.

 Trading risk management.

 Funding and capital planning

 Profit planning and growth projection.

The objective function of the risk management policy in financial
entities is two fold. It aims at profitability through price matching
while ensuring liquidity by means of maturity matching. Price
matching aims to maintain interest spreads by ensuring that
deployment of liabilities will be at a rate more than the costs. This
exercise would indicate whether the institution is in a position to
benefit from rising interest rates by having a positive gap (assets >
liabilities) or whether it is in a position to benefit from declining
interest rates by a negative gap (liabilities > assets). The gap between
the interest rates (on assets/liabilities) can therefore be used as a
measure of interest rate sensitivity. These spreads can however, be
achieved if interest rate movements are known with accuracy.
21
Similarly, grouping assets/liabilities based on their maturity profile
ensures liquidity. The gap is then assessed to identify future financing
requirements. However, there are often maturity mismatches, which
may to a certain extent affect the expected results.

22
 Standard Chartered Bank

Risk Management of Standard Chartered Bank

Standard Chartered is the world's leading emerging markets bank

headquartered in London. It offers both consumer and wholesale
banking services. The bank employs 30,000 people in over 500
locations in more than 50 countries including the Asia Pacific Region,
South Asia, the Middle East, Africa, the United Kingdom and the
Americas. The world-wide IT infrastructure features 5,000 servers
and 35,000 desktops. IT supports 600 different applications.
The main business problem is that it needs an effective method for
tackling critical security problems quickly and efficiently in a high
risk high profile environment. Further, developing an effective,
global, risk-driven approach to security in a highly distributed
enterprise is on the agenda.
Standard Chartered's Requirements

 Prioritise patching effectively

 Detect vulnerabilities quickly

 Integrate easily with existing proprietary security approach

Solution
QualysGuard Enterprise to automate the network discovery, scanning,
patching and verification process

23
Why Qualys?

 Accuracy

 Ease of global deployment

 Scalability

 Value for money

 Integration with established security operations

The stakes are very high indeed. With our many large and complex
interconnections to the outside world, it's vital to carry out effective
patch management. Our aim is to achieve the right level of security
through implementing an appropriate risk-based strategy. This cannot
be achieved without a clear and accurate understanding of what needs
patching and ensuring that it remains reliably patched. We use
QualysGuard as a dynamic tool to underpin this process
The aim is to achieve the right level of security on our global
networks. This means a clear and accurate understanding of what
needs patching and ensuring that it remains reliably patched. We rely
upon QualysGuard to underpin this process.
Being able to report on remediation and response plans has also
helped us meet strict financial compliance requirements. QualysGuard
reports give me and my security team an instant overview of the
overall level of health of security in my organisation.

24
Standard Chartered's Need for Vulnerability Management
Security monitoring in an environment like Standard Chartered's
requires the capability to cover diverse IT platforms - including both
Windows and Linux - and many applications and services. Its goal
was to consolidate these ad-hoc efforts into one cohesive, global
process with clear visibility, follow through and accountability.
Before the introduction of enterprise vulnerability management,
Standard Chartered's network topology and system configurations
were unknown. Local operating teams performed only occasional
scanning with various tools. Spot audits were made through
penetration- testing and there was no rigorous methodology to assess
exposure and take corrective action.
The bank evaluated four alternatives including tools from Foundscan,
ISS, Vigilante and X-Force but eventually, it selected QualysGuard
on six clear criteria:
Scanning accuracy, deployability, scalability, ease-of-use, integration
capabilities and overall cost effectiveness.
"It was the only solution which met our demands without
compromise, giving the bank a reliable, centralised method for
protecting our critical assets worldwide. Their experience of rolling
out QualysGuard has been remarkably painless. Working with our
integration team in both London and Singapore, the service has been
consistently high.

25
The role of Vulnerability Management at Standard Chartered
By introducing vulnerability management, Standard Chartered gained
a clear picture of the exposure with common standards worldwide.
The company has been able to quickly prioritise remediation; get
security and operating teams to work together smoothly and
effectively and empowered outsourcing vendors to meet specific
security service level agreements.
Many major viruses have the ability to recur and creep insidiously
back into the network causing considerable problems; another reason
why on-going scanning is important.
Although Standard Chartered Bank was not hit the first time round by
SQL Slammer, it did manage to infect the network a number of
months later due to difficulties in restoring patched server builds after
operational problems. Our IDS engines and QualysGuard enabled the
Bank to pinpoint rapidly the source of the problem and close it down,
avoiding major infection.
Reports Help to Improve Risk Management and to Address
Regulatory Requirements
QualysGuard's easily accessible reports provide a clear audit trail for
fixing vulnerabilities. Delivered on a monthly basis to the bank's
operational risk committee, they have enabled Standard Chartered to
improve its risk management methodology and address regulatory
requirements that impact financial institutions.

26
These reports help the security group support the front-line production
operations team more effectively to patch and maintain the security of
the whole network. They allow centralised management by checking
the patch management performance, tracking patching actions to
completion and distributing tasks to the relevant geographic support
group.
Regulatory pressures and increased exposure are driving more
complex requirements for managing security risk. The vulnerability
management strategy gained the bank ability to view and act upon
security risk as it pertains to our organisation's assets.
The reports also enable management to justify the investments we
need and further define the security strategy. Today, the bank really
can deploy our security manpower much more effectively in both
preparing and responding to security incidents.
Standard Chartered Bank, an international bank that provides interest
rate derivatives products for corporate customers globally, is
expanding its Sun Microsystems technology infrastructure in four
offices worldwide as it implements a more sophisticated, object-
oriented global derivatives trading system.

27
 State Bank of India

Risk Management in SBI

In a rapidly growing economy with high credit expansion, changing

portfolio composition, and large movements in financial markets
(currency exchange rates, interest rates, equity and commodity
prices), risk management assumes even greater importance. As SBI
enter new areas of business, there will be different risks.
Strengthening of risk management practices will therefore crucial.
This year SBI Bank will be adopting a New Capital Adequacy
Framework in line with Basel II norms, along with other banks that
have international presence. This will lead to a more efficient
allocation of capital resources based on improved risk assessment.
SBI Bank has put in place an independent risk governance structure,
in line with international best practices to measure, monitor and
control risk. A Chief Risk Officer has been appointed to ensure
integrated risk management for credit, market and operational risks.
Furthermore, an Integrated Risk Management Policy with Group-
wide perspective will be put in place this year, establishing a
systematic process to manage risk and assist in the allocation of
capital across the diverse range of activities. SBI also seek to enhance
the use of various methods of risk mitigation available to the bank.

28
The Risk Management unit is a separate division within the
organization headed by the Chief Risk Officer (CRO). A Risk
Management Committee, comprising the MD, Deputy CEO, CRO,
COO, CIO and the CMO meets on a regular basis to manage risk
within the organization.
The CRO is responsible for risk management over all the functions
within the organization including Investments, Marketing, Operations,
etc. Currently, the CRO is an experienced investment professional and
is assisted by a two-member team, one being an investment
Professional with an MBA in Finance and the other being an
investment professional deputed from SGAM.

29
 Union Bank

Risk Management in Union Bank

Risk is inherent part of Bank’s business. Effective Risk Management

is critical to any Bank for achieving financial soundness. In view of
this, aligning Risk Management to Bank’s organizational structure
and business strategy has become integral in banking business. Over a
period of year, Union Bank of India (UBI) has taken various
initiatives for strengthening risk management practices. Bank has an
integrated approach for management of risk and in tune with this,
formulated policy documents taking into account the business
requirements / best international practices or as per the guidelines of
the national supervisor. These policies address the different risk
classes viz., Credit Risk, Market Risk and Operational Risk.
The issues related to Credit Risk are addressed in the Policies stated
below;

 Loan Policy

 Credit Monitoring Policy

 Real Estate Policy

 Credit Risk Management Policy

 Collateral Risk Management Policy

 Recovery Policy

 Treasury Policy

30
The Policies and procedures for Market Risks are articulated in the
ALM Policy and Treasury Policy.

The Operational Risk Management involves framework for

management of operational risks faced by the Bank. The issues
related to this risk is addressed by;

 Operational Risk Management Policy

 Business Continuity Policy

 Outsourcing Policy

 Disclosure Policy

Besides, the above Board mandated Policies, Bank has detailed

‘Internal Control Principles’ communicated to the business lines for
ensuring adherence to various norms like Anti-Money Laundering,
Information Security, Customer complaints, Reconciliation of
accounts, Book-keeping etc.
Oversight Mechanism
Our Board of Directors has the overall responsibility of ensuring that
adequate structures, policies and procedures are in place for risk
management and that they are properly implemented. Board approves
our risk management policies and also sets limits by assessing our risk
appetite, skills available for managing risk and our risk bearing
capacity.
Board has delegated this responsibility to a sub-committee: the
Supervisory Committee of Directors on Risk Management & Asset
Liability Management. This is the Apex body / Committee is
responsible for supervising the risk management activities of the
Bank.
31
Further, Bank has the following separate committees of top
executives and dedicated Risk Management Department:

 Credit Risk Management Committee (CRMC): This Committee

deals with issues relating to credit policies and procedure and
manages the credit risk on a Bank-wide basis

 Asset Liability Management Committee (ALCO): This

Committee is the decision-making unit responsible for balance
sheet planning and management from the angle of risk-return
perspective including management of market risk

 Operational Risk Management Committee (ORMC): This

Committee is responsible for overseeing Bank’s operational risk
management policy and process

 Risk Management Department of the Bank provides support

functions to the risk management committees mentioned above
through analysis of risks and reporting of risk positions and
making recommendations as to the level and degree of risks to
be assumed. The department has the responsibility of
identifying, measuring and monitoring the various risk faced the
bank, assist in developing the policies and verifying the models
that are used for risk measurement from time to time

32
Credit Risk

 Credit Risk Management Policy of the Bank dictates the Credit

Risk Strategy

 These Polices spell out the target markets, risk acceptance /

avoidance levels, risk tolerance limits, preferred levels of
diversification and concentration, credit risk measurement,
monitoring and controlling mechanisms.

 Standardized Credit Approval Process with well-established

methods of appraisal and rating is the pivot of the credit
management of the bank.

 Bank has comprehensive credit rating / scoring models being

applied in the spheres of retail and non-retail portfolios of the
bank.

 The Credit rating system of the Bank has eight borrower grades
for standard accounts and three grades for defaulted borrowers.

 Proactive credit risk management practices in the form of

studies of rating-wise distribution, rating migration, probability
of defaults of borrowers, Portfolio Analysis of retail lending
assets, periodic industry review, Review of Country, Currency,
Counter-party and Group exposures are only some of the
prudent measures, the bank is engaged in mitigating risk
exposures.

 The current focus is on augmenting the bank’s abilities to

quantify risk in a consistent, reliable and valid fashion, which
will ensure advanced level of sophistication in the Credit Risk
Measurement and Management in the years ahead.

33
 Basel-ll

The New Basel Capital Accord, also known as Basel II, is one of the
banking industry's top priorities. Basel II is the basis for the minimum
capital requirements for banks and was created in response to the
tremendous growth in international financial markets that has
occurred over the past few years.

The new regulations are intended to encourage banks to manage their

capital appropriately and in particular to improve their risk control
processes. Although the new requirements are not yet finalized, the
main implications of the New Basel Capital Accord are evident today.

Specifically, Basel II is built on three pillars that:

• Require banks to align their minimum capital requirements more

closely to their actual risk of economic loss.

• Establish management policies and procedures, enabling banks to

exercise sound judgment and set sufficient capital aside to protect
against potential credit, market and operational risks, and

• Motivate prudent management by enhancing the degree of

transparency in banks’ public reporting.

34
In redefining how banks worldwide calculate regulatory capital and
report compliance to regulators and the public, the Basel ll Accord is
intended to enhance safety and soundness in the financial system by
placing greater emphasis on banks’ own internal control and risk
management processes and models, the supervisory review process,
and market discipline.

Its rather complex recommendations will very likely result in a

variety of regulatory compliance challenges for banks in the Middle
East as it has around the globe. These great challenges should be
viewed as an opportunity and not as a burden. The ability to
demonstrate compliance will certainly set the seal on what is already a
mature financial structure in the region.

Basel ll’s risk focus provides banks and financial practitioners with
new impetus to concentrate on comprehensive risk management.
While the 1988 Capital Accord addressed market and credit risks,
Basel ll substantially changes the treatment of credit risk and also
requires that banks have adequate capital to cover operational risks. It
calls for ongoing improvements in risk assessment and mitigation.

While many bank leaders have recognized the important significance

of evolving operational risks, many do not yet accept them as a
distinct class of risks or understand fully the business benefits banks
can accrue from a comprehensive, consistent strategy to operational
risk management. Basel ll brings a fresh imperative to the issue by
asking banks to implement an enterprise-wide risk management
framework that encompasses operational risks. The quantifying of
operational risk should not be regarded as a goal in itself. The most
glittering prize is a comprehensive improvement in the management
of operational risks.

35
It is widely accepted that the new Accord’s risk management
requirements are likely to prompt significant changes in the core
business of an individual bank as well as in its organisational
structure. Under Basel ll, the ‘outputs’ of better management of credit
and operational risk will result from the ‘inputs’ of a macroeconomic
capital model by which banks can allocate capital to various functions
and transactions depending on risk.

Quite apart from the new or amended methodology that must be

adopted, the new capital requirements will also require change in
resource needs, processes and IT system architecture. This creates
choices as to whether a bank continues to receive a return on its
existing systems, albeit enhanced with Monarch ‘s data and report
mining applications or roll out new technology with all that such a
strategy means in terms of cost, write offs, retraining, and so forth.

Why Basel II?

In introducing the concept of risk-based capital ratios, Basel I

established the important principle that regulatory capital
requirements should be related to risk. At various times, of course,
supervisors have also made important adjustments to the Basel I
framework, such as the Market Risk Amendment mentioned earlier.
Nonetheless, advances in risk management and the increasing
complexity of financial activities have prompted international
supervisors to review the appropriateness of regulatory capital
standards under Basel I, particularly for the largest and most complex
banking organizations.

36
The supervisory organizations have agreed that Basel I, with its
broad-brush system for setting the risk weights on various classes of
bank assets, is increasingly inadequate for measuring risk and the
appropriate level of capital for such firms.

For example, under Basel I, a bank's regulatory capital requirement

takes no account of the specific risk profile of its commercial loan
portfolio, deterioration in asset quality, the risks of certain off-
balance-sheet transactions or fee-based activities, and actions banks
may take to mitigate balance sheet risks. Supervisors recognize that
some of the largest and most complex banking organizations have
already moved well beyond Basel I in the sophistication of their risk
management and internal capital models.

As risk-management practices continue to evolve, the gulf between

the determinants of minimum regulatory capital under Basel I and
what these banks actually do to manage risk will widen. Most
important, if the regulatory capital required of these organizations
does not adequately reflect the risks they are actually taking, the
safety and soundness of the U.S. banking system may be jeopardized.

The U.S. banking agencies have proposed the adoption of the Basel II
accord because it links the risk-taking of large banking organizations
to their regulatory capital in a more meaningful way than does Basel I
and encourages further progress in risk management. It does this by
building on the risk-measurement and risk-management practices of
the most sophisticated banking organizations and providing incentives
for further improvements.

Moreover, by providing a framework to be applied consistently across

banks, Basel II will make it easier for supervisors to identify banks
whose capital is not commensurate with their risk levels and to
evaluate emerging risks in the banking system as a whole.

Broadly, the Basel II framework encompasses three pillars. Pillar 1 is

risk-focused minimum regulatory capital requirements, pillar 2 is
supervisory review, and pillar 3 is market discipline. Under pillar 1,
the risk sensitivity of minimum risk-based capital requirements would
be much greater than under the current accord. This greater sensitivity
37
would be achieved by linking each banking organization's capital
requirement to empirically based measures of credit and operational
risk; these measures would be determined in part by risk parameters
estimated by the banks, such as a loan's probability of default and its
expected loss given default.

The methods used to construct these estimates would be subject to

regulatory requirements and supervisory guidance and review,
including a requirement that the risk parameters used for pillar 1 be
consistent with risk assessments actually used by the bank for its
internal risk management.

The pillar 1 treatment of credit risk also reflects more accurately the
risk-reducing effects of guarantees, credit derivatives, and
securitization, thus improving regulatory capital incentives for banks
to hedge credit risks. The incorporation of operational risk in pillar 1
is based on the recognition that, indeed, operational failures are a
potentially important risk that banks should seek to minimize.

Pillar 2 of the new accord provides a consistent framework for

improving supervisory assessments of capital adequacy and risk
management. Under pillar 2, a bank would be required to maintain
capital in excess of the regulatory minimums to capture the full set of
risks to which the bank is exposed.

These include liquidity risk, interest rate risk, and concentration risk,
none of which are reflected in pillar 1. Currently, U.S. banking
regulators assess a bank's overall capital adequacy as a normal part of
the examination process. But the overall quality of assessments of
capital adequacy, both by supervisor and by each bank, should
improve greatly under Basel II because of the expanded information
that will be available from pillar 1, from supervisory reviews under
pillar 2, and from the bank's own analyses.

Under pillar 3, banks will be required to disclose to the public the new
risk-based capital ratios and more-extensive information about the
credit quality of their portfolios and their practices in measuring and
managing risk. Such disclosures should make banks more transparent
to financial markets and thereby improve market discipline.
38
Taken together, these three pillars provide a broad and coherent
framework for linking regulatory capital to risk, for improving
internal risk measurement and management, and for enhancing
supervisory and market discipline at large, complex, internationally
active banks. The three pillars build on the risk-management
approaches of well-managed banks and better align regulatory and
supervisory practices with the way the best-run banks are actually
managed.

As a result, Basel II will be better able than the current system to

adapt over time to innovations in banking and markets. In addition,
Basel II sets standards for the measurement and management of risk
and for related disclosures that will give banks ongoing incentives to
improve their practices in these areas.

Although the Basel II framework provides the basis for modernizing

the supervision of large, internationally active banks, I emphasize that
it remains in many ways a work in progress.1 Important details remain
to be worked out, and much work remains to be done by both banks
and supervisors to ensure that the system works as intended.

The Federal Reserve Board has only recently approved a notice of

proposed rulemaking, which invites comments from interested parties
on all aspects of the proposed rules. The Federal Reserve and the
other bank supervisors will review these comments carefully and will
continue to consult widely. Under current plans, the transition to the
new system will be gradual--no U.S. bank will have its capital
requirement determined unconditionally by Basel II before 2012--and
implementation will be subject to a number of safeguards. The
supervisory agencies are also committed to continued review and
adjustment of the system as experience accumulates.

39
Pillar 1: Calculation of minimum capital requirements

Pillar 1 presents the calculation of the total minimum capital

requirements for credit, market and operational risk. The capital ratio
is calculated using the definition of regulatory capital and risk-
weighted assets. The total capital ratio must be no lower than 8%.
Tier 2 capital is limited to 100% of Tier 1 capital.
Risk-weighted assets
Total risk-weighted assets are determined by multiplying the capital
requirements for market risk and operational risk by 12.5 (i.e. the
reciprocal of the minimum capital ratio of 8%) and adding the
resulting figures to the sum of risk-weighted assets for credit risk. The
Committee will review the calibration of the Framework prior to its
implementation. It may apply a scaling factor in order to broadly
maintain the aggregate level of minimum capital requirements, while
also providing incentives to adopt the more advanced risk-sensitive
approaches of the Framework.11 The scaling factor is applied to the
risk-weighted asset amounts for credit risk assessed under the IRB
approach.

Transitional arrangements
For banks using the IRB approach for credit risk or the Advanced
Measurement Approaches (AMA) for operational risk, there will be a
capital floor following implementation of this framework. If the floor
amount is larger, banks are required to add 12.5 times the difference
to risk-weighted assets.

40
The capital floor is based on application of the 1988 Accord. It is
derived by applying an adjustment factor to the following amount:
i. 8% of the risk-weighted assets
ii. plus Tier 1 and Tier 2 deductions.
iii. less the amount of general provisions that may be
recognised in Tier 2.

The adjustment factor for banks using the foundation IRB approach
for the year beginning year-end 2006 is 95%. The adjustment factor
for banks using
(i) either the foundation and/or advanced IRB approaches, and/or
(ii) the AMA for the year beginning year-end 2007 is 90%, and for
the year beginning year-end 2008 is 80%. The following table
illustrates the application of the adjustment factors.

Additional transitional arrangements including parallel calculation are

set out in paragraphs 264 to 269.

In the years in which the floor applies, banks must also calculate

 8% of total risk weighted assets as calculated under this

Framework

 Less the difference between total provisions and expected loss

amount as described in Section III.G (see paragraphs 374 to
386)

 Plus other Tier 1 and Tier 2 deductions. Where a bank uses the
standardized approach to credit risk for any portion of its
exposures, it also needs to exclude general provisions that may
be recognised in Tier 2 for that portion from the amount
calculated according to the first sentence of this paragraph.

41
Should problems emerge during this period, the Committee will seek
to take appropriate measures to address them, and, in particular, will
be prepared to keep the floors in place beyond 2009 if necessary. The
Committee believes it is appropriate for supervisors to apply
prudential floors to banks that adopt the IRB approach for credit risk
and/or the AMA for operational risk following year-end 2008.
For banks that do not complete the transition to these approaches in
the years specified in paragraph 46, the Committee believes it is
appropriate for supervisors to continue to apply prudential floors –
similar to those of paragraph 46 – to provide time to ensure that
individual bank implementations of the advanced approaches are
sound.
However, the Committee recognises that floors based on the 1988
Accord will become increasingly impractical to implement over time
and therefore believes that supervisors should have the flexibility to
develop appropriate bank-by-bank floors that are consistent with the
principles outlined in this paragraph, subject to full disclosure of the
nature of the floors adopted. Such floors may be based on the
approach the bank was using before adoption of the IRB approach
and/or AMA.

42
The Second Pillar – Supervisory Review Process

This section discusses the key principles of supervisory review, risk

management guidance and supervisory transparency and
accountability produced by the Committee with respect to banking
risks, including guidance relating to, among other things, the
treatment of interest rate risk in the banking book, credit risk (stress
testing, definition of default, residual risk, and credit concentration
risk), operational risk, enhanced cross-border communication and
cooperation, and securitization.
I. Importance of supervisory review
The supervisory review process of the Framework is intended not
only to ensure that banks have adequate capital to support all the risks
in their business, but also to encourage banks to develop and use
better risk management techniques in monitoring and managing their
risks.
The supervisory review process recognises the responsibility of bank
management in developing an internal capital assessment process and
setting capital targets that are commensurate with the bank’s risk
profile and control environment. In the Framework, bank
management continues to bear responsibility for ensuring that the
bank has adequate capital to support its risks beyond the core
minimum requirements. Supervisors are expected to evaluate how
well banks are assessing their capital needs relative to their risks and
to intervene, where appropriate. This interaction is intended to foster
an active dialogue between banks and supervisors such that when
deficiencies are identified, prompt and decisive action can be taken to
reduce risk or restore capital.

43
Accordingly, supervisors may wish to adopt an approach to focus
more intensely on those banks with risk profiles or operational
experience that warrants such attention. The Committee recognises
the relationship that exists between the amount of capital held by the
bank against its risks and the strength and effectiveness of the bank’s
risk management and internal control processes. However, increased
capital should not be viewed as the only option for addressing
increased risks confronting the bank.
Other means for addressing risk, such as strengthening risk
management, applying internal limits, strengthening the level of
provisions and reserves, and improving internal controls, must also be
considered. Furthermore, capital should not be regarded as a
substitute for addressing fundamentally inadequate control or risk
management processes. There are three main areas that might be
particularly suited to treatment under
Pillar 2: risks considered under Pillar 1 that are not fully captured by
the Pillar 1 process (e.g. credit concentration risk); those factors not
taken into account by the Pillar 1 process (e.g. interest rate risk in the
banking book, business and strategic risk); and factors external to the
bank (e.g. business cycle effects). A further important aspect of Pillar
2 is the assessment of compliance with the minimum standards and
disclosure requirements of the more advanced methods in Pillar 1, in
particular the IRB framework for credit risk and the Advanced
Measurement Approaches for operational risk. Supervisors must
ensure that these requirements are being met, both as qualifying
criteria and on a continuing basis.
Four key principles of supervisory review
The Committee has identified four key principles of supervisory
review, which complement those outlined in the extensive supervisory
guidance that has been developed by the Committee, the keystone of
which is the Core Principles for Effective Banking Supervision and
44
the Core Principles Methodology.A list of the specific guidance
relating to the management of banking risks is provided at the end of
this Part of the Framework.

Principle 1: Banks should have a process for assessing their overall

capital adequacy in relation to their risk profile and a strategy for
maintaining their capital levels.
Banks must be able to demonstrate that chosen internal capital targets
are well founded and that these targets are consistent with their
overall risk profile and current operating environment. In assessing
capital adequacy, bank management needs to be mindful of the
particular stage of the business cycle in which the bank is operating.
Rigorous,forward-looking stress testing that identifies possible events
or changes in market conditions that could adversely impact the bank
should be performed. Bank management clearly bears primary
responsibility for ensuring that the bank has adequate capital to
support its risks.
The five main features of a rigorous process are as follows:

 Board and senior management oversight;

 Sound capital assessment;
 Comprehensive assessment of risks;
 Monitoring and reporting; and
 Internal control review.

45
 1.Board and senior management oversight

A sound risk management process is the foundation for an effective

assessment of the adequacy of a bank’s capital position. Bank
management is responsible for understanding the nature and level of
risk being taken by the bank and how this risk relates to adequate
capital levels. It is also responsible for ensuring that the formality and
sophistication of the risk management processes are appropriate in
light of the risk profile and business plan.
The analysis of a bank’s current and future capital requirements in
relation to its strategic objectives is a vital element of the strategic
planning process. The strategic plan should clearly outline the bank’s
capital needs, anticipated capital expenditures, desirable capital level,
and external capital sources. Senior management and the board should
view capital planning as a crucial element in being able to achieve its
desired strategic objectives.
The bank’s board of directors has responsibility for setting the bank’s
tolerance for risks. It should also ensure that management establishes
a framework for assessing the various risks, develops a system to
relate risk to the bank’s capital level, and establishes a method for
monitoring compliance with internal policies. It is likewise important
that the board of directors adopts and supports strong internal controls
and written policies and procedures and ensures that management
effectively communicates these throughout the organisation.

46
2. Sound capital assessment
Fundamental elements of sound capital assessment include:

 Policies and procedures designed to ensure that the bank

identifies, measures, and reports all material risks;
 A process that relates capital to the level of risk;
 A process that states capital adequacy goals with respect to risk,
taking account of
 the bank’s strategic focus and business plan; and
 A process of internal controls, reviews and audit to ensure the
integrity of the overall
 management process.

3. Comprehensive assessment of risks

All material risks faced by the bank should be addressed in the capital
assessment process. While the Committee recognises that not all risks
can be measured precisely, a process should be developed to estimate
risks. Therefore, the following risk exposures, which by no means
constitute a comprehensive list of all risks, should be considered.
Credit risk: Banks should have methodologies that enable them to
assess the credit risk involved in exposures to individual borrowers or
counterparties as well as at the portfolio level. For more sophisticated
banks, the credit review assessment of capital adequacy, at a
minimum, should cover four areas: risk rating systems, portfolio
analysis/aggregation, securitisation/complex credit derivatives, and
large exposures and risk concentrations.
Internal risk ratings are an important tool in monitoring credit risk.
Internal risk ratings should be adequate to support the identification

47
and measurement of risk from all credit exposures, and should be
integrated into an institution’s overall analysis of credit risk and
capital adequacy. The ratings system should provide detailed ratings
for all assets, not only for criticised or problem assets. Loan loss
reserves should be included in the credit risk assessment for capital
adequacy.
The analysis of credit risk should adequately identify any weaknesses
at the portfolio level, including any concentrations of risk. It should
also adequately take into consideration the risks involved in managing
credit concentrations and other portfolio issues through such
mechanisms as securitisation programmes and complex credit
derivatives. Further, the analysis of counterparty credit risk should
include consideration of public evaluation of the supervisor’s
compliance with the Core Principles for Effective Banking
Operational risk: The Committee believes that similar rigour should
be applied to the management of operational risk, as is done for the
management of other significant banking risks. The failure to properly
manage operational risk can result in a misstatement of an
institution’s risk/return profile and expose the institution to significant
losses.
A bank should develop a framework for managing operational risk
and evaluate the adequacy of capital given this framework. The
framework should cover the bank’s appetite and tolerance for
operational risk, as specified through the policies for managing this
risk, including the extent and manner in which operational risk is
transferred outside the bank. It should also include policies outlining
the bank’s approach to identifying, assessing, monitoring and
controlling/mitigating the risk.

48
Market risk: This assessment is based largely on the bank’s own
measure of valueat- risk or the standardised approach for market
risk.112 Emphasis should also be placed on the institution performing
stress testing in evaluating the adequacy of capital to support the
trading function.
Interest rate risk in the banking book: The measurement process
should include all material interest rate positions of the bank and
consider all relevant repricing and maturity data. Such information
will generally include current balance and contractual rate of interest
associated with the instruments and portfolios, principal payments,
interest reset dates, maturities, the rate index used for repricing, and
contractual interest rate ceilings or floors for adjustable-rate items.
The system should also have well-documented assumptions and
techniques.
Regardless of the type and level of complexity of the measurement
system used, bank management should ensure the adequacy and
completeness of the system. Because the quality and reliability of the
measurement system is largely dependent on the quality of the data
and various assumptions used in the model, management should give
particular attention to these items.
Liquidity risk: Liquidity is crucial to the ongoing viability of any
banking
organisation. Banks’ capital positions can have an effect on their
ability to obtain liquidity, especially in a crisis. Each bank must have
adequate systems for measuring, monitoring and controlling liquidity
risk. Banks should evaluate the adequacy of capital given their own
liquidity profile and the liquidity of the markets in which they
operate.

49
Other risks: Although the Committee recognises that ‘other’ risks,
such as reputational and strategic risk, are not easily measurable, it
expects industry to further develop techniques for managing all
aspects of these risks.
4. Monitoring and reporting
The bank should establish an adequate system for monitoring and
reporting risk exposures and assessing how the bank’s changing risk
profile affects the need for capital. The bank’s senior management or
board of directors should, on a regular basis, receive reports on the
bank’s risk profile and capital needs. These reports should allow
senior management to:

The Market Risk Amendment

 Evaluate the level and trend of material risks and their effect on
capital levels;
 Evaluate the sensitivity and reasonableness of key assumptions
used in the capital assessment measurement system;
 Determine that the bank holds sufficient capital against the
various risks and is in
 compliance with established capital adequacy goals; and
 Assess its future capital requirements based on the bank’s
reported risk profile and
 Make necessary adjustments to the bank’s strategic plan
accordingly.

50
5. Internal control review
The bank’s internal control structure is essential to the capital
assessment process. Effective control of the capital assessment
process includes an independent review and, where appropriate, the
involvement of internal or external audits. The bank’s board of
directors has a responsibility to ensure that management establishes a
system for assessing the various risks, develops a system to relate risk
to the bank’s capital level, and establishes a method for monitoring
compliance with internal policies. The board should regularly verify
whether its system of internal controls is adequate to ensure well-
ordered and prudent conduct of business.

 The bank should conduct periodic reviews of its risk

management process to ensure its integrity, accuracy, and
reasonableness. Areas that should be reviewed include:
Appropriateness of the bank’s capital assessment process given
the nature, scope and complexity of its activities;
 Identification of large exposures and risk concentrations;
 Accuracy and completeness of data inputs into the bank’s
assessment process;
 Reasonableness and validity of scenarios used in the assessment
process; and
 Stress testing and analysis of assumptions and inputs.

Principle 2: Supervisors should review and evaluate banks’ internal

capital adequacy assessments and strategies, as well as their ability to
monitor and ensure their compliance with regulatory capital ratios.
Supervisors should take appropriate supervisory action if they are not
satisfied with the result of this process.
The supervisory authorities should regularly review the process by
which a bank assesses its capital adequacy, risk position, resulting
capital levels, and quality of capital held. Supervisors should also
evaluate the degree to which a bank has in place a sound internal

51
process to assess capital adequacy. The emphasis of the review should
be on the quality of the bank’s risk management and controls and
should not result in supervisors functioning as bank management. The
periodic review can involve some combination of:

 On-site examinations or inspections;

 Off-site review;
 Discussions with bank management;
 Review of work done by external auditors (provided it is
adequately focused on the
 necessary capital issues); and
 Periodic reporting.

The substantial impact that errors in the methodology or assumptions

of formal analyses can have on resulting capital requirements requires
a detailed review by supervisors of each bank’s internal analysis.

1. Review of adequacy of risk assessment

Supervisors should assess the degree to which internal targets and
processes incorporate the full range of material risks faced by the
bank. Supervisors should also review the adequacy of risk measures
used in assessing internal capital adequacy and the extent to which
these risk measures are also used operationally in setting limits,
evaluating business line performance, and evaluating and controlling
risks more generally. Supervisors should consider the results of
sensitivity analyses and stress tests conducted by the institution and
how these results relate to capital plans.

52
 2. Assessment of capital adequacy
Supervisors should review the bank’s processes to determine that:

 Target levels of capital chosen are comprehensive and relevant

to the current
 operating environment;
 These levels are properly monitored and reviewed by senior
management; and
 The composition of capital is appropriate for the nature and
scale of the bank’s business.

Supervisors should also consider the extent to which the bank has
provided for unexpected events in setting its capital levels. This
analysis should cover a wide range of external conditions and
scenarios, and the sophistication of techniques and stress tests
usedshouldbe commensurate with the bank’s activities.

3. Assessment of the control environment

Supervisors should consider the quality of the bank’s management
information reporting and systems, the manner in which business
risks and activities are aggregated, and management’s record in
responding to emerging or changing risks.
In all instances, the capital level at an individual bank should be
determined according to the bank’s risk profile and adequacy of its
risk management process and internal controls. External factors such
as business cycle effects and the macroeconomic environment should
also be considered.

53
 4.Supervisory review of compliance with minimum standards
In order for certain internal methodologies, credit risk mitigation
techniques and asset securitisations to be recognised for regulatory
capital purposes, banks will need to meet a number of requirements,
including risk management standards and disclosures. In particular,
banks will be required to disclose features of their internal
methodologies used in calculating minimum capital requirements. As
part of the supervisory review process, supervisors must ensure that
these conditions are being met on an ongoing basis.
The Committee regards this review of minimum standards and
qualifying criteria as an integral part of the supervisory review
process under Principle. In setting the minimum criteria the
Committee has considered current industry practice and so anticipates
that these minimum standards will provide supervisors with a useful
set of benchmarks that are aligned with bank management
expectations for effective risk management and capital allocation.
There is also an important role for supervisory review of compliance
with certain conditions and requirements set for standardised
approaches.
In this context, there will be a particular need to ensure that use of
various instruments that can reduce Pillar 1 capital requirements are
utilised and understood as part of a sound, tested, and properly
documented risk management process.

54
5. Supervisory response
Having carried out the review process described above, supervisors
should take appropriate action if they are not satisfied with the results
of the bank’s own risk assessment and capital allocation. Supervisors
should consider a range of actions, such as those set out under
Principles 3 and 4 below.
Principle 3: Supervisors should expect banks to operate above the
minimum regulatory capital ratios and should have the ability to
require banks to hold capital in excess of the minimum.
Pillar 1 capital requirements will include a buffer for uncertainties
surrounding the Pillar 1 regime that affect the banking population as a
whole. Bank-specific uncertainties will be treated under Pillar 2. It is
anticipated that such buffers under Pillar 1 will be set to provide
reasonable assurance that a bank with good internal systems and
controls, a well-diversified risk profile and a business profile well
covered by the Pillar 1 regime, and which operates with capital equal
to Pillar 1 requirements, will meet the minimum goals for soundness
embodied in Pillar 1. However, supervisors will need to consider
whether the particular features of the markets for which they are
responsible are adequately covered. Supervisors will typically require
(or encourage) banks to operate with a buffer, over and above the

55
Pillar 1 standard. Banks should maintain this buffer for a combination
of the following:
(a) Pillar 1 minimums are anticipated to be set to achieve a level of
bank creditworthiness in markets that is below the level of
creditworthiness sought by many banks for their own reasons. For
example, most international banks appear to prefer to be highly rated
by internationally recognised rating agencies. Thus, banks are likely
to choose to operate above Pillar 1 minimums for competitive
reasons.
(b) In the normal course of business, the type and volume of activities
will change, as will the different risk exposures, causing fluctuations
in the overall capital ratio.
(c) It may be costly for banks to raise additional capital, especially if
this needs to be done quickly or at a time when market conditions are
unfavourable.
(d) For banks to fall below minimum regulatory capital requirements
is a serious matter. It may place banks in breach of the relevant law
and/or prompt non-discretionary corrective action on the part of
supervisors.
(e) There may be risks, either specific to individual banks, or more
generally to an economy at large, that are not taken into account in
Pillar 1.
There are several means available to supervisors for ensuring that
individual banks are operating with adequate levels of capital. Among
other methods, the supervisor may set trigger and target capital ratios
or define categories above minimum ratios (e.g. well capitalised and
adequately capitalised) for identifying the capitalisation level of the
bank.

56
Principle 4: Supervisors should seek to intervene at an early stage to
prevent capital from falling below the minimum levels required to
support the risk characteristics of a particular bank and should require
rapid remedial action if capital is not maintained or restored.
Supervisors should consider a range of options if they become
concerned that a bank is not meeting the requirements embodied in
the supervisory principles outlined above. These actions may include
intensifying the monitoring of the bank, restricting the payment of
dividends, requiring the bank to prepare and implement a satisfactory
capital adequacy restoration plan, and requiring the bank to raise
additional capital immediately. Supervisors should have the discretion
to use the tools best suited to the circumstances of the bank and its
operating environment.
The permanent solution to banks’ difficulties is not always increased
capital.
However, some of the required measures (such as improving systems
and controls) may take a period of time to implement. Therefore,
increased capital might be used as an interim measure while
permanent measures to improve the bank’s position are being put in
place. Once these permanent measures have been put in place and
have been seen by supervisors to be effective, the interim increase in
capital requirements can be removed.

57
The Third Pillar – Market Discipline

The third pillar of the new framework aims to bolster market

discipline through enhanced disclosure by banks. Effective disclosure
is essential to ensure that market participants can better understand
banks' risk profiles and the adequacy of their capital positions.

The new framework sets out disclosure requirements and

recommendations in several areas, including the way a bank
calculates its capital adequacy and its risk assessment methods.

The core set of disclosure recommendations applies to all banks, with

more detailed requirements for supervisory recognition of internal
methodologies for credit risk, credit risk mitigation techniques and
asset securitisation.

A.Disclosure requirements
The Committee believes that the rationale for Pillar 3 is sufficiently
strong to warrant the introduction of disclosure requirements for
banks using the Framework. Supervisors have an array of measures
that they can use to require banks to make such disclosures. Some of
these disclosures will be qualifying criteria for the use of particular
methodologies or the recognition of particular instruments and
transactions.

B. Guiding principles
The purpose of Pillar 3 ─ market discipline is to complement the
minimum capital requirements (Pillar 1) and the supervisory review
process (Pillar 2). The Committee aims to encourage market
discipline by developing a set of disclosure requirements which will

58
allow market participants to assess key pieces of information on the
scope of application, capital, risk exposures, risk assessment
processes, and hence the capital adequacy of the institution. The
Committee believes that such disclosures have particular relevance
under the
Framework, where reliance on internal methodologies gives banks
more discretion in assessing capital requirements.
In principle, banks’ disclosures should be consistent with how senior
management and the board of directors access and manage the risks of
the bank. Under Pillar 1, banks use specified
approaches/methodologies for measuring the various risks they face
and the resulting capital requirements. The Committee believes that
providing disclosures that are based on this common framework is an
effective means of informing the market about a bank’s exposure to
those risks and provides a consistent and understandable disclosure
framework that enhances comparability.

59
Preparing for Basel 3
Limitations of Basel 2

 Overview of the Framework

 Market, Credit Liquidity and Operational risk
 Tier One and Tier Two Capital
 Pillar One calculations, Pillar Two supervisory and Pillar Three
disclosure requirements.

Introduction to new Basel 3 Requirements

 Capital Conservative Buffer

 Capital Conservative Buffer
 Liquidity Coverage Ratios
 New Stable Funding Ratios

Preparing for New Adjustments

 Systematic v Non Systematic Banks

 Capital Deductions,
 Expected v Unexpected Losses,
 Minority Interest

Definitions of Common Equity

 Ordinary v Preference Shares,

 Hybrid Instruments,
 First Loss instruments,
 Convertible Bonds

Weaknesses With Basel 2

 Operational Risk associated with Complicated Instruments

 Off Balance Sheet Issues
 Expected v Incurred Loss – UK’s House of Lords Investigation
 Marking to Market v Accrual calculations
 Confusion with Hybrid Instruments and Coco Bonds

Leverage Ratio
 Importance of Leverage,
 Leverage and Impact on Bonuses,
 Concealed Leverage,
 Basel 3 approach

60
Types of Capital

 Tier 1 - Shares and Retained Earnings

 Tier 2 - Harmonising of Capital Instruments
 Tier 3 - Impact on the capital markets following its replacement
 Characteristics of Equity v Loans and impact on Hybrid Instruments

Increased Risk Coverage under Basel 3

 Measuring Credit Exposure arising from banks' derivatives, Repo and

Securities Financing transactions
 Raising the capital buffers to absorb the riskss form these exposures
 Identify and measure Pro-cyclicality and reduce the corresponding
risks
 Tidying up definitions of Tier One and Tier Two

OTC Derivative Clearing

 Marking to market
 Initial, Maintenance and Variation Margin
 Market Credit and Operational Risks associated with Complex
Products
 Accounting for OTC v Exchange Traded products
 Impact of Moving to Central Clearing House

Impact of Basel 3 on Strategic Plans of Bank

 Too big to fail institutions taking on too much risk

 Insolvency from contagion and counterparty risk
 Failed regulatory and supervisory integration
 Proposals of Basel iii to address these issues

Realistic Impact of Basel 3

 Realities of implementing a Leverage Ratio

 Capital buffer rules revised and their implications
 Pro-cyclicality changes through dynamic provisioning based on
expected losses
 Reform of the process
 Shadow banking system
 Risk Weighted Assets
 Concentration Issues

61
International Financial Reporting Standards

 Mark to market v Accrual Accounting

 Hedge Accounting and impact of IAS 39
 Disclosures of risk under IFRS 7

Dealing with Structured Products, Exotic and Credit Derivatives

 Development of Market
 Marking to market products
 Hedge vs. Trade Accounting
 Use of the OCI/STRGL accounts

Market and Credit Risk Management Techniques

 Measuring market risk and credit risk on a portfolio basis

 Volatility - as measured by Value at Risk
 Hedging exposures as opposed to hedging assets and liabilities
 Portfolio risk hedging vs. Accounting risk hedging - understanding the
issues

Dealing with Credit Risk

 Measuring Credit Risk

 Basel Committee on methods to measure credit risk
 Credit Derivatives
 Total Return Swaps and Credit Default Swaps
 How the Accounting Standards Deal with Credit Derivatives

Criticisms of Basel 3

 Measuring Risk and Bonus schemes

 OTC Derivatives and their impact on the survival of London and Wall
Street
 Credit Derivatives and Loan Documentation
 Policies behind International Financial Reporting Standards.

62
 RESEARCH METHODOLOGY

OBJECTIVE OF THE STUDY:

The objective of this study is to get an insight of how banks identify
and manage the risk borne by them and the measures adopted by them
for efficient risk management and to measure what effect do the seven
forces of continuity and change has on various banks individually.

RATIONALE OF THE STUDY:

All the banks operating in an economy are faced by difficulties which
have to be overcome. Their exits a default risk in losing the money
lent. Further, as the numbers of borrowers are increasing, hence is
deteriorating the credit standing of the overall borrower.

SCOPE OF THE STUDY:

The scope of my study include five banks of which three are private
sector banks and two are public sector ones. They are listed as
follows:
PRIVATE SECTOR BANKS
1. ICICI
2. Standard Chartered
3. HDFC

PUBLIC SECTOR BANKS

4. State Bank of India

5. Union Bank

63
DRAWBACKS:

 Due to scarcity of time some aspects in relation to the subject

would have to be overlooked.

 Since the data is secondary in nature the information may not be

exhaustive.

 There is a possibility of Data collection errors.

Data which is confidential in nature would not be available for
completing the report.

Primary Data - Survey in Banks.

It will be collected with the help of interaction with bank managers.

As well as unstructured observation will also come in use at some part

(topic) of study.

Secondary Data - It will be collected with the help of Internet, books,

journals, articles of newspapers & magazines and research papers.

64
 ANALYSIS

FORCES OF CONTINUITY AND CHANGE

There are seven forces of continuity and seven forces of change that effect the
banking industry and hence effect their risk management process. The degree to
which they affect each bank and each operative line of the bank is different. They are
listed as follows:

SEVEN FORCES OF CHANGE

1. Globalization

2. New Opportunities

3. Competition

4. Customer Needs

5. Technologies

6. Mergers and Acquisitions

7. Government Policies

SEVEN FORCES OF CONTINUITY

1. Customer Base

2. Infrastructure

3. Technologies

4. Core Competencies

5. Supply Chain and Distribution Network

6. Culture

7. Performance

The effect of these forces on the risk management of each of these five banks will be
analyzed with the through expert opinion of bank managers which will be obtained
with the help of a questionnaire.

65
The first continuity factor, namely, the customer base of a bank has components
inherent such as current market share of key offerings, revenue growth rate,
customer retention rate, etc. All other factors of continuity and change have various
factors inherent in them which have been discussed individually with bank
managers.

An Expert Opinion Survey was conducted in various banks across various branches
of Delhi. The subjective opinion of managers with their consent and advice was
converted to numbers to create the change and continuity grid.

The cumulative average of the questionnaires was taken out to give two scores, i.e.,
one each of the Factors of Change and the other of the Factors of Continuity. These
scores are listed as under:

SCORES OF FORCES OF CHANGE AND FORCES OF CONTINUITY

Name of the Bank Forces of Change Forces of Continuity

ICICI 83 102

HDFC 61 78

STANDARD 79 88
CHARTERED

STATE BANK OF INDIA 37 97

UNION BANK 30 58

66
 FINDINGS

In addition to finding out and studying the risk management techniques of various
banks another objective was to create the Change and Continuity Grid for which the
questionnaire was conducted. This grid has been constructed as under with the help
of some simple calculations.

The scores in the above table are to be converted to Change Scores and
Continuity Scores respectively. The former can be obtained by dividing the above
scores by 21 and the latter by 29

After undergoing these calculations the above score were obtained:

Name of the Bank Forces of Change Forces of Continuity

ICICI 3.9 3.5

HDFC 2.9 2.6

STANDARD 3.7 3.03

CHARTERED

STATE BANK OF INDIA 1.6 3.3

UNION BANK 1.4 2

67
 CONCLUSION
The evolution of risk management as a discipline has thus been driven by
market forces on the one hand and developments in banking supervision on the
other, each side operating with the other in complementary and mutually
reinforcing ways. Banks and other market participants have made many of the
key innovations in risk measurement and risk management, but supervisors
have often helped to adapt and disseminate best practices to a broader array of
financial institutions. And at times, supervisors have taken the lead, for
example, by identifying emerging issues through examinations and comparisons
of peer institutions or by establishing guidelines that codify evolving practices.

The interaction between the private and public sectors in the development of
risk-management techniques has been particularly extensive in the field of bank
capital regulation, especially for the banking organizations that are the largest,
most complex, and most internationally active.

The current system of bank capital standards is the so-called Basel I framework,
which was established internationally in 1988. Basel I was an important
advance that resulted in higher capital levels, a more equitable international
marketplace and--most relevant to my theme this evening--closer links between
banks' capital holdings and the risks they take.

However, as I will discuss, Basel I is becoming increasingly inadequate for our

largest and most complex organizations. The activities of these organizations
demand that we not only go beyond Basel I but that we continue to improve on
today's most advanced methods of risk management. Thus, in the proposed new
framework, known as Basel II, supervisors are seeking to draw upon industry
best practice while also encouraging the industry to advance the risk-
management frontier.

68
REFERENCES

www.channeltimes.com

www.techtree.com

http://www.hdfc.com/cg_risk_mgmt.asp

http://www.hdfcbank.com/aboutus/careers/default.htm

http://www.neuralt.com/article34.html

http://www.equitymaster.com/DETAIL.ASP?story=5&date=11/30/2001

http://myiris.com/shares/company/reportShow.php?url=AMServer%2F2000%2F10%
2FSTABANIA_20001030.htm

http://www.indiainfoline.com/company/innernews.asp?storyId=51863&lmn=4

69
 THE QUESTIONNAIRE

Continuity and Change Forces

Sl. No Continuity Factors 1 2 3 4 5

a Customer Base

a.1 Current market share in key offerings Insignificant Market Leader

a.2 Revenue Growth Rate Negative Higher than average

a.3 Customer Retention Rate Negligible Nearly 100%

a.4 Customer Management Investments Negligible >30% of Revenue

b Infrastructure

b.1 Fixed assets & other facilities of organisation Negligible Highly Capital
Intensive

b.2 Number of company owned service outlets None Higher than average

b.3 Brand Equity No branded One of top 10 Brands

products

b.4 Business Liquidation Costs None Significant

c Technology

c.1 R n D Expenditure None >20% of revenue

c.2 HR skills in current technology Non tech Skills in current tech

c.3 No of patents None Higher than average

c.4 Training expenses on current technology None Significant

d Core Competence

d.1 Degree of differential advantage None Significant

d.2 Sustaining competence None >10 years

d.3 State of future competencies >4 competencies None

e Supply chain and distribution network

e.1 No of stages of SCM One >4 stages

e.2 SCM stages division is your organisation One In all stages

e.3 ERP/SCM investments in % revenues None >20% of revenues

e.4 Supplier development expenditure None >30% of revenues

70
 e.5 Inventory costs in % revenues None >20% of revenues

f Culture

f.1 Organisational structure Process based Functional

f.2 Cost/effort involved in culture transforming Negligible Significant

activities

f.3 Strategy None Clearly defined

f.4 Average tenure of an employees <one year >10 years

f.5 Core values of the organisation None Clearly defined

g Performance

g.1 Customer satisfaction ratings <=2 (10 point s) >=9

g.2 Profitability Negative Higher than average

g.3 Quality performance <=(10 point s) >=9

g.4 Delivery performance <=(10 point s) >=9

Sl. No Change Factors 1 2 3 4 5

a Globalization

a.1 Extent of globalization of your industry

a.2 Extent of globalization of your organisation

b New opportunities

b.1 Availability of new opportunities Nil Numerous

b.2 Maturity of the current technology Matured New and emerging

c Competition

c.1 Type of competition in your industry 1 or 2 players Numerous small

dominant competitors

c.2 Substitutes of your key offerings None Numerous

c.3 Vertical integration potential of your industry Nil Almost all players
players have VI

71
c.4 Entry barriers for global players Domestic industry Nil
totally protected

d Customer needs

d.1 Knowledge level of your customers Nil High

d.2 Changes in customer requirements Nil Highly dynamic

d.3 Customer loyalty High Nil

e Industry technology

e.1 Industry spending on new technologies Negligible >30% of revenue

e.2 Industry adaptation of new technologies Negligible High(100%)

e.3 Possibilities of implementing e-business Nil All processes can be

IT enables

f Mergers and acquisitions

f.1 JV/ alliance in your industry Almost none Almost all

organisa5tions

f.2 Mergers and acquisitions in your Almost none Affecting more than
industry(domestic) 50%of the industry

f.3 Mergers and acquisitions in your Almost none Affecting more than
industry(global) 50%of the industry

g Govt policy and legislation

g.1 Extent of FDI allowed in your industry 0% 100%

g.2 Trade tariffs 100% 0%

g.3 Legal barriers/legislations affecting your Significant control No legal control

industry by law

g.4 Govt support for your promotion of your Nil Significant govt
industry support

72