Risk Management Framework in Banks

slipalaskaManagement

Nov 20, 2013 (3 years and 6 months ago)

45 views

Rizwan Chughtai


Risk

exposure

arising

from

business

activities


Need

to

effectively

manage

because

of


Potential

business

losses


Ensure

business

continuity


Wider

and/or

complex

risk

requires

more

prudent

management


Risk

appetite

determines

risk

exposure


Optimize

risk
-
reward

trade
-
off

rather

than

minimize/eliminate

risk
.


Risk

taking

is

inherent

activity

but


neither

engage

in

business

with

unnecessary

risk

nor

absorb

risk

that

can

be

transferred


Regulatory Case vs Business Case


Strategic Level


Encompasses senior management and BOD


Macro Level


Within a business area or across business lines


Micro Level


‘On
-
the
-
line’ risk management



Need to have properly structured RM


Introduced

in

2003

(BSD

Circular

7

of

2003
)


Issued

to

enable

financial

institutions

to

establish

their

own

RM

procedures


Provide

an

overview

of

actions

and

not

intended

to

detail

every

control

procedure


Flexible

and

adaptable

with

the

size

and

complexity

of

business


Areas covered


Credit Risk


Market Risk


Liquidity Risk


Operational Risk


Certain basic principles for risk management
applicable to all institutions irrespective of size
and complexity


Board

and

senior

Management

oversight

“The

overall

responsibility

of

risk

management

vests

in

the

Board

of

Directors,

which

shall

formulate

policies

in

various

areas

of

operations

of

the

bank
.

The

senior

management

is,

interalia,

responsible

for

devising

risk

management

strategy

and

well
-
defined

policies

and

procedures

for

mitigating/controlling

risks,

which

should

be

duly

approved

by

the

Board
.

The

senior

management

is

also

responsible

for

the

dissemination,

implementation,

and

compliance

of

approved

policies

and

procedures
.



Integration

of

Risk

Management

“At

operational

level,

risk

assessment

may

be

made

on

portfolio

or

business

line

basis,

however,

at

the

top

level

the

management

need

to

adopt

a

holistic

approach

in

assessing

and

managing

risk

profile

of

the

bank
.




Business

Line

Accountability

“Irrespective

of

a

separate

risk

review

or

management

function

individuals

heading

various

business

lines

or

units

are

also

accountable

for

the

risk

they

are

taking
.



Risk

Evaluation/Measurement

“Wherever

possible

risks

should

be

quantitatively

measured,

reported,

and

mitigated
.



Independent

review

“The

risk

review

function

should

be

independent

of

those

who

approve

and

take

risk
.

The

review

should

include,

interalia,

stress

tests

exposing

the

portfolio

to

unanticipated

movements

in

key

variables

or

major

systemic

shocks
.



Contingency

planning

“Banks

should

have

contingency

plans

for

any

unexpected

or

worst

case

scenarios
.



The individuals who take or manage risks clearly
understand it.


The organization’s Risk exposure is within the
limits established by Board of Directors.


Risk taking Decisions are in line with the business
strategy and objectives set by BOD.


The expected payoffs compensate for the risks
taken


Risk taking decisions are explicit and clear.


Sufficient capital as a buffer is available to take
risk.


Board

and

Senior

Management

Oversight


BoD

to

approve

credit

risk

strategy

and

other

significant

policies


SM

to

develop

and

establish

credit

risk

policies

&

credit

administration

procedures

and

guide

staff


Setting

up

appropriate

organization

structure

and

specify

duties/responsibilities


Credit

management

discipline


Credit Origination


Assess risk profile before extending credit


Cash flows and repayment capacity


Appropriate utilization of credit


Limit Setting


Credit Administration


Documentation, Disbursement, Monitoring,
Repayment, Credit Files, Collateral Documents


Measuring Credit Risk


Internal Risk Rating


Rating Review


Credit Risk monitoring & Control


Risk Review


Delegation of Authority


Managing Problem Credits


Board and Senior Management Oversight


Organizational Structure


Risk Management Committee


Asset
-
Liability Committee


Middle Office


Risk Measurement


Interest Rate, Foreign Exchange, Equity




Risk Measurement


Repricing Gap Models


Measuring Risk to Economic Value


Value at Risk


Risk Limits


Gap Limits


Factor Sensitivity Limits


Board and Senior Management Oversight


Early warning indicators of liquidity risk


Liquidity Risk Strategy


Composition of Assets & Liabilities


Diversification and Stability of Liabilities


ALCO/Investment Committee


Liquidity Risk Management Process


Liquidity Risk Measurement & Monitoring


Contingency Funding Plans (CPF)


Use of CPF for Routine Liquidity Management


Use of CPF for Emergency & Distress Environment


Cash Flow Projections


Liquidity Ratios and Limits


Operational Risk Management Principles


Ultimate accountability with BoD


BoD to ensure effective & integrated OpRisk
Management Framework


BoD and SM to identify and define all categories of
Operational Risk


Document and communicate OpRisk policies and
procedures


Integrated business and support functions


Diligence of business line



Risk Assessment and Quantification


Risk Management and Mitigation


Risk Monitoring


Key Risk Indicators (KRIs)


Risk Reporting


Establish Control Mechanism


Contingency Planning


Guidelines

in

2004

(BSD

Circular

7

of

2004
)



Properly

designed

and

strictly

enforced

system

of

internal

controls

helps
:


protect

the

organization’s

assets

and

profitability

from

operational

losses

and

frauds

and

forgeries


produces

reliable

financial

and

management

reports


helps

compliance

with

laws

and

regulations


creates

value

for

the

stakeholders


BSD

Circular

13

of

2004


Need

for

comprehensive

BCP

arrangements


Key

considerations


Responsibility


Components

of

BCP


Critical

Business

Line


Geographic

Concentration


Centralization

of

Operations


Recovery

Time

Targets


Testing


Updation

and

Validation


Compliance


Need

to

have

synchronized

and

adhesive

policies

covering

different

areas


Consolidated

instructions

on

policy

framework

(BSD

Circular

3

of

2007
)


Minimum

Areas


Risk

Management

Policy



Credit

Policy


Treasury

&

Investment

Policy


Internal

Control

System

and

Audit

Policy


I
.
T
.

Security

Policy



Human

Resource

Policy


Expenditure

Policy


Accounting

&

Disclosure

Policy


BSD Circular 17 of 2008


ICAAP

supplements

quantitative

risk

assessment

in

Pillar
-
1

of

Basel

II


ICAAP

is

set

of

policies,

methodologies,

techniques,

and

procedures

to

assess

the

capital

adequacy

requirements

in

relation

to

the

bank’s

risk

profile

and

effectiveness

of

its

risk

management,

control

environment

and

strategic

planning


Elements of ICAAP


Board and senior management oversight


Sound capital assessment


Comprehensive assessment of risks


Monitoring and reporting


Internal control review


Core for every angle of Risk Management