A REPORT ON MANAGEMENT RESEARCH PROJECT

RISK MANAGEMENT IN BANKS

SUBMITTED TO: PROF. DEVESH KUMAR FACULTY & MRP GUIDES

SUBMITTED BY: VIKAS BHARGAV 04 BS 2570

IBS, CHANDIGARH.
1

INDEX
Synopsis.3 Objective4 Limitations.4 Methodology.5 Schedule5 References.5 Introduction..6 Banking services...8 Risk management11 Credit risk20 Risk management in ICICI Bank34 Risk management in State Bank Of India...... 58

SYNOPSIS

Risk management is the process of measuring, or assessing risk and then developing strategies to manage the risk. In general, the strategies employed include transferring the risk to another party, avoiding the risk, reducing the negative affect of the risk, and accepting some or all of the consequences of a particular risk. Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments. Regardless of the type of risk management, all large corporations have risk management teams and small groups and corporations practice informal, if not formal, risk management. In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled later. In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss vs. a risk with high loss but lower probability of occurrence can often be mishandled. Risk management also faces a difficulty in allocating resources properly. This is the idea of opportunity cost. Resources spent on risk management could be instead spent on more profitable activities. Again, ideal risk management spends the least amount of resources in the process while reducing the negative effects of risks as much as possible.

Risk management in banks

With growing competition and fast changes in the operating environment impacting the business potentials, banks are compelled to constantly monitor and review their approach to ``credit'', the main earning asset in the balance sheet. With compulsions at peer level in the international standards, the Reserve Bank of India as the central bank has been emphasizing, in the recent years, on risk management and recently, issued a timely warning to bank managements to focus on the efforts for installing effective systems for control of risks, through calling for certification regarding compliance on these aspects. The first circular of RBI introducing ALM (Asset Liability Management) for banks as mandatory, was issued in September 1998; given the history of banking in India and the comfort of insulated economy, awareness on the relative implications is yet to perceive while the RBI itself is administering the relative regulatory measures in phases. It is not simply the banking industry but change in the environment, like the legal structure, market imperfections including the depth of the market and tax structure, need to keep pace for the requirements. However, bank managements are yet to grapple with what is before them while towards the exercise, the first step namely establishing a data base is being initiated.

Pertaining to risk management in credit portfolio, it is not as though banks are not conscious of the various risk elements - in fact, all these phraseologies are repeated all over from time to time in different context. Such comprehension requires to be translated into practice by evolving systems for control/administration. So, this project comprises understanding the procedure of the risk management carried by the banks in order to maintain their assets and liability position and also to compete well in the market in lieu of guidelines provided by the RBI .In this study we would do study various risks such as credit risk, market risk, liquidity risk and operational risk as well. This project would describe how banks work against these risks and try to minimize it in order to maximize the profit margin. Also the banks management and various departments in regard to manage these kinds of risks. We would also study the guidelines provided by RBI in regard to Risk Management procedure that to be followed by Nationalized and Private Banks also NBFCs. In the project we would describe the risk management process that been carried by banks and also ALM structure in order to control upon assets liability position in the banks in order to keep eye on liquidity position of banks and also we would see which tools or methods are being used by banks in order to control risk and maximize profitability.

OBJECTIVE
1. 2. 3. 4. 5. To study and analyze the Risk Management procedure in Banks. To study different types of tools such as VAR. To study the guidelines provided by RBI. To check Assets-Liability position of the Banks. To study the liquidity position of the Banks.

LIMITATIONS
If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably. Unlikely events do occur, but if the risk is unlikely enough to occur, it may be better to simply retain the risk, and deal with the result if the loss does in fact occur. Prioritizing too highly the Risk management processes it could potentially keep an organization from ever completing a project or even getting started. This is especially true if other work is suspended until the risk management process is considered complete.

So the limitation of the project would be as follows:-

1. To assure whether the data would be accurate or not. 2. To see whether the tools which will be used for analysis would be correct
or not. 3. Different methods of each Bank to control Risk

PROPOSED METHODOLOGY
The methodology that would be used in the project as follows:Sample Size: Two Banks. Sampling Method: Random Sampling Technique. Research Methodology: - Personal Meeting With Banks Personnel for collecting Data and analyzing the process of Risk Management.

SCHEDULE
PARTICULARS Meeting with Banks Collecting and Analysis of Process Preparation of Final Report SCHEDULED DATE 12th of December 2005 20th of January 2006 18th of March 2006

REFRENCES
1. 2. 3. 4. 5. 6. 7. 8. 9.
Risk Management in Banks by ICMR press. RBI Guidelines and Journals. www.google.co.in www.bambooweb.com www.rbi.org.co.in www.icicibank.com www.sbi.co.in www.infoscouts.com www.kpmg.com

INTRODUCTION
Banking, the business of providing financial services to consumers and businesses. The basic services a bank provides are checking accounts, which can be used like money to make payments and purchase goods and services; savings accounts and time deposits that can be used to save money for future use; loans that consumers and businesses can use to purchase goods and services; and basic cash management services such as check cashing and foreign currency exchange. Four types of banks specialize in offering these basic banking services: commercial banks, savings and loan associations, savings banks, and credit unions. A broader definition of a bank is any financial institution that receives, collects, transfers, pays, exchanges, lends, invests, or safeguards money for its customers. This broader definition includes many other financial institutions that are not usually thought of as banks but which nevertheless provide one or more of these broadly defined banking services. These institutions include finance companies, investment companies, investment banks, insurance companies, pension funds, security brokers and dealers, mortgage companies, and real estate investment trusts. This article, however, focuses on the narrower definition of a bank and the services provided by banks in Canada and the United States. (For information on other financial institutions, see Insurance; Investment Banking; and Trust Companies.) Banking services are extremely important in a free market economy such as that found in Canada and the United States. Banking services serve two primary purposes. First, by supplying customers with the basic mediums-of-exchange (cash, checking accounts, and credit cards), banks play a key role in the way goods and services are purchased. Without these familiar methods of payment, goods could only be exchanged by barter (trading one good for another), which is extremely time-consuming and inefficient. Second, by accepting money deposits from savers and then lending the money to borrowers, banks encourage the flow of money to productive use and investments. This in turn allows the economy to grow. Without this flow, savings would sit idle in someones safe or pocket, money would not be available to borrow, people would not be able to purchase cars or houses, and businesses would not be able to build the new factories the economy needs to produce more goods and grow. Enabling the flow of money from savers to investors is called financial intermediation, and it is extremely important to a free market economy.

a) Commercial Banks
Commercial banks are so named because they specialize in loans to commercial and industrial businesses. Commercial banks are owned by private investors, called stockholders, or by companies called bank holding companies. The vast majority of commercial banks are owned by bank holding companies. (A holding company is a corporation that exists only to hold shares in another company.) In 1984, 62 percent of banks were owned by holding companies. In 2000, 76 percent of banks were owned by holding companies. The bank holding company form of ownership became increasingly

attractive for several reasons. First, holding companies could engage in activities not permitted in the bank itselffor example, offering investment advice, underwriting securities, and engaging in other investment banking activities. But these activities were permitted in the bank if the holding company owned separate companies that offer these services. Using the holding company form of organization, bankers could then diversify their product lines and offer services requested by their customers and provided by their European counterparts. Second, many states had laws that restricted a bank from opening branches to within a certain number of miles from the banks main branch. By setting up a holding company, a banking firm could locate new banks around the state and therefore put branches in locations not previously available. Commercial banks are for profit organizations. Their objective is to make a profit. The profits either can be paid out to bank stockholders or to the holding company in the form of dividends, or the profits can be retained to build capital (net worth). Commercial banks traditionally have the broadest variety of assets and liabilities. Their historical specialties have been commercial lending to businesses on the asset side and checking accounts for businesses and individuals on the liability side. However, commercial banks also make consumer loans for automobiles and other consumer goods as well as real estate (mortgage) loans for both consumers and businesses.

b) Savings and Loan Associations

Savings and loan associations (SLAs) are usually owned by stockholders, but they can be owned by depositors as well. (If owned by depositors, they are called mutuals.) If stock owned, the goal is to earn a profit that can either be paid out as a dividend or retained to increase capital. If owned by depositors, the objective is to earn a profit that can be used either to build capital or lower future loan rates or to raise future deposit rates for the depositor-owners. Until the early 1980s, regulations restricted SLAs to investing in real estate mortgage loans and accepting savings accounts and time deposits (savings accounts that exist for a specified period of time). As a result, historically SLAs have specialized in savings deposits and mortgage lending.

c) Savings Banks
Traditional savings banks, also known as mutual savings banks (MSBs), have no stockholders, and their assets are administered for the sole benefit of depositors. Earnings are paid to depositors after expenses are met and reserves are set aside to insure the deposits. During the 1980s savings banks were in a great state of flux, and many began to provide the same kinds of services as commercial banks.

BANKING SERVICES
Commercial banks and thrifts offer various services to their customers. These services fall into three major categories: deposits, loans, and cash management services.

a)

Deposits

There are four major types of deposits: demand deposits, savings deposits, hybrid checking/savings deposits, and time deposits. What distinguishes one type from another are the conditions under which the deposited funds may be withdrawn. A demand deposit is a deposit that can be withdrawn on demand at any time and in any amount up to the full amount of the deposit. The most common example of a demand deposit is a checking account. Money orders and travelers checks are also technically demand deposits. Checking accounts are also considered transaction accounts in that payments can be made to third partiesthat is, to someone other than the depositor or the bank itselfvia check, telephone, or other authorized transfer instruction. Checking accounts are popular because as demand deposits they provide perfect liquidity (immediate access to cash) and as transaction accounts they can be transferred to a third party as payment for goods or services. As such, they function like money. Savings accounts pay interest to the depositor, but have no specific maturity date on which the funds need to be withdrawn or reinvested. Any amount can be withdrawn from a savings account up to the amount deposited. Under normal circumstances, customers can withdraw their money from a savings account simply by presenting their passbook or by using their automated teller machine (ATM) card. Savings accounts are highly liquid. They are different from demand deposits, however, because depositors cannot write checks against regular savings accounts. Savings accounts cannot be used directly as money to purchase goods or services. The hybrid savings and checking account allows customers to earn interest on the account and write checks against the account. These are called either negotiable order of withdrawal (NOW) accounts, or money market deposit accounts, which are savings accounts that allow a maximum of three third-party transfers each month. Time deposits are deposits on which the depositor and the bank have agreed that the money will not be withdrawn without substantial penalty to the depositor before a specific date. These are frequently called certificates of deposits (CDs). Because of a substantial early withdrawal penalty, time deposits are not as liquid as demand or savings deposits nor can depositors write checks against them. Time deposits also typically require a minimum deposit amount.

b)

Loans

Banks and thrifts make three types of loans: commercial and industrial loans, consumer loans, and mortgage loans. Commercial and industrial loans are loans to businesses or industrial firms. These are primarily short-term working capital loans (loans to finance the purchase of material or labor) or transaction or longer-term loans (loans to purchase machines and equipment). Most commercial banks offer a variable rate on these loans, which means that the interest rate can change over the course of the loan. Whether a bank will make a loan or not depends on the credit and loan history of the borrower, the borrowers ability to make scheduled loan payments, the amount of capital the borrower has invested in the business, the condition of the economy, and the value of the collateral the borrower pledges to give the bank if the loan payments are not made. Consumer loans are loans for consumers to purchase goods or services. There are two types of consumer loans: closed-end credit and open-end credit. Closed-end credit loans are loans for a fixed amount of money, for a fixed period of time (usually not more than five years), and for a fixed purpose (for example, to buy a car). Most closed-end loans are called installment loans because they must be repaid in equal monthly installments. The item purchased by the consumer serves as collateral for the loan. For example, if the consumer fails to make payments on an automobile, the bank can recoup the cost of its loan by taking ownership of the car. Open-end credit loans are loans for variable amounts of money up to a set limit. Unlike closed-end loans, open-end credit does not require a borrower to specify the purpose of the loan and the lender cannot foreclose on the loan. Credit cards are an example of openend credit. Most open-end loans carry fixed interest ratesthat is, the rate does not vary over the term of the loan. Open-end loans require no collateral, but interest rates or other penalties or fees may be chargedfor example, if credit card charges are not paid in full, interest is charged, or if payment is late, a fee is charged to the borrower. Open-end credit interest rates usually exceed closed-end rates because open-end loans are not backed by collateral. Mortgage loans or real estate loans are loans used to purchase land or buildings such as houses or factories. These are typically long-term loans and the interest rate charged can be either a variable or a fixed rate for the term of the loan, which often ranges from 15 to 30 years. The land and buildings purchased serve as the collateral for the loan.

c)

Cash Management and Other Services

Although deposits and loans are the basic banking services provided by banks and thrifts, these institutions provide a wide variety of other services to customers. For consumers, these include check cashing, foreign currency exchange, safety deposit boxes in which consumers can store valuables, electronic wire transfer through which consumers can transfer money and securities from one financial institution to another, and credit life

insurance which automatically pays off loans in the event of the borrowers death or disability. In recent years, banks have made their services increasingly convenient through electronic banking. Electronic banking uses computers to carry out transfers of money. For example, automated teller machines (ATMs) enable bank customers to withdraw money from their checking or savings accounts by inserting an ATM card and a private electronic code into an ATM. The ATMs enable bank customers to access their money 24 hours a day and seven days a week wherever ATMs are located, including in foreign countries. Banks also offer debit cards that directly withdraw funds from a customers account for the amount of a purchase, much like writing a check. Banks also use electronic transfers to deposit payroll checks directly into a customers account and to automatically pay a customers bills when they are due. Many banks also use the Internet to enable customers to pay bills, move money between accounts, and perform other banking functions. For businesses, commercial banks also provide specialized cash management and credit enhancement services. Cash management services are designed to allow businesses to make efficient use of their cash. For example, under normal circumstances a business would sell its product to a customer and send the customer a bill. The customer would then send a check to the business, and the business would then deposit the check in the bank. The time between the date the business receives the check and deposits the check in the bank could be several days or a week. To eliminate this delay and allow the business to earn interest on its money sooner, commercial banks offer services to businesses whereby customers send checks directly to the bank, not the business. This practice is referred to as lock box services because the payments are mailed to a secure post office box where they are picked up by bank couriers for immediate deposit. Another important business service performed by banks is a credit enhancement. Commercial banks back up the performance of businesses by promising to pay the debts of the business if the business itself cannot pay. This service substitutes the credit of the bank for the credit of the business. This is valuable, for example, in international trade where the exporting firm is unfamiliar with the importing firm in another country and is, therefore, reluctant to ship goods without knowing for certain that the importer will pay for them. By substituting the credit of a foreign bank known to the exporters bank, the exporter knows payment will be made and will ship the goods. Credit enhancements are frequently called standby letters of credit or commercial letters of credit.

10

Defining Risk
For the purpose of these guidelines financial risk in banking organization is possibility that the outcome of an action or event could bring up adverse impacts. Such outcomes could either result in a direct loss of earnings / capital or may result in imposition of constraints on banks ability to meet its business objectives. Such constraints pose a risk as these could hinder a bank's ability to conduct its ongoing business or to take benefit of opportunities to enhance its business. Regardless of the sophistication of the measures, banks often distinguish between expected and unexpected losses. Expected losses are those that the bank knows with reasonable certainty will occur (e.g., the expected default rate of corporate loan portfolio or credit card portfolio) and are typically reserved for in some manner. Unexpected losses are those associated with unforeseen events (e.g. losses experienced by banks in the aftermath of nuclear tests, Losses due to a sudden down turn in economy or falling interest rates). Banks rely on their capital as a buffer to absorb such losses. Risks are usually defined by the adverse impact on profitability of several distinct sources of uncertainty. While the types and degree of risks an organization may be exposed to depend upon a number of factors such as its size, complexity business activities, volume etc, it is believed that generally the banks face Credit, Market, Liquidity, Operational, Compliance / legal /regulatory and reputation risks. Before overarching these risk categories, given below are some basics about risk Management and some guiding principles to manage risks in banking organization.

Risk Management.
Risk Management is a discipline at the core of every financial institution and encompasses all the activities that affect its risk profile. It involves identification, measurement, monitoring and controlling risks to ensure that a) The individuals who take or manage risks clearly understand it. b) The organizations Risk exposure is within the limits established by Board of Directors. c) Risk taking Decisions are in line with the business strategy and objectives set by BOD. d) The expected payoffs compensate for the risks taken e) Risk taking decisions are explicit and clear. f) Sufficient capital as a buffer is available to take risk

11

The acceptance and management of financial risk is inherent to the business of banking and banks roles as financial intermediaries. Risk management as commonly perceived does not mean minimizing risk; rather the goal of risk management is to optimize riskreward trade -off. Notwithstanding the fact that banks are in the business of taking risk, it should be recognized that an institution need not engage in business in a manner that unnecessarily imposes risk upon it: nor it should absorb risk that can be transferred to other participants. Rather it should accept those risks that are uniquely part of the array of banks services. In every financial institution, risk management activities broadly take place simultaneously at following different hierarchy levels. Strategic level: It encompasses risk management functions performed by senior management and BOD. For instance definition of risks, ascertaining institutions risk appetite, formulating strategy and policies for managing risks and establish adequate systems and controls to ensure that overall risk remain within acceptable level and the reward compensate for the risk taken.
a) b)

Macro Level: It encompasses risk management within a business area or across business lines. Generally the risk management activities performed by middle management or units devoted to risk reviews fall into this category. Micro Level: It involves On-the-line risk management where risks are actually created. This is the risk management activities performed by individuals who take risk on organizations behalf such as front office and loan origination functions. The risk management in those areas is confined to following operational procedures and guidelines set by management.
c)

Expanding business arenas, deregulation and globalization of financial activities emergence of new financial products and increased level of competition has necessitated a need for an effective and structured risk management in financial institutions. A banks ability to measure, monitor, and steer risks comprehensively is becoming a decisive parameter for its strategic positioning. The risk management framework and sophistication of the process, and internal controls, used to manage risks, depends on the nature, size and complexity of institutions activities. Nevertheless, there are some basic principles that apply to all financial institutions irrespective of their size and complexity of business and are reflective of the strength of an individual bank's risk management practices.

Board and senior Management oversight.

a) To

be effective, the concern and tone for risk management must start at the top. While the overall responsibility of risk management rests with the BOD, it is the duty of senior management to transform strategic direction set by board in the shape of policies and procedures and to institute an effective hierarchy to execute and implement those

12

policies. To ensure that the policies are consistent with the risk tolerances of shareholders the same should be approved from board. The formulation of policies relating to risk management only would not solve the purpose unless these are clear and communicated down the line. Senior management has to ensure that these policies are embedded in the culture of organization. Risk tolerances relating to quantifiable risks are generally communicated as limits or sub-limits to those who accept risks on behalf of organization. However not all risks are quantifiable. Qualitative risk measures could be communicated as guidelines and inferred from management business decisions.
b)

To ensure that risk taking remains within limits set by senior management/BOD, any material exception to the risk management policies and tolerances should be reported to the senior management/board who in turn must trigger appropriate corrective measures. These exceptions also serve as an input to judge the appropriateness of systems and procedures relating to risk management.
c)

To keep these policies in line with significant changes in internal and external environment, BOD is expected to review these policies and make appropriate changes as and when deemed necessary. While a major change in internal or external factor may require frequent review, in absence of any uneven circumstances it is expected that BOD re-evaluate these policies every year.
d)

Risk Management framework.

A risk management framework encompasses the scope of risks to be managed, the process/systems and procedures to manage risk and the roles and responsibilities of individuals involved in risk management. The framework should be comprehensive enough to capture all risks a bank is exposed to and have flexibility to accommodate any change in business activities. An effective risk management framework includes Clearly defined risk management policies and procedures covering risk identification, acceptance, measurement, monitoring, reporting and control.
a) b) A

well constituted organizational structure defining clearly roles and responsibilities of individuals involved in risk taking as well as managing it. Banks, in addition to risk management functions for various risk categories may institute a setup that supervises overall risk management at the bank. Such a setup could be in the form of a separate department or banks Risk Management Committee (RMC) could perform such function*. The structure should be such that ensures effective monitoring and control over risks being taken. The individuals responsible for review function (Risk review, internal audit, compliance etc) should be independent from risk taking units and report directly to board or senior management who are also not involved in risk taking. There should be an effective management information system that ensures flow of information from operational level to top management and a system to address any
c)

13

exceptions observed. There should be an explicit procedure regarding measures to be taken to address such deviations. The framework should have a mechanism to ensure an ongoing review of systems, policies and procedures for risk management and procedure to adopt changes.
d)

Integration of Risk Management

Risks must not be viewed and assessed in isolation, not only because a single transaction might have a number of risks but also one type of risk can trigger other risks. Since interaction of various risks could result in diminution or increase in risk, the risk management process should recognize and reflect risk interactions in all business activities as appropriate. While assessing and managing risk the management should have an overall view of risks the institution is exposed to. This requires having a structure in place to look at risk interrelationships across the organization.

Business Line Accountability.

In every banking organization there are people who are dedicated to risk management activities, such as risk review, internal audit etc. It must not be construed that risk management is something to be performed by a few individuals or a department. Business lines are equally responsible for the risks they are taking. Because line personnel, more than anyone else, understand the risks of the business, such a lack of accountability can lead to problems.

Risk Evaluation/Measurement.
Until and unless risks are not assessed and measured it will not be possible to control risks. Further a true assessment of risk gives management a clear view of institutions standing and helps in deciding future action plan. To adequately capture institutions risk exposure, risk measurement should represent aggregate exposure of institution both risk type and business line and encompass short run as well as long run impact on institution. To the maximum possible extent institutions should establish systems / models that quantify their risk profile, however, in some risk categories such as operational risk, Quantification is quite difficult and complex. Wherever it is not possible to quantify risks, qualitative measures should be adopted to capture those risks. Whilst quantitative measurement systems support effective decision-making, better measurement does not obviate the need for well-informed, qualitative judgment. Consequently the importance of staff having relevant knowledge and expertise cannot be undermined. Finally any risk measurement framework, especially those which employ quantitative techniques/model, is only as good as its underlying assumptions, the rigor and robustness of its analytical methodologies, controls surrounding data inputs and its appropriate application

14

Independent review.
One of the most important aspects in risk management philosophy is to make sure that those who take or accept risk on behalf of the institution are not the ones who measure, monitor and evaluate the risks. Again the managerial structure and hierarchy of risk review function may vary across banks depending upon their size and nature of the business, the key is independence. To be effective the review functions should have sufficient authority, expertise and corporate stature so that the identification and reporting of their findings could be accomplished without any hindrance. The findings of their reviews should be reported to business units, Senior Management and, where appropriate, the Board.

Contingency planning.
Institutions should have a mechanism to identify stress situations ahead of time and plans to deal with such unusual situations in a timely and effective manner. Stress situations to which this principle applies include all risks of all types. For instance contingency planning activities include disaster recovery planning, public relations damage control, litigation strategy, responding to regulatory criticism etc. Contingency plans should be reviewed regularly to ensure they encompass reasonably probable events that could impact the organization. Plans should be tested as to the appropriateness of responses, escalation and communication channels and the impact on other parts of the institution.

Steps in the risk management process

Identification
A first step in the process of managing risk is to identify potential risks. Risks are about events that, when triggered, will cause problems. Hence, risk identification can start with the source of problems, or with the problem itself.

Source analysis Risk sources may be internal or external to the system that is the target of risk management. Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an airport. Problem analysis Risks are related to fear. For example: the fear of losing money, the fear of abuse of privacy information or the fear of accidents and casualties. The fear may exist with various entities, most important with shareholder, customers and legislative bodies such as the government.

When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. For example: stakeholders withdrawing during a project may endanger funding of the project; privacy information may be stolen by employees even within a closed network; lightning striking a B747 during takeoff may make all people onboard immediate casualties.

15

The chosen method of identifying risks may depend on culture, industry practice and compliance. The identification methods are formed by templates or the development of templates for identifying source, problem or event. Common risk identification methods are:

Objectives-based Risk Identification Organizations and project teams have objectives. Any event that may endanger achieving an objective partly or completely is identified as risk. Objective-based risk identification is at the basis of COSO's Enterprise Risk Management - Integrated Framework

Scenario-based Risk Identification In scenario analysis different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk.

Taxonomy-based Risk Identification The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks.

Common-risk Checking In several industries lists with known risks are available. Each risk in the list can be checked for application to a particular situation. An example of known risks in the software industry is the Common Vulnerability and Exposures list found at http://cve.mitre.org/.

Assessment
Once risks have been identified, they must then be assessed as to their potential severity of loss and to the probability of occurrence. These quantities can be either simple to measure, in the case of the value of a lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring. Therefore, in the assessment process it is critical to make the best educated guesses possible in order to properly prioritize the implementation of the risk management plan.

Possible actions available

Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories: (Dorfman, 1997)

16

Avoidance Reduction (aka Mitigation) Retention (aka Acceptance) Transfer

Ideal use of these strategies may not be possible. Some of them may involve trade offs that are not acceptable to the organization or person making the risk management decisions.

Risk avoidance
Includes not performing an activity that could carry risk. An example would be not buying a property or business in order to not take on the liability that comes with it. Another would be not flying in order to not take the risk that the airplane were to be hijacked. Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of earning the profits.

Risk reduction
Involves methods that reduce the severity of the loss. Examples include sprinklers designed to put out a fire to reduce the risk of loss by fire. This method may cause a greater loss by water damage and therefore may not be suitable. Halon fire suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy. Modern software development methodologies reduce risk by developing and delivering software incrementally. Early methodologies suffered from the fact that they only delivered software in the final phase of development; any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. By developing in increments, software projects can limit effort wasted to a single increment. A current trend in software development, spearheaded by the Extreme Programming community, is to reduce the size of increments to the smallest size possible, sometimes as little as one week is allocated to an increment.

Risk retention
Involves accepting the loss when it occurs. True self insurance falls in this category. Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. All risks that are not avoided or transferred are retained by default. This includes risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible. War is an example since most property and risks are not insured against war, so the loss attributed by war is retained by the insured. Also any amounts of potential loss (risk) over the amount insured is retained risk. This may also be acceptable if the chance of a very large

17

loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals of the organization too much.

Risk transfer
Means causing another party to accept the risk, typically by contract or by hedging. Insurance is one type of risk transfer that uses contracts. Other times it may involve contract language that transfers a risk to another party without the payment of an insurance premium. Liability among construction or other contractors is very often transferred this way. On the other hand, taking offsetting positions in derivative securities is typically how firms use hedging to financial risk management: financially manage risk. Some ways of managing risk fall into multiple categories. Risk retention pools are technically retaining the risk for the group, but spreading it over the whole group involves transfer among individual members of the group. This is different from traditional insurance, in that no premium is exchanged between members of the group up front, but instead losses are assessed to all members of the group.

Create the plan

Decide on the combination of methods to be used for each risk

Implementation
Follow all of the planned methods for mitigating the effect of the risks. Purchase insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risks that can be avoided without sacrificing the entity's goals, reduce others, and retain the rest.

Review and evaluation of the plan

Initial risk management plans will never be perfect. Practice, experience, and actual loss results, will necessitate changes in the plan and contribute information to allow possible different decisions to be made in dealing with the risks being faced.

18

Limitations
If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably. Unlikely events do occur, but if the risk is unlikely enough to occur, it may be better to simply retain the risk, and deal with the result if the loss does in fact occur. Prioritizing too highly the Risk management processes itself could potentially keep an organization from ever completing a project or even getting started. This is especially true if other work is suspended until the risk management process is considered complete.

19

Managing credit risk

Credit risk arises from the potential that an obligor is either unwilling to perform on an obligation or its ability to perform such obligation is impaired resulting in economic loss to the bank. In a banks portfolio, losses stem from outright default due to inability or unwillingness of a customer or counter party to meet commitments in relation to lending, trading, settlement and other financial transactions. Alternatively losses may result from reduction in portfolio value due to actual or perceived deterioration in credit quality. Credit risk emanates from a banks dealing with individuals, corporate, financial institutions or a sovereign. For most banks, loans are the largest and most obvious source of credit risk; however, credit risk could stem from activities both on and off balance sheet. In addition to direct accounting loss, credit risk should be viewed in the context of economic exposures. This encompasses opportunity costs, transaction costs and expenses associated with a non-performing asset over and above the accounting loss. Credit risk can be further sub-categorized on the basis of reasons of default. For instance the default could be due to country in which there is exposure or problems in settlement of a transaction. Credit risk not necessarily occurs in isolation. The same source that endangers credit risk for the institution may also expose it to other risk. For instance a bad portfolio may attract liquidity problem.

Components of credit risk management

A typical Credit risk management framework in a financial institution may be broadly categorized into following main components. a) Board and senior Managements Oversight b) Organizational structure c) Systems and procedures for identification, acceptance, measurement, monitoring and control risks.

Board and Senior Managements Oversight

It is the overall responsibility of banks Board to approve banks credit risk strategy and significant policies relating to credit risk and its management which should be based on the banks overall business strategy. To keep it current, the overall strategy has to be reviewed by the board, preferably annually. The responsibilities of the Board with regard to credit risk management shall, interalia, include :

20

a) Delineate b)

banks overall risk tolerance in relation to credit risk.

Ensure that banks overall credit risk exposure is maintained at prudent levels and consistent with the available capital Ensure that top management as well as individuals responsible for credit risk management possess sound expertise and knowledge to accomplish the risk management function
c) d)

Ensure that the bank implements sound fundamental principles that facilitate the identification, measurement, monitoring and control of credit risk.
e) Ensure

that appropriate plans and procedures for credit risk management are in place.

The very first purpose of banks credit strategy is to determine the risk appetite of the bank. Once it is determined the bank could develop a plan to optimize return while keeping credit risk within predetermined limits. The banks credit risk strategy thus should spell out The institutions plan to grant credit based on various client segments and products, economic sectors, geographical location, currency and maturity
a)

Target market within diversification/concentration.

b) c) Pricing

each

lending

segment,

preferred

level

of

strategy.

It is essential that banks give due consideration to their target market while devising credit risk strategy. The credit procedures should aim to obtain an in depth understanding of the banks clients, their credentials & their businesses in order to fully know their customers. The strategy should provide continuity in approach and take into account cyclic aspect of countrys economy and the resulting shifts in composition and quality of overall credit portfolio. While the strategy would be reviewed periodically and amended, as deemed necessary, it should be viable in long term and through various economic cycles. The senior management of the bank should develop and establish credit policies and credit administration procedures as a part of overall credit risk management framework and get those approved from board. Such policies and procedures shall provide guidance to the staff on various types of lending including corporate, SME, consumer, agriculture, etc. At minimum the policy should include

21

a) Detailed b)

and formalized credit evaluation/ appraisal process.

Credit approval authority at various hierarchy levels including authority for approving exceptions.
c) Risk d) Risk

identification, measurement, monitoring and control acceptance criteria origination and credit administration and loan documentation procedures

e) Credit f)

Roles and responsibilities of units/staff involved in origination and management of credit.

g) Guidelines

on management of problem loans.

In order to be effective these policies must be clear and communicated down the line. Further any significant deviation/exception to these policies must be communicated to the top management/board and corrective measures should be taken. It is the responsibility of senior management to ensure effective implementation of these policies.

Organizational Structure.
To maintain banks overall credit risk exposure within the parameters set by the board of directors, the importance of a sound risk management structure is second to none. While the banks may choose different structures, it is important that such structure should be commensurate with institutions size, complexity and diversification of its activities. It must facilitate effective management oversight and proper execution of credit risk management and control processes. Each bank, depending upon its size, should constitute a Credit Risk Management Committee (CRMC), ideally comprising of head of credit risk management Department, credit department and treasury. This committee reporting to banks risk management committee should be empowered to oversee credit risk taking activities and overall credit risk management function. The CRMC should be mainly responsible for
a) The implementation b)

of the credit risk policy / strategy approved by the Board.

Monitor credit risk on a bank-wide basis and ensure compliance with limits approved by the Board. Recommend to the Board, for its approval, clear policies on standards for presentation of credit proposals, financial covenants, rating standards and benchmarks.
c)

Decide delegation of credit approving powers, prudential limits on large credit exposures, standards for loan collateral, portfolio management, loan review mechanism, risk concentrations, risk monitoring and evaluation, pricing of loans, provisioning, regulatory/legal compliance, etc.
d)

22

Further, to maintain credit discipline and to enunciate credit risk management and control process there should be a separate function independent of loan origination function. Credit policy formulation, credit limit setting, monitoring of credit exceptions / exposures and review /monitoring of documentation are functions that should be performed independently of the loan origination function. For small banks where it might not be feasible to establish such structural hierarchy, there should be adequate compensating measures to maintain credit discipline introduce adequate checks and balances and standards to address potential conflicts of interest. Ideally, the banks should institute a Credit Risk Management Department (CRMD). Typical functions of CRMD include: To follow a holistic approach in management of risks inherent in banks portfolio and ensure the risks remain within the boundaries established by the Board or Credit Risk Management Committee.
a)

The department also ensures that business lines comply with risk parameters and prudential limits established by the Board or CRMC.
b)

Establish systems and procedures relating to risk identification, Management Information System, monitoring of loan / investment portfolio quality and early warning. The department would work out remedial measure when deficiencies/problems are identified.
c)

The Department should undertake portfolio evaluations and conduct comprehensive studies on the environment to test the resilience of the loan portfolio.
d)

Notwithstanding the need for a separate or independent oversight, the front office or loan origination function should be cognizant of credit risk, and maintain high level of credit discipline and standards in pursuit of business opportunities.

Systems and Procedures

Banks must operate within a sound and well-defined criteria for new credits as well as the expansion of existing credits. Credits should be extended within the target markets and lending strategy of the institution. Before allowing a credit facility, the bank must make an assessment of risk profile of the customer/transaction. This may include
a) Credit

assessment of the borrowers industry, and macro economic factors. credit and source of repayment.

b) The purpose of c) The

track record / repayment history of borrower. the repayment capacity of the borrower.

d) Assess/evaluate e) The

Proposed terms and conditions and covenants. and enforceability of collaterals. 23

f) Adequacy

g) Approval

from appropriate authority

In case of new relationships consideration should be given to the integrity and repute of the borrowers or counter party as well as its legal capacity to assume the liability. Prior to entering into any new credit relationship the banks must become familiar with the borrower or counter party and be confident that they are dealing with individual or organization of sound repute and credit worthiness. However, a bank must not grant credit simply on the basis of the fact that the borrower is perceived to be highly reputable i.e. name lending should be discouraged. While structuring credit facilities institutions should appraise the amount and timing of the cash flows as well as the financial position of the borrower and intended purpose of the funds. It is utmost important that due consideration should be given to the risk reward trade off in granting a credit facility and credit should be priced to cover all embedded costs. Relevant terms and conditions should be laid down to protect the institutions interest. Institutions have to make sure that the credit is used for the purpose it was borrowed. Where the obligor has utilized funds for purposes not shown in the original proposal, institutions should take steps to determine the implications on creditworthiness. In case of corporate loans where borrower own group of companies such diligence becomes more important. Institutions should classify such connected companies and conduct credit assessment on consolidated/group basis. In loan syndication, generally most of the credit assessment and analysis is done by the lead institution. While such information is important, institutions should not over rely on that. All syndicate participants should perform their own independent analysis and review of syndicate terms. Institution should not over rely on collaterals / covenant. Although the importance of collaterals held against loan is beyond any doubt, yet these should be considered as a buffer providing protection in case of default, primary focus should be on obligors debt servicing ability and reputation in the market.

Limit setting
An important element of credit risk management is to establish exposure limits for single obligors and group of connected obligors. Institutions are expected to develop their own limit structure while remaining within the exposure limits set by State Bank of Pakistan. The size of the limits should be based on the credit strength of the obligor, genuine requirement of credit, economic conditions and the institutions risk tolerance. Appropriate limits should be set for respective products and activities. Institutions may establish limits for a specific industry, economic sector or geographic regions to avoid concentration risk.

24

Some times, the obligor may want to share its facility limits with its related companies. Institutions should review such arrangements and impose necessary limits if the transactions are frequent and significant Credit limits should be reviewed regularly at least annually or more frequently if obligors credit quality deteriorates. All requests of increase in credit limits should be substantiated.

Credit Administration.
Ongoing administration of the credit portfolio is an essential part of the credit process. Credit administration function is basically a back office activity that support and control extension and maintenance of credit. A typical credit administration unit performs following functions:
a.

Documentation. It is the responsibility of credit administration to ensure

completeness of documentation (loan agreements, guarantees, transfer of title of collaterals etc) in accordance with approved terms and conditions. Outstanding documents should be tracked and followed up to ensure execution and receipt.
b. Credit

Disbursement. The credit administration function should ensure that the loan application has proper approval before entering facility limits into computer systems. Disbursement should be effected only after completion of covenants, and receipt of collateral holdings. In case of exceptions necessary approval should be obtained from competent authorities. Credit monitoring. After the loan is approved and draw down allowed, the loan should be continuously watched over. These include keeping track of borrowers compliance with credit terms, identifying early signs of irregularity, conducting periodic valuation of collateral and monitoring timely repayments.
c. d.

Loan Repayment. The obligors should be communicated ahead of time as and when

the principal/markup installment becomes due. Any exceptions such as non-payment or late payment should be tagged and communicated to the management. Proper records and updates should also be made after receipt.

Maintenance of Credit Files. Institutions should devise procedural guidelines and standards for maintenance of credit files. The credit files not only include all correspondence with the borrower but should also contain sufficient information necessary to assess financial health of the borrower and its repayment performance. It need not mention that information should be filed in organized way so that external / internal auditors or SBP inspector could review it easily.
e. f.

Collateral and Security Documents . Institutions should ensure that all security

documents are kept in a fireproof safe under dual control. Registers for documents should be maintained to keep track of their movement.

25

Procedures should also be established to track and review relevant insurance coverage for certain facilities/collateral. Physical checks on security documents should be conducted on a regular basis. While in small Institutions it may not be cost effective to institute a separate credit administrative set-up, it is important that in such institutions individuals performing sensitive functions such as custody of key documents, wiring out funds, entering limits into system, etc., should report to managers who are independent of business origination and credit approval process.

Measuring credit risk.

The measurement of credit risk is of vital importance in credit risk management. A number of qualitative and quantitative techniques to measure risk inherent in credit portfolio are evolving. To start with, banks should establish a credit risk rating framework across all type of credit activities. Among other things, the rating framework may, incorporate: Business Risk o Industry Characteristics o Competitive Position (e.g. marketing/technological edge) o Management Financial Risk o Financial condition o Profitability o Capital Structure o Present and future Cash flows

Internal Risk Rating.

Credit risk rating is summary indicator of a banks individual credit exposure. An internal rating system categorizes all credits into various classes on the basis of underlying credit quality. A well-structured credit rating framework is an important tool for monitoring and controlling risk inherent in individual credits as well as in credit portfolios of a bank or a business line. The importance of internal credit rating framework becomes more eminent due to the fact that historically major losses to banks stemmed from default in loan portfolios. While a number of banks already have a system for rating individual credits in addition to the risk categories prescribed by SBP, all banks are encouraged to devise an internal rating framework. An internal rating framework would facilitate banks in a number of ways such as
a) Credit

selection exposure

b) Amount of

26

c) Tenure

and price of facility or intensity of monitoring

d) Frequency e)

Analysis of migration of deteriorating credits and more accurate computation of future loan loss provision
f) Deciding

the level of Approving authority of loan.

The Architecture of internal rating system.

The decision to deploy any risk rating architecture for credits depends upon two basic aspects The Loss Concept and the number and meaning of grades on the rating continuum corresponding to each loss concept*.
a)

Whether to rate a borrower on the basis of point in time philosophy or through the cycle approach.
b)

Besides there are other issues such as whether to include statutory grades in the scale, the type of rating scale i.e. alphabetical numerical or alpha-numeric etc. SBP does not advocate any particular credit risk rating system; it should be banks own choice. However the system should commensurate with the size, nature and complexity of their business as well as possess flexibility to accommodate present and future risk profile of the bank, the anticipated level of diversification and sophistication in lending activities. A rating system with large number of grades on rating scale becomes more expensive due to the fact that the cost of obtaining and analyzing additional information for fine gradation increase sharply. However, it is important that there should be sufficient gradations to permit accurate characterization of the under lying risk profile of a loan or a portfolio of loans

The operating Design of Rating System.

As with the decision to grant credit, the assignment of ratings always involve element of human judgment. Even sophisticated rating models do not replicate experience and judgment rather these techniques help and reinforce subjective judgment. Banks thus design the operating flow of the rating process in a way that is aimed promoting the accuracy and consistency of the rating system while not unduly restricting the exercise of judgment. Key issues relating to the operating design of a rating system include what exposures to rate; the organizations division of responsibility for grading; the nature of ratings review; the formality of the process and specificity of formal rating definitions.

27

What Exposures are rated?

Ideally all the credit exposures of the bank should be assigned a risk rating. However given the element of cost, it might not be feasible for all banks to follow. The banks may decide on their own which exposure needs to be rated. The decision to rate a particular loan could be based on factors such as exposure amount, business line or both. Generally corporate and commercial exposures are subject to internal ratings and banks use scoring models for consumer / retail loans.

The rating process in relation to credit approval and review.

Ratings are generally assigned /reaffirmed at the time of origination of a loan or its renewal /enhancement. The analysis supporting the ratings is inseparable from that required for credit appraisal. In addition the rating and loan analysis process while being separate are intertwined. The process of assigning a rating and its approval / confirmation goes along with the initiation of a credit proposal and its approval. Generally loan origination function (whether a relationship manager or credit staff) * initiates a loan proposal and also allocates a specific rating. This proposal passes through the credit approval process and the rating is also approved or recalibrated simultaneously by approving authority. The revision in the ratings can be used to upgrade the rating system and related guidelines.

How to arrive at ratings

The assignment of a particular rating to an exposure is basically an abbreviation of its overall risk profile. Theoretically ratings are based upon the major risk factors and their intensity inherent in the business of the borrower as well as key parameters and their intensity to those risk factors. Major risk factors include borrowers financial condition, size, industry and position in the industry; the reliability of financial statements of the borrower; quality of management; elements of transaction structure such as covenants etc. A more detail on the subject would be beyond the scope of these guidelines, however a few important aspects are Banks may vary somewhat in the particular factors they consider and the weight they give to each factor.
a)

Since the rater and reviewer of rating should be following the same basic thought, to ensure uniformity in the assignment and review of risk grades, the credit policy should explicitly define each risk grade; lay down criteria to be fulfilled while assigning a particular grade, as well as the circumstances under which deviations from criteria can take place.
b) c) The

credit policy should also explicitly narrate the roles of different parties involved in the rating process.
d) The

institution must ensure that adequate training is imparted to staff to ensure uniform

ratings 28

Assigning a Rating is basically a judgmental exercise and the models, external ratings and written guidelines/benchmarks serve as input.
e) f)

Institutions should take adequate measures to test and develop a risk rating system prior to adopting one. Adequate validation testing should be conducted during the design phase as well as over the life of the system to ascertain the applicability of the system to the institutions portfolio. Institutions that use sophisticated statistical models to assign ratings or to calculate probabilities of default, must ascertain the applicability of these models to their portfolios. Even when such statistical models are found to be satisfactory, institutions should not use the output of such models as the sole criteria for assigning ratings or determining the probabilities of default. It would be advisable to consider other relevant inputs as well.

Ratings review
The rating review can be two-fold: Continuous monitoring by those who assigned the rating. The Relationship Managers (RMs) generally have a close contact with the borrower and are expected to keep an eye on the financial stability of the borrower. In the event of any deterioration the ratings are immediately revised /reviewed.
a) b) Secondly

the risk review functions of the bank or business lines also conduct periodical review of ratings at the time of risk review of credit portfolio. Risk ratings should be assigned at the inception of lending, and updated at least annually. Institutions should, however, review ratings as and when adverse events occur. A separate function independent of loan origination should review Risk ratings. As part of portfolio monitoring, institutions should generate reports on credit exposure by risk grade. Adequate trend and migration analysis should also be conducted to identify any deterioration in credit quality. Institutions may establish limits for risk grades to highlight concentration in particular rating bands. It is important that the consistency and accuracy of ratings is examined periodically by a function such as an independent credit review group For consumer lending, institutions may adopt credit-scoring models for processing loan applications and monitoring credit quality. Institutions should apply the above principles in the management of scoring models. Where the model is relatively new, institutions should continue to subject credit applications to rigorous review until the model has stabilized.

Credit Risk Monitoring & Control

Credit risk monitoring refers to incessant monitoring of individual credits inclusive of Off-Balance sheet exposures to obligors as well as overall credit portfolio of the bank.

29

Banks need to enunciate a system that enables them to monitor quality of the credit portfolio on day-to-day basis and take remedial measures as and when any deterioration occurs. Such a system would enable a bank to ascertain whether loans are being serviced as per facility terms, the adequacy of provisions, the overall risk profile is within limits established by management and compliance of regulatory limits. Establishing an efficient and effective credit monitoring system would help senior management to monitor the Overall quality of the total credit portfolio and its trends. Consequently the management could fine tune or reassess its credit strategy /policy accordingly before encountering any major setback. The banks credit policy should explicitly provide procedural guideline relating to credit risk monitoring. At the minimum it should lay down procedure relating to
a) The roles b)

and responsibilities of individuals responsible for credit risk monitoring

The assessment procedures and analysis techniques (for individual loans & overall portfolio)
c) The

frequency of monitoring examination of collaterals and loan covenants

d) The periodic e) The f) The

frequency of site visits identification of any deterioration in any loan

Given below are some key indicators that depict the credit quality of a loan:
a. Financial

Position and Business Conditions. The most important aspect about

an obligor is its financial health, as it would determine its repayment capacity. Consequently institutions need carefully watch financial standing of obligor. The Key financial performance indicators on profitability, equity, leverage and liquidity should be analyzed. While making such analysis due consideration should be given to business/industry risk, borrowers position within the industry and external factors such as economic condition, government policies, regulations. For companies whose financial position is dependent on key management personnel and/or shareholders, for example, in small and medium enterprises, institutions would need to pay particular attention to the assessment of the capability and capacity of the management/shareholder(s).
b.

Conduct of Accounts. In case of existing obligor the operation in the account

would give a fair idea about the quality of credit facility. Institutions should monitor the obligors account activity, repayment history and instances of excesses over credit limits. For trade financing, institutions should monitor cases of repeat extensions of due dates for trust receipts and bills.

30

Loan Covenants. The obligors ability to adhere to negative pledges and financial covenants stated in the loan agreement should be assessed, and any breach detected should be addressed promptly.
c. d.

Collateral valuation. Since the value of collateral could deteriorate resulting in

unsecured lending, banks need to reassess value of collaterals on periodic basis. The frequency of such valuation is very subjective and depends upon nature of collaterals. For instance loan granted against shares need revaluation on almost daily basis whereas if there is mortgage of a residential property the revaluation may not be necessary as frequently. In case of credit facilities secured against inventory or goods at the obligors premises, appropriate inspection should be conducted to verify the existence and valuation of the collateral. And if such goods are perishable or such that their value diminish rapidly (e.g. electronic parts/equipments), additional precautionary measures should be taken. External Rating and Market Price of securities such as TFCs purchased as a form of lending or long-term investment should be monitored for any deterioration in credit rating of the issuer, as well as large decline in market price. Adverse changes should trigger additional effort to review the creditworthiness of the issuer.

Risk review
The institutions must establish a mechanism of independent, ongoing assessment of credit risk management process. All facilities except those managed on a portfolio basis should be subjected to individual risk review at least once in a year. The results of such review should be properly documented and reported directly to board, or its sub committee or senior management without lending authority. The purpose of such reviews is to assess the credit administration process, the accuracy of credit rating and overall quality of loan portfolio Independent of relationship with the obligor. Institutions should conduct credit review with updated information on the obligors financial and business conditions, as well as conduct of account. Exceptions noted in the credit monitoring process should also be evaluated for impact on the obligors creditworthiness. Credit review should also be conducted on a consolidated group basis to factor in the business connections among entities in a borrowing group. As stated earlier, credit review should be performed on an annual basis, however more frequent review should be conducted for new accounts where institutions may not be familiar with the obligor, and for classified or adverse rated accounts that have higher probability of default. For consumer loans, institutions may dispense with the need to perform credit review for certain products. However, they should monitor and report credit exceptions and deterioration.

31

Delegation of Authority.
Banks are required to establish responsibility for credit sanctions and delegate authority to approve credits or changes in credit terms. It is the responsibility of banks board to approve the overall lending authority structure, and explicitly delegate credit sanctioning authority to senior management and the credit committee. Lending authority assigned to officers should be commensurate with the experience, ability and personal character. It would be better if institutions develop risk-based authority structure where lending power is tied to the risk ratings of the obligor. Large banks may adopt multiple credit approvers for sanctioning such as credit ratings, risk approvals etc to institute a more effective system of check and balance. The credit policy should spell out the escalation process to ensure appropriate reporting and approval of credit extension beyond prescribed limits. The policy should also spell out authorities for unsecured credit (while remaining within SBP limits), approvals of disbursements excess over limits and other exceptions to credit policy. In cases where lending authority is assigned to the loan originating function, there should be compensating processes and measures to ensure adherence to lending standards. There should also be periodic review of lending authority assigned to officers. Managing problem credits The institution should establish a system that helps identify problem loan ahead of time when there may be more options available for remedial measures. Once the loan is identified as problem, it should be managed under a dedicated remedial process. A banks credit risk policies should clearly set out how the bank will manage problem credits. Banks differ on the methods and organization they use to manage problem credits. Responsibility for such credits may be assigned to the originating business function, a specialized workout section, or a combination of the two, depending upon the size and nature of the credit and the reason for its problems. When a bank has significant credit-related problems, it is important to segregate the workout function from the credit origination function. The additional resources, expertise and more concentrated focus of a specialized workout section normally improve collection results. A problem loan management process encompass following basic elements.

Negotiation and follow-up. Proactive effort should be taken in dealing with obligors to implement remedial plans, by maintaining frequent contact and internal records of follow-up actions. Often rigorous efforts made at an early stage prevent institutions from litigations and loan losses
a. b.

Workout remedial strategies. Some times appropriate remedial strategies such

as restructuring of loan facility, enhancement in credit limits or reduction in interest rates help improve obligors repayment capacity. However it depends upon business condition, the nature of problems being faced and most importantly obligors commitment and willingness to repay the loan. While such remedial strategies often bring up positive 32

results, institutions need to exercise great caution in adopting such measures and ensure that such a policy must not encourage obligors to default intentionally . The institutions interest should be the primary consideration in case of such workout plans. It needs not mention here that competent authority, before their implementation, should approve such workout plan.

Review of collateral and security document. Institutions have to ascertain the loan recoverable amount by updating the values of available collateral with formal valuation. Security documents should also be reviewed to ensure the completeness and enforceability of contracts and collateral/guarantee.
c.

Status Report and Review. Problem credits should be subject to more frequent review and monitoring. The review should update the status and development of the loan accounts and progress of the remedial plans. Progress made on problem loan should be reported to the senior management
d.

33

INDUSTRIAL CREDIT & INVESTMENT CORPORATION OF INDIA (ICICI) Risk Management

As a financial intermediary, ICICI Bank is exposed to risks that are particular to its lending and trading businesses and the environment within which it operates. ICICI Banks goal in risk management is to ensure that it understands measures and monitors the various risks that arise and that the organization adheres strictly to the policies and procedures which are established to address these risks. As a financial intermediary, ICICI Bank is primarily exposed to credit risk, market risk, liquidity risk, operational risk and legal risk. ICICI Bank has a central Risk, Compliance and Audit Group with a mandate to identify, assess, monitor and manage all of ICICI Banks principal risks in accordance with well-defined policies and procedures. The Head of the Risk, Compliance and Audit Group reports to the Executive Director responsible for the Corporate Center, which does not include any business groups, and is thus independent from ICICI Banks business units. The Risk, Compliance and Audit Group coordinate with representatives of the business units to implement ICICI Banks risk methodologies. Committees of the board of directors have been constituted to oversee the various risk management activities. The Audit Committee of ICICI Banks board of directors provides direction to and also monitors the quality of the internal audit function. The Risk Committee of ICICI Banks board of directors reviews risk management policies in relation to various risks including portfolio,liquidity, interest rate, off-balance sheet and operational risks, investment policies and strategy, and regulatory and compliance issues in relation thereto. The Credit Committee of ICICI Banks board of directors reviews developments in key industrial sectors and ICICI Banks exposure to these sectors. The Asset Liability Management Committee of ICICI Banks board of directors is responsible for managing the balance sheet and reviewing the asset-liability position to manage ICICI Banks market risk exposure. The Agriculture & Small Enterprises Business Committee of ICICI Banks board of directors, which was constituted in June 2003 but has not held any meetings to date, will, in additionto reviewing ICICI Banks strategy for small enterprises and agri-business, also review the quality of the agricultural lending and small enterprises finance credit portfolio. For a discussion of these and other committees see ''Management''. As shown in the following chart, the Risk, Compliance and Audit Group is organized into six subgroups:

34

Credit Risk Management, Market Risk Management, Analytics, Internal Audit, Retail Risk Management and Credit Policies and Reserve Bank of India Inspection. The Analytics Unit develops proprietary quantitative techniques and models for risk measurement.

35

The Risk, Compliance and Audit Group is also responsible for assessing the risks pertaining to international business, including review of credit policies and setting sovereign and counterparty limits .

Credit Risk
In our lending operations, we are principally exposed to credit risk. Credit risk is the risk of loss that may occur from the failure of any party to abide by the terms and conditions of any financial contract with us, principally the failure to make required payments on loans due to us. We currently measure, monitor and manage credit risk for each borrower and also at the portfolio level. We have a structured and standardized credit approval process, which includes a well-established procedure of comprehensive credit appraisal.

Credit Risk Assessment Procedures for Corporate Loans

In order to assess the credit risk associated with any financing proposal, ICICI Bank assesses a variety of risks relating to the borrower and the relevant industry. Borrower risk is evaluated by considering: The financial position of the borrower by analyzing the quality of its financial statements, its past financial performance, its financial flexibility in terms of ability to raise capital and its cash flow adequacy; The borrower's relative market position and operating efficiency; and The quality of management by analyzing their track record, payment record and financial conservatism.

Industry risk is evaluated by considering: Certain industry characteristics, such as the importance of the industry to the economy, its growth outlook, cyclicality and government policies relating to the industry; The competitiveness of the industry; and Certain industry financials, including return on capital employed, operating margins and earnings stability.

After conducting an analysis of a specific borrower's risk, the Credit Risk Management Group assigns a credit rating to the borrower. ICICI Bank has a scale of 10 ratings ranging from AAA to Band an additional default rating of D. Credit rating is a critical input for the credit approval process ICICI Bank determines the desired credit risk spread over its cost of funds by considering the borrower's credit rating and the default pattern corresponding to the credit rating. Every proposal for a financing facility is prepared by

36

the relevant business unit and reviewed by the appropriate industry specialists in the Credit Risk Management Group before being submitted for approval to the appropriate approval authority. The approval process for non-fund facilities is similar to that for fund based facilities. The credit rating for every borrower is reviewed at least annually and is typically reviewed on a more frequent basis for higher risk credits and large exposures. ICICI Bank also reviews the ratings of all borrowers in a particular industry upon the occurrence of any significant event impacting that industry. Working capital loans are generally approved for a period of 12 months. At the end of 12 months, ICICI Bank reviews the loan arrangement and the credit rating of the borrower and takes a decision on continuation of the arrangement and changes in the loan covenants as may be necessary.

Credit Approval Procedures for Corporate Loans

Project Finance Procedures ICICI Bank has a strong framework for the appraisal and execution of project finance transactions. ICICI Bank believes that this framework creates optimal risk identification, allocation and mitigation, and helps minimize residual risk. The project finance approval process begins with a detailed evaluation of technical, commercial, financial, marketing and management factors and the sponsor's financial strength and experience Once this review is completed, an appraisal memorandum is prepared for credit approval purposes. As part of the appraisal process, a risk matrix is generated, which identifies each of the project risks, mitigating factors and residual risks associated with the project. The appraisal memorandum analyzes the risk matrix and establishes the viability of the project. Typical key risk mitigating factors include the commitment of stand-by funds from the sponsors to meet any cost overruns and a conservative collateral position. After credit approval, a letter of intent is issued to the borrower, which outlines the principal financial terms of the proposed facility, sponsor obligations, conditions precedent to disbursement, undertakings from and covenants on the borrower. After completion of all formalities by the borrower, a loan agreement is entered into with the borrower. In addition to the above, in the case of structured project finance in areas such as infrastructure and oil, gas and petrochemicals, as a part of the due diligence process, ICICI Bank appoints consultants, wherever considered necessary, to advise the lenders, including technical advisors, business analysts, legal counsel and insurance consultants. These consultants are typically internationally recognized and experienced in their respective fields. Risk mitigating factors in these financings generally also include creation of debt service reserves and channeling project revenues through a trust and retention account.

37

ICICI Banks project finance credits are generally fully secured and have full recourse to the borrower. In most cases, ICICI Bank has a security interest and first lien on all the fixed assets and a second lien on all the current assets of the borrower. Security interests typically include property, plant and equipment as well as other tangible assets of the borrower, both present and future. Typically, it is ICICI Banks practice to lend between 60.0% and 80.0% of the appraised value of these types of collateral securities. ICICI Banks borrowers are required to maintain comprehensive insurance on their assets where ICICI Bank is recognized as payee in the event of loss. In some cases, ICICI Bank also takes additional collateral in the form of corporate or personal guarantees from one or more sponsors of the project and a pledge of the sponsors' equity holding in the project company. In certain industry segments, ICICI Bank also takes security interest in relevant project contracts such as concession agreements, off-take agreements and construction contracts as part of the security package. In limited cases, loans are also guaranteed by commercial banks and, in the past, have also been guaranteed by Indian state governments or the government of India. It is ICICI Banks current practice to normally disburse funds after the entire project funding is committed and all necessary contractual arrangements have been entered into. Funds are disbursed in tranches to pay for approved project costs as the project progresses. When ICICI Bank appoints technical and market consultants, they are required to monitor the project's progress and certify all disbursements. ICICI Bank also requires the borrower to submit periodic reports on project implementation, including orders for machinery and equipment as well as expenses incurred. Project completion is contingent upon satisfactory operation of the project for a certain minimum period and, in certain cases, the establishment of debt service reserves. ICICI Bank continues to monitor the credit exposure until its loans are fully repaid.

Corporate Finance Procedures

As part of the corporate loan approval procedures, ICICI Bank carries out a detailed analysis of funding requirements, including normal capital expenses, long-term working capital requirements and temporary imbalances in liquidity. ICICI Banks funding of long-term core working capital requirements is assessed on the basis, among other things, of the borrower's present and proposed level of inventory and receivables. In case of corporate loans for other funding requirements, ICICI Bank undertakes a detailed review of those requirements and an analysis of cash flows. A substantial portion of ICICI Banks corporate finance loans are secured by a lien over appropriate assets of the borrower. The focus of ICICI Banks structured corporate finance products is on cash flow based financings. ICICI Bank has a set of distinct approval procedures to evaluate and mitigate the risks associated with such products. These procedures include:

38

carrying out a detailed analysis of cash flows to accurately forecast the amounts that will be paid and the timing of the payments based on an exhaustive analysis of historical data; conducting due diligence on the underlying business systems, including a detailed evaluation of the servicing and collection procedures and the underlying contractual arrangements; and paying particular attention to the legal, accounting and tax issues that may impact any structure.

ICICI Banks analysis enables it to identify risks in these transactions. To mitigate risks, ICICI Bank uses various credit enhancement techniques, such as over-collateralization, cash collateralization, creation of escrow accounts and debt service reserves and performance guarantees. The residual risk is typically managed by complete or partial recourse to the borrowing company whose credit risk is evaluated as described above. ICICI Bank also has a monitoring framework to enable continuous review of the performance of such transactions.

Working Capital Finance Procedures

ICICI Bank carries out a detailed analysis of its borrowers' working capital requirements. Credit limits are approved in accordance with the approval authorization approved by ICICI Banks board ofdirectors. Once credit limits are approved, ICICI Bank calculates the amounts that can be lent on the basis of monthly statements provided by the borrower and the margins stipulated. Quarterly information statements are also obtained from borrowers to monitor the performance on a regular basis. Monthly cash flow statements are obtained where considered necessary. Any irregularity in the conduct of the account is reported to the appropriate authority on a monthly basis. Credit limits are reviewed on an annual basis. Working capital facilities are primarily secured by inventories and receivables. Additionally, in certain cases, these credit facilities are secured by personal guarantees of directors, or subordinated security interests in the tangible assets of the borrower including plant and machinery.

Credit Approval Authority for Corporate Loans

ICICI Bank has established four levels of credit approval authorities for its corporate banking activities, the Credit Committee of the board of directors, the Committee of Directors, the Committee of Executives (Credit) and the Regional Committee (Credit). The Credit Committee has the power to approve all financial assistance. ICICI Banks board of directors has delegated the authority to the Committee of Directors, consisting of ICICI Bank's whole time directors, to the Committee of Executives (Credit) and the Regional Committee (Credit), both consisting of designated executives of ICICI Bank, to approve financial assistance to any company within certain individual and group

39

exposure limits set by the board of directors.

The following table sets forth the composition and the approval authority of these committees.

40

(1) Capital funds consist of Tier 1 and Tier 2 capital, as defined in the Reserve Bank of India regulations, under Indian GAAP. See Supervision and Regulation Capital Adequacy Requirements.

41

All new loans must be approved by the above committees in accordance with their respective powers. Certain designated executives are authorized to approve: Ad-hoc/ additional working capital facilities not exceeding the lower of 10.0% of existing approved facilities and Rs. 20 million (US$ 420,610); Temporary accommodation not exceeding the lower of 20.0% of existing approved facilities and Rs. 20 million (US$ 420,610); and Facilities fully secured by deposits, cash margin, letters of credit of approved banks or approved sovereign debt instruments. In addition to the above loan products, ICICI Banks Rural Micro Banking Group provides loans to self-help groups, rural agencies, as well as certain categories of agricultural loans and loans under government-sponsored schemes. These loans are typically of small amounts. The credit approval authorization approved by the board of directors of ICICI Bank requires that all such loans aboveRs.1.5 million (US$ 31,546) be approved by the Committee of Directors comprising all the whole time directors, while the authority to approve loans up to Rs.1.5 million (US$ 31,546) has been delegated to designated executives.

Credit Monitoring Procedures for Corporate Loans

The Credit Middle Office Group monitors compliance with the terms and conditions for credit facilities prior to disbursement. It also reviews the completeness of documentation, creation of security and insurance policies for assets financed. All borrower accounts are reviewed at least once a year. Larger exposures and lower rated-borrowers are reviewed more frequently.

Retail Loan Procedures

Our customers for retail loans are typically middle and high-income, salaried or selfemployed individuals, and, in some cases, partnerships and corporations. Except for personal loans and credit cards, we require a contribution from the borrower and our loans are secured by the asset financed. Our retail credit product operations are sub-divided into various product lines. Each product line is further sub-divided into separate sales and marketing and credit groups. The Risk, Compliance and Audit Group, which is independent of the business groups, approves all new retail products and product policies and credit approval authorizations. All products and policies require the approval of the Committee of Directors comprising all the whole time directors. All credit approval authorizations require the approval of ICICI Banks board of directors.

42

We have an established process for evaluating and selecting our dealers and franchisees and there is a clear segregation between the group responsible for originating loans and the group that approves the loans. A centralized set of risk assessment criteria has been created for retail lending operations after approval by the Risk, Compliance and Audit Group. These criteria vary across product segments but typically include factors such as the borrower's income, the loan-to-value ratio and certain stability factors. The loan approval authority is delegated to credit officers, subject to loan amount limits, which vary across different loan products. We use Direct Marketing Agents (DMAs) for the marketing and sale of retail credit products. Credit approval authority lies only with our credit officers. Credit officers approve loans in compliance with the risk assessment criteria. External agencies are used to facilitate a comprehensive due diligence process including visits to office or home in the case of loans to individual borrowers. Before disbursements are made, the credit officer conducts a centralized check and review of the borrower's profile. In order to limit the scope of individual discretion in the loan assessment and approval process, ICICI Bank has implemented a credit-scoring program for credit cards. ICICI Bank has also implemented a credit-scoring program for certain variants within the consumer durables loan product. The credit-scoring program is an automated credit approval system for evaluating loan applications by assigning a credit score to each applicant based on certain demographic attributes like earnings stability, educational background and age. The credit score then forms the basis of loan evaluation. Though a formal credit bureau does not as yet operate in India, we avail the services of certain private agencies operating in India to check applications before disbursement. ICICI Bank has a separate retail credit team, which undertakes review and audit of credit quality across each credit approval team. ICICI Bank has established centralized operations to manage operating risk in the various back office processes of its retail loan business except for a few operations which are decentralized to improve turnaround time for our customers. The Risk, Compliance and Audit Group conducts an independent audit of processes and documents at periodic intervals. As with our other retail credit products, ICICI Bank emphasizes conservative credit standards, including credit scoring and strict monitoring of repayment patterns, to optimize risks associated with credit cards. ICICI Bank has a collections unit structured along various product lines and geographical locations, to manage delinquency levels. The collections unit operates under the guidelines of a standardized recovery process. ICICI Bank also makes use of external collection agents to aid ICICI Bank in its collection efforts, including collateral repossession in accounts that are overdue for more than 90 days. A fraud control department has been set up to manage levels of fraud, primarily through fraud prevention in the form of forensic audits and also through recovery of fraud losses. The fraud control department is aided by specialized agencies. External agencies for collections are strictly

43

governed by standardized process guidelines. External agencies are also used to facilitate a comprehensive due diligence process including property valuation prior to the approval of home loans and visits to home or office in the case of loans to individual borrowers.

Small Enterprises Loan Procedures

The Small Enterprises Group finances dealers and vendors of companies by implementing structures to enhance the base credit quality of the vendor / dealer, that involve an analysis of the base credit quality of the vendor / dealer pool and an analysis of the linkages that exist between the vendor/ dealer and the company. The group is also involved in financing based on a cluster community based approach that is, financing of small enterprises that have a homogeneous profile such as apparel manufacturers and manufacturers of pharmaceuticals. The risk assessment of such communities involves identification of appropriate credit norms for target market, use of scoring models for enterprises that satisfy these norms and applying pre-determined exposure limits to enterprises that are awarded a minimum required score in the scoring model. The assessment also involves setting up of portfolio control norms, individual borrower approval norms and stringent exit triggers to be followed while financing such clusters or communities.

Investment Banking Procedures

ICICI Securities provides investment banking services, including corporate advisory, fixed income and equity services, to corporate customers. All investment banking mandates, including underwriting commitments, are approved by the Managing Director and the relevant business group heads of ICICI Securities. ICICI Securities is registered with the Securities and Exchange Board of India as a merchant bank. In that capacity, ICICI Securities has decided not to engage in any lending and leasing activities and conducts only activities related to the securities markets and corporate advisory services.

Quantitative and Qualitative Disclosures About Market Risk

Market risk is exposure to loss arising from changes in the value of a financial instrument as a result of changes in market variables such as interest rates, exchange rates and other asset prices. The prime source of market risk for us is the interest rate risk we are exposed to as a financial intermediary, which arises on account of our asset liability management activities. In addition to interest rate risk, we are exposed to other elements of market risk such as, liquidity or funding risk, price risk on trading portfolios, and exchange rate risk on foreign currency positions.

Market Risk Management Procedures

44

The board of directors of ICICI Bank reviews and approves the policies for the management of market risk. The board has delegated the responsibility for market risk management on the banking book to the Asset Liability Management Committee and the trading book to the Committee of Directors, under the Risk Committee of the Board. The Asset Liability Management Committee is responsible for approving policies and managing interest rate risk on the banking book and liquidity risks reflected in the balance sheet. The Committee of Directors is responsible for setting policies and approving risk controls for the trading portfolio. The Asset Liability Management Committee is chaired by the Joint Managing Director and all four Executive Directors are members of the Committee. The Committee generally meets on a monthly basis and reviews the interest rate and liquidity gap positions on the banking book, formulates a view on interest rates, sets deposit and benchmark lending rates, reviews the business profile and its impact on asset liability management and determines the asset liability management strategy, as deemed fit, in light of the current and expected business environment. The Committee reports to the Risk Committee. A majority of the members of the Risk Committee are independent directors and the committee is chaired by an independent director. The Balance Sheet Management Group, reporting to the Chief Financial Officer, is responsible for managing interest rate risk on the banking book, and liquidity, under the supervision of the Asset Liability Management Committee. An independent Market Risk Management Group, which is part of the Risk, Compliance and Audit Group, recommends changes in risk policies and controls, including for new trading products, and the processes and methodologies for quantifying and assessing market risks. Risk limits including position limits and stop loss limits for the trading book are monitored on a daily basis and reviewed periodically. In addition to risk limits, risk monitoring tools such as Value-at-Risk models are also used for measuring market risk in the trading portfolio. ICICI Securities, our investment banking subsidiary which is a primary dealer in government of India securities and has government of India securities as a significant proportion of its portfolio, has a corporate risk management group formanaging its interest rate and liquidity risk.

Interest Rate Risk

Since our balance sheet consists predominantly of rupee assets and liabilities, movements in domestic interest rates constitute the main source of interest rate risk. Our portfolio of traded and other debt securities and our loan portfolio are negatively impacted by an increase in interest rates. Exposure to fluctuations in interest rates is measured primarily by way of gap analysis, providing a static view of the maturity and re-pricing characteristics of balance sheet positions. An interest rate gap report is prepared by classifying all assets and liabilities into various time period categories according to contracted maturities or anticipated re-pricing date. The difference in the amount of assets and liabilities maturing or being re-priced in any time period category, would then give an indication of the extent of exposure to the risk of potential changes in the margins on new or re-priced assets and liabilities. ICICI Bank prepared interest rate risk reports 45

on a fortnightly basis in fiscal 2003. The same were reported to the Reserve Bank of India on a monthly basis. Interest rate risk is further monitored through interest rate risk limits approved by the Asset Liability Management Committee. Our core business is deposit taking and lending in both rupees and foreign currencies, as permitted by the Reserve Bank of India. These activities expose us to interest rate risk. As the rupee market is significantly different from the international currency markets, gap positions in these markets differ significantly. In the rupee market, most of our deposit taking is at fixed rates of interest for fixed periods, except that savings deposits and current deposits which do not have any specified maturity and can be withdrawn on demand. We usually borrow for a fixed period with a one-time repayment on maturity, with some borrowings having European call/put options, exercisable only on specified dates, attached to them. However, we have a mix of floating and fixed interest rate assets. Our loans generally are repaid more gradually, with principal repayments being made over the life of the loan. Our housing loans are primarily floating rate loans where the rates are reset every quarter. We follow a four-tier prime rate structure, namely, a short-term prime rate for one-year loans or loans that re-price at the end of one year, a medium-term prime rate for one to three year loans, a long-term prime rate for loans with maturities greater than three years and a prime rate for cash credit products. We seek to eliminate interest rate risk on un disbursed commitments by fixing interest rates on rupee loans at the time of loan disbursement. In contrast to our rupee loans, a large proportion of our foreign currency loans are floating rate loans. These loans are generally funded with floating rate foreign currency funds. Our fixed rate foreign currency loans are generally funded with fixed rate foreign currency funds. We generally convert all our foreign currency borrowings and deposits into floating rate dollar liabilities through the use of interest rate and currency swaps with leading international banks. The foreign currency gaps are generally significantly lower than rupee gaps, representing a considerably lower exposure to fluctuations in foreign currency interest rates. We use the duration of our government securities portfolio as a key variable for interest rate risk management. We increase or decrease the duration of government securities portfolio to increase or decrease our interest rate risk exposure. In addition, we also use interest rate derivatives to manage the asset and liability positions. We are an active participant in the interest rate swap market and are one of the largest counterparties in India. Sensitivity analysis, which is based upon a static interest rate risk profile of assets and liabilities, is used for risk management purposes only and the model above assumes that during the course of the year no other changes are made in the respective portfolios. Actual changes in net interest income will vary from the model.

Price Risk (Trading book)

46

We undertake trading activities to enhance earnings through profitable trading for our own account. ICICI Securities, our investment banking subsidiary, is a primary dealer in government of India securities, and a significant proportion of its portfolio consists of government of India securities. As noted above, sensitivity analysis is used for risk management purposes only and the model used above assumes that during the course of the year no other changes are made in the respective portfolios. Actual changes in the value of the fixed income portfolio will vary from the model above. We revalue our trading portfolio on a daily basis and recognize aggregate re-valuation losses in our profit and loss account. The asset liability management policy stipulates an interest rate risk limit which seeks to cap the risk on account of the mark-to-market impact on the mark-to-market book (under the Indian GAAP classification which is different from the US GAAP classification see Supervision and Regulation Banks Investment Classification and Valuation Norms) and the earnings at risk on the banking book, based on a sensitivity analysis of a 100 basis points parallel and immediate shift in interest rates. In addition, the Market Risk Management Group stipulates risk limits including position limits and stop loss limits for the trading book. These limits are monitored on a daily basis and reviewed periodically. In addition to risk limits, we also have risk monitoring tools such as Value-at-Risk models for measuring market risk in our trading portfolio. ICICI Bank is required to invest a specified percentage, currently 25.0%, of its liabilities in government of India securities to meet the statutory ratio requirement prescribed by the Reserve Bank of India. As a result, we have a very large portfolio of government of India securities and these are primarily classified as available for sale securities. Our available for sale securities included Rs. 244.1billion (US$ 5.1 billion) of government of India securities.

Equity Risk
We assume equity risk both as part of our investment book and our trading book. On the investment book, investments in equity shares and preference shares are essentially longterm in nature. Nearly all the equity investment securities have been driven by our project financing activities. The decision to invest in equity shares during project financing activities has been a conscious decision to participate in the equity of the company with the intention of realizing capital gains arising from the expected increases in market prices, and is separate from the lending decision. Trading account securities are recorded at market value. For the purpose of valuation of our available for sale equity investment securities, an assessment is made whether a decline in the fair value, below the amortized cost of the investments, is other than temporary. If the decline in fair value below the amortized cost is other than temporary, the decline is provided for in the income statement. 47

A temporary decline in value is excluded from the income statement and charged directly to the shareholders equity. To assess whether a decline in fair value is temporary, the duration for which the decline had existed, industry and company specific conditions and dividend record are considered .Non-readily marketable securities for which there is no readily determinable fair value are recorded at cost. Venture capital investments are carried at fair value. However, they are generally carried at cost during the first year, unless a significant event occurs that affected the long-term value of the investment. At year-end fiscal 2003, the fair value of trading account equity securities was Rs. 187 million (US$ 4 million). The fair value of our available for sale equity securities investment portfolio, including non-readily marketable securities of Rs. 9.4 billion (US$ 198 million), was Rs. 25.5 billion(US$ 537 million). This included investments of approximately Rs. 5.4 billion (US$ 115 million) in liquid mutual fund units at year-end fiscal 2003. At year-end fiscal 2002, the fair value of trading equity securities was Rs. 742 million (US$ 16 million). The fair value of the available for sale equity securities investment portfolio, including non-readily marketable securities of Rs. 8.3 billion (US$ 174 million), was Rs. 28.5 billion (US$ 600 million).

Exchange Rate Risk

We offer foreign currency hedge instruments like swaps, forwards, and currency options to clients, which are primarily banks and highly rated corporate customers. We actively use cross currency swaps, forwards, and options to hedge against exchange risks arising out of these transactions. Trading activities in the foreign currency markets expose us to exchange rate risks. This risk is mitigated by setting counterparty limits, stipulating daily and cumulative stop-loss limits, and engaging in exception reporting. Recently, the Reserve Bank of India has authorized the dealing of foreign currency-rupee options by banks for hedging foreign currency exposures including hedging of balance sheet exposures. We have begun offering such products to corporate clients and other inter-bank counterparties and are one of the largest participants in the currency options market accounting for a significant share of daily trading volume. In addition, foreign currency loans are made on terms that are similar to foreign currency borrowings, thereby transferring the foreign exchange risk to the borrower. Foreign currency cash balances are generally maintained abroad in currencies matching with the underlying borrowings.

Liquidity Risk

48

Liquidity risk arises in the funding of lending, trading and investment activities and in the management of trading positions. It includes both the risk of unexpected increases in the cost of funding an asset portfolio at appropriate maturities and the risk of being unable to liquidate a position in a timely manner at a reasonable price. The goal of liquidity management is to be able, even under adverse conditions, to meet all liability repayments on time, to meet contingent liabilities, and fund all investment opportunities. We maintain diverse sources of liquidity to facilitate flexibility in meeting funding requirements. We fund our operations principally by accepting deposits from retail and corporate depositors and through public issuance of bonds. We also borrow in the shortterm inter-bank market. Loan maturities, securitization of assets and loans, and sale of investments also provide liquidity. See Operating and Financial Review and Prospects Financial Condition Liquidity Risk for a detailed description of liquidity risk.

Operational Risk
ICICI Bank is exposed to many types of operational risk. Operational risk can result from a variety of factors, including failure to obtain proper internal authorizations, improperly documented transactions, failure of operational and information security procedures, computer systems, software or equipment, fraud, inadequate training and employee errors. ICICI Bank attempts to mitigate operational risk by maintaining a comprehensive system of internal controls, establishing systems and procedures to monitor transactions, maintaining key backup procedures and undertaking regular contingency planning.

Operational Controls and Procedures in Branches

ICICI Bank has operating manuals detailing the procedures for the processing of various banking transactions and the operation of the application software. Amendments to these manuals are implemented through circulars sent to all offices. When taking a deposit from a new customer, ICICI Bank requires the new customer to complete a relationship form, which details the terms and conditions for providing various banking services. Photographs of customers are also obtained for ICICI Banks records, and specimen signatures are scanned and stored in the system for online verification. ICICI Bank enters into a relationship with a customer only after the customer is properly introduced to ICICI Bank. When time deposits become due for repayment, the deposit is paid to the depositor. System generated reminders are sent to depositors before the due date for repayment. Where the depositor does not apply for repayment on the due date, the amount is transferred to an overdue deposits account for follow up. ICICI Bank has a scheme of delegation of financial powers that sets out the monetary limit for each employee with respect to the processing of transactions in a customer's account. Withdrawals from customer accounts are controlled by dual authorization. Senior officers have delegated power to authorize larger withdrawals. ICICI Banks

49

operating system validates the check number and balance before permitting withdrawals. Cash transactions over Rs. 1 million (US$ 21,030) are subject to special scrutiny to avoid money laundering. ICICI Banks banking software has multiple security features to protect the integrity of applications and data. ICICI Bank gives importance to computer security and has s a comprehensive information technology security policy. Most of the information technology assets including critical servers are hosted in centralized data centers which are subject to appropriate physical and logical access controls.

Operational Controls and Procedures for Internet Banking

In order to open an Internet banking account, the customer must provide ICICI Bank with documentation to prove the customer's identity, including a copy of the customer's passport, a photograph and specimen signature of the customer. After verification of the same, ICICI Bank opens the Internet banking account and issues the customer a user ID and password to access his account online.

Operational Controls and Procedures in Regional Processing Centers & Central ProcessingCenters
To improve customer service at ICICI Banks physical locations, ICICI Bank handles transaction processing centrally by taking away such operations from branches. ICICI Bank has centralized operations at regional processing centers located at 15 cities in the country. These regional processing centers process clearing checks and inter-branch transactions, make inter-city check collections, and engage in back office activities for account opening, standing instructions and auto-renewal of deposits. In Mumbai, ICICI Bank has centralized transaction processing on a nationwide basis for transactions like the issue of ATM cards and PIN mailers, reconciliation of ATM transactions, monitoring of ATM functioning, issue of passwords to Internet banking customers, depositing postdated cheques received from retail loan customers and credit card transaction processing. Centralized processing has been extended to the issuance of personalized check books, back office activities of non-resident Indian accounts, opening of new bank accounts for customers who seek web broking services and recovery of service charges for accounts for holding shares in book-entry form.

Operational Treasury

Controls

and

Procedures

in

ICICI Bank has a high level of automation in trading operations. ICICI Bank uses technology to monitor risk limits and exposures. ICICI Banks front office, back office and accounting and reconciliation functions are fully segregated in both the domestic treasury and foreign exchange

50

treasury. The respective middle offices use various risk monitoring tools such as counterparty limits, position limits, exposure limits and individual dealer limits. Procedures for reporting breaches in limits are also in place. ICICI Banks front office treasury operations for rupee transactions consists of operations in fixed income securities, equity securities and inter-bank money markets. ICICI Banks dealers analyze the market conditions and take views on price movements. Thereafter, they strike deals in conformity with various limits relating to counterparties, securities and brokers. The deals are then forwarded to the back office for settlement. The inter-bank foreign exchange treasury operations are conducted through Reuters dealing systems. Brokered deals are concluded through voice systems. Deals done through Reuters systems are captured on a real time basis for processing. Deals carried out through voice systems are input in the system by the dealers for processing. The entire process from deal origination to settlement and accounting takes place via straight through processing. The processing ensures adequate checks at critical stages. Trade strategies are discussed frequently and decisions are taken based on market forecasts, information and liquidity considerations. Trading operations are conducted in conformity with the code of conduct prescribed by internal and regulatory guidelines. The Treasury Middle Office Group, which reports to the Executive Director, Corporate Centre, monitors counterparty limits, evaluates the mark-to-market impact on various positions taken by dealers and monitors market risk exposure of the investment portfolio and adherence to various market risk limits set up by the Risk, Compliance and Audit Group. ICICI Banks back office undertakes the settlement of funds and securities. The back office has procedures and controls for minimizing operational risks, including procedures with respect to deal confirmations with counterparties, verifying the authenticity of counterparty checks and securities, ensuring receipt of contract notes from brokers, monitoring receipt of interest and principal amounts on due dates, ensuring transfer of title in the case of purchases of securities, reconciling actual security holdings with the holdings pursuant to the records and reports any irregularity or shortcoming observed.

Audit
51

The Internal Audit Group undertakes a comprehensive audit of all business groups and other functions, in accordance with a risk-based audit plan. This plan allocates audit resources based on an assessment of the operational risks in the various businesses. The Internal Audit group conceptualizes and implements improved systems of internal controls, to minimize operational risk. The audit plan for every fiscal year is approved by the Audit Committee of ICICI Banks board of directors. The Internal Audit group also has a dedicated team responsible for information technology security audits. Various components of information technology from applications to databases, networks and operating systems are covered under the annual audit plan. The Reserve Bank of India requires banks to have a process of concurrent audits at branches handling large volumes, to cover a minimum of 50.0% of business volumes. ICICI Bank has instituted systems to conduct concurrent audits, using reputed chartered accountancy firms. Concurrent audits have also been arranged at the Regional Processing Centers and other centralised processing operations to ensure existence of and adherence to internal controls.

Legal Risk
The uncertainty of the enforceability of the obligations of ICICI Banks customers and counterparties, including the foreclosure on collateral, creates legal risk. Changes in law and regulation could adversely affect ICICI Bank. Legal risk is higher in new areas of business where the law is often untested by the courts. ICICI Bank seeks to minimize legal risk by using stringent legal documentation, employing procedures designed to ensure that transactions are properly authorized and consulting internal and external legal advisors.

Derivative Instruments Risk

ICICI Bank engages in limited trading of derivative instruments on its own account and generally enters into interest rate and currency derivative transactions primarily for the purpose of hedging interest rate and foreign exchange mismatches. ICICI Bank provides limited derivative services to selected major corporate customers and other domestic and international financial institutions, including foreign currency forward transactions and foreign currency and interest rate swaps.

52

ICICI Banks derivative transactions are subject to counter-party risk to the extent particular obligors are unable to make payment on contracts when due.

Controls and Procedures

ICICI Banks Chief Executive Officer and Chief Financial Officer have evaluated the effectiveness of ICICI Banks disclosure controls and procedures (as defined in Rule 13a-15(e)under the Securities Exchange Act of 1934, as amended) as of a date within 90 days prior to the filing date of this annual report and concluded that, as of the date of their evaluation, ICICI Banks disclosure controls and procedures were effective to ensure that information required to be disclosed by ICICI Bank in the reports that it files or submits under the Securities Exchange Act of 1934, as amended, is recorded, processed, summarized and reported, within the time periods specified in the Securities and Exchange Commissions rules and forms. There has been no change in ICICI Banks internal control over financial reporting that has occurred subsequent to the date of their most recent evaluation that has materially affected, or is reasonably likely to materially affect, ICICI Banks internal control over financial reporting.

Loan Portfolio
Our gross loan portfolio, which includes loans structured as debentures and preferred stock, was Rs. 684.6 billion (US$ 14.4 billion) at year-end fiscal 2003, an increase of 22.2% over ICICIs gross loan portfolio of Rs. 560.2 billion (US$ 11.8 billion), at year-end fiscal 2002. At year-end fiscal 2002, ICICIs gross loan portfolio decreased 11.8% to Rs. 560.2 billion (US$ 11.8 billion) from Rs. 635.1billion (US$ 13.3 billion) at yearend fiscal 2001, primarily due to securitization and sell-down of ICICIs loan portfolio. Approximately 86.5% of our gross loans were rupee loans at year-end fiscal 2003. At year-end fiscal 2003, our balance outstanding in respect of loans of corporates outside India was Rs. 536 million (US$ 11 million), representing approximately 0.1% of our total gross loan portfolio.

Collateral Completion, Perfection and Enforcement

Our loan portfolio consists largely of project and corporate finance and working capital loans to corporate borrowers, and loans to retail customers for financing purchase of residential property, vehicles, 53

consumer durable products, medical equipment and farm and construction equipment, and personal loans and credit card receivables. Corporate finance and project finance loans are typically secured by a first lien on fixed assets, which normally consists of property, plant and equipment. These security interests are perfected by the registration of these interests within 30 days with the Registrar of Companies pursuant to the provisions of the Indian Companies Act. We may also take security of a pledge of financial assets like marketable securities, corporate guarantees and personal guarantees. This registration amounts to a constructive public notice to other business entities. Working capital loans are typically secured by a first lien on current assets, which normally consist of inventory and receivables. Additionally, in some cases, we may take further security of a first or second lien on fixed assets, a pledge of financial assets like marketable securities, corporate guarantees and personal guarantees. A substantial portion of our loans to retail customers is also secured by a first lien on the assets financed (predominantly property and vehicles). In general, our loans are over-collateralized. In India, there are no regulations stipulating any loan-to-collateral limits. In India, foreclosure on collateral generally requires a written petition to an Indian court. An application, when made, may be subject to delays and administrative requirements that may result, or be accompanied by, a decrease in the value of the collateral. These delays can last for several years leading to deterioration in the physical condition and market value of the collateral. In the event a corporate borrower makes an application for relief to a specialized quasi-judicial authority called the Board for Industrial and Financial Reconstruction, foreclosure and enforceability of collateral is stayed. In fiscal 2003, the Indian Parliament passed the Securitization and Reconstruction of Financial Assets and Enforcement of Security Interest Act, 2002, which is expected to strengthen the ability of lenders to resolve nonperforming assets by granting them greater rights as to enforcement of security and recovery of dues. Petitions challenging the constitutional validity of this legislation are currently pending before the Indian Supreme Court. There can be no assurance that the legislation in its current form will be upheld by the Indian Supreme Court or that it will have a favorable impact on our efforts to resolve non-performing assets. See Overview of the Indian Financial Sector Recent Structural Reforms Legislative Framework for Recovery of Debts due to Banks.

54

We recognize that our ability to realize the full value of the collateral in respect of current assets is difficult, due to, among other things, delays on our part in taking immediate action, delays in bankruptcy foreclosure proceedings, defects in the perfection of collateral and fraudulent transfers by borrowers. However, cash credit facilities are so structured that we are able to capture the cash flows of our customers for recovery of past due amounts. In addition, we have a right of set-off for amounts due to us on these facilities. Also, we monitor the cash flows of our working capital loan customers on a daily basis so that we can take any actions required before the loan becomes impaired. On a case-by case basis, we may also stop or limit the borrower from drawing further credit from its facility.

Loan Concentration
We follow a policy of portfolio diversification and evaluate our total financing exposure in a particular industry in light of our forecasts of growth and profitability for that industry. ICICI Banks Risk, Compliance and Audit Group monitors all major sectors of the economy and specifically follows industries in which ICICI Bank has credit exposures. We seek to respond to any economic weakness in an industrial segment by restricting new credits to that industry segment and any growth in an industrial segment by increasing new credits to that industry segment, resulting in active portfolio management. ICICI Banks current policy is to limit its loan portfolio to any particular industry (other than retail loans) to 15.0%. Pursuant to the guidelines of the Reserve Bank of India, ICICI Banks credit exposure to individual borrowers must not exceed 15.0% of its capital funds comprising Tier 1 and Tier 2 capital, calculated pursuant to the guidelines of the Reserve Bank of India, under Indian GAAP. Credit exposure to individual borrowers may exceed the exposure norm of 15.0% of a banks capital funds by an additional 5.0% (i.e. up to 20.0%) provided the additional credit exposure is on account of infrastructure financing. ICICI Banks exposure to a group of companies under the same management control must not exceed 40.0% of its capital funds unless the exposure is in respect of an infrastructure project. In that case, the exposure to a group of companies under the same management control may be up to 50.0% of ICICI Banks capital funds. Pursuant to the Reserve Bank of India guidelines, exposure for funded facilities is calculated as the total approved limit or the outstanding funded amount, whichever is higher (for term loans, as undisbursed commitments plus the outstanding amount). Exposure for non-funded facilities is calculated as 50.0% of the approved amount or

55

the outstanding non-funded amount, whichever is higher (100.0% of the approved amount or the outstanding non-funded amount, whichever is higher, with effect from fiscal 2004). ICICI Bank is incompliance with these limits, except in the case of two borrowers to whom its exposure is in excess ofthe single exposure limit. The excess over the single borrower exposure limits in respect of these two borrowers is mainly due to the reduction in the level of reserves under Indian GAAP, as a result of adjustments arising out of the amalgamation. ICICIs exposure to these borrowers was not in excess of the limit at the time of providing the assistance. The Reserve Bank of India has granted its approval for exceeding the single exposure limit in the case of these two borrowers until the date of completion or stabilization of the projects.

Geographic Diversity
Except as described below, our portfolios were geographically diversified throughout India, primarily reflecting the location of our corporate borrowers. The states of Maharashtra and Gujarat, two of the most industrialized states in India, accounted for the largest proportion of our gross loans outstanding at year-end fiscal 2003.

Directed Lending
The Reserve Bank of India requires banks to lend to certain sectors of the economy. Such directed lending is comprised of priority sector lending, export credit and housing finance.

Priority Sector Lending

The Reserve Bank of India has established guidelines requiring banks to lend 40.0% of their net bank credit (total domestic loans less marketable debt instruments and certain exemptions permitted by the Reserve Bank of India from time to time) to certain specified sectors called priority sectors. Priority sectors include small-scale industries, the agricultural sector, food and agri-based industries, small businesses and housing finance up to certain limits. Out of the 40.0%, banks are required to lend a minimum of 18.0% of their net bank credit to the agriculture sector and the balance to certain specified sectors, including small scale industries (defined as manufacturing, processing and services businesses with a limit on investment in plant and machinery of Rs. 10 million), small businesses, including retail merchants, professional and other self employed persons and road and water transport operators, housing loans up to certain limits and to specified state financial corporations and state industrial development corporations.

56

While granting its approval for the amalgamation, the Reserve Bank of India stipulated that since ICICIs loans transferred to us were not subject to the priority sector lending requirement, we are required to maintain priority sector lending of 50.0% of our net bank credit on the residual portion of our advances (i.e. the portion of our total advances excluding advances of ICICI at year-end fiscal, 2002, henceforth referred to as residual net bank credit). This additional 10.0% priority sector lending requirement will apply until such time as our aggregate priority sector advances reach a level of40.0% of our total net bank credit. The Reserve Bank of Indias existing instructions on sub-targets under priority sector lending and eligibility of certain types of investments/ funds for qualification as priority sector advances apply to us. We are required to comply with the priority sector lending requirements at the end of each fiscal year. Any shortfall in the amount required to be lent to the priority sectors may be required to be deposited with government sponsored Indian development banks like the National Bank for Agriculture and Rural Development and the Small Industries Development Bank of India. These deposits have a maturity of up to five years and carry interest rates lower than market rates.

Application of Information Systems

Treasury and Trade Finance Operations
ICICI Bank uses technology to monitor risk limits and exposures. ICICI Bank has invested significantly to acquire advanced systems from some of the worlds leading vendors and connectivity to the SWIFT network. In fiscal 2003, ICICI Bank successfully rolled out a business process management solution to automate its activities in the areas of trade services and general banking operations. Through integration of the workflow system with the imaging and document management system, ICICI Bank has achieved substantial savings and practically eliminated the use of paper for these processes.

Banking Application Software

ICICI Bank has installed an advanced banking system that is robust, flexible and scaleable and allows ICICI Bank to effectively and efficiently serve its growing customer base.

High-Speed Electronic Communications Infrastructure

ICICI Bank has installed a nationwide data communications network linking all its offices. The network design is based on a mix of dedicated leased lines and satellite links to provide for reach and redundancy, which is imperative in a vast country like India. The communications network is monitored 24 hours a day using advanced network management software. ICICI Bank also uses a data center in Mumbai for centralized data base management, data storage and retrieval.

57

Customer Relationship Management

In fiscal 2002, ICICI Bank implemented a customer relationship management solution for automation of customer handling in all key retail products. ICICI Bank increased the deployment of its customer relationship management software. ICICI Banks customer relationship management solution enables various channels to service the customer needs at all touch points, and across all products and services. The solution has been deployed at the telephone banking call centers as well as a large number of branches. ICICI Bank has also undertaken a retail data warehouse initiative to achieve customer data integration at the back-office level. ICICI Bank has implemented an Enterprise Application Integration (EAI) initiative across its retail and corporate products and services, to link various products, delivery and channel systems. This initiative underpins ICICI Bank's multi-channel customer service strategy and seeks to deliver customer related information consistently across access points.

Competition
As a result of the acquisition of Bank of Madura, we became and continue to be the largest private sector bank in India and as a result of the amalgamation; we became and continue to be the second largest bank in India, in terms of total assets. We face strong competition in all our principal areas of business from Indian and foreign commercial banks, housing finance companies, mutual funds and investment banks. We believe that our principal competitive advantage over our competitors arises from our innovative products and services, our use of technology, our long-standing customer relationships and our highly motivated and skilled employees. Because of these factors, we believe that we have a strong competitive position in the Indian financial services market. We evaluate our competitive position separately in respect of our products and services for retail and corporate customers.

Corporate products and services

In products and services for corporate customers, we face strong competition primarily from public sector banks, foreign banks and other new private sector banks. Our principal competition in these products and services comes from public sector banks, which have built extensive branch networks that have enabled them to raise low-cost deposits and, as a result, price their loans and fee based services very competitively. Their wide geographical reach facilitates the delivery of banking products to their corporate customers located in most parts of the country. We have been able, however, to compete effectively because of our efficient service and prompt turnaround times that are significantly faster than public sector banks. We seek to compete with the large branch networks ofthe public sector banks through our multi-channel distribution approach and technology-driven delivery capabilities.

58

Traditionally, foreign banks have been active in providing trade finance, fee-based services and other short-term financing products to top tier Indian corporations. We effectively compete with foreign banks in cross-border trade finance as a result of our wider geographical reach relative to foreign banks and our customized trade financing solutions. We have established strong fee-based cash management services and compete with foreign banks due to our technological edge and competitive pricing strategies. Other new private sector banks also compete in the corporate banking market on the basis of efficiency, service delivery and technology. However, our strong corporate relationships, wider geographical reach and ability to use technology to provide innovative, value-added products and services provide us with a competitive edge. In project finance, ICICIs primary competitors were established long-term lending institutions. In recent years, Indian and foreign commercial banks have sought to expand their presence in this market. We believe that we have a competitive advantage due to our strong market reputation and expertise in risk evaluation and mitigation. We believe that our in-depth sector specific knowledge has allowed us to gain credibility with project sponsors, overseas lenders and policy makers.

Retail products and services

The retail credit business in India is in a relatively early stage of development. The retail business has witnessed substantial growth over the last two years and as per-capita income levels continue to grow, we expect continued strong growth in retail lending in future. In the retail markets, competition is primarily from foreign and Indian commercial banks and housing finance companies. Foreign banks have the product and delivery capabilities but are likely to focus on limited customer segments. We have capitalized on the first mover advantage to emerge as market leader in several segments within the retail credit business. With a full product portfolio, effective distribution channels, which include direct selling agents, robust credit processes and collection mechanisms, experienced professionals and superior technology, we expect to maintain our market position in retail credit Indian commercial banks attract the majority of retail bank deposits, historically the preferred retail savings product in India. We have capitalized on our corporate relationships to gain individual customer accounts through payroll management products and will continue to pursue a multi-channel distribution strategy utilizing physical branches, ATMs, telephone banking call centers and the Internet to reach customers. Further, following a strategy focused on customer profiles and product segmentation, we offer differentiated liability products to customers of various ages and income profiles. This strategy has contributed significantly to the rapid growth in our retail liability base. Mutual funds are another source of competition to us. Mutual fund offerings have the capacity to earn competitive returns and hence, have increasingly become a viable alternative to bank deposits.

59

STATE BANK OF INDIA Risk Management

Banks aim has been to reach global best standards in the area of risk management and to ensure that risk-management processes are sufficiently robust and efficient.

Credit Risk Management

A revised Credit Risk Assessment (CRA) System detailing a unified structure for C&I, SSI and AGL segments were rolled out across the whole Bank with effect from April 2004. The Risk Management Committee of the Board (RMCB) oversees the policy and strategy for integrated risk management relating to various risk exposures of the Bank and the Credit Risk Management Committee (CRMC) has been monitoring the Banks domestic credit portfolio.

Market Risk Management

Bank has developed sensitive tools to hedge and minimize the risk arising out of movements in interest rates, currency exchange rates and commodity prices.

Asset Liability Management

The Asset Liability Management Committee (ALCO) at the Corporate Centre is engaged in evolving optimal asset/liability structure for the Bank on an on-going basis with a view to containing mismatches, optimizing profits and ensuring risk management. The Bank is using Risk Manager Module (part of the ALM Software) to strengthen the processes of Risk Management.

Operational Risk Management

The Operational Risk Management Committee in the Bank oversees the Operational Risks and the requisite control measures. An Operational Risk Management Policy duly approved by Central Board of the Bank is in place.

60

Country Risk & Bank Exposure

Prudent exposure risk management is being ensured by setting up appropriate bank exposure limits product-wise, on a large number of Foreign Commercial Banks and a revised Country Risk Management Policy, in line with RBI guidelines, for setting up country exposure limits is in place and the overall country risk for the Bank as a whole is monitored on a regular basis.

Internal Controls
The Bank has an in-built internal control system with well-defined responsibilities at each level. The Inspection & Management Audit Department of the Bank carries out 3 streams of audit- Inspection and Audit, Credit Audit and Management Audit covering different facets of Banks activities.

Inspection and Audit

Risk Focused Internal Audit (RFIA), an adjunct to risk based supervision, as per RBI directives has been introduced in the Banks audit system on 01.04.2003. All the domestic Branches have been segregated into 3 Groups on the basis of business profile and risk exposures and are being subjected to RFIA.

Credit Audit
Credit Audit aims at achieving continuous improvement in the quality of Commercial Credit portfolio with the exposures of Rs. 5 crore and above. Duly aligned with Risk Focused Internal Audit, it examines the probability of default, identifies risks and suggests risk mitigation measures.

Management Audit
Management audit which has been reoriented to focus on the effectiveness of risk management in processes and the procedures is conducted under 2 streams viz. General Management Audit (GMA Every 4/5 years) and Risk Management Audit (RMAEvery 2/3 years). Risk Management Audit of four Circles was taken up and completed during the current year.

Risk Management Committee of the Board

The Central Board approved the constitution of Risk Management Committee of the Board (RMCB) on March 23, 2004 to oversee the policy and strategy for integrated risk management relating to credit risk, market risk and operational risk.

61

Composition of the Committee The Committee has 4 members: 1. MD&GE (NB) 2. MD & GE (CB) 3. Two non-executive Directors Sarvashri P.R. Khanna and Suman K. Bery

Meetings
RMCB meets quarterly or more often if the situation so demands. The Committee met 4 times during the year.

Shareholders/Investors Grievance Committee

In pursuance of clause 49 of the Listing Agreement with the Stock Exchanges, Shareholders/Investors Grievance Committee of the Board (SGCB) was formed to look into the redressal of shareholders and investors complaints regarding transfer of shares, non-receipt of balance sheet, non-receipt of interest on bonds/declared dividends, etc.

62