A Report

On

“OPERATIONAL RISK UNDER BASEL II

ACCORD & ITS IMPLEMENTATION IN
INDIAN BANKS”

By

Limbani Jigar Natvar

06BS1624

Faculty Guide:
Prof. Debarati Bhattacharjee
ICFAI BUSINESS SCHOOL.

A report submitted in partial fulfillment of

the requirements of
MBA Program of
ICFAI Business School

1
 TABLE OF CONTENTS

Abstract 3

Introduction
 Purpose 5
 Scope of study 5
 Methodology 5
 Limitations 6
 Background 6
- Risk Management in Banks 6
- The origin of Basel 6
- The three pillar approach 7
- Challenges envisaged 8
- Challenges for Indian Banking System in BASEL II 10

Main Text
 Operational Risk defined 13
 The measurement methodologies 15
1. Basic Indicator Approach 15
2. Standardized Approach 18
3. Advanced Measurement Approach 23
 Qualifying Criteria 24
 Ten Proposals 28
 BASEL II Proposals : Bank’s concerns 29
 Operational Risk Policy 30
 Operational Risk and New Capital Accord : Views of RBI 31
 RBI stresses on Internal Control 32
 Operational Risk and Insurance 32
 Risk Mitigation 33
 Operational Risk Management Standards 34

Conclusion 36

References 37

2
ABSTRACT:

The banking environment has dramatically changed in the recent past. In addition with
Market risk and Credit risk one such all-pervasive risk that banks face is Operational risk.
It is one of the oldest risks that all along has been managed quite informally, but of late
has suddenly caught everyone’s attention. Emergence of new risk mitigation instruments
like credit derivatives, weather derivative, securitization and other derivatives instrument
brings different types of risk. Huge losses in Forex deals or securities deals are not
uncommon in banking industry. Human omission and commission in day-to-day
operational issue expose the banks to greater risk. These are only few issues which focus
the importance of operational risk management.

The increased competition resulting out of the deregulation and globalization are making
banks activities more diverse and complex. Aggressive adoption of technology for
delivering financial services has only landed banks in new zones of operational risk.
Further, the new capital guidelines proposed by the Basel II demand that banks adopt
robust operational risk managing strategies. The Basel committee, having identified
operational risk as an important risk faced by the banks, proposed allocation of certain
minimum capital by banks to protect themselves from such losses.

Operational risk is as old as banking. It even precedes market and credit risks, and yet,
there is no universally accepted definition for it. Operational risk is often defined by what
it is not. Any risk that is not related to credit, market and liquidity risk is identified as
operational risk. The Basel committee on Banking Supervision defined operational risk as
“the risk of loss resulting from inadequate or failed internal processes, people and
systems or from externals events. This definition includes legal risk but excludes strategic
and reputation risk”.

Therefore Operational risk involves:

• Loss of money/fund.
• Main category causing such loss is internal process, people and system.
• Additionally external events (e.g. flood, earthquake, terrorist attack etc.) also may
cause loss.
• Legal non-compliance is considered as operational risk.
• But strategic and reputation risk areas are not operational risk (in fact now
altogether a separate class-explained hereunder).

At present, there is no agreed upon universal definition of operational risk. Many banks
have defined operational risk as any risk not categorised as market or credit risk and some
have defined it as the risk of loss arising from various types of human or technical error.
Many banks associate operational risk with settlement or payments risk and
business interruption, administrative and legal risks. Several types of events (settlement,
collateral and netting risks) are seen by some banks as not necessarily classifiable as
operational risk and may contain elements of more than one risk. All banks see some
form of link between credit, market and operational risk. In particular, an operational
problem with a business transaction (for example, a settlement fail) could create market

3
or credit risk. While most banks view technology risk as a type of operational risk, some
banks view it as a separate risk category with its own discrete risk factors.

The majority of banks associate operational risk with all business lines, including
infrastructure, although the mix of risks and their relative magnitude may vary
considerably across businesses. Many banks have targeted operational risk as most
important in business lines with high volume, high turnover (transactions/time), high
degree of structural change, and/or complex support systems. Operational risk is seen to
have a high potential impact in business lines with those characteristics, especially if the
businesses also have low margins, as occurs in certain transaction processing and
payments-system related activities. Operational risk in trading activities was seen by
several banks as high. A few banks stressed that operational risk was not limited to
traditional “back office” activities, but encompassed the front office and virtually any
aspect of the business process in banks.

INTRODUCTION:

4
PURPOSE

This project shall discuss what operational risk is all about; how Basel II expects banks to
allocate capital against operational risk and the challenges posed by the suggested
methodologies for measuring operational risk to banks. The project also deals with the
mitigation of operational risk. It also discusses the issue relating to additional supervisory
scrutiny of risk management and disclosure of size of capital charge and techniques used
to calculate it.

The objective of the project can be comprehended as follows:

 To have an in-depth understanding of the Operational Risk under Basel II Accord.

 To analyze the current status of the Indian Banks in respect of implementation of
Basel II norms.
 To understand the Operational Risk Management practices being used by the
bank.
 On an academic note, the project will be helpful to understand the banking
operations and the risk management techniques.

Moreover, the project will definitely be an experiential learning process, which will
provide the practical essence of banking operation related to operational risk
management.

SCOPE OF STUDY

Basel II is a three pillar based approach, which seeks to develop a comprehensive and
sophisticated systems for banks to assess various risks to which they are exposed. The
first pillar deals with issues relating to minimum capital requirements, the second pillar
prescribed the supervisory review process. The third pillar is concerned with market
discipline or Public Disclosure.
The new accord is based on risk-sensitive Minimum Capital Requirement (MCR)
supplemented by appropriate supervisory process and market discipline. MCR will be
calculated on the basis of three risk perceptions, namely, credit risk, market risk and
Operational risk.

METHODOLGY

 Study of various available reading materials and compendium on Operational

Risk; if any.
 Collection of information by meeting few banking personnel. Also, it would
give an insight regarding their preparation for implementing Basel II norms.
 Use of internet to obtain the requisite information.

LIMITATIONS

5
  Complexity and vastness of the project requires lot of time and study.
 Absence of practical exposure in banking operation is one of the major
limitations of the project.
 Unavailability of real data will not result in meaningful conclusion.

BACKGROUND

Risk Management in Banks

Any discussion of risk management in banking must start with the understanding that
banks exists for the purpose of taking risk, and the objective of supervision is certainly
not eliminated, and perhaps not even to lower, risk-taking. Rather, the objective of
supervision is to assist in the management of risk. Banks, from the very beginning, have
managed risk- even before there were regulator and supervisors to insist that they do so.
Banks must manage risk because they were in the business of banking and did not want to
fail and lose what, at least initially, was their own capital. Even in the modern banking
with professional management largely divorced from the owners, professional
management largely divorced from the owners, the desire of the management have the
institution survive is still a major impetus to risk management.

The origin of Basel

Basel was an attempt to reduce the number of bank failures by tying a bank’s capital
adequacy ratio to the risk of the loans it makes. For instance, there is a less chance of a
loan to the government going bad than a loan to say an Internet business. So the bank
would not have to hold as much capital in reserve against the first loan as against the
second. To strengthen the stability of international banking system and to remove a
source of competitive inequality arising from differences in national capital requirement,
a capital measurement system commonly referred to as the Basel Capital Accord was
approved by the G10 Governors and release to banks in 1988. According to 1988 Accord
Minimum Capital standard of 8% was supposed to achieve by all banks by end of 1992.
Basel I norms aimed at ensuring Capital Adequacy of Banks as proportion of the risk
weighted assets. It is criticized to be a ‘one size fits all’ model, lacking in sophisticated
measurement and management of risks. Hence the need for a set of new regulations, titled
Basel II.

6
The Three Pillar Approach

The capital framework proposed in the New Basel Accord consists of three pillars, each
of which reinforces the other. The first pillar establishes the way to quantify the minimum
capital requirements, is complemented with two qualitative pillars, concerned with
organizing the regulator's supervision and establishing market discipline through public
disclosure of the way that banks implement the Accord. Determination of minimum
capital requirements remains the main part of the agreement, but the proposed methods
are more risk sensitive and reflect more closely the current situation on financial markets.

First Pillar: Minimum Capital Requirement

The first pillar establishes a way to quantify the minimum capital requirements. While the
new framework retains both existing capital definition and minimal capital ratio of 8%,
some major changes have been introduced in measurement of the risks. The main
objective of Pillar I is to introduce greater risk sensitivity in the design of capital
adequacy ratios and, therefore, more flexibility in the computation of banks' individual
risk. This will lead to better pricing of Risks.

Capital Adequacy Ratio signifies the amount of regulatory capital to be maintained by a

bank to account for various risks inherent in the banking system. The Capital Adequacy
ratio is measured as;

Capital Adequacy Ratio = (Tier I capital + Tier II capital)/ RWA

Regulatory capital is defined as the minimum capital; banks are required to hold by the
regulator, i.e. "The amount of capital a bank must have". It is the summation of Tier I and
Tier II capital.

1. Credit Risk:
The changes proposed to the measurement of credit risk are considered to have most far
reaching implications. Basel II envisages two alternative ways of measuring credit risk.
The standardized approach is conceptually the same as the present Accord, but is more
risk sensitive. The bank allocates a risk-weight to each of its assets and off-balance-sheet
positions and produces a sum of risk-weighted asset values. Individual risk weights
currently depend on the broad category of borrower (i.e. sovereigns, banks or corporate).
Under the new Accord, the risk weights are to be refined by reference to a rating provided
by an external credit assessment institution that meets strict standards. Under the IRB
approach, distinct analytical frameworks will be provided for different types of loan
exposures. The framework allows for both a foundation method in which a bank estimate
the probability of default associated with each borrower, and the supervisors will supply
the other inputs and an advanced IRB approach, in which a bank will be permitted to
supply other necessary inputs as well. Under both the foundation and advanced IRB
approaches, the range of risk weights will be far more diverse than those in the
standardized approach, resulting in greater risk sensitivity.

7
2. Operational Risk:
Basel II Accord set a capital requirement for operational risk. It defines operational risk
as "the risk of direct or indirect loss resulting from inadequate or failed internal processes,
people and systems or from external events". Banks will be able to choose between three
ways of calculating the capital charge for operational risk – the Basic Indicator Approach,
the Standardized Approach and the advanced measurement Approaches.

The Second Pillar: Supervisory Review Process

The supervisory review process requires supervisors to ensure that each bank has sound
internal processes in place to assess the adequacy of its capital based on a thorough
evaluation of its risks. Supervisors would be responsible for evaluating how well banks
are assessing their capital adequacy needs relative to their risks. This internal process
would then be subject to supervisory review and intervention, where appropriate.

The Third Pillar: Market Discipline

The third pillar of the new framework aims to bolster market discipline through enhanced
disclosure by banks. Effective disclosure is essential to ensure that market participants
can better understand banks' risk profiles and the adequacy of their capital positions. The
new framework sets out disclosure requirements and recommendations in several areas,
including the way a bank calculates its capital adequacy and its risk assessment methods.
The core set of disclosure recommendations applies to all banks, with more detailed
requirements for supervisory recognition of internal methodologies for credit risk, credit
risk mitigation techniques and asset securitization.

Challenges Envisaged

Against the above background and the complexities involved as also the areas of
"constructive ambiguity" in concepts and their application we envisage the following
regulatory and supervisory challenges ahead:

• India has three established rating agencies in which leading international credit
rating agencies are stakeholders and also extend technical support. However, the
level of rating penetration is not very significant as, so far, ratings are restricted to
issues and not issuers. While Basel II gives some scope to extend the rating of
issues to issuers, this would only be an approximation and it would be necessary
for the system to move to ratings of issuers. Encouraging ratings of issuers would
be a challenge.

• Basel II provides scope for the supervisor to prescribe higher than the minimum
capital levels for banks for, among others, interest rate risk in the banking book
and concentration of risks / risk exposures. As already stated, we in India have

8
 initiated supervisory capacity building to identify slackness and to assess /
quantify the extent of additional capital which may be required to be maintained
by such banks.

• Cross border issues have been dealt with by the Basel Committee on Banking
Supervision recently. But, in India, foreign banks are statutorily required to
maintain local capital and the following issues would therefore, require to be
resolved by us.

• Whether the internal models approved by their head offices and home country
supervisor adopted by the Indian branches of foreign banks need to be validated
again by the Reserve Bank or whether the validation by the home country
supervisor would be considered adequate?

• Whether the data history maintained and used by the bank should be distinct for
the Indian branches compared to the global data maintained and used by the head
office?

• Whether capital for operational risk should be maintained separately for the
Indian branches in India or whether it may be maintained abroad at head office?

• Whether these banks can be mandated to maintain capital as per SA / BIA

approaches in India irrespective of the approaches adopted by the head office?

• Basel II could actually imply that the minimum requirements could become pro-
cyclical. No doubt prudent risk management policies and Pillars II and III would
help in overall stability. We feel that it would be preferable to have consistent
prudential norms in good and bad times rather than calibrate prudential norms to
counter pro-cyclicality.

• The existence of large and complex financial conglomerates could potentially

pose a systemic risk and it would be necessary to put in place supervisory policies
to address this.

• Banks adopting IRB Approach will be much more risk sensitive than the banks on
Standardized Approach, since even a small change in degree of risk might
translate into a large impact on additional capital requirement for the IRB banks.
Hence IRB banks could avoid assuming high risk exposures. Since banks
adopting Standardized Approach are not equally risk sensitive and since the
relative capital requirement would be less for the same exposure, the banks on
Standardized Approach could be inclined to assume exposures to high risk clients,
which were not financed by IRB banks. As a result, high risk assets could flow
towards banks on Standardized Approach which need to maintain lower capital on
these assets than the banks on IRB Approach.

9
 • Similarly, low risk assets would tend to get concentrated with IRB banks which
need to maintain lower capital on these assets than the Standardized Approach
banks. Hence, system as a whole may maintain lower capital than warranted.

• Due to concentration of higher risks, Standardized Approach banks can become

vulnerable at times of economic downturns.

Challenges for Indian Banking System under Basel II

A feature, somewhat unique to the Indian financial system is the diversity of its
composition. We have the dominance of Government ownership coupled with significant
private shareholding in the public sector banks and we also have cooperative banks,
Regional Rural Banks and Foreign bank branches. By and large the regulatory standards
for all these banks are uniform.

Costly Database Creation and Maintenance Process: The most obvious impact of BASEL II
is the need for improved risk management and measurement. It aims to give impetus to
the use of internal rating system by the international banks. More and more banks may
have to use internal model developed in house and their impact is uncertain. Most of
these models require minimum 5 years bank data which is a tedious and high cost process
as most Indian banks do not have such a database

Additional Capital Requirement: In order to comply with the capital adequacy norms we
will see that the overall capital level of the banks will raise a glimpse of which was seen
when the RBI raised risk weightage for mortgages and home loans in October 2004. Here
there is a worrying aspect that some of the banks will not be able to put up the additional
capital to comply with the new regulation and they may be isolated from the global
banking system.

Large Proportion of NPA's: A large number of Indian banks have significant proportion of
NPA's in their assets. Along with that a large proportion of loans of banks are of poor
quality. There is a danger that a large number of banks will not be able to restructure and
survive in the new environment. This may lead to forced mergers of many defunct banks
with the existing ones and a loss of capital to the banking system as a whole.

Relative Advantage to Large Banks: The new norms seem to favor the large banks that have
better risk management and measurement expertise. They also have better capital
adequacy ratios and geographically diversified portfolios. The smaller banks are also
likely to be hurt by the rise in weightage of inter-bank loans that will effectively price
them out of the market. Thus banks will have to restructure and adopt if they are to
survive in the new environment.

Increased Pro-Cyclicality: The appropriate question is not then whether Basel II introduces
pro-cyclicality but whether it increases it. The increased importance to credit ratings

10
under Basel II could actually imply that the minimum requirements could become pro-
cyclical as banks are required to raise capital levels for loans in times of economic crises.

Low Degree of Corporate Rating Penetration: India has as few as three established rating
agencies and the level of rating penetration is not very significant as, so far, ratings are
restricted to issues and not issuers. While Basel II gives some scope to extend the rating
of issues to issuers, this would only be an approximation and it would be necessary for
the system to move to ratings of issuers. Encouraging ratings of issuers would be a
challenge.

Cross Border Issues for Foreign Banks: In India, foreign banks are statutorily required to
maintain local capital and the following issues are required to be resolved;

• Validation of the internal models approved by their head offices and home
country supervisor adopted by the Indian branches of foreign banks.
• Date history maintained and used by the bank should be distinct for the Indian
branches compared to the global data used by the head office
• capital for operational risk should be maintained separately for the Indian
branches in India

IT infrastructure: The technology infrastructure in terms of computerization is still in a

nascent stage in most Indian banks. Computerization of branches, especially for those
banks, which have their network spread out in far flung areas, will be a daunting task.
Penetration of information technology in banking has been successful in the urban areas,
unlike in the rural areas where it is insignificant.

Risk Management Resources: Experts say that dearth of risk management expertise in the
Asia Pacific region will serve as a hindrance in laying down guidelines for a basic
framework for the new capital accord.

Communication gap: An integrated risk management concept, which is the need of the
hour to align market, credit and operational risk, will be difficult due to significant
disconnect between business, risk managers and IT across the organizations in their
existing set up.

Huge Investment: Implementation of the Basel-II will require huge investments in

technology. According to estimates Indian banks, especially those with a sizeable branch
network, will need to spend well over $50-70 million on this.

In a recent survey conducted by the Federation of Indian Chambers of Commerce &

Industry (FICCI), 55 per cent of the respondents' claim that Indian banks lack adequate
preparedness to be able to conform to the Basel-II provisions by 2006. Whereas, 50 per
cent of public sector banks have expressed their preparedness in meeting these guidelines,
only 25 per cent of the old and new private sector and foreign banks are likely to be ready
to meet them by 2006. According to the survey, concerns of the Indian banks in
implementing these norms are:

11
 • 51.6 per cent said due to low levels of computerization,
• 87 per cent said due to absence of robust internal credit rating mechanism,
• 80.6 per cent said due to lack a strong management information system,
• And 58 per cent said due to lack of sufficient training and education to reach the
levels to conform to the provisions of Basel-II.

MAIN TEXT:

What is Operational Risk?

Operational risk is as old as banking. It even precedes market and credit risks, and yet,
there is no universally accepted definition for it. Operational risk is often defined by what
it is not. Any risk that is not related to credit market and liquidity risk is identified as

12
operational risk. The Basel committee on Banking Supervision defined operational risk as
“the risk of loss resulting from inadequate or failed internal processes, people and
systems or from externals events. This definition includes legal risk but excludes strategic
and reputation risk”.

Therefore Operational risk involves:

• Loss of money/fund.
• Main category causing such loss is internal process, people and system.
• Additionally external events (e.g. flood, earthquake, terrorist attack etc.) also may
cause loss.
• Legal non-compliance is considered as operational risk.
• But strategic and reputation risk areas are not operational risk (in fact now
altogether a separate class-explained hereunder).

Figure 1: operational Risk - Sources of Risk

Business
Processes
Business People
Environmen
t Operationa
l Constant
Risk Change
Business
Strategy Control
Systems
IT Systems

Analysis of Components
Internal process and system related areas of operational risk may be of the following
nature:
• Payment/settlement risk due to breakdown in process/reconciliation system.
• Incorrect processing of service charges/cost (other than interest matter).

13
 • Inappropriate product selection/product complexity especially in related segments.
• Lack of integration of various processes e.g. deposit of cash by a customer of D/D
and subsequent issue of D/D
• Inadequate infrastructure for control of process/systems.
• Inadequate data information execution.

People related risk areas may be of the following:

• Fraud by staff or by others.
• Mistakes/errors not with any fraudulent motive.
• Workforce disruption e.g. strike, lockout.
• Loss of high skilled people e.g. Head of Technology Services Dept.
• Health and safety issues of staff.

Strategic and Reputation risk

Adverse business decisions by the top management arising out of
inadequate/inappropriate appreciation of market/ industry changes etc. and/or ineffective
implementation of top management decisions may be treated as strategic risk areas which
may affect a bank’s profit/capital.

Shrinkage of market share is however a symptoms on goodwill of a bank (converting

goodwill into bad will?) and in turn may effect bank’s profit/capital. This category of risk
may be as follows:
• Negative public opinion about product/service or health and safety standards.
• It is often said that an Internet bank is exposed to greater reputation risk than a
traditional bank as the customer may quickly quit a bank if negative opinions is
formed.
• Adverse opinions by regulatory authority in regards to working of a bank.
• Basel II Accord has not prescribed any special treatment for strategic and
reputation risk probably because of difficulties than may be associated in proper
identification, measurement and monitoring such risk. Hence, such risks in
banking would for the time being (till Basel III comes up??) continue to be
managed as Hitherto.

The Measurement Methodologies

• The framework outlined below presents three methods for calculating operational
risk capital charges in a continuum of increasing sophistication and risk
sensitivity:
(1) The Basic Indicator Approach
(2) The Standardized Approach

14
 (3) Advanced Measurement Approaches (AMA)

• Banks are encouraged to move along the spectrum of available approaches as they
develop more sophisticated operational risk measurement systems and practices.

• Internationally active banks and banks with significant operational risk exposures
(for example, specialized processing banks) are expected to use an approach that
is more sophisticated than the Basic Indicator Approach and that is appropriate for
the risk profile of the institution.

• A bank will be permitted to use the Basic Indicator or Standardized Approach for
some parts of its operations and an AMA for others provided certain minimum
criteria are met.

• A bank will not be allowed to choose to revert to a simpler approach once it has
been approved for a more advanced approach without supervisory approval.

• If a supervisor determines that a bank using a more advanced approach no longer

meets the qualifying criteria for this approach, it may require the bank to revert to
a simpler approach for some or all of its operations.

1. Basic Indicator Approach

Banks using the Basic Indicator Approach must hold capital for operational risk equal to
the average over the previous three years of a fixed percentage (denoted alpha) of positive
annual gross income. Figures for any year in which annual gross income is negative or
zero, should be excluded from both the numerator and denominator when calculating the
average. The charge may be expressed as follows:

KBIA = GI *α

Where,
KBIA = the capital charge under the Basic indicator approach.
GI = average annual gross income over the previous three years.
α = 15%, which is set by the committee, relating the industry- wide level of
the required capital to the industry-wide level of the indicator.

‘Gross Income’ for the above purpose consists of net interest income plus non-interest
income. Extra- ordinary income/expenses are to be ignored.
Gross income is defined as net interest income plus net non-interest income. It is
Intended that this measure should:
(i) Be gross of any provisions (e.g. for unpaid interest).
(ii) Be gross of operating expenses, including fees paid to outsourcing service.
(iii) Exclude realized profits/losses from the sale of securities in the banking book.

15
 and
(iv) Exclude extraordinary or irregular items as well as income derived from insurance.

As a point of entry for capital calculation, no specific criteria for use of the Basic
Indicator Approach is set out in this Framework. Nevertheless, banks using this approach
are encouraged to comply with the Committee’s guidance on Sound Practices for the
Management and Supervision of Operational Risk.

Example:
Say gross income for the last three years is respectively Rs.20000, 30000 and 80000. So
the capital requirement under the basic indicator approach is Rs.6500 as shown in Table

Table 1: Basic Indicator Approach

Year Gross INCOME (GI) Alpha(α) KBIA
1 20000
2 30000
3 80000
Total 130000
Average 43333.33333 15% 6500

State Bank of India

Gross
Year Alpha (α) KBIA
Income
2005 4300
2006 4400
2007 4540
Total 13240
Average 4413.333333 0.15 662

Punjab National Bank

Gross
Year Alpha (α) KBIA
Income
2005 1410
2006 1430

16
 2007 1540
Total 4380
Average 1460 0.15 219

Bank of Baroda
Gross
Year Alpha (α) KBIA
Income
2005 670
2006 825
2007 1025
Total 2520
Average 840 0.15 126

ICICI Bank
Gross
Year Alpha (α) KBIA
Income
2005 2005
2006 2540
2007 3110
Total 7655
Average 2551.666667 0.15 382.75

HDFC
Bank
Gross
Year Alpha (α) KBIA
Income
2005 665
2006 870
2007 1140
Total 2675
Average 891.6666667 0.15 133.75

Axis Bank
Gross
Year Alpha (α) KBIA
Income
2005 335
2006 485
2007 660
Total 1480
Average 493.3333333 0.15 74

2. The Standardized Approach

Under this approach capital requirement will be arrived at in the following manner:

17
 • In the Standardized Approach, banks’ activities are divided into eight business
lines: Corporate finance, trading & sales, retail banking, commercial banking,
payment &settlement, agency services, asset management, and retail brokerage.

• Within each business line, gross income is a broad indicator that serves as a proxy
for the scale of business operations and thus the likely scale of operational risk
exposure within each of these business lines.

• The capital charge for each business line is calculated by multiplying gross
income by a factor (denoted beta) assigned to that business line. Beta serves as a
proxy for the industry-wide relationship between the operational risk loss
experience for a given business line and the aggregate level of gross income for
that business line.

• It should be noted that in the Standardized Approach gross income is measured

for each business line, not the whole institution, i.e. in corporate finance, the
indicator is the gross income generated in the corporate finance business line.

• The total capital charge is calculated as the three-year average of the simple
summation of the regulatory capital charges across each of the business lines in
year. In any given year, negative capital charges (resulting from negative gross
income) in any business line may offset positive capital charges in other business
lines without limit. However, where the aggregate capital charge across all
business lines within a given year is negative, then the input to the numerator for
that year will be zero.

Table 2: Business Line-wise Betas

Business Lines Beta Factors
(In %)
Corporate finance (ß1) 18
Trading & sales (ß2) 18
Retail banking (ß3) 12
Commercial banking (ß4) 15
Payment & settlement (ß5) 18
Agency services (ß6) 15
Asset management (ß7) 12
Retail Brokerage (ß8) 12

This may be expressed as:

18
 KTSA = Σ (GI1-8 Х ß1-8)
Where
KTSA = the capita charge under the standardized Approach
GI1-8 = the average annual level of income over the past three years, as defined
above in the Basic Indicator Approach, for each of the eight business
lines.

ß1-8 = a fixed percentage fixed by the committee, relating the level of required
capital to the level of the gross income for each of the eight business lines.

Table 3: Standardized Approach

Business Lines Average GI Beta (ß) GI*ß

Corporate Finance 3000 18% 540

Trading and Sales 2000 18% 360
Retail Banking 5000 12% 600
Commercial Banking 10000 15% 1500
Payment & Settlement 3000 18% 540
Agency Services 4000 15% 600
Asset Management 1000 12% 120
Retail Brokerage 2000 12% 240
KSA 4500

State Bank of India

Year Corporate Tradin Retail Commerci Payment & Agency Asset Retail
Finance g and Banking al Banking Settlement Services Managem Brokera
Sales ent ge
2005 1210 540 875 1015 230 130 180 120
2006 1240 535 880 1055 235 120 200 135
2007 1290 545 890 1070 250 135 215 145
Total 3740 1620 2645 3140 715 385 595 400
Average 1246.67 540.00 881.67 1046.67 238.33 128.33 198.33 133.33

Average Beta (β)

Business Lines GI in % GI*β

Corporate Finance 1246.67 0.18 224.40

Trading and Sales 540.00 0.18 97.20

19
 Retail Banking 881.67 0.12 105.80
Commercial
Banking 1046.67 0.15 157.00
Payment &
Settlement 238.33 0.18 42.90
Agency Services 128.33 0.15 19.25
Asset Management 198.33 0.12 23.80
Retail Brokerage 133.33 0.12 16.00
KSA 686.35

Bank of Baroda
Trading Payment
Corporate Retail Commercial Agency Asset Retail
Year and &
Finance Banking Banking Services Management Brokerage
Sales Settlement
2005 180 70 95 165 50 30 40 40
2006 205 95 80 190 70 55 70 60
2007 290 115 95 225 80 60 85 75
Total 675 280 270 580 200 145 195 175
Average 225.00 93.33 90.00 193.33 66.67 48.33 65.00 58.33

Average Beta (β)

Business Lines GI in % GI*β

Corporate Finance 225.00 0.18 40.50

Trading and Sales 93.33 0.18 16.80
Retail Banking 90.00 0.12 10.80
Commercial
Banking 193.33 0.15 29.00
Payment &
Settlement 66.67 0.18 12.00
Agency Services 48.33 0.15 7.25
Asset Management 65.00 0.12 7.80
Retail Brokerage 58.33 0.12 7.00
KSA 131.15

ICICI Bank

20
 Trading Payment
Corporate Retail Commercial Agency Asset Retail
Year and &
Finance Banking Banking Services Management Brokerage
Sales Settlement
2005 470 295 405 420 160 60 90 105
2006 580 350 510 525 230 95 120 130
2007 705 400 645 655 270 120 155 160
Total 1755 1045 1560 1600 660 275 365 395
Average 585.00 348.33 520.00 533.33 220.00 91.67 121.67 131.67

Average Beta (β)

Business Lines GI in % GI*β

Corporate Finance 585.00 0.18 105.30

Trading and Sales 348.33 0.18 62.70
Retail Banking 520.00 0.12 62.40
Commercial
Banking 533.33 0.15 80.00
Payment &
Settlement 220.00 0.18 39.60
Agency Services 91.67 0.15 13.75
Asset Management 121.67 0.12 14.60
Retail Brokerage 131.67 0.12 15.80
KSA 394.15

The Alternative Standardized Approach

At national supervisory discretion a supervisor can choose to allow a bank to use the
Alternative Standardized Approach (ASA) provided the bank is able to satisfy its
supervisor that this alternative approach provides an improved basis by, for example,
avoiding double counting of risks. Once a bank has been allowed to use the ASA, it will
not be allowed to revert to use the standardized Approach without the permission of its
supervisor.
Under the ASA, the operational capital charge/methodology is the same as for the
Standardized Approach except for the two business lines- retail banking and commercial
banking. For these business lines, loans and advances -multiplied by a fixed factor ‘m’-
replace gross income as the exposure indicator. The betas for retail and commercial
banking are unchanged from the Standardized Approach. The ASA operational risk
capital charge for retail banking (with the same basic formula for commercial banking)
can be expressed as:

KRB = ßRB Х m Х LARB

Where
KRB = the capital charge for the retail banking business line
ßRB = the beta for the retail banking business line.
LARB = total outstanding retails loans and advances (non-risk weighted and
gross of provisions), averaged over the past three years
m = 0.035

21
For the purposes of the ASA, total loans and advances in the retail banking business line
consists of the total drawn amounts in the following credit portfolios: retail, SMEs treated
as retail, and purchased retail
receivables. For commercial banking, total loans and advances consists of the drawn
amounts in the following credit portfolios: corporate, sovereign, bank, specialized
lending, SMEs treated as corporate and purchased corporate receivables. The book value
of securities held in the banking book should also be included.

Under the ASA, banks may aggregate retail and commercial banking (if they wish to)
using a beta of 15%. Similarly, those banks that are unable to disaggregate their gross
income into the other six business lines can aggregate the total gross income for these six
business lines using a beta of 18%, with negative gross income treated as described
above.

As under the Standardized Approach, the total capital charge for the ASA is calculated as
the simple summation of the regulatory capital charges across each of the eight business
lines.

Average Beta
Business Lines GROSS INCOME (GI) GI (ß) GI*ß m LA*ß*m KASA
Year 1 Year 2 Year 3
Corporate Finance 4200 2500 2300 3000 18% 540 540
Trading and Sales 1200 1300 3500 2000 18% 360 360
Payment & Settlement 2000 4000 3000 3000 18% 540 540
Agency Services 3000 5000 4000 4000 15% 600 600
Asset Management 500 1200 1300 1000 12% 120 120
Retail Brokerage 2000 1500 2500 2000 12% 240 240
LOANS & ADVANCES
(LA) Average LA LA*ß
55000
Retail Banking 0 450000 500000 500000 12% 60000 0.035 2100 2100
40000 100000 130000
Commercial Banking 0 0 0 900000 15% 135000 0.035 4725 4725
TOTAL KASA 9225

3. Advanced Measurement Approach

Subject to approval of Regulatory Authorities of each country, the capital required will be
worked out taking into account the risk measure generated by bank’s integrated
operational risk management system using qualitative and quantitative criteria as laid
down in the Accord. As Per RBI Press Reports, RBI is likely to ask banks in India to
adopt Basic Indicators Approach for the time being.

Under this method, banks are permitted to use their in-house model to calculate the
required capital, subject to, of course, supervisory approval on the following:
• Active involvement of directors and senior management in the oversight of the
operational risk management framework.

22
 • Implementation of conceptually sound risk management system with integrity.

• Process of sufficient resources that are required to manage different business lines
and to manage “control” and “audit” functions effectively.

As the approach to measurement of operational risk is still not perfected as much as the
measurement of market risk or credit risk, banks are in dilemma as to how to implement
the advanced model approach. The consultation paper has, however, identified three
forms of models for estimating operational risk:

Internal Modeling Approach

Under this method, the expected losses in each business lines are calculated by examining
the average of past losses experienced, and then multiplied by a standard Gama” factor to
derive a figure for unexpected or worst case losses which give the capital requirement.

Loss Distribution Approach

As in case pf VaR this method attempts top fit a statistical distribution of the historical
losses and derives the capital requirement from a confidence level on this distribution.

Scorecard Approach

Under this method, bank start estimating historical loss data as in the previous two
methods, but also take into consideration the future risk such as staff turnover and the
qualitative assessment of the bank’s control environment.

Amongst the three models, the scorecard approach is perceived as an attractive approach
for it offers the following advantages:
• It provides a more complete and accurate measure of operational risk, by
incorporating forward-looking risk indicators and qualitative assessments of the
control environment as well as loss data.
• It gives managers much stronger incentives to reduce risks, and much better tools
to help them identify how to do so.
• It is much easier to implement and also easier to adapt as the requirements of the
bank and the regulators evolve over time.

The first two methods have measure defects. They fails to take into account the loss type
that have not yet occurred and secondly, they fails to adapt to the recent changes in the

23
risk environment that have altered the probability of likely impact of the events. As
against this, the scorecard approach captures these two issues by focusing on general risk
classes and on the risk factor that are internal and external to the bank that drives the
probability of these risks. There is, however, an element of ‘subjectivity’ under the
scorecard approach in assigning weights to each item.

Qualifying criteria

1. The Standardized Approach

• In order to qualify for use of the Standardized Approach, a bank must satisfy its
supervisor that, at a minimum:

(A) Its board of directors and senior management, as appropriate, are actively
involved in the oversight of the operational risk management framework.

(B) It has an operational risk management system that is conceptually sound

and is implemented with integrity; and

(C) It has sufficient resources in the use of the approach in the major business
lines as well as the control and audit areas.

• Supervisors will have the right to insist on a period of initial monitoring of a

bank’s Standardized Approach before it is used for regulatory capital purposes.

• A bank must develop specific policies and have documented criteria for
mapping gross income for current business lines and activities into the
standardized framework. The criteria must be reviewed and adjusted for new or
changing business activities as appropriate.

• As some internationally active banks will wish to use the Standardized

Approach, it is important that such banks have adequate operational risk
management systems. Consequently, an internationally active bank using the
Standardized Approach must meet the following additional criteria:

(A) The bank must have an operational risk management system with
clear responsibilities assigned to an operational risk management
function. The operational risk management function is responsible for
developing strategies to identify, assess, monitor and control/mitigate
operational risk; for codifying firm-level policies and procedures
concerning operational risk management and controls; for the design and
implementation of the firm’s operational risk assessment methodology;
and for the design and implementation of a risk-reporting system for
operational risk.

24
 (B) As part of the bank’s internal operational risk assessment system, the
bank must systematically track relevant operational risk data including
material losses by business line. Its operational risk assessment system
must be closely integrated into the risk management processes of the
bank. Its output must be an integral part of the process of monitoring and
controlling the banks operational risk profile. For instance, this
information must play a prominent role in risk reporting, management
reporting, and risk analysis. The bank must have techniques for creating
incentives to improve the management of operational risk throughout the
firm.

(C) There must be regular reporting of operational risk exposures, including

material operational losses, to business unit management, senior
management, and to the board of directors. The bank must have
procedures for taking appropriate action according to the information
within the management reports.

(D) The bank’s operational risk management system must be well

documented. The bank must have a routine in place for ensuring
compliance with a documented set of internal policies, controls and
procedures concerning the operational risk management system, which
must include policies for the treatment of noncompliance issues.

(E) The bank’s operational risk management processes and assessment

system must be subject to validation and regular independent review.
These reviews must include both the activities of the business units and
of the operational risk management function.

(F) The bank’s operational risk assessment system (including the internal
validation processes) must be subject to regular review by external
auditors and/or supervisors.

2. Advanced Measurement Approaches (AMA)

(1) General standards

• In order to qualify for use of the AMA a bank must satisfy its supervisor that, at
a minimum:

(A) Its board of directors and senior management, as appropriate, are

actively involved in the oversight of the operational risk
management framework.

(B) It has an operational risk management system that is

conceptually sound and is implemented with integrity; and

25
 (C) It has sufficient resources in the use of the approach in the
major business lines as well as the control and audit areas.

• A bank’s AMA will be subject to a period of initial monitoring by its supervisor

before it can be used for regulatory purposes. This period will allow the
supervisor to determine whether the approach is credible and appropriate. As
discussed below, a bank’s internal measurement system must reasonably estimate
unexpected losses based on the combined use of internal and relevant external
loss data, scenario analysis and bank-specific business environment and internal
control factors. The bank’s measurement system must also be capable of
supporting an allocation of economic capital for operational risk across business
lines in a manner that creates incentives to improve business line operational risk
management.

(2) Qualitative standards

A bank must meet the following qualitative standards before it is permitted to

use an AMA for operational risk capital:

(A) The bank must have an independent operational risk management

function that is responsible for the design and implementation of
the bank’s operational risk management framework. The
operational risk management function is responsible for codifying
firm-level policies and procedures concerning operational risk
management and controls; for the design an implementation of the
firm’s operational risk measurement methodology; for the design a
implementation of a risk-reporting system for operational risk and
for developing strategies to identify, measure, monitor and
control/mitigate operational risk.

(B) The bank’s internal operational risk measurement system

must be closely integrated into the day-to-day risk management
processes of the bank. Its output must be an integral part of the
process of monitoring and controlling the bank’s operational risk
profile. For instance, this information must play a prominent role in
risk reporting, management reporting, internal capital allocation,
and risk analysis. The bank must have techniques for allocating
operational risk capital to major business lines and for creating
incentives to improve the management of operational risk
throughout the firm.

(C) There must be regular reporting of operational risk exposures and

loss experience to business unit management, senior management,
and to the board of directors. The bank must have procedures for

26
 taking appropriate action according to the information within the
management reports.

(D) The bank’s operational risk management system must be well

documented. The bank must have a routine in place for ensuring
compliance with a documented set of internal policies, controls and
procedures concerning the operational risk management system,
which must include policies for the treatment of noncompliance
issues.

(E) Internal and/or external auditors must perform regular reviews of

the operational risk management processes and measurement
systems. This review must include both the activities of the
business units and of the independent operational risk management
function.

(F) The validation of the operational risk measurement system by

external auditor and/or supervisory authorities must include the
following:

I. Verifying that the internal validation processes are

operating in a satisfactory manner; and

II. Making sure that data flows and processes associated

with the risk measurement system are transparent and
accessible. In particular, it is necessary that auditors and
supervisory authorities are in a position to have easy access,
whenever they judge it necessary and under appropriate
procedures, to the system’s specifications and parameters.

(3) Quantitative standards

AMA soundness standard

• Given the continuing evolution of analytical approaches for operational risk, the
Committee is not specifying the approach or distributional assumptions used to
generate the operational risk measure for regulatory capital purposes. However, a
bank must be able to demonstrate that its approach captures potentially severe
‘tail’ loss events. Whatever approach is used, a bank must demonstrate that its
operational risk measure meets a soundness standard comparable to that of the
internal ratings-based approach for credit risk,(i.e. comparable to a one year
holding period and a 99.9th percentile confidence interval).

• The Committee recognizes that the AMA soundness standard provides significant
flexibility to banks in the development of an operational risk measurement and
management system. However, in the development of these systems, banks must

27
 have and maintain rigorous procedures for operational risk model development
and independent model validation. Prior to implementation, the Committee will
review evolving industry practices regarding credible and consistent estimates of
potential operational losses. It will also review accumulated data, and the level of
capital requirements estimated by the AMA, and may refine its proposals if
appropriate.

Ten Principles

Basel committee has identified the following 10 principles for successful management of
operational risk:

1. Board of Directors should be aware of major aspects of Operational risk of the

organization as distinct risk category.
2. The Board of directors should ensure that operational management framework of
the organization provided for effective and comprehensive internal audit.
3. Senior management of the organization should consistently implement approved
operational management framework of the organization.
4. In all material products, activities, processes and systems, operational risk
contract should be identified and assessed.
5. Regular Monitoring system of operational risk profiles and material exposures to
losses should be in place.
6. Policies, processes and procedures to control/mitigate operational risk should be
evolved.
7. Contingency and business continue plan should be evolved.
8. Regulatory Authorities should review periodically about organizations approach
to identify, assess, monitor and control/mitigate operational risk.
9. Regulatory authorities may ensure that appropriate mechanisms are put in place to
allow them to remains appraised of position of operational risk management of the
supervised organizations.
10. Adequate public disclosures to be made to enable market participants to assess
organization’s approach to operational risk.

Basel II proposals: Bank’s concerns

The Basel II proposals have indeed agitated the minds of bankers all over the globe. It has
generated a lot of debate and some of the critical concerns are summarized as:

• It is felt that quantification of operational risk by taking gross income as proxy

may distort the capital requirements. For instance, when a bank incurs huge losses
due to operational problems, it needs to allocate very little capital towards
operational risk. In other words, an efficiently performing bank is being taxed
with more capital allocation vis-à-vis a loss making bank.

28
• It is obvious that an internationally active bank has more exposure to operational
risk than a “domestic-centered” bank by virtue of its leaning towards large scale
fee-generating activities such as instantaneous payments and transfer of funds,
trading in global financial markets on behalf of the clients etc. However, the
proposed method of calculating capital charge does not take into consideration the
source of income, its volatility and the level of exposure. Instead, this method
treats both on par.

• Similarly, there is a wide variation in the operational risk exposures of banks by

virtue of their ways of operating in different geographical locations. Hence, the
uniform application of Alpha and Beta factors as prescribed under the guidelines
does not reflect the accurate requirement of capital coverage.

• Some banks have averred that the Beta factors assigned to various lines of
business under the standardized approach are high and are only applicable for
banks having above average exposure to operational risk.

• It felt that there are no incentives such as reduction in capital charge, etc., for
banks to move from the basic indicator method to standardized approach, though
the qualifying criteria for such switch over calls for significant investment.

• The advanced measurement, though it offers a good amount of flexibility to banks

in terms off developing risk measurement and management systems and by not
prescribing “floor capital”, is not within the reach of every bank. Hence, this is
more likely to create differences in the minimum capital requirement between
large international banks and small banks operating in domestic markets.

• The advance measurement approach mandates a 99.9% confidence interval for

recognizing a model. It is not certain if such a level of confidence could be
achieved right now, since no one knows how these models will work. In the light
of this, it is desirable to give certain discretion to the supervisory authority in
assessing the soundness of a model.

• The guidelines indicate that the banks should use internal data, external data,
scenario analysis and other qualitative adjustments to arrive at the capital
allocation under operational risk. However, it is desirable to grant discretion to
banks using whichever data they feel would be more suitable in the given context.

• Some banks strongly feel that “business strategy”, which is a choice of direction
to steer towards in future, is in itself highly risk prone and yet it is not captured in
the definitions. They argue that any major change in strategy usually requires a
change in the organizational structure, information and control systems, attitudes
and the training requirement of staff etc. At times, the very change initiated by the
CEO may inflict financial losses by virtue of the alienating the operating staff
from the proposed change. Failure of strategies, for whatever reasons, in

29
 delivering the intended results lead to “lost opportunities”. Hence, some bank
argues that “business strategy” must be captured under operational risk.

Operational Risk Policy

It is suggested that first and foremost requirement for each bank is to prepare operational
risk policy, which would work as the Bible for its identification, measurement,
monitoring and control of its operational risk areas. The policy document should inter alia
provide:

• Top management involvement should be on an ongoing basis-operational risk

committee with top management members must meet at least on a quarterly basis
to monitor operational risk areas.

• Bank’s top management assessment (by a study of previous 5/7 years positions) as
to the intensity of each component-process/system related vis-à-vis people related
vis-à-vis externals event related risk should be on regular basis.

• Zone/area wise application of risk component e.g. in some parts of the country,
external events related risks may be more than internal process/ system/people
related risk.

• What risk mitigates bank would like to have e.g. fidelity insurance for staff,
bank’s property insurance etc.

• How frequent manuals of instructions (Book of Instructions) to be updated-ideally

it should be on annual basis.

• What specific arrangements for staff skilling / re-skilling are made?

• What reward/punishment measures for intentional/deliberate mistakes/frauds are

in place?

• To what extents banks wishes to outsource technology or exclusively in dealing

with operational risk problem.

As per guidelines of RBI, operational policy document in a bank may take into account
following aspects:

• Business areas with the probability of high level of risk and on terms severity of
loss: to be avoided.

30
 • Areas of lower level of severity but high probabilities of losses: process and
system design related problems to be thoroughly checked before taking up such
business.

• Small-scale losses with a low degree of probabilities may be accepted on cases to

case basis.

• Where probability is low but severity is high, after initiating necessary preventive
measures e.g. governance, internal control etc. and risk may be accepted.

The above is only indicative. Each bank will have to thoroughly look its business
segments and operational risk elements and evolve its policy within the framework of
regulatory guidelines.

Operational risk and New Capital Accord: Views of Reserve Bank of India

The scope of new operational risk is measured by the probabilities and impact of the
unexpected losses stemming from the deficiency or failure of internal processes, people
and systems, or from external events. A quantitative assessment requires such losses to be
quantified as expected and assumes that probabilities and actual losses can be measured.
Complete quantification is difficult in practice. The analysis of the probability and size of
operational risk is also defeated by the lack of relevant data. One possible way out is to
systematize operational risk and place them in the loss probability and size matrix.

Table 6: Size and probability of unexpected losses

Severity Probability
Low High
Low C B
High D A

For operational risk policy, the following rules result from an analysis of the size and
probability of losses.
• Business area with a high like hood and high level of operational risk (Cell A) to
be avoided.

• Areas with a low level but high probability of losses (B) are often not perceived as
“risk areas”, but merely “cost-intensive” or “low quality”. In such cases, problems
are frequently to be found in process and system design.

• Small-sale losses with a low degree of probability (C) should be accepted if the
cost of prevention exceeds the amount of reduction in losses.

31
 • The significant operational losses are mostly located where the probability is low,
but the severity is high (D). In such cases, preventive measures such as
governance, internal control and management incentives are most important.

RBI Stresses on Internal Control

Since operational risk is one of the important elements of the new Capital Accord, banks
would be required to stress upon their internal control and systems, particularly towards
clearing backlog in balancing of books to ward off clearing differences and inter-branch
and Nostro accounts reconciliation. The progress made by banks in India in reconciliation
of clearing differences as well as inter branch and Nostro accounts, which are prone to
frauds, should be closely monitored by banks. It is also imperative that banks make
concerted efforts to build up appropriate system to reduce the outstandings as early as
possible and also to avoid incidence of fresh outstandings. In order to prevent frauds and
mitigate operational risk arising out of it, bank would be require to strengthen their
internal systems and procedures and take specific steps, particularly in the following
areas (a) Strictly follows the principles of corporate governance; (b) Adhere to the KYC
principles; (c) Build robust systems and procedure to prevent fraud; and (d) Strengthen
internal audit and control systems and put in place the accountability process for audit
and inspection staff.

Operational Risk and Insurance

Insurance could be used to externalize the risk of potentially “low frequency high severity
losses”. The Basel draft expresses its readiness to recognize instruments of insurance to
reduce capital held against operational risk.

The new accord proposes market disclosure on operational risk through pillar 3. The
wider capital markets which hitherto have rarely priced the embedded operational risk of
business are likely to begin to do so. Banks that are in a strong position will be able,
through greater degree of transparency, to apply pressure on less forthcoming competitors
and signal to regulators, the current standards that best reflect good practice.

This is not about the desirability or otherwise of the Basel draft accepting insurance to
reduce the regulatory capital held against operational risk but on the bright prospects hat
the insurance industry has, both as a consequence of Basel norms and the general
willingness of major banks to use insurance products more intensely in their risk
management programs.

Risk Mitigation

32
 Under the AMA, a bank will be allowed to recognize the risk mitigating impact of
insurance in the measures of operational risk used for regulatory minimum capital
requirements. The recognition of insurance mitigation will be limited to 20% of the total
operational risk capital charge calculated under the AMA. A bank’s ability to take
advantage of such risk mitigation will depend on compliance with the following criteria:

• The insurance provider has a minimum claims paying ability rating of A (or
equivalent).

• The insurance policy must have an initial term of no less than one year. For
policies with a residual term of less than one year, the bank must make
appropriate haircuts reflecting the declining residual term of the policy, up to a
full 100% haircut for policies with a residual term of 90 days or less.

• The insurance policy has a minimum notice period for cancellation of 90 days.

• The insurance policy has no exclusions or limitations triggered by supervisory

actions or, in the case of a failed bank, that preclude the bank, receiver or
liquidator from recovering for damages suffered or expenses incurred by the bank,
except in respect of events occurring after the initiation of receivership or
liquidation proceedings in respect of the bank, provided that the insurance policy
may exclude any fine, penalty, or punitive damages resulting from supervisory
actions.

• The risk mitigation calculations must reflect the bank’s insurance coverage in
manner that is transparent in its relationship to, and consistent with, the actual
likelihood and impact of loss used in the bank’s overall determination of its
operational risk capital.

• The insurance is provided by a third-party entity. In the case of insurance through

captives and affiliates, the exposure has to be laid off to an independent third-
party entity, for example through re-insurance that meets the eligibility criteria.

• The framework for recognizing insurance is well reasoned and documented.

• The bank discloses a description of its use of insurance for the purpose of
mitigating operational risk.

OPERATIONAL RISK MANAGEMENT STANDARDS

The BASEL Committee is offering a range of options for assessing the Pillar 1 capital
charge for operational risk. An institution’s ability to meet specific criteria will determine
the specific capital framework for its operational risk calculation. To the extent they can
demonstrate to supervisors increased sophistication and precision in their measurement,

33
management and control of operational risk, institutions are expected to move into more
advanced approaches. This will generally result in a reduction of the operational risk
capital requirement.

Pillar 2 is an integral and critical component of the New Basel Capital Accord and
directly complements the Pillar 1 operational risk charge. Pillar 2 is intended not only to
ensure that banks have adequate capital to support all risks in their business, but also to
encourage banks to develop and use better risk management techniques in monitoring,
managing and controlling those risks. Pillar 2 strongly emphasises the importance of bank
management developing an internal capital assessment process and setting targets for
capital that are commensurate with the bank’s particular risk profile and control
environment. This internal process will be subject to supervisory review and intervention,
where appropriate.

The qualitative judgments by supervisors inherent in the Pillar 1 operational risk

framework increase the relative importance of the supervisory assessment of a bank’s
strategies, policies, practices and procedures contemplated under Pillar 2. This
independent evaluation of operational risk by supervisors should incorporate a review of
the following:

• The bank’s particular capital framework for determining its Pillar 1 operational risk
capital charge (i.e. Basic Indicator, Standardised Approach, or Internal Measurement
Approach);

• The bank’s process for assessing overall capital adequacy for operational risk in
relation to its risk profile and its internal capital targets;

• The effectiveness of the bank’s risk management process with respect to operational
risk exposures;

• The bank’s systems for monitoring and reporting operational risk exposures and
other data quality considerations;

• The bank’s procedures for the timely and effective resolution of operational risk
exposures and events;

• The bank’s process of internal controls, reviews and audit to ensure the integrity of
the overall operational risk management process; and

• The effectiveness of the bank’s operational risk mitigation efforts.

Deficiencies identified during the supervisory review may be addressed through a range
of actions. Supervisors should use the tools most suited to the particular circumstances of
the bank and its operating environment. Possible supervisory responses include:

• Increased monitoring of the bank’s overall operational risk management and assessment
process;

34
• Requiring enhancements to internal measurement techniques;

• Requiring improvements in the operational risk control systems and/or personnel;

• Requiring the bank to raise additional capital immediately; and

• Requiring changes in responsible senior management.

CONCLUSION:

On the basis of the research done, it can be concluded that the Indian Banks are still in the
preparatory phase of implementing Basel II. Most of the banks are confident in
implementing it by March 31, 2009. A major number of banks expressed that Data
collection and IT infrastructure are the biggest challenges in preparing the Basel II
roadmap. Most of the banks use Standardized approach to measure the operational risk
which is more sophisticated than the Basic Indicator approach.

Moreover, the regulatory framework for the Indian banks has failed in supporting these
banks with their preparedness of implementing Basel II.

35
REFERENCES:

 Risk Management in Banking by Joel Bessis

 Risk Management in Banks – ICFAI Vision Press
 The Journal of Banking and Finance
 Reading materials by BCBS
 ICMR Books

www.bis.org
www.rbi.gov.in
www.erisk.com
www.riskglossary.com
www.ronalddomingues.com

36
www.cmie.com
www.google.com
www.indiainfoline.com
www.fsa.gov.com
http://www.bis.org/publ/bcbs107.htm
http://www.sungard.com/basel_ii/solutions/oprisk.htm

37