CHAPTER 1

INTRODUCTION

The significant transformation of the banking industry in India is

clearly evident from the changes that have occurred in the financial markets,
institutions and products. While deregulation has opened up new vistas for
banks to argument revenues, it has entailed greater competition and
consequently greater risks. Cross- border flows and entry of new products,
particularly derivative instruments, have impacted significantly on the
domestic banking sector forcing banks to adjust the product mix, as also to
effect rapid changes in their processes and operations in order to remain
competitive to the globalized environment. These developments have
facilitated greater choice for consumers, who have become more discerning
and demanding compelling banks to offer a broader range of products
through diverse distribution channels. The traditional face of banks as mere
financial intermediaries has since altered and risk management has emerged
as their defining attribute.
Currently, the most important factor shaping the world is
globalization. The benefits of globalization have been well documented and
are being increasingly recognized. Integration of domestic markets with
international financial markets has been facilitated by tremendous
advancement in information and communications technology.

1.1 Objectives
To study broad outline of management of credit, market and operational
risks associated with banking sector.
Though the risk management area is very wide and elaborated, still the
project covers whole subject in concise manner.
The study aims at learning the techniques involved to manage the various
types of risks, various methodologies undertaken. The application of the
techniques involves us to gain an insight into the following aspects:

An overview of the risks in general.

An insight of the various credit, market and operational risks
attached to the banking sector
The methodology related to the management of operational risk
followed at PNB.
Tools applied in for measurement and management of various
types of risks.
Having an insight into the practical aspects of the working of
various departments.

1.2 Scope of the Study

The report seeks to present a comprehensive picture of the various risks
inherent in the bank. The risks can be broadly classified into three
categories:
Credit risk
Market risk
Operational risk
Within each of these broad groups, an attempt has been made to cover as
comprehensively as possible, the various sub-groups
The computation of capital charge for market risk will also be taken
practically as also the assigning the ratings for individual borrowers. PNB is
also under the key process of testing and implementation of Reuters
"KONDOR" software for its VaR calculations and other aspects of market
risk.

1.3 Limitation of the Study

1. The major limitation of this study shall be data availability as the data is
proprietary and not readily shared for dissemination.
2. Due to the ongoing process of globalization and increasing competition,
no one model or method will suffice over a long period of time and constant
up gradation will be required. As such the project can be considered as an
overview of the various risks prevailing in Punjab National Bank and in the
Banking Industry.

3. Each bank, in conforming to the RBI guidelines, may develop its own
methods for measuring and managing risk.
4. The concept of risk management implementation is relatively new and
risk management tools can prove to be costly.
5. Out of the various ways in which risks can be managed, none of the
method is perfect and may be very diverse even for the work in a similar
situation for the future.
6. Due to ever changing environment, many risks are unexpected and the
remedial measures available are based on general experience from the past.

7. Selection of methods depends on the firms expectations as well as the

risk appetite. Also risks can only be minimized not completely erased.

CHAPTER 2
DEFINITION OF RISK

2.1

What is Risk

"What is risk?" And what is a pragmatic definition of risk? Risk

means different things to different people. For some it is "financial
(exchange rate, interest-call money rates), mergers of competitors globally to
form more powerful entities and not leveraging IT optimally" and for
someone else "an event or commitment which has the potential to generate
commercial liability or damage to the brand image". Since risk is accepted in
business as a trade off between reward and threat, it does mean that taking
risk bring forth benefits as well. In other words it is necessary to accept
risks, if the desire is to reap the anticipated benefits.
Risk in its pragmatic definition, therefore, includes both threats that
can materialize and opportunities, which can be exploited. This definition of
risk is very pertinent today as the current business environment offers both
challenges and opportunities to organizations, and it is up to an organization
to manage these to their competitive advantage.

2.2

What is Risk Management - Does it Eliminate Risk

Risk management is a discipline for dealing with the possibility that

some future event will cause harm. It provides strategies, techniques, and an
approach to recognizing and confronting any threat faced by an organization
in fulfilling its mission. Risk management may be as uncomplicated as
asking and answering three basic questions:
1. What can go wrong?
2. What will we do (both to prevent the harm from occurring and in the
aftermath of an "incident")?
3. If something happens, how will we pay for it?
Risk management does not aim at risk elimination, but enables the
organization to bring their risks to manageable proportions while not
severely affecting their income. This balancing act between the risk levels
and profits needs to be well-planned. Apart from bringing the risks to
manageable proportions, they should also ensure that one risk does not get
transformed into any other undesirable risk. This transformation takes place
due to the inter-linkage present among the various risks. The focal point in
managing any risk will be to understand the nature of the transaction in a
way to unbundle the risks it is exposed to.
Risk Management is a more mature subject in the western world. This
is largely a result of lessons from major corporate failures, most telling and
visible being the Barings collapse. In addition, regulatory requirements have
been introduced, which expect organizations to have effective risk
management practices. In India, whilst risk management is still in its

infancy, there has been considerable debate on the need to introduce

comprehensive risk management practices.

2.3

Objectives of Risk Management Function

Two distinct viewpoints emerge

One which is about managing risks, maximizing profitability and

creating opportunity out of risks

And the other which is about minimizing risks/loss and protecting

corporate assets.
The management of an organization needs to consciously decide on

whether they want their risk management function to 'manage' or 'mitigate'

Risks.

Managing risks essentially is about striking the right balance between

risks and controls and taking informed management decisions on
opportunities and threats facing an organization. Both situations, i.e.
over or under controlling risks are highly undesirable as the former
means higher costs and the latter means possible exposure to risk.

Mitigating or minimizing risks, on the other hand, means mitigating

all risks even if the cost of minimizing a risk may be excessive and
outweighs the cost-benefit analysis. Further, it may mean that the
opportunities are not adequately exploited.

Risks in Banking
Risks manifest themselves in many ways and the risks in banking are a
result of many diverse activities, executed from many locations and by
numerous people. As a financial intermediary, banks borrow funds and
lend them as a part of their primary activity. The case discusses the
various risks that arise due to financial intermediation and by
highlighting the need for asset-liability management; it discusses the Gap
Model for risk management.
FINANCIAL RISKS

MARKET
RISK

LIQUIDITY
RISK

OPERATIONAL
RISK

CREDIT RISK

LEGAL &
REGULATORY RISK

FUNDING
LIQUIDITY RISK

TRANSACTION
RISK

HUMAN
FACTOR RISK

TRADING
LIQUIDITY RISK

PORTFOLIO
CONCENTRATION

ISSUE RISK

EQUITY
RISK

ISSUER RISK

INEREST
RATE RISK

TRADING
RISK

GENERAL
MARKET RISK

COUNTERPARTY
RISK

CURRENCY
RISK

COMMODITY
RISK

GAP RISK

SPECIFIC
RISK

1. MARKET RISK
Market risk is that risk that changes in financial market prices and
rates will reduce the value of the banks positions. Market risk for a fund is
often measured relative to a benchmark index or portfolio, is referred to as a
risk of tracking error market risk also includes basis risk, a term used in
risk management industry to describe the chance of a breakdown in the
relationship between price of a product, on the one hand, and the price of the
instrument used to hedge that price exposure on the other. The market-Var
methodology attempts to capture multiple component of market such as
directional risk, convexity risk, volatility risk, basis risk, etc.
2. CREDIT RISK

Credit risk is only an issue when the position is an asset, i.e., when it
exhibits a positive replacement value. In that instance if the counterparty
defaults, the bank either loses all of the market value of the position or, more
commonly, the part of the value that it cannot recover following the credit
event. However, the credit exposure induced by the replacement values of
derivative instruments are dynamic: they can be negative at one point of
time, and yet become positive at a later point in time after market conditions
have changed. Therefore the banks must examine not only the current
exposure, measured by the current replacement value, but also the profile of
future exposures up to the termination of the deal.
3. LIQUIDITY RISK
Liquidity risk comprises both

Funding liquidity risk

Trading-related liquidity risk.

Funding liquidity risk relates to a financial institutions ability to raise

the necessary cash to roll over its debt, to meet the cash, margin, and
collateral requirements of counterparties, and (in the case of funds) to satisfy
capital withdrawals. Funding liquidity risk is affected by various factors
such as the maturities of the liabilities, the extent of reliance of secured
sources of funding, the terms of financing, and the breadth of funding
sources, including the ability to access public market such as commercial
paper market. Funding can also be achieved through cash or cash
equivalents, buying power , and available credit lines.

10

4. OPERATIONAL RISK
It refers to potential losses resulting from inadequate systems,
management failure, faulty control, fraud and human error. Many of the
recent large losses related to derivatives are the direct consequences of
operational failure. Derivative trading is more prone to operational risk than
cash transactions because derivatives are, by heir nature, leveraged
transactions. This means that a trader can make very large commitment on
behalf of the bank, and generate huge exposure in to the future, using only
small amount of cash. Very tight controls are an absolute necessary if the
bank is to avoid huge losses.
Operational risk includes fraud, for example when a trader or other
employee intentionally falsifies and misrepresents the risk incurred in a
transaction. Technology risk, and principally computer system risk also fall
into the operational risk category.
5. LEGAL RISK
Legal risk arises for a whole of variety of reasons. For example,
counterparty might lack the legal or regulatory authority to engage in a
transaction. Legal risks usually only become apparent when counterparty, or
an investor, lose money on a transaction and decided to sue the bank to
avoid meeting its obligations. Another aspect of regulatory risk is the
potential impact of a change in tax law on the market value of a position.

11

6. HUMAN FACTOR RISK

Human factor risk is really a special form of operational risk. It relates
to the losses that may result from human errors such as pushing the wrong
button on a computer, inadvertently destroying files, or entering wrong value
for the parameter input of a model.

CHAPTER 3
TOPOLOGIES OF RISK EXPLOSURE

3.1 Market Risk

What is Market Risk?

12

Market Risk may be defined as the possibility of loss to a bank caused

by changes in the market variables. The Bank for International Settlements
(BIS) defines market risk as the risk that the value of 'on' or 'off' balance
sheet positions will be adversely affected by movements in equity and
interest rate markets, currency exchange rates and commodity prices". Thus,
Market Risk is the risk to the bank's earnings and capital due to changes in
the market level of interest rates or prices of securities, foreign exchange and
equities, as well as the volatilities of those changes. Besides, it is equally
concerned about the bank's ability to meet its obligations as and when they
fall due. In other words, it should be ensured that the bank is not exposed to
Liquidity Risk. Thus, focus on the management of Liquidity Risk and
Market Risk, further categorized into interest rate risk, foreign exchange
risk, commodity price risk and equity price risk. An effective market risk
management framework in a bank comprises risk identification, setting up of
limits and triggers, risk monitoring, models of analysis that value positions
or measure market risk, risk reporting, etc.
Types of market risk

Interest rate risk:

Interest rate risk is the risk where changes in market interest rates

might adversely affect a bank's financial condition. The immediate impact of

changes in interest rates is on the Net Interest Income (NII). A long term
impact of changing interest rates is on the bank's networth since the
economic value of a bank's assets, liabilities and off-balance sheet positions

13

get affected due to variation in market interest rates. The interest rate risk
when viewed from these two perspectives is known as 'earnings perspective'
and 'economic value' perspective, respectively.
Management of interest rate risk aims at capturing the risks arising
from the maturity and repricing mismatches and is measured both from the
earnings and economic value perspective.

Equity price risk:

The price risk associated with equities also has two components

General market risk refers to the sensitivity of an instrument / portfolio

value to the change in the level of broad stock market indices. Specific /
Idiosyncratic risk refers to that portion of the stocks price volatility that is
determined by characteristics specific to the firm, such as its line of
business, the quality of its management, or a breakdown in its production
process. The general market risk cannot be eliminated through portfolio
diversification while specific risk can be diversified away.

Foreign exchange risk:

Foreign Exchange Risk maybe defined as the risk that a bank may

suffer losses as a result of adverse exchange rate movements during a period

in which it has an open position, either spot or forward, or a combination of
the two, in an individual foreign currency. The banks are also exposed to
interest rate risk, which arises from the maturity mismatching of foreign
currency positions. Even in cases where spot and forward positions in
individual currencies are balanced, the maturity pattern of forward

14

transactions may produce mismatches. As a result, banks may suffer losses

as a result of changes in premia/discounts of the currencies concerned.
In the forex business, banks also face the risk of default of the
counterparties or settlement risk. While such type of risk crystallization does
not cause principal loss, banks may have to undertake fresh transactions in
the cash/spot market for replacing the failed transactions. Thus, banks may
incur replacement cost, which depends upon the currency rate movements.
Banks also face another risk called time-zone risk or Herstatt risk which
arises out of time-lags in settlement of one currency in one center and the
settlement of another currency in another time-zone. The forex transactions
with counterparties from another country also trigger sovereign or country
risk.

Commodity price risk:

The price of the commodities differs considerably from its interest
rate risk and foreign exchange risk, since most commodities are traded in the
market in which the concentration of supply can magnify price volatility.
Moreover, fluctuations in the depth of trading in the market (i.e., market
liquidity) often accompany and exacerbate high levels of price volatility.
Therefore, commodity prices generally have higher volatilities and larger
price discontinuities.

15

3.2 Credit Risk

What is Credit Risk?
Credit risk is defined as the possibility of losses associated with
diminution in the credit quality of borrowers or counterparties. In a bank's
portfolio, losses stem from outright default due to inability or unwillingness
of a customer or counterparty to meet commitments in relation to lending,
trading, settlement and other financial transactions. Alternatively, losses
result from reduction in portfolio value arising from actual or perceived
deterioration in credit quality. Credit risk emanates from a bank's dealings
with an individual, corporate, bank, financial institution or a sovereign.

Types of Credit Rating

Credit rating can be classified as:
1. External credit rating.
2. Internal credit rating

External credit rating:

16

A credit rating is not, in general, an investment recommendation

concerning a given security. In the words of S&P, A credit rating is S&P's
opinion of the general creditworthiness of an obligor, or the creditworthiness
of an obligor with respect to a particular debt security or other financial
obligation, based on relevant risk factors. In Moody's words, a rating is,
an opinion on the future ability and legal obligation of an issuer to make
timely payments of principal

and interest on a specific fixed-income

security.
Since S&P and Moody's are considered to have expertise in credit
rating and are regarded as unbiased evaluators, there ratings are widely
accepted by market participants and regulatory agencies. Financial
institutions, when required to hold investment grade bonds by their
regulators use the rating of credit agencies such as S&P and Moody's to
determine which bonds are of investment grade.
The subject of credit rating might be a company issuing debt
obligations. In the case of such issuer credit ratings the rating is an opinion
on the obligors overall capacity to meet its financial obligations.

Internal credit rating:

A typical risk rating system (RRS) will assign both an obligor rating
to each borrower (or group of borrowers), and a facility rating to each
available facility. A risk rating (RR) is designed to depict the risk of loss in a
credit facility. A robust RRS should offer a carefully designed, structured,
and documented series of steps for the assessment of each rating.

17

Credit Risk Management

In this backdrop, it is imperative that banks have a robust credit risk
management system which is sensitive and responsive to these factors. The
effective management of credit risk is a critical component of
comprehensive risk management and is essential for the long term success of
any

banking

organization.

Credit

risk

management

encompasses

identification, measurement, monitoring and control of the credit risk

exposures.

3.3 Operational Risk

What is Operational Risk?
Operational risk is the risk associated with operating a business.
Operational risk covers such a wide area that it is useful to subdivide
operational risk into two components:

Operational failure risk.

Operational strategic risk.

Operational failure risk

Arises from the potential for failure in the course of operating the business.
A firm uses people, processes and technology to achieve the business plans,
and any one of these factors may experience a failure of some kind.
Accordingly, operational failure risk can be defined as the risk that there will
be a failure of people, processes or technology within the business unit. A

18

portion of failure may be anticipated, and these risks should be built into the
business plan. But it is unanticipated, and therefore uncertain, failures that
give rise to key operational risks. These failures can be expected to occur
periodically, although both their impact and their frequency may be
uncertain.
Operational strategic risk
Arises from environmental factors, such as a new competitor that changes
the business paradigram, a major political and regulatory regime change, and
earthquakes and other such factors that are outside the control of the firm. It
also arises from major new strategic initiatives, such as developing a new
line of business or re-engineering an existing business line. All business rely
on people, processes and technology outside their business unit, and the
potential for failure exists there too, this type of risk is referred to as external
dependency risk.

Who Should Manage Operational Risk?

The responsibility for setting policies concerning operational risk
remains with the senior management, even though the development of those
policies may be delegated, and submitted to the board of directors for
approval. Appropriate policies must be put in place to limit the amount of
operational risk

that is assumed by an institution. Senior management

needs to give authority to change the operational risk profile to those who

19

are the best able to take action. They must also ensure that a methodology
for the timely and effective monitoring of the risks that are incurred is in
place. To avoid any conflict of interest, no single group within the bank
should be responsible for simultaneously setting policies, taking action and
monitoring risk.

Internal Audit

Senior Management

Business Management

Legal

Risk Management

Insurance

Operations

Finance

Information
Technology

Key to Implementing Bank-wide Operational Risk Management:

The eight key elements are necessary to successfully implement a
bank-wide operational risk management framework. They involve setting
policy and identifying risk as an outgrowth of having designed a common
language, constructing business process maps, building a best measurement
methodology, providing exposure management, installing a timely reporting

20

capability, performing risk analysis inclusive of stress testing, and allocating

economic capital as a function of operational risk.

Eight Key Elements to Achieve Best Operational Risk

Management.

1. Policy
2.Risk Identification

8. Economic Capital

7. Risk Analysis

6. Reporting

3. Business Process

Best Practice

4. Measuring Methodology
5. Exposure Management

1. Develop well-defined operational risk policies. This includes

explicitly articulating the desired standards for the risk measurement.
One also needs to establish clear guidelines for practices that may
contribute to a reduction of operational risk.
2. Establish a common language of risk identification. For e.g., the term
people risk includes a failure to deploy skilled staff. Technology
risk would include system failure, and so on.

21

3. Develop business process maps of each business. For e.g., one should
create an operational risk catalogue which categories and defines
the various operational risks arising from each organizational unit in
terms of people, process, and technology risk. This catalogue should
be tool to help with operational risk identification and assessment.
Types of Operational Failure
Risk
1. People Risk

1. Incompetency.
2. Fraud.

2. Process Risk
Model Risk

1. Model/ methodology error

2. Mark-to-model error.

TR

1. Execution error.
2. Product complexity.
3. Booking error.

OCR

4. Settlement error.
1. Exceeding limits.
2. Security risk.

3. Technology Risk

3.Volume risk.
1. System failure.
2. Programming error.
3. Information risk.
4. Telecommunications failure.

22

4. Develop a comprehensible set of operational risk metrics. Operational

risk assessment is a complex process. It needs to be performed on a
firm-wide basis at regular intervals using standard metrics. In early
days, business and infrastructure groups performed their own
assessment of operational risk. Today, self-assessment has been
discredited. Sophisticated financial institutions are trying to develop
objective measures of operational risk that build significantly more
reliability into the quantification of operational risk.
5. Decide how to manage operational risk exposure and take appriate
action to hedge the risks. The bank should address the economic
question of th cost-benefit of insuring a given risk for those
operational risks that can be insured.
6. Decide how to report exposure.
7. Develop tools for risk analysis, and procedures for when these tools
should deploped. For e.g., risk analysis is typically performed as part
of a new product process, periodic business reviews, and so on. Stress
testing should be a standard part of risk analysis process. The
frequency of risk assessment should be a function of the degree to
which operational risks are expected to change over time as
businesses undertake new initiatives, or as business circumstances
evolve. This frequency might be reviewed as operational risk
measurement is rolled out across the bank a bank should update its
risk assessment more frequently. Further one should reassess
whenever the operational risk profile changes significantly.

23

8. Develop techniques to translate the calculation of operational risk into

a required amount of economic capital. Tools and procedures should
be developed to enable businesses to make decisions about
operational risk based on risk/reward analysis.

Chapter 4
An Idealized Bank of the Future
The efficient bank of the future will be driven by a single analytical
risk engine that draws its data from a single logical data repository. This
engine will power front-, middle-, and back-office functions, and supply

24

information about enterprise-wide risk. The ability to control and manage

risk will be finely tuned to meet specific business objectives. For example,
far fewer significantly large losses, beyond a clearly articulate tolerance for
loss, will be incurred and the return to risk profile will be vastly improved.
With the appropriate technology in place, financial trading across all
asset classes will move from the current vertical, product-oriented
environment (e.g., swaps, foreign exchange, equities, loans, etc.) to a
horizontal, customer-oriented environment in which complex combinations
of asset types will be traded.
There will be less need for desks that specialize in single product
lines. The focus will shift to customer needs rather than instrument types.
The management of limits will be based on capital, set in such a manner so
as to maximize the risk-adjusted return on capital for the firm.
The firms exposure will be known and disseminated in real time.
Evaluating the risk of a specific deal will take into account its effect on the
firms total risk exposure, rather than simply the exposure of the individual
deal.
Banks that dominate this technology will gain a tremendous
competitive

advantage.

Their

information

technology

and

trading

infrastructure will be cheaper than todays by orders of magnitude.

Conversely, banks that attempt to build this infrastructure in-house will
become trapped in a quagmire of large, expensive IT departments-and
poorly supported software.
The successful banks will require far fewer risk systems. Most of
which will be based on a combination of industry standard, reusable, robust

25

risk software and highly sophisticated proprietary analytics. More

importantly, they will be free to focus on their core business and offer
products more directly suited to their customers desired return to risk
profiles.

CONCLUSION
Banking systems have been with us for as long as people have been using
money. Banks and other financial institutions provide security for
individuals, businesses and governments, alike. Let's recap what has been
learned with this tutorial:

26

In general, what banks do is pretty easy to figure out. For the average person
banks accept deposits, make loans, provide a safe place for money and
valuables, and act as payment agents between merchants and banks.
Banks are quite important to the economy and are involved in such
economic activities as issuing money, settling payments, credit
intermediation, maturity transformation and money creation
In addition to fees and loans, banks are also involved in various other types
of lending and operations including, buy/hold securities, non-interest
income, insurance and leasing and payment treasury services.
History has proven banks to be vulnerable to many risks, however, including
credit, liquidity, market, operating, interesting rate and legal risks. Many
global crises have been the result of such vulnerabilities and this has led to
the strict regulation of state and national banks.

BIBLIOGRAPHY
Books
Galai, Mark, Crouny , Risk Management, second edition.
Saunders Anthony, Credit Risk Management, second edition.
Schleiferr Bell, Risk Management, third edition.

27

Websites
www.rbi.org
www.bis.com
www.iib.org
www.google.co.in

28