Академический Документы
Профессиональный Документы
Культура Документы
INTRODUCTION
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. It includes legal risk but excludes strategic and reputation risk. Operational risk management is perhaps coordinated centrally but most commonly implemented in different operational units (e.g. the IT department takes care of information risks, the HR department takes care of personnel risks, etc.) With Basel II, operational risk is subject to regulatory review: There will be a capital charge for operational risk similar to capital charges of both credit risk and market risk Management of operational risk needs to fulfill quantitative requirements
For measuring capital charges for operational risk there are basically three approaches. Basic Indicator Approach (BIA) Standardized Approach (SA) Advance Measurement Approach (AMA)
As with market and credit risk, the management of operational risk follows a sequence of logical steps: (1) Identification (2) Assessment, (3) Monitoring, and (4) Control or mitigation.
IDBI BANK
Historically, operational risk has been managed by internal control mechanisms within business lines, supplemented by the audit function. The industry is now starting to use specific structures and control processes specifically tailored to operational risk.
RELEVANCE
Growing number of high profile operation loss events worldwide have led bank and supervisors to increasingly view operational risk management as an integral part of risk management activity . It has always been important for banks to try to prevent fraud, maintain the integrity of internal controls, reduce errors in transaction processing, and so on. The project aims at designing a framework to quantify the operational risk in banks. It will guide the bank to measure the adequate amount of capital it needs to maintain so as to hedge against future operational losses. Past history has shown us that Operational losses can play a significant role in the downfall of banks.
IDBI BANK
March 1997NatWest ($127 million loss). A swaption trader, Kyriacos Papouis, deliberately covers up losses by mispricing and overvaluing option contracts. The banks reputation is damaged. NatWest is eventually taken over by the Royal Bank of Scotland. September 1996Morgan Grenfell Asset Management ($720 million loss). A fund manager, Peter Young, exceeds his guidelines, leading to a large loss. Deutsche Bank, the German owner of MGAM, agrees to compensate the investors in the fund. June 1996Sumitomo ($2.6 billion loss). A copper trader amasses unreported losses over three years. Yasuo Hamanaka, known as Mr. Five Percent, after the proportion of the copper market he controlled, is sentenced to prison for forgery and fraud. The banks reputation is severely damaged. September 1995Daiwa ($1.1 billion loss). A bond trader, Toshihide Igushi, amasses unreported losses over 11 years at the U.S. subsidiary. The bank is declared insolvent. February 1995Barings ($1.3 billion loss). Nick Leeson, a derivatives trader, amasses unreported losses over two years. Barings goes bankrupt. October 1994Bankers Trust ($150 million loss). The bank becomes embroiled in a high-profile lawsuit with a customer that accuses it of improper selling practices. Bankers settles, but its reputation is badly damaged. It is later bought out by Deutsche Bank. The largest of these spectacular failures can be traced to a rogue trader, or a case of internal fraud. It should be noted that the cost of these events has been quite high. They led to large, direct monetary losses, sometimes even to bankruptcy. In addition to these direct costs, banks often suffered large indirect losses due to reputation damage. NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
OBJECTIVE
To study about the various sources of operational risk in the Exim Bank and compare it with the other commercial banks operational risk. Hence the objective of the project is: To find the areas of operational risk in commercial banks To narrow down the areas by eliminating those not relevant for Exim bank. To prepare a framework for measuring operational risk using AMA approach To find out the appropriate amount of capital that needs to be maintained by the
IDBI BANK
REVIEW OF LITERATURE
Operation risk is intrinsic to a bank and should hence be an important component of its enterprise wide risk management systems. It is recognised that the approach for operational risk management that may be chosen by an individual bank will depend on a range of factors, including size and sophistication, nature and complexity of its activities. There are basically three approaches to measure operational risks
The basic approach or basic indicator approach is a set of operational risk measurement techniques proposed under Basel II capital adequacy rules for banking institutions. Basel II requires all banking institutions to set aside capital for operational risk. Basic indicator approach is much simpler compared to the alternative approaches (i.e. standardized approach and advanced measurement approach) and this has been recommended for banks without significant international operations. Based on the original Basel Accord, banks using the basic indicator approach must hold capital for operational risk equal to the average over the previous three years of a fixed percentage of positive annual gross income. Figures for any year in which annual gross income is negative or zero should be excluded from both the numerator and denominator when calculating the average. The fixed percentage alpha is typically 15 percent of annual gross income.
The standardized approach is a set of operational risk measurement techniques proposed under capital adequacy rules for banking institutions. Basel II requires all banking NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
institutions to set aside capital for operational risk. Standardized approach falls between basic indicator approach and advanced measurement approach in terms of degree of complexity. Based on the original Basel Accord, under the Standardized Approach, banks activities are divided into eight business lines: corporate finance, trading & sales, retail banking, commercial banking, payment & settlement, agency services, asset management, and retail brokerage. Within each business line, gross income is a broad indicator that serves as a proxy for the scale of business operations and thus the likely scale of operational risk exposure within each of these business lines. The capital charge for each business line is calculated by multiplying gross income by a factor (denoted beta) assigned to that business line. Beta serves as a proxy for the industry-wide relationship between the operational risk loss experience for a given business line and the aggregate level of gross income for that business line. The total capital charge is calculated as the three-year average of the simple summation of the regulatory capital charges across each of the business lines in each year. In any given year, negative capital charges (resulting from negative gross income) in any business line may offset positive capital charges in other business lines without limit.
Under this approach the banks are allowed to develop their own empirical model to quantify required capital for operational risk. Banks can use this approach only subject to approval from their local regulators. It is suited for large sized banks and those operating at the international level. Based on the analysis of all available and relevant data, by means of a statistical model aimed at estimating the probability distribution of the losses.
IDBI BANK
There are four elements to be in place to build an AMA framework. These are: 1. 2. 3. 4. Internal loss data External loss dataScenario analysis Bank specific environmental and Internal control factors
In order to qualify for use of the AMA approach, a bank must satisfy its regulator that, at a minimum: 1. Its board of directors and senior management, as appropriate, are
actively involved in the oversight of the operational risk management framework; 2. 3. It has an operational risk management system that is conceptually It has sufficient resources in the use of the approach in the major sound and is implemented with integrity; and business lines as well as the control and audit areas. Under the AMA approach the Basel guidelines recognizes eight different business lines and seven event types under each.
Banks will be able to crystallise the assessment processes to the underlying The line managers will be aware of operational risk in their line of business;
IDBI BANK
3.
Confusion and territorial overlap which may be linked to subsets of the overall
risk profile of a bank can be avoided. For the purpose of operational risk management, the activities of a bank may be mapped into eight business lines identified in the New Capital Adequacy Framework. The various products launched by the banks are also to be mapped to the relevant business line. Banks must develop specific policies for mapping a product or an activity to a business line and have the same documented to indicate the criteria. The following are the eight recommended business lines. 1. Corporate finance 2. Trading and sales 3. Retail banking 4. Commercial banking 5. Payment and settlement 6. Agency services 7. Asset management 8. Retail brokerage
The following lists the official Basel II defined event types, which are to be taken into account for calculating capital charges for operational risk, with some examples for each category: Basel II event type categories
1.
Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking External Fraud- theft of information, hacking damage, third-party theft and
of positions, [bribery]
2.
IDBI BANK
3.
Employment Practices and Workplace Safety - discrimination, workers Clients, Products, & Business Practice- market manipulation, antitrust, Damage to Physical Assets - natural disasters, terrorism, vandalism Business Disruption & Systems Failures- utility disruptions, software failures, Execution, Delivery, & Process Management - data entry errors, accounting
hardware failures
7.
Like market VAR, the distribution of operational losses can be used to estimate expected losses, as well as the amount of capital required to support this financial risk. The Expected Loss (EL) represents the size of operational losses that should be expected to occur. Typically, this represents high-frequency, low-severity events. This type of loss is generally absorbed as an ongoing cost and managed through internal controls. Such losses are rarely disclosed. The Unexpected Loss (UL) represents the deviation between the quantile loss at some confidence level and the expected loss. Typically, this represents lower-frequency, higher-severity events. This type of loss is generally offset against capital reserves or transferred to an outside insurance company, when available. Such losses are sometimes disclosed publicly, but often with little detail. The Stress Loss (SL) represents a loss in excess of the unexpected loss. By definition, such losses are very infrequent but extremely damaging to the institution. The Barings bankruptcy can be attributed, for instance, in large part to operational risk. This type of NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
loss cannot be easily offset through capital allocation, as it would require too much capital. Ideally, it should be transferred to an insurance company. Due to their severity, such losses are disclosed publicly.
IDBI BANK
METHODOLOGY
Some of the guiding principles for banks to mange operational risks are identification, measurement, monitoring and control of these risks.
list the main business groups viz. corporate finance, trading and sales, retail
banking, commercial banking, payment and settlement, agency services, asset management, and retail brokerage.
The analysis can be further carried out at the level of the product
teams in
these business groups, e.g. transaction banking, trade finance, general banking, cash management and securities markets.
Next, the product offered within these business groups by each product team can After the products are listed, the various operational risk events
associated with these products are recorded. An operational risk event is an NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
incident/experience that has caused or has the potential to cause material loss to the bank either directly or indirectly with other incidents. Risk events are associated with the people, process and technology involved with the product.
BUSI NESS LINES Corporate VaR 1 VaR 2 Finance Trading and VaR 8 VaR 9 Sales Retail Banking VaR 15 VaR 16 Commercial Banking Payment and Settlement VaR 22 VaR 23
VaR 29 VaR 30
VaR 31
VaR 32
VaR 33
VaR 34
VaR 35
Agency Service VaR 36 VaR 37 Asset Management Retail Brokerage VaR 43 VaR 44
VaR 38 VaR 45
VaR 39 VaR 46
VaR 40 VaR 47
VaR 41 VaR 48
VaR 42 VaR 49
VaR 50 VaR 51
VaR 52
VaR 53
VaR 54
VaR 55
VaR 56
IDBI BANK
losses, to simulate a large number of annual loss frequencies generate random numbers from the severity distribution.
annual losses.
Similarly the VaR for each cell will be calculated and added together to get the overall operational VaR of the bank.
IDBI BANK
IDBI BANK
are relevant to decision making. Reports should be distributed to appropriate levels of management and to areas of the bank on which areas of concern may have an impact. Reports should fully reflect any identified problem areas and should motivate timely corrective action on outstanding issues. To ensure the usefulness and reliability of these risk reports and audit reports, management should regularly verify the timeliness, accuracy, and relevance of reporting systems and internal controls in general. Management may also use reports prepared by external sources (auditors, supervisors) to assess the usefulness and reliability of internal reports. Reports should be analysed with a view to improving existing risk management performance as well as developing new risk management policies, procedures and practices.
Separation of functions- Individuals responsible for committing transactions should not perform clearance and accounting functions. Dual entries. Entries (inputs) should be matched from two different sourcesthat is, the trade ticket and the confirmation by the back office. Reconciliations. Results (outputs) should be matched from different sourcesfor instance, the traders profit estimate and the computation by the middle office. Tickler systems. Important dates for a transaction (e.g., settlement and exercise dates) should be entered into a calendar system that automatically generates a message before the due date. Controls over amendments. Any amendment to original deal tickets should be subject to the same strict controls as original trade tickets.
Confirmations. Trade tickets need to be confirmed with the counterparty, which provides an independent check on the transaction. Verification of prices. To value positions, prices should be obtained from external sources. This implies that an institution should have the capability of valuing a transaction in-house before entering it. Authorization. The counterparty should be provided with a list of personnel authorized to trade, as well as a list of allowed transactions. Settlement. The payment process itself can indicate if some of the terms of the transaction have been incorrectly recordedfor instance, if the first cash payments on a swap are not matched across counterparties. Internal/external audits. These examinations provide useful information on potential weakness areas in the organizational structure or business process.
IDBI BANK
ANALYSIS / RESULTS
The Loss Distribution method has been used to prepare the model, using hypothetical data, for the quantification of the operational risk with help of the @ Risk software. The various steps involved in the calculation of the capital charges for operational risk are shown below:
STEP I
Taken 10000 hypothetical operational losses for the last five years. Chosen a threshold, say Rs. 10 lakhs, that is all losses above the threshold limit are considered. Left with 406 losses which are above the threshold. The average losses per year comes out to be 406/5= 81 losses
STEP II
Use the @ Risk software to simulate 1000 numbers of possible losses for the next year, assuming that frequency follows Poisson Distribution.
STEP III
Use each simulated frequency as the assumed number of losses, per year, to generate random numbers from the severity distribution following beta general distribution.
Add all the losses, for each simulated frequency, to find out the size of
annual losses of that particular frequency. For each simulated frequency, we now have the corresponding severity or size of annual losses NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
IDBI BANK
STEP IV Arrange the losses in descending order and mark off the appropriate VaR.
Simulated losses
Annual Frequency 77 95 84 72 83 97 82 76 73 78 83 86 73 71 69 81 95 77 91 75 Severity Sorted Losses
61723813
116430320 103157004 88491940 101521713 118676061 100518494 92970379 89661047 94180576 101792984 105168276 89297395 87057060 84357010 99175398 116313096 94133271 111627464 91793865
118676061 116430320 116313096 111627464 105168276 103157004 101792984 101521713 100518494 99175398 94180576 94133271 92970379 91793865 89661047 89297395 88491940 87057060 84357010 61723813 95% VaR
IDBI BANK
financial institutions. Because institutions are understandably reluctant to advertise their mistakes, it is more difficult to collect data on operational losses. Another problem is that losses may not be directly applicable to another institution, as they were incurred under possibly different business profiles and internal controls.
Second, market and credit risk can be conceptually separated into exposures
and risk factors. Exposures can be easily measured and controlled. In contrast, the link between risk factors and the likelihood and size of operational losses is not so easy to establish. Here, the line of causation runs through internal controls.
Third, very large operational losses, which can threaten the stability of an
institution, are relatively rare. This leads to a very small number of observations in the tails. This thin tails problem makes it very difficult to come up with a robust value for operational risk (VOR) at a high confidence level. As a result, there is still some scepticism as to whether operational risk can be subject to the same quantification as market and credit risks.
IDBI BANK
II. RECOMMENDATIONS
An effective monitoring process is essential for adequately managing operational risk. Regular monitoring activities can offer the advantage of quickly detecting and correcting deficiencies in the policies, processes and procedures for managing operational risk. Promptly detecting and addressing these deficiencies can substantially reduce the potential frequency and/or severity of a loss event. In addition to monitoring operational loss events, banks should identify appropriate indicators that provide early warning of an increased risk of future losses. The frequency of monitoring should reflect the risks involved and the frequency and nature of changes in the operating environment. Monitoring should be an integrated part of a banks activities. Adequate internal controls within banking organisations must be supplemented by an effective internal audit function that independently evaluates the control systems within the organisation. Internal audit is part of the ongoing monitoring of the bank's system of internal controls and of its internal capital assessment procedure, because internal audit provides an independent assessment of the adequacy of, and compliance with, the banks established policies and procedures.
IDBI BANK
IMPLEMENTATION STRATEGY
The model prepared under this project is for commercial banks which undertake various business lines recognized by Basel. Hence while applying this model to Exim bank we need scale it down to those areas which are relevant to the banks operations. The operations of Exim bank differ from the commercial banks on the following grounds: Exim bank has not yet totally entered into the retail sector apart from the deposits from the retail customers. Exim bank, in contrast to the other commercial banks, has very few representative offices which reduces the quantum and frequency of operational losses. There is no cash dealing in Exim bank thereby further reducing the possibility of operational losses. One of the major causes of operational loss is PEOPLE, which is very few in Exim bank when compared to other similar sized commercial bank. Hence after taking into account the above points the model should be customised as per the banks operations.
IDBI BANK
IDBI BANK
has the flexibility to adjust to the particular needs of an organisational part. Being embedded in this way contributes to meeting the Basel 2 use test requirement.
I. PROCESSES
1. PAYMENTS
Branch staff do not feed the cheque books issued into the system
Cheques/Withdrawals of higher values, say above Rs. 20000, paid without
examining them thru ultra-violet lamp Cheques received for clearing/collection are not branded with Banks Special Crossing Stamps immediately on receipt Failure to keep proper custody of cheque books and DD/BC and maintain proper stock registers Fraudulent encashment of BC/DD/TC
Payment of cheques which are not properly drawn or are not of apparent tenor
While making payments against withdrawl slips, the usual precautions are ignored-like payments to third parties not beyond 1000/ withdrawals accompanied by the pass book.
2. CHEQUE CLEARING
Clearing cheques wrongly entered NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
3. CASH HANDLING
ATM cash not tallied on daily basis with the branch records Cash related failures- to maintain cash remittances register, to immediately record the cash movement, to not allow unauthorized persons inside the cash cabin, to maintain proper records of transfer of funds between the cashier, to keep the cashier cabin locked at all times, following guidelines of dual key etc. Cashiers or thrift collectors misappropriating the cash deposited by the customers Failure to observe the guidelines on issuing cash receipts, example- cashier does not write amount received in words, or supervisors signature not obtained on the counterfoil etc Looting the bank staff, outside the bank during cash transit Misappropriation of cash in currency chest/ vault room
4. ACCOUNT OPENING
Accounts where KYC guidelines were not followed Asking for irrelevant private questions Impersonated accounts deliberately opened Not following KYC and not monitoring the initial transactions in the new account
IDBI BANK
held in proper custody at all times whereby unauthorized persons gain access to them
5. DEPOSITS
Accounts closed and with zero balance are not closed immediately deleted from the master Accounts opened/closed without branch managers approval Blind Persons accounts opened without following the checklist A to E Common errors during the closure/transfer of savings account-like-signature of the account holder not obtained, all unused cheque leaves not surrendered, managers consent or approval of all the department not obtained, accounts transferred to wrong branch etc CWD-TEN-register not maintained and the transaction not reported Failure to follow up and pass AWB vouchers, and check and reconcile AWB supplementary on daily Giving details of our depositors to marketing agencies Illiterate persons accounts-where CD or joint accounts opened for them without any reasons, or cheque books issued, or third party withdrawals permitted Instances where the mandate though recorded was not followed Instances where the transactions were executed-ignoring the stop payment instructions NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
Issue of cheque books without taking into account the frequency of cheque returns, non maintenance of minimum balance, or without verifying the signature of the applicants, or to a third party whose signature is not attested by the accountholder, or without proper receipt/acknowledgement Losses when the changes made in the constituent are not recorded timely. Mandate to operate the account is not recorded timely Misuse of customers confidential information to staff or banks gain Purdanashin ladies accounts- where such accounts opened for illiterate persons, or CD account opened without RO approval, or allowed without attestation from her husband/guardian Revenue leakage in case of issue of cheque books, duplicate pass book, statement of accounts, cheque returns, stop payment instructions, standing instructions etc. Standing instructions not complied on time Wrong accounts debited/credited transactions
6. CREDIT ANALYSIS
Accommodation of friends/relatives with intention of malafide/corrupt practices Account was taken over from another bank when its status was overdue/substandard/doubtful Agency agreement with the principal for units engaged in distribution of products not verified
IDBI BANK
Assets and Liability statements furnished by borrowers were not subject to scrutiny Balance sheet from sister concerns on a common date not obtained for ascertaining inter-locking of Bills purchased/discounted for non-constituents who were not assessed for regular limits in violation of RBI circular dated 24 January 2003 Credit limits sanctioned in contravention of the loan policy of the bank prevailing at the time of Credit opinion reports(COR) not obtained from other banks/financial institutions before sanctioning limits/takeover Delayed appraisal and/or disbursal Dependants one/two buyers not analysed properly Details of overdues/excess/irregularity(number of times, period and date/mode of regularization) not provided in the appraisal note Frequent cheque purchase allowed without fixing limits Frequent excesses despite internal norm not to exceed 3 times Harass applicants to submit unwanted papers/documents/information Information on litigation against borrower not obtained Inter-firm comparison not made LCs opened when earlier LCs had devolved Limits sanctioned/enhanced on the basis of ambitious projections NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
Limits sanctioned/renewed without obtaining projection for the ensuing year Loans against forged deposit receipts or encashing such receipts Managerial capacity not assessed properly No undertaking obtained from borrowing Company to the effect that no consideration was paid by it to its guarantor/directors for guarantees extended Non-obtention of audited balance sheets Non-reporting of excess/ad hoc granted (or bills/cheques purchased beyond discretionary powers) Peer group analysis not done
Presanction appraisal was perfunctory/ad hoc/not done at all
Rating exercise not carried out at branch level Repayment capacity not assessed by analyzing DSCR/cash flow/funds flow statements Repeated ad hocs soon after sanction/ frequent excesses even after enhancement Sanctioning authority has exceeded his discretion/has flagrantly abused his power with malafide intention Sanctioning inadequate amount SSI/registration certificate not obtained while sanctioning credit facilities to SSI
IDBI BANK
Supply bill facility sanctioned for purchase of bills covering payment of labour charges in violation of RBI circular DBOD no. BC.42/13.03.00/00.01 dated 1 November 2000 Technical feasibility/Financial viability of the project not done Trend analysis for financials not done Unnecessary asking the applicants to come repeatedly to the bank and not giving a comprehensive list of required documents in the first meeting itself
7. DOCUMENTATION
Availed advances against forged supply bills Availed advances against forged title deeds or fake invoices/salary
cases the bank was the leader) Revival letters/balance confirmation not obtained and so documents
necessary for such credit facility Undertaking for disclosure of name in the event of loan default not
obtained
IDBI BANK
statement/book debt-statement not certified by chartered accountants on quarterly basis Consortium meetings not held regularly despite being leader Cover period for book debts not indicated in the sanction terms Delayed review of limits Disclosure of borrower details DP not calculated after netting of the sundry creditors/obsolete
recievables End-use of funds not ascertained/verified/diversion of funds Exchange of credit information not done on a regular basis in
accounts under consortium/multiple banking arrangements Failure to file suit within the time limit and allowing the documents
to become time-barred time No practice to compile credit reports on drawees Non-adherence to specific sanction terms Non-routing of sales proceeds through the account QIS/financial statements not scrutinized Sanction advice not sent or sent with inadequate details Guarantee not invoked despite the account being irregular for a long
IDBI BANK
11. COLLECTION
Collection of cheques credited to wrong accounts Fraudulent encashment of cheques received for collection
14. MARKETING
Chasing clients(existing/prospective) for business, at odd hours or too frequently Risks due to innovative marketing techniques of the competitors Severity of competition
accidents on duty Losses on account of strikes/lockouts Medical expenses reimbursed/reimbursiable to the employees on
account of the policies on general health and safety Possible losses due to the compensation claims on termination issues
II. SYSTEMS
1. DEPOSIT
Fraudulent withdrawals from the customers account-SB/CD/CC etc System allows desk officers to pass transactions in minors account even after the minor attains majority, without the approval of the senior/branch managers. NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK System does not charge for the stop payments
System does not record the frequency of cheque returns in the accounts and does not charge for the same on a cumulative basis so that all the charges applicable to that account which could not be charged on a earlier date, due to insufficient balance, can be recovered as and when there is
System has no provisions to execute standing instructions and charge for
SME without manual intervention System has no provisions to give warning in case of crediting clearing cheques to NRE accounts while approving/passing the transactions in the supervisory menu System has no provision to give warning in case of crediting collection cheques to NRE accounts
2. LOANS
Advances availed against spurious jewels Credit proposal receipt-register not maintained/updated Discounting bills/cheques despite repeated bill/cheque returns Discounting bill/cheques for accommodation Failure to judge the managerial capability of the applicants Failure to properly assess the economic viability of the project
Failure to properly assess the technical feasibility of the project
Granting loans against deposit receipts already held as security Limits released outside the consortium NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
Market intelligence/ information is insufficient/absent Prescribed margin of 30%(internal policy) not maintained while sanctioning loans under Liquirent scheme Purchase of cheques drawn by sister concerns or drawn for no consideration other than to get temporary credits/to siphon funds Rating model is not able to control the qualitative risks appropriately Theft of articles/assets/jewellery/securities pledged to the bank
3. CUSTOMER RELATIONSHIP
Frequency with which the ATMs are out of order
4. MANAGEMENT
Exceptional reports not scrutinized and signed by the branch managers on the daily basis Job rotation is not effected periodically to ensure that no member is allowed to do the same job exclusively for a long time. KYC concept not followed The manager does not go through the previous days vouchers every day to ensure that no unauthorized transactions are put through Transactions involving disproportionate amounts in staff accounts are not verified by the deputy Manager to be satisfied about the genuineness of such transactions
IDBI BANK
Continuous Surveillance Statements (CSS) not submitted regularly Delayed reporting of excess/bunching of excess reports Delayed submission of QIS statements Enhancements to regularize over dues/excess/ad hocs Exposure enhanced when account was showing signs of sickness/borrowers financial were not Iob online does not show the latest guidelines/regulations in a user friendly way (it simply shows the past circulars and the branch has to go thru all the circulars and arrive at a decision- whereas it should be so modified that decision making is computerized as far as possible, and thereby save the errors and time at branch level Monthly statements on credit facilities granted under MDP(CAFI ), TODs granted under MDP(CAF3) Cheques/bills purchased/discounted under MDP(CAF4) not submitted regularly to RO Reporting office suppressed material information/did not report irregularities in the ERI return or provided misleading information
6. GENERAL LEDGER
Deliberately not deducing the TDS as per the existing regulations Expenditure on treatment or recovery of others who met with accidents, inside the bank premises or elsewhere, during the course of banking/dealing with us.
IDBI BANK
Expenses on repairs or replacement of property due to accident or natural disaster/calamity Extent to which the branch does not have the resources and capability, depending upon the local conditions, to manage the power cuts, due to which the system/branch/ATM work is disrupted Fraudulent debits to the nominal accounts like P&L , interest accrued, suspense, sundry creditors etc. Fraudulently vouching the same bills( like TA) on more than one occasion Frequency with which the fax/telephones are out of order Human losses from external sources Instances where the branch/office is using an unauthorized software Theft of articles/assets owned by the bank
7. CUSTOMER PAYMENT
Fraudulent withdrawl through the ATM
8. DATA WAREHOUSES
Possibility of theft of information related to the customers/otherwise and possible losses thereof Sanctioned facility to persons/entities whose names appear in the defaulters list circulated by CIBIL/RBI/ECGC or to persons known to be of dubious integrity Unauthorized transfer of funds via hacking the system
9. CUSTODY
NATIONAL INSTITUTE OF BANK MANAGEMENT
Robbery/burglary in the bank, when the bank currency chest is closed Theft from the vault/strong room/cashiers cabin, during the business hours
11. RCC/CPPD
Frequency with which the leased line, ISDN etc are down Instances when the components are purchased from the unapproved vendors Instances where the branches/offices are not having valid AMC for all the hardwares from the authorized vendors Problems faced at the RCC/CPPD in trouble-shooting branch/software errors RCCs role of advising and teaching the branch staff System is not completely online-if it were so it would be possible to throw options available for various processes as per the latest guidelines/regulations and there shall be general reduction in the
IDBI BANK
(APPENDIX II)
PEOPLE RISK
I. INTEGRITY 1. FRAUD
Fraudulent debits to the nominal accounts like P&L, interest accrued,
suspense, sundry Fraudulent withdrawal from the customers accounts- SB/CD/CC etc Granting of loans against deposit receipts already held as security Pilferage and encashment of cheques lodged for clearing
2. COLLUTION
Accepting bribes for passing bills or for granting contracts Accepting bribes for sanctioning loans or rendering other services Deliberately not deducting the TDS as per the existing regulations Account was taken over from another bank when its status was overdue Fraudulently encashment of cheques received for collection Fraudulently vouching the same bills on more than one occasion Impersonated accounts deliberately opened Sanctioned facility to persons/entities whose names appear in the defaulters list circulated by CIBIL/RBI/ECGC or persons known to be dubious integrity NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
4. ROGUE TRADING
Accommodation of friends/ relative with the intension of malafide/corrupt practices Credit limits sanctioned in contravention of the loan policy of the bank prevailing at the time of sanction Discounting bills/cheques despite repeated cheques return Discounting cheques for accommodation Enhancement to regularize over dues/excess/ad hocs
5. THEFT/EMBEZZLEMENT/MISAPPROPRIATION
Cashiers or thrift collectors misappropriating the cash deposited by the customers Misappropriation of cash in currency chests/vault room Stolen/lost credit cards misused by the third party Theft of articles/assets/jewellery/securities pledged to the banks NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
Formalities relating to creation of charge for securing limits not complete Fraudulent encashment of bankers cheques/DD/TC Guarantee not invoked despite the account being irregular for a long time Illiterate persons accounts-where CD or joint accounts opened for them without any reasons, or cheque book issued, or third party withdrawals permitted Limits sanctioned/enhanced on the basis of ambitious projections Market intelligence/information is absent Non-obtention of audited balance sheets Peer group analyses not done Problems faced at the RCC/CPPD in troubleshooting branch/software errors Purchase of cheques drawn by sisters concerns or drawn for no consideration other than to get temporary credits Purdanashin ladies accounts- where such accounts opened for illiterate persons, or CD account opened without RO approval QIS/financial statements not scrutinised Repayment capacity not assessed by analysing DSCR/cash
IDBI BANK
Sanctioned failed to stipulate appropriate terms/conditions usually necessary for such credit Trend analysis for financials not done
3. LACK OF EXPERIENCE
Advances availed against spurious jewels Delayed appraisal and disbursal Discounting bills/cheques despite repeated bill/cheque returns Harass applicants to submit unwanted papers/documents Inter-firm comparison not made
IDBI BANK
Loans against forged deposit receipts or encashing such receipts Sanctioning inadequate amount Unnecessarily asking the applicants to come repeatedly to the bank and not giving a comprehensive list of required documents in the first meeting itself
PROCESS RISK
I. PRETRANSACTION RISK 1. NEW CONNECTION OR BORROWER APPRAISAL
Accounts where KYC guidelines were not followed Agency agreement with the principal for units engaged in distribution of
Credit Opinion Reports(COR) not obtained from other banks/financial institutions before sanctioning limits/takeover Delayed appraisal and disbursal Dependants one/two buyers not analysed properly NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
Harass applicants to submit unwanted papers/documents/information Illiterate persons accounts-where CD or joint accounts opened for them without any reasons, or cheque books issued, or third party withdrawals permitted Information on litigation against borrower not obtained Inter-firm comparison not made Market intelligence/information is insufficient Not following KYC and not monitoring the initial transactions in the new accounts Rating exercise not carried out at branch level Sanctioning inadequate amount Unnecessarily asking the applicants to come repeatedly to the bank and not giving a comprehensive list of required documents in the first meeting itself
2. PRODUCT FLAWS
Not communicating the proper details to the credit card customers due to
IDBI BANK
IDBI BANK
statement of accounts, cheque returns, stop payment instructions, standing instructions etc. Sanction advice not sent or sent with inadequate details Standing instructions not compiled on time Terms and conditions stipulated in the sanctions were not compiled with Unit-inspection not done properly/timely Wrong accounts credited/debited
malafide/corrupt practices
Account was allowed to be operated without drawing
sickness
Limits released outside the consortium Non-adherence to specific sanction terms
IDBI BANK
after enhancement
Sanctioning authority has exceeded his discretions with
malafide intention
3. INEFFICIENCY OF MIS
Continuous Surveillance Statements(CSS) not submitted regularly Credit proposal receipt-register not maintained/updated CWD-TEN-register not maintained and the transactions not reported Delayed reporting of excess/bunching of excess reports Details of over dues/excess/irregularity not provided in the appraisal note Enhancements to regularize overdue/ excess/ ad hocs Exposure enhanced when account was showing signs of sickness Monthly statements on credit facilities granted under MDP(CAFI), TODs granted under MDP Cheques/bills purchased not submitted regularly
IDBI BANK
IDBI BANK
Common errors during the closure/transfer of saving account-likesignature not obtained, all unused cheques leaves not surrendered, account transferred to wrong person etc. Delayed renewal of insurance/inadequate insurance Delayed review of limits Delated submission of QIS statement Disclosure of borrower details EC not obtained/EC for broken period not obtained End-use of funds not ascertained/verified/diversion of funds Erosion/depletion of securities due to wrongful act on the part of the bank officers who took fraudulent title deeds/documents Exceptional reports not scrutinized and signed by the branch managers on the daily basis Failure to follow up and pass AWB vouchers, and check and reconcile AWB supplementary on daily basis Failure to keep proper custody of cheque books and maintain proper stock Failure to observe the guidelines on issuing cash receipts Failure to obtain legal opinion from the approved lawyers Failure to obtain valuation report from the approved valuer
IDBI BANK
Formalities relating to creation of charge for securing limits not complete Fraudulent debits to the nominal accounts Fraudulent encashment of bankers cheque/DD/TC Fraudulent encashment of cheques received for collection Fraudulently vouching the same bills on more than one occasion Frequent cheque purchase allowed without fixing limits Giving details of banks customers to marketing agencies Granting of loans against deposit receipts already held as security Instances where the transactions were executed-ignoring the stop payment instruction Interest calculation in Deposit and Advances are not checked manually by the supervisory staff Issue of cheque books without taking into account the frequency of cheque returns, non maintenance of minimum balance etc Joint documentation not held/done in consortium accounts KYS concept not followed LCs opened when earlier LCs had devolved Loans against forged deposit receipts or encashing such receipts Managerial capacity not assessed properly
IDBI BANK
Misappropriation of cash in currency chest/ vault room Misuse of customers confidential information for staff or banks gain No practice to compile credit reports on drawees Non-routing of sales proceeds through the account Not following the guidelines on monitoring and maintenance of user-ids and passwords Unauthorised vendors are allowed access to the system Pilferage and encashment of cheques lodged for clearing Power of attorney not obtained and registered with the drawees Premises keys are parted away to clerical/sub staff/outsiders for carrying out sweeping, repairing work etc. in the absence of the supervisor Balance conformation are not obtained and so documents are time-barred
Specimen signature cards, account opening forms, ledgers are not
held in proper custody at all times whereby unauthorised person gain access to them SSI/registration certificate not obtained while sanctioning credit facility to SSI Manager does not goes through the previous days vouchers everyday to ensure that no unauthorised transactions are put through NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
Theft due to unauthorised access to vault room Theft of articles, jewellery, securities pledged to the bank Theft of articles and securities owned by the bank Valuation of property not done at prescribed periodicity While making payments against the withdrawal slips, the usual precautions are not taken care of
IDBI BANK
SYSTEM RISK
I. PROGRAMME ERRORS/FRAUD
Rating model is not able to control the qualitative risks
appropriately
System has no provisions to give warning in case of crediting
clearing cheques to NRE accounts, while approving/passing the transactions in supervisory menu
System has no provisions to give warning in case of collecting
cheque to NRE
IDBI BANK
V. SYSTEM FAILURE
Fraudulent withdrawal through the ATM Frequency with which ATMs are out of order Instances when the components are purchased from the unapproved vendors Instances where the offices are not having valid AMC for all the hardwares, from the authorised vendors Sanctioned facility to persons whose name appear in the defaulters list circulated by CIBIL/RBI/ECGC
IDBI BANK
Frequency with which the leased line, ISDN etc are down
Lack of methods to measure or monitor the downtime at the functional units Lack of penalty clauses in the agreement with the vendors for the downtime in connectivity
IDBI BANK
V. NATURAL DISASTER
Claims for the damages caused on duty Expenditure on treatment or recovery of others who met with accidents inside the bank premises or elsewhere, during the course of banking with us Expenditure on treatment or recovery of employees who met with accidents on duty Expenses on repairs or replacements of property due to accidents or natural disaster Medical expenses reimbursed to the employee on account of the policy on general health
IDBI BANK
INTERNAL
I. UNAUTHORIZED ACTIVITY 1. Transactions not reported- intentionally
Non reporting of excess/ad hoc granted Reporting office suppressed material information/did not report irregularities in the ERI return or provided misleading information
IDBI BANK
Exposure enhanced when account was showing signs of sickness/borrowers financials were not good Frequent cheque purchase allowed without fixing limits Details of over dues/excess/irregularity not provided in the appraisal note
2. Theft/Extortion/Embezzlement/Robbery Pilferage and encashment of cheques lodged for clearing Fraudulent encashment of cheques received for collection Theft of articles/assets owned by the bank Theft of articles/assets/jewellary/securities pledged to the bank
3. Misappropriation of assets
NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
Cashiers or thrift collectors misappropriating the cash deposited by the customers Misappropriation of cash in currency chest
5. Forgery
Loans against forged deposit receipts or encashing such receipts
6. Cheque Kiting
Discounting the bills/cheques for accommodation
Discounting bills/cheques despite repeated bills/cheque returns
10. Bribes/kickbacks
Accepting bribes for sanctioning loans or rendering other services
IDBI BANK
EXTERNAL
I. THEFT AND FRAUD 1. Theft/Robbery
Robbery in the bank when the branch/currency chest is closed Theft from the vault during the business hours Bank decoity during the business hours Looting the banks staff outside the bank during cash transit Theft due to unauthorized access to vault room or lockers
2. Forgery
Availed advances against forged supply bills Availed advances against forged title deeds or fake invoices/salary ceerticates Fraudulent encashment of bankers cheque/demand draft/TC Fraudulent encashment of credit cards Advances availed against spurious jewels Stolen/lost credit cards misused by third party
3. Cheque Kiting
Purchase of cheques drawn by sisters concern or drawn for no consideration
IDBI BANK
Unauthorized transfer of funds via hacking the system Phishing- cheating the credit card customer over the internet to obtain the credit card number and password
2. Theft of information
Possibility of theft of information related to the customer/otherwise and possible losses thereof
IDBI BANK
3. Workers compensation
Claims for the damages caused on duty
IDBI BANK
II. IMPROPER BUSINESS OR MARKET PRACTICES 1. Anti-trust 2. Improper trade/market practices 3. Market manipulation 4. Insider trading or firms account 5. Unlicensed activity 6. Money laundering
NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
IV. SELECTION, SPONSORSHIP AND EXPOSURE 1. Failure to investigate client per guidelines
Presanction appraisal was perfunctory/ad hoc/not done at all Inter-firm comparison not made SSI/registration certificate not obtained while sanctioning credit facilities to SSI Asset and Liability statements furnished by borrowers were not subject to scrutiny No undertaking obtained from borrowing Company to the effect that no consideration was paid by it to its guarantor/directors for guarantees extended Managerial capacity not assessed properly Limits sanctioned/enhanced on the basis of ambitious projections Limits sanctioned/renewed without obtaining projection for the ensuing year
IDBI BANK
Agency agreement with the principal for units engaged in distribution of products not verified. Technical feasibility/financial viability of the project not done. Peer group analysis not done Dependants one/two buyers not analysed properly. Trend analysis for financials not done Repayment capacity not assessed by analyzing DSCR/cash flow/ funds flow statement Balance sheet from sister concerns on a common date not obtained for ascertaining inter-locking of funds. Non-obtention of audited balance sheet QIS/financial statements not scrutinized Age-wise breakups of receivables not indicated in the book debtstatement/book debt-statement not certified by chartered accountants on quarterly basis Credit opinion reports (COR) not obtained from other banks/financial institutions before sanctioning limits/takeover Market Intelligence/information is insufficient/absent Failure to properly assess the technical feasibility of the project Failure to properly assess the economical feasibility of the project Failure to judge the managerial capability of the applicants NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
IDBI BANK
IDBI BANK
2. Software
System has no provisions to give warning in case of crediting clearing cheques to NRE accounts while approving /passing the transactions in the supervisory menu Systems has no provisions to give in case of crediting collection cheques to NRE accounts Frequency with which the ATMs are out of order Problems faced at the RCC/CPPD in troubleshooting branch/software errors RCCs role of advising and teaching the branch staff There is no standard procedure to provide add ins I n the software at branch level, depending on the requirements and initiatives of the branch System has no provisions to execute standing instructions and charge for same without manual intervention System does not record the frequency of cheque returns in the accounts and does not charge for the same on a cumulative basis so that all the charges NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
applicable to that account which could not be charged at an earlier date, due to insufficient balance, can be recovered as and when there is the required balance System does not charge for the stop payments System allows desk officers to pass transactions in minors account even after the minor attains majority, without the approval of the senior/ branch managers. System is not completely online-if it were so it would be possible to throw options lapses
Iob online does not show the latest guidelines/regulations in a user friendly
available
for
various
processes
as
per
the
latest
way (it simply shows the past circulars and the branch has to go thru all the circulars and arrive at a decision- whereas it should be so modified that decision making is computerized as far as possible, and thereby save the errors and time at branch level)
3. Telecommunications
Frequency with which the leased line, ISDN etc are down Frequency with which the fax/telephones are out of order
4. Utility outage/disruptions
Extent to which the branch does not have the resources and capability,
depending on the local conditions, to manage the power cuts, due to which the system/branch/ATM work is disrupted
IDBI BANK
IDBI BANK
Credit proposal receipt-register not maintained/updated Delayed review of limits Unit-inspection not done properly/timely Consortium meetings not held regularly despite being leader Rating exercise not carried out at branch level CWD-TEN-register not maintained and the transactions not reported ATM cash not tallied on daily basis with the branch records Cash related failures-to maintain cash remittance register, to immediately record the cash movement, to not allow unauthorized persons inside the cash cabin, to maintain proper records of transfer of funds between the cashiers, to keep the cashiers cabin locked at all times, following guidelines of dual key strictly etc. Failure to keep proper custody of cheque books &DD/BC and maintain proper stock registers Failure to observe the guidelines on issuing cash receipts, example-cashier does not write amount received in words, or supervisors signature not obtained on the counterfoil etc Cheques received for clearing/collection are not branded with Banks special crossing stamps immediately on receipt. Job rotation is not effected periodically to ensure that no member is allowed to do the same job exclusively for a long time KYS concept not followed NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
Transactions involving disproportionate amounts in staff accounts are not verified by the deputy Manager to be satisfied about the genuineness of such transactions Premises keys are parted away to clerical/sub staff/ outsiders for carrying out sweeping, repairing work etc in the absence of the supervisors. Interest calculation in Deposit and Advances are not checked manually (at random) by the supervisory staff. The manager does not go through the previous days vouchers every day to ensure that no unauthorized transactions are put through. Accounts closed and with zero balance are not closed immediately deleted from the master Failure to follow up and pass AWB vouchers and checks and reconciles AWB supplementary on daily basis Sanction failed to stipulate appropriate terms/conditions usually necessary for such credit facility Terms and conditions stipulated in the sanctions were not complied with Failure to file suit within the time limit and allowing the documents to become time-barred Failure to close the locker accounts whenever there is any change in the constituents.
4. Model/System Misoperation
No practice to compile credit reports on drawees
IDBI BANK
IDBI BANK
7. Delivery Failure
Non-routing of sales proceeds through the account End-use of funds not ascertained/verified/diversion of funds Standing instructions not complied on time Loss due to cash payments against credit cards-without verifying the hot list bulletins
IDBI BANK
2. Inaccurate External Report (Loss incurred) III. CUSTOMER INTAKE AND DOCUMENTATION 1. Client permissions/disclaimers missing
Undertaking for disclosure of name in the event of loan default not obtained
IDBI BANK
Specimen signature cards, account opening forms, ledgers/registers are not held in proper custody at all times whereby unauthorized persons gain access to them Allowing the auditors/CO inspectors to access system through menus other than these specified and relevant for them. Not following guidelines on monitoring and maintenance of user-ids and passwords(not deleting the user-ids of the persons transferred, suspended, retired etc, or not deactivating the user-ids of persons on long leave, allowing access to menus that are not relevant as per the roles, divulging passwords etc) Accounts opened/closed without branch managers approval
IDBI BANK
While making payments against withdrawal slips, the usual precautions are ignored-like-payments to third parties not beyond 1000/withdrawals accompanied by the pass book
2. Vendor disputes
Lack of penalty clauses in the agreement within the vendors for the downtime in connectivity (beyond an accepted limit) Lack of methods/procedures to measure or monitor the downtime at the functional units.
IDBI BANK
IDENTIFICATION OF AREAS OF OPERATIONAL RISK IN EXIM BANK AND PREPARATION OF FRAMEWORK FOR MEASUREMENT OF THE SAME
By:Vaibhav Bansal
IDBI BANK
EXECUTIVE SUMMARY
Growing number of high-profile operational loss events worldwide have led banks and supervisors to increasingly view operational risk management as an integral part of the risk management activity. Management of specific operational risks is not a new practice; it has always been important for banks to try to prevent fraud, maintain the integrity of internal controls, and reduce errors in transaction processing, and so on. There are basically three approaches to measure operational risks namely Basic Indicator Approach (BIA), The Standardised Approach (TSA) and Advanced Measurement Approach (AMA). The first two approaches are based on gross income of the bank whereas the last one is based on the historical operational loss data. In this project our main focus is on AMA approach. Under AMA approach Basel recognise eight different Business Lines and seven Event Types. Hence in order to calculate the capital charges for operational risk under AMA approach, an organisation has to collect data of operational losses as per the Basel guidelines. NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
The following are the eight recommended Business Lines. 1. Corporate finance 2. Trading and sales 3. Retail banking 4. Commercial banking 5. Payment and settlement 6. Agency services 7. Asset management 8. Retail brokerage
The following are the seven recommended Event types 1. Internal Fraud 2. External Fraud 3. Employment Practices and Workplace safety 4. Clients, Products and Business Practices 5. Damage to Physical Assets 6. Business Disruption and Systems Failure 7. Execution, Delivery and Process management There are basically four main steps in the Management of Operational Risk namely- Identification, measurement, Monitoring and controlling. Hence after a bank has identified and collected its past loss data as per the Basel guidelines it needs to measure the adequate amount of capital required to hedge its losses. Under the AMA approach there are three methods by which the operational risk VaR can be measured- Loss Distribution Method (LDA), Scenario Analysis and the Extreme Value Theory (EVT). In this project we have measured the operational risk VaR using the Loss Distribution Method. The VaR of the bank is the summation of the individual VaRs (56) under each business line and event type. NATIONAL INSTITUTE OF BANK MANAGEMENT
IDBI BANK
Under the LDA method we combine two distributions i.e the Loss frequency distribution and the loss severity distribution. The loss frequency distribution describes the number of loss events over a fixed interval of time. The loss severity distribution describes the size of the loss once it occurs. Various researches has shown that frequency follows the Poisson Distribution and severity follows the Beta-general Distribution. For calculating VaR, using the above mentioned two distributions, we have taken help of the @ Risk software. An effective process of monitoring is essential for adequately managing operational risk. Regular monitoring activities can offer the advantage of quickly detecting and correcting deficiencies in the policies, processes and procedures for managing operational risk. Promptly detecting and addressing these deficiencies can substantially reduce the potential frequency and/or severity of a loss event.
Unlike market and credit risk, operational risk is largely internal to financial institutions. Because institutions are understandably reluctant to advertise their mistakes, it is more difficult to collect data on operational losses.
Market and credit risk can be conceptually separated into exposures and risk factors. Exposures of market and credit risk can be easily measured and controlled whereas for operational risk it is very difficult.
Very large operational losses, which can threaten the stability of an institution, are relatively rare. This leads to a very small number of observations in the tails.
IDBI BANK
IDBI BANK