Upload
ram-garg
View
125
Download
1
Embed Size (px)
Citation preview
Enterprise-Wide Risk
The Missing Link in Indian Financial Institutions
Ram Garg
JB BODA GROUP
10 February 2011 Issue 1.1
indemnity insurance market in India.
A similar situation was prevailing insouth east Asian markets until a decadeago. However, all of that changed in theearly 2000s, thanks to willingness ofbanking institutions to transfer risk tothe insurance market.
Indian banks are plagued with crime(internal amd external) related losses,yet the current crisis caught littleattention from banks as well asregulators.
Citibank India's fraud case in Delhicaught many eyes due to the highamount involved in it, but suchinstances are not rare but common inthe banking industry. Industry veteranstalked about the need for tighteroperational risk management for banksin India.
However, risk management has its ownlimitations and operational risks cannotbe eliminated but only reduced (SeeFigure 1).
The role of insurance has been verywell recognized by Basel II. Indianbanks are required to give dueconsideration to improve operations inthe wider context, and also to fullyintegrate risk definition, data collection,risk assessment and management,capital allocation, governancemechanisms and insurance programmanagement.
Operational risk insurance policies such
As a rule of thumb
in risk
management,
risks with
potential
catastrophic or
significant loss
should not be
retained.
The business environment forIndian banking institutions isbecoming increasingly complex
and competitive due to widespreaddistribution network across country.Indian banks are exposed to additionaloperational risks associated with largenumber branches across country.
The Basel II capital adequacyframework reinforced integrated riskmanagement practice in key areas -Credit, Market and Operational Risk.
Indian banks' risk management practicewas largely focused on credit andmarket risk until recently andoperational risk received requisite
attention only over the last five to sevenyears. As a result, most banks have setup a dedicated operational riskmanagement team or department inconjunction with the credit and marketrisk departments.
Basel II defines operational risks in abroad range and systematic manner.This article focuses on how banks cantransfer their increased operational riskthrough well established andsophisticated insurance productsavailable in the market.
Until now, Indian banking institutionstook little interest in operational riskinsurance products. They have beensecuring either peril-specific insurancepolicies such as money and cash intransit or restrictive and old-agedBankers Indemnity policy. Bankinginstitutions seldom took insuranceseriously and the buying function wasleft to either procurement department orfinance department. Indian banks’preoccupation with the cost of coverageobscured two real issues - quality ofproduct and adequacy of coverage.
Indian banks, therefore, should beasking not only "how much does itcost?" but, more importantly, "whatdoes it cover?"
India's erratic and clogged judicialsystem further discouraged bankinginstitutions to approach court for claimsettlement in case of denial of a claim.Therefore, combination of variousfactors resulted in collapse of bankers
bank then should also conduct audit toinsure that these controls are followed.
Once risks have been identified andinternal controls are implemented, therisk manager must decide the mostappropriate action for residual risks.Possible actions may includeimplementing additional controls tominimize residual risk, transfer toinsurance market, and simply retain itor any combination of these options.There are many factors that influencethis decision.
As a rule of thumb in risk management,risks with potential catastrophic orsignificant loss should not be retained.
Risks events that occur repeatedly andare predictable may not be viable totransfer out and therefore, bank maydecide to retain them (See Figure 2).
The bank's board must determine itsrisk appetite or risk retention capacity.It should at least perform an annualreview of the bank's risk managementand insurance program. Theresponsibility for risk managementrests with the board of directors andmanagement.
After the bank decides to insure aparticular risk, an expert insurance
Although the degree of sophisticationin each of those stages will varydepending on bank, the thought anddecision making processes thatcharacterize each stage should be wellestablished in every bank if costs, andlosses are to be minimized.
In establishing a sound operational riskmanagement and insurance program,bank management first must identify itsrisk exposure in each of its processes.This is the most important of the threesteps. It requires a review of all aspectsof the bank's present and prospectiveoperations. As new products aremarketed or fixed assets acquired, theymust be evaluated to determine whatrisks they present.
Once identified, risks need then beanalyzed to estimate their severity. Oneway is to examine the bank's historicalloss data. This information should beavailable within the bank. Internal datamay be looked in conjunction withexternal data or industry loss data.
A bank's first defenses againstoperational losses are its policies,procedures, and internal controls. Thesesystems and guidelines are integralparts of the risk management program.They must be communicated to, andunderstood by, all bank employees. The
as Banker's Indemnity, ComputerCrime, D&O and Financial Institutionsprofessional indemnity are complex innature and coverage depends on policyform being used by insurer and theircapabilities to understand claim issues.
In India, market agreement wording ofBanker's Indemnity has been themainstay of banks' legacy insuranceprograms. As widely understood, thepolicy covers employee dishonesty,robbery, losses in transit, forgery, ATM,and counterfeit money.
People are the biggest asset as well assource of threat for bankinginstitutions. A customer deals with abank officer in daily banking activitiesand therefore, the officer gets into aposition in which there is risk of breachof trust, including criminal.
The Citibank India fraud is a case ofcriminal breach of trust by bankemployee and similar to the offence ofembezzlement. Since an employeecaused losses to the customer and bank,a standard banker's blanket bond policyshould have covered the losses subjectto other details of investigation.
Operational Risk Management
(ORM): Insurance an Integral
Part
ORM in a banking institution, whichincludes risk mitigation throughinsurance, is intended to minimize thecosts associated with assuming certaintypes of risk and providing prudentprotection. It deals with pure risks thatare characterized by chance occurrenceand that may only result in a financialloss. ORM does not addressspeculative risks that afford theopportunity for either financial gain orloss.
There are three stages in riskmanagement:
1. risk identification and analysis, 2. risk control, and3. risk action.
11February 2011 Issue 1.1
ERM Journal
Figure 1
broader categories of risk, so-calledblended policies. Insurance specialistshave managed to redesign blendedpolicies combining two or moreindividual insurance policies toeliminate any overlapping and increasescope of coverage. However, thesedevelopments have been noticed onlyin few banks yet.
� Cyber Security: Provides muchwider coverage than ECC. It aims toaddress new risks emerging fromwider use of technology by banks.
� Financial Institutions ProfessionalIndemnity (FIPI): Provides coveragainst liabilities to third parties forclaims arising out of employeenegligence while providingprofessional services (e.g.investment advice) to clients.
� Directors and Officers Liability(D&O): Covers the personal assetsof directors against claims arisingfrom legal actions arising from theperformance of their duties.
� Employment Practices Liability(EPL)
� Terrorism Cover
� Unauthorized Trading: A relativelynew product covering losses similarto the notorious events experiencedat Barings.
� General Liability: Covers publicliability, employer's liability, motorfleet liability etc.
In addition, recent developments havebrought to the market coverage for
broker should be appointed to developappropriate insurance program withinsurers/reinsurers.
There are a number of insurancepolicies available to cover operationalrisk perils for a bank. Here is a briefdescription of them. These coversdescribed here in this document may befound under different names in differentmarket. Insurance for financialinstitutions covering operational riskscome in a number of forms and morenew types of coverage are beingdeveloped. The present market offersperil-specific coverage - that meanscover is available separately forspecific categories of risk. Some of thepolicies currently in the market include:
� Bankers Blanket Bond (BBB):Provides cover against dishonestyor default on part of an employee aswell as fraud and forgery. Somepolicies have a broader coverageincluding damage to physicalproperty, counterfeit currency, andtrading losses.
� Electronic Computer Crime (ECC):Provides cover against computerfailure, viruses, data transmissionproblems, forged electronic fundstransmissions etc.
12 February 2011 Issue 1.1
ERM Journal
Figure 2
Ram Garg is a finance
professional with over 10 years
experience in financial services
industry including insurance
broking experience, 7 of which
are in ASEAN region.
He began his career with NY
head quartered Stern Stewart
& Co. in Mumbai specialising
in corporate finance
consultancy and moved in year
2003 to join Jardine Lloyd
Thompson Asia regional team
in Singapore where he
provided financial and
professional risk reinsurance
broking services to clients
across Asia region including
Singapore, Malaysia, Thailand,
Indonesia, South Korea,
Philippines, India and Pakistan.
He has extensively focused on
Financial Institutions across
Asia region and serviced a
number of large banking
clients on Basel II compliance,
particularly on operational risk
management and risk transfer
programs.
He has undertaken a number
of formal independently risk
consultancy projects. In year
2009 he joined J B Boda group
in Singapore to develop
Financial line business with
special focus on Financial
Institutions across Asia and
Middle East region. Ram is a
CFA from CFA Institute USA,
MBA from University of Wales
UK, and BBA from Indore
University India.