Risk Management - For Print

8/6/2019 Risk Management - For Print

1/58

Risk Management for Commercial Banks & DFIs.

________________________________________________________________________

INSTITUTE OF BUSINESS AND TECHNOLOGY

RISK MANAGEMENT FOR COMMERCIALBANKS & DFIs.

Prepared By

XXXXX

Course Code : MKT-606

MBA (Banking and Finance)

FACULTY OFMANAGEMENT AND SOCIAL SCIENCES

FALL - 2010

_________________________________________________________________________________________________

Institute of Business and Technology1


2/58


________________________________________________________________________

CONTENTSPage No.

ACKNOWLEDGEMENT..... 3ABSTRACT....4

CHAPTER NO: 1. INTRODUCTION

1.1 Introduction .. 61.2 Purpose of study ..71.3 Research objectives 81.4 Research methodology ...9

CHAPTER NO: 2. RISK MANAGEMENT

2.1 Defining Risk ................. 102.2 Risk Management ......... .112.3 Risk Management Framework ...122.4 Business Line Accountability ..142.5 Risk Evaluation / Measurement .14

CHAPTER NO: 3. CONTINGENCY PLANNING

3.1 Managing Credit Risk....163.2 Components of Credit Risk Management..173.3 Organization Structure .173.4 Systems and Procedures ....183.5 Credit origination ...193.6 Limit setting ....193.7 Credit Administration .. . 203.8 Measuring Credit Risk ...213.9 Credit Risk Monitoring & Control ..22

CHAPTER NO:4. MANAGING PROBLEM CREDITS

4.1 Managing Market Risk ..244.2 Interest Rate Risk ..264.3 Foreign Exchange Risk .264.4 Equity / commodity price Risk ..274.5 Element of Market Risk Management 274.6 Risk Management Committee ..274.7 Middle Office...28

_________________________________________________________________________________________________



3/58


________________________________________________________________________

CHAPTER NO: 5. RISK MEASUREMENT

5.1 Repricing Gap Models ...31

5.2 Earning at Risk &Economic Value of Equity Models.335.3 Value at Risk ...345.4 Risk Monitoring . 345.5 Risk Controls .....34

CHAPTER NO :6 . RISK AUDIT

6.1 Risk limits ...376.2 Managing Liquidity Risk...386.3 Early Warning Indicators..396.4 Liquidity Risk Strategy and Policy .396.5 ALCO/ Investment Committee ...416.6 Contingency Funding Plan ..416.7 Cash Flow Projections... .426.8 Liquidity Ratios & Limits...436.9 Internal Controls ...44

CHAPTER NO: 7. RISK MONITORING AND CONTROL

7.1 Risk Management Plan467.2 Risk Register.46

7.3 Work Performance Information..477.4 Risk Reassessment ....477.5 Variance and Trend Analysis ....487.6 Technical Performance Measurement..497.7 Reserve Analysis..49

CHAPTER NO: 8. CONCLUSION AND RECOMMENDATIONS

8.1 Conclusion ...538.2 Recommendations .....54

BIBLOGRAPHY ..................................................................... 56

_________________________________________________________________________________________________



4/58


________________________________________________________________________

ACKNOWLEDGEMENT

I would like to express my heartfelt gratitude towards all those people who have

supported me for the fair compilation of this research report. Firstly, I would like

to thank my teacher Dr. Noor Ahmed Memon, whose guidance and

encouragement motivated me to undergo this grueling exercise, secondly all

those people whose help and support made this work possible. I hope that this

report rightly serves its purpose of providing an in domain knowledge for risk

management analysis of Growing financial market of Pakistan. Where all efforts

have been made to ensure objectivity and accuracy in the information provided,

any errors whatsoever may kindly be excused.

ThanksImran Ahmed (BEM/969)

_________________________________________________________________________________________________



5/58


6/58


________________________________________________________________________

CHAPTER 1: INTRODUCTION

1.1 Introduction

1.2 Purpose of study

1.3 Research objectives

1.4 Research methodology

_________________________________________________________________________________________________



7/58


________________________________________________________________________

1. INTRODUTION

1.1 Introduction

The past decade has seen dramatic losses in the banking industry. Firms that

had been performing well suddenly announced large losses due to credit

exposures that turned sour, interest rate positions taken, or derivative exposures

that may or may not have been assumed to hedge balance sheet risk. In

response to this, commercial banks have almost universally embarked upon an

upgrading of their risk management and control systems.

Coincidental to this activity, and in part because of our recognition of the

industry's vulnerability to financial risk, through the past year, on-site visits were

conducted to review and evaluate the risk management systems and the process

of risk evaluation that is implemented in the local market. In the banking sector,

system evaluation was conducted covering many commercial banks and DFI.

These results were then presented to a much wider array of banking firms for

reaction and verification.

The purpose of the present paper is to outline the findings of this investigation. It

reports the state of risk management techniques in the industry -- questions

asked, questions answered and questions left unaddressed by respondents.

This report can not recite a litany of the approaches used within the industry,

Nor can it offer an evaluation of each and every approach. Rather, it reports the

standard of practice and evaluates how and why it is conducted in the particular

way chosen. But, even the best practice employed within the industry is not

good enough in some areas. Accordingly, critiques also will be offered where

appropriate. The paper concludes with a list of questions that are currently

unanswered, or answered imprecisely in the current practice employed by this

group of relatively sophisticated banks. Here, we discuss the problems which the

industry finds most difficult to address, shortcomings of the current methodology

_________________________________________________________________________________________________



8/58


________________________________________________________________________

used to analyze risk and the elements that are missing in the current procedures

of risk management and risk control

1.2Purpose of Study

All decisions have an element of risk. Financial professionals must be able to

anticipate and balance the risks vs. returns of any financial choice.

The Risk Management interest area offers an understanding of risk management

strategies to improve the performance of financial decisions.

1.3 Research Objectives

Development and application of an integral model to incorporate technical,

human and organizational factors in risk control and disaster response in order to

give a transparent picture of what factors influence which risk scenarios and to

quantify priorities where appropriate and possible. For this, extensive use has to

be made of systematically acquired expert judgment for risk management.

Following are the objectives of my study:

To conduct In-depth analysis of risk management of financial market in

Pakistan and strategy.

To analyze the result of portfolio returns on the basis of strong risk

management in financial market.

To apply the strategy of Portfolio management through managing risk

parameters.

1.4 Research Methodology

The nature of this study is Quantitative and Descriptive. I have done the analysis

of impact of fund attributes on the return of each individual Pakistani financial

market. The data is obtained through both primary and secondary sources. The

_________________________________________________________________________________________________



9/58


________________________________________________________________________

data for fund attributes is collected using quarterly and annual reports. In this

study, the correlation is determined by using the Multi-variable regression model.

In order to run the regression on different variables, E-Views software has been

used. Put risk management strategy has been implemented in year 2008 against

the actual returns of the Pakistani financial market in order to see the impact of

manage risk in market volatility.

_________________________________________________________________________________________________



10/58


________________________________________________________________________

CHAPTER 2: RISK MANAGEMENT

2.1 Defining Risk2.2 Risk Management2.3 Risk Management Framework

2.4 Integration of Risk2.5 Business Line Accountability2.6 Risk Evaluation / Measurement

_________________________________________________________________________________________________



11/58


________________________________________________________________________

2. RISK MANAGEMENT

2.1 Defining Risk

For the purpose of these guidelines financial risk in banking organization is

Possibility that the outcome of an action or event could bring up adverse

Impacts such outcomes could either result in a direct loss of earnings / capital

or may result in imposition of constraints on banks ability to meet its business

objectives. Such constraints pose a risk as these could hinder a bank's ability to

Conduct its ongoing business or to take benefit of opportunities to enhance its

Business.

Regardless of the sophistication of the measures, banks often distinguishbetween expected and unexpected losses.

Expected losses are those that the bank knows with reasonable certainty will

occur (e.g., the expected default rate of corporate loan portfolio or credit card

portfolio) and are typically reserved for in some manner.

Unexpected losses are those associated with unforeseen events (e.g. losses

experienced by banks in the aftermath of nuclear tests, losses due to a sudden

down turn in economy or falling interest rates). Banks rely on their capital as a

buffer to absorb such losses.

Risks are usually defined by the adverse impact on profitability of several distinct

sources of uncertainty. While the types and degree of risks an organization may

be exposed to depend upon a number of factors such as its size, complexity

business activities, volume etc, it is believed that generally the banks face Credit,

Market, Liquidity, Operational, Compliance / legal / regulatory and reputation

risks. Before overarching these risk categories, given below are some basics

about risk Management and some guiding principles to manage risks in banking

organization.

_________________________________________________________________________________________________



12/58


________________________________________________________________________

2.2 Risk Management

It is a discipline at the core of every financial institution and encompasses all the

activities that affect its risk profile. It involves identification, measurement,

monitoring and controlling risks to ensure that

a) The individuals who take or manage risks clearly understand it.

b) The organizations risk exposure is within the limits established by Board

of Directors.

c) Risk taking Decisions are in line with the business strategy and objectives

set by BOD.

d) The expected payoffs compensate for the risks taken

e) Risk taking decisions are explicit and clear.

f) Sufficient capital as a buffer is available to take risk

The acceptance and management of financial risk is inherent to the business of

banking and banks roles as financial intermediaries. Risk management as

commonly perceived does not mean minimizing risk; rather the goal of risk

management is to optimize risk-reward trade-off. Notwithstanding the fact that

banks are in the business of taking risk, it should be recognized that an institutionneed not engage in business in a manner that unnecessarily imposes risk upon

it: nor it should absorb risk that can be transferred to other participants. Rather it

should accept those risks that are uniquely part of the array of banks services.

In every financial institution, risk management activities broadly take place

simultaneously at following different hierarchy levels..

Strategic level:

It encompasses risk management functions performed by senior management

and BOD. For instance definition of risks, ascertaining institutions risk appetite,

formulating strategy and policies for managing risks and establish adequate

_________________________________________________________________________________________________



13/58


________________________________________________________________________

systems and controls to ensure that overall risk remain within acceptable level

and the reward compensate for the risk taken.

Macro Level

It encompasses risk management within a business area or across business

lines. Generally the risk management activities performed by middle

management or units devoted to risk reviews fall into this category.

Micro Level

It involves On-the-line risk management where risks are actually created. This is

the risk management activities performed by individuals who take risk on

organizations behalf such as front office and loan origination functions. The risk

management in those areas is confined to following operational procedures and

guidelines set by management.

2.3 Risk Management framework.

A risk management framework encompasses the scope of risks to be managed,

the process/systems and procedures to manage risk and the roles and

responsibilities of individuals involved in risk management. The framework

should be comprehensive enough to capture all risks a bank is exposed to and

have flexibility to accommodate any change in business activities. An effective

risk management framework includes

a) Clearly defined risk management policies and procedures covering risk

identification, acceptance, measurement, monitoring, reporting and

control.

b) A well constituted organizational structure defining clearly roles and

responsibilities of individuals involved in risk taking as well as managing it.

c) Banks, in addition to risk management functions for various risk categories

may institute a setup that supervises overall risk management at the bank.

_________________________________________________________________________________________________



14/58


________________________________________________________________________

d) Such a setup could be in the form of a separate department or banks Risk

Management Committee (RMC) could perform such function. The

structure should be such that ensures effective monitoring and control

over risks being taken. The individuals responsible for review function

(Risk review, internal audit, compliance etc) should be independent from

risk taking units and report directly to board or senior management who

are also not involved in risk taking.

e) There should be an effective management information system that

ensures flow of information from operational level to top management and

a system to address any exceptions observed. There should be an explicit

procedure regarding measures to be taken to address such deviations.

f) The framework should have a mechanism to ensure an ongoing review of

systems, policies and procedures for risk management and procedure to

adopt changes Integration of Risk Management

Risks must not be viewed and assessed in isolation, not only because a single

transaction might have a number of risks but also one type of risk can trigger

other risks. Since interaction of various risks could result in diminution or

increase in risk, the risk management process should recognize and reflect riskinteractions in all business activities as appropriate. While assessing and

managing risk the management should have an overall view of risks the A recent

concept in this regard is Enterprise Risk Management (ERM) Institution is

exposed to. This requires having a structure in place to look at risk

interrelationships across the organization.

_________________________________________________________________________________________________



15/58


________________________________________________________________________

2.4 Business Line Accountability

In every banking organization there are people who are dedicated to risk

management activities, such as risk review, internal audit etc. It must not be

construed that risk management is something to be performed by a fewindividuals or a department. Business lines are equally responsible for the risks

they are taking. Because line personnel, more than anyone else, understand the

risks of the business, such a lack of accountability can lead to problems.

2.5 Risk Evaluation/Measurement

Until and unless risks are not assessed and measured it will not be possible to

control risks. Further a true assessment of risk gives management a clear view of

institutions standing and helps in deciding future action plan. To adequately

capture institutions risk exposure, risk measurement should represent aggregate

exposure of institution both risk type and business line and encompass short run

as well as long run impact on institution. To the maximum possible extent

institutions should establish systems / models that quantify their risk profile,

however, in some risk categories such as operational risk, quantification is quite

difficult and complex. Wherever it is not possible to quantify risks, qualitative

measures should be adopted to capture those risks.Whilst quantitative measurement systems support effective decision-making,

better measurement does not obviate the need for well-informed, qualitative

judgment. Consequently the importance of staff having relevant knowledge and

expertise cannot be undermined. Finally any risk measurement framework,

especially those which employ quantitative techniques/model, is only as good as

its underlying assumptions, the rigor and robustness of its analytical

methodologies, the controls surrounding data inputs and its appropriate

application Independent review.

_________________________________________________________________________________________________



16/58


________________________________________________________________________

CHAPTER 3: CONTINGENCY PLANNING

3.1 Managing Credit Risk3.2 Components of Credit RiskManagement3.3 Organization Structure

3.4 Systems and Procedures3.5 Credit origination3.6 Limit setting3.7 Credit Administration3.8 Measuring Credit Risk3.9 Credit Risk Monitoring & Control

_________________________________________________________________________________________________



17/58


________________________________________________________________________

3. Contingency planning

Contingency planning

Activity undertaken to ensure that proper and immediate follow up steps will be

taken by a management and employees in an emergency Its major objectives

are to ensure (1) containment of damage or injury to, or loss of, personnel and

property, and (2) continuity of the key operations of the organization.

3.1 Managing credit risk

Credit risk arises from the potential that an obligor is either unwilling to perform

on an obligation or its ability to perform such obligation is impaired resulting in

economic loss to the bank

In addition to direct accounting loss, credit risk should be viewed in the context of

economic exposures. This encompasses opportunity costs, transaction costs and

expenses associated with a non -performing asset over and above the

accounting loss.

Credit risk can be further sub-categorized on the basis of reasons of default.

For instance the default could be due to country in which there is exposure or

problems in settlement of a transaction.

Credit risk not necessarily occurs in isolation. The same source that endangers

credit risk for the institution may also expose it to other risk. For instance a bad

portfolio may attract liquidity problem.

Components of credit risk management

The very first purpose of banks credit strategy is to determine the risk appetite of

the bank. Once it is determined the bank could develop a plan to optimize return

while keeping credit risk within predetermined limits. The banks credit risk

_________________________________________________________________________________________________



18/58


________________________________________________________________________

3.2 Components of Credit Risk Management

It is essential that banks give due consideration to their target market while

devising credit risk strategy. The credit procedures should aim to obtain an in-

depth understanding of the banks clients, their credentials & their businesses in

order to fully know their customers.

The strategy should provide continuity in approach and take into account cyclic

aspect of countrys economy and the resulting shifts in composition and quality of

overall credit portfolio. While the strategy would be reviewed periodically and

amended, as deemed necessary, it should be viable in long term and through

various economic cycles.

In order to be effective these policies must be clear and communicated down the

line. Further any significant deviation/exception to these policies must be

communicated to the top management/board and corrective measures should be

taken. It is the responsibility of senior management to ensure effective

implementation of these policies.

3.3 Organizational Structure.

To maintain banks overall credit risk exposure within the parameters set by the

board of directors, the importance of a sound risk management structure is

second to none. While the banks may choose different structures, it is important

that such structure should be commensurate with institutions size, complexity

and diversification of its activities. It must facilitate effective management

oversight and proper execution of credit risk management and control processes.

Each bank, depending upon its size, should constitute a Credit Risk

Management Committee (CRMC), ideally comprising of head of credit risk

management Department, credit department and treasury. This committee

reporting to banks risk management committee should be empowered to

oversee credit risk taking activities and overall credi t risk management function.

_________________________________________________________________________________________________



19/58


________________________________________________________________________

The CRMC should be mainly responsible for

The implementation of the credit risk policy / strategy approved by the Board.

Monitor credit risk on a bank-wide basis and ensure compliance with limits

approved by the Board.

Recommend to the Board, for its approval, clear policies on standards for

presentation of credit proposals, financial covenants, rating standards and

benchmarks.

Decide delegation of credit approving powers, prudential limits on large credit

exposures, standards for loan collateral, portfolio management, loan review

mechanism, risk concentrations, risk monitoring and evaluation, pricing of

loans, provisioning, regulatory/legal compliance, etc.

3.4 Systems and Procedures

Further, to maintain credit discipline and to enunciate credit risk management

and control process there should be a separate function independent of loan

origination function. Credit policy formulation, credit limit setting, monitoring of

credit exceptions / exposures and review /monitoring of documentation are

functions that should be performed independently of the loan origination function.

For small banks where it might not be feasible to establish such structural

hierarchy, there should be adequate compensating measures to maintain credit

discipline introduce adequate checks and balances and standards to address

potential conflicts of interest. Ideally, the banks should institute a Credit Risk

Management Department (CRMD). Typical functions of CRMD include:

To follow a holistic approach in management of risks inherent in banks portfolio

and ensure the risks remain within the boundaries established by the Board or

Credit Risk Management Committee.

The department also ensures that business lines comply with risk parameters

and prudential limits established by the Board or CRMC.

Establish systems and procedures relating to risk identification, Management

Information System, monitoring of loan / investment portfolio quality and early

_________________________________________________________________________________________________



20/58


________________________________________________________________________

warning. The department would work out remedial measure when

deficiencies/problems are identified.

Managing credit risk

The Department should undertake portfolio evaluations and conduct

comprehensive studies on the environment to test the resilience of the loan

portfolio.

Notwithstanding the need for a separate or independent oversight, the front office

or loan origination function should be cognizant of credit risk, and maintain high

level of credit discipline and standards in pursuit of business opportunities

3.4 Credit Origination

Banks must operate within a sound and well-defined criteria for new credits as

well as the expansion of existing credits. Credits should be extended within the

target markets and lending strategy of the institution. Before allowing a credit

facility, the bank must make an assessment of risk profile of the

customer/transaction. This may include

a) Credit assessment of the borrowers industry, and macro economic factors.

b) The purpose of credit and source of repayment.

c) The track record / repayment history of borrower.

d) Assess/evaluate the repayment capacity of the borrower.

e) The Proposed terms and conditions and covenants.

f) Adequacy and enforceability of collaterals.

g) Approval from appropriate authority

3.5 Limit setting

An important element of credit risk management is to establish exposure limits

for single obligors and group of connected obligors. Institutions are expected to

develop their own limit structure while remaining within the exposure limits set by

State Bank of Pakistan. The size of the limits should be based on the credit

_________________________________________________________________________________________________



21/58


22/58


________________________________________________________________________Loan Repayment

The obligors should be communicated ahead of time as and when the

principal/markup installment becomes due. Any exceptions such as non-payment

or late payment should be tagged and communicated to the management.

Proper records and updates should also be made after receipt.

Maintenance of Credit Files

Institutions should devise procedural guidelines and standards for maintenance

of credit files. The credit files not only include all correspondence with the

borrower but should also contain sufficient information necessary to assess

financial health of the borrower and its repayment performance. It need not

mention that information should be filed in organized way so that external /internal auditors or SBP inspector could review it easily.

Collateral and Security Documents

Institutions should ensure that all security documents are kept in a fireproof safe

under dual control. Registers for documents should be maintained to keep track

of their movement.

3.8 Measuring Credit Risk

The measurement of credit risk is of vital importance in credit risk management.

A number of qualitative and quantitative techniques to measure risk inherent in

credit portfolio are evolving. To start with, banks should establish a credit risk-

rating framework across all type of credit activities. Among other things, the

rating framework may, incorporate:

The rating process in relation to credit approval and review ratings are generallyassigned /reaffirmed at the time of origination of a loan or its renewal

/enhancement. The analysis supporting the ratings is inseparable from that

required for credit appraisal. In addition the rating and loan analysis process

while being separate are intertwined. The process of assigning a rating and its

_________________________________________________________________________________________________



23/58


________________________________________________________________________

approval / confirmation goes along with the initiation of a credit proposal and its

approval. Generally loan origination function (whether a relationship

The credit risk exposure involves both the probability of Default (PD) and loss in

the event of default or loss given default (LGD).

The former is specific to borrower while the later corresponds to the facility. The

product of PD and LGD is the expected loss.

Point in time means to grade a borrower according to its current condition while

through the cycle approach grades a borrower under stress conditions

3.9 Credit Risk Monitoring and control

As part of portfolio monitoring, institutions should generate reports on credit

exposure by risk grade. Adequate trend and migration analysis should also be

conducted to identify any deterioration in credit quality. Institutions may establish

limits for risk grades to highlight concentration in particular rating bands. It is

important that the consistency and accuracy of ratings is examined periodically

by a function such as an independent credit review group

_________________________________________________________________________________________________



24/58


________________________________________________________________________

CHAPTER NO:4. MANAGING PROBLEM

CREDITS

4.1 Managing Market Risk4.2 Interest Rate Risk4.3 Foreign Exchange Risk4.4 Equity / commodity price Risk4.5 Element of Market Risk

Management4.6 Risk Management Committee4.7 Middle Office

_________________________________________________________________________________________________



25/58


________________________________________________________________________

4. MANAGING PROBLEM CREDITS

Having identified 'green' and 'red' risks you now need to look at what your

response will be to each of the red risks. There are a number of fairly standard

definitions of response types that can be summed up as follows:

Even from those very basic examples we can see that, in all cases, the risk

response costs money. This stage of the process can be quite iterative because

until you know how you are going to respond to a risk you can't be sure what it

will cost you in terms of time or money. For example you may decide 'Losing a

programmer won't lose us as much time as we thought. We don't need to take

three months to recruit another because we can use a recruitment agency with apool of programmers on their books if we are prepared to pay their 20% finders

fee.'

Risk response actions don't only occur when a risk happens - some of the above

responses are preventative measures that are taken as soon as you identify the

risk. At this point you may revisit your Risk Log to assess the status of a risk

once the preventative or mitigating actions are complete. This is sometimes

known as Residual Risk.

4.1 Managing Market Risk

Risk is a personal experience, because it is subjective, it is individuals who suffer

the consequences of risk. Although we may speak of companies taking risk, in

actuality, companies are merely conduits for risk. Ultimately, all risks which flow

through an organization accrue to individualsstockholders, creditors,

employees, customers, board members, etc.

Business activities entail a variety of risks. For convenience, we distinguish

between different categories of risk: market risk, credit risk, liquidity risk, etc.

Although such categorization is convenient, it is only informal. Usage and

definitions vary. Boundaries between categories are blurred. A loss due to

_________________________________________________________________________________________________



26/58


________________________________________________________________________

widening credit spreads may reasonably be called a market loss or a credit loss,

so market risk and credit risk overlap. Liquidity risk compounds other risks, such

as market risk and credit risk. It cannot be divorced from the risks it compounds.

An important but somewhat ambiguous distinguish is that between market risk

and business risk. Market risk is exposure to the uncertain market value of a

portfolio. A trader holds a portfolio of commodity forwards. he knows what its

market value is today, but he is uncertain as to its market value a week from

today. he faces market risk. Business risk is exposure to uncertainty in economic

value that cannot be marked-to-market. The distinction between market risk and

business risk parallels the distinction between mark-to-market accounting and

book-value accounting. Suppose a New England electricity wholesaler is long a

forward contract for on-peak electricity delivered over the next 3 months. There is

an active forward market for such electricity, so the contract can be marked to

market daily. Daily profits and losses on the contract reflect market risk. Suppose

the firm also owns a power plant with an expected useful life of 30 years. Power

plants change hands infrequently, and electricity forward curves don't exist out to

30 years. The plant cannot be marked to market on a regular basis. In the

absence of market values, market risk is not a meaningful notion. Uncertainty in

the economic value of the power plant represents business risk. The distinctionbetween market risk and business risk is ambiguous because there is a vast

"gray zone" between the two. There are many instruments for which markets

exist, but the markets are illiquid. Mark-to-market values are not usually

available, but mark-to-model values provide a more-or-less accurate reflection of

fair value. Do these instruments pose business risk or market risk? The decision

is important because firms employ fundamentally different techniques for

managing the two risks.

_________________________________________________________________________________________________



27/58


________________________________________________________________________

4.2 Interest Rate Risk

Business risk is managed with a long-term focus. Techniques include the careful

development of business plans and appropriate management oversight. book-

value accounting is generally used, so the issue of day-to-day performance is not

material. The focus is on achieving a good return on investment over an

extended horizon. Market risk is managed with a short-term focus. Long-term

losses are avoided by avoiding losses from one day to the next. On a tactical

level, traders and portfolio managers employ a variety of risk metrics duration

and convexity, the Greeks, beta, etc.to assess their exposures. These allow

them to identify and reduce any exposures they might consider excessive. On a

more strategic level, organizations manage market risk by applying risk limits to

traders' or portfolio managers' activities. Increasingly, value-at-risk is being used

to define and monitor these limits. Some organizations also apply stress testing

to their portfolios. Liquidity risk is financial risk due to uncertain liquidity. An

institution might lose liquidity if its credit rating falls, it experiences sudden

unexpected cash outflows, or some other event causes counterparties to avoid

trading with or lending to the institution. A firm is also exposed to liquidity risk if

markets on which it depends are subject to loss of liquidity.

4.3 Foreign Exchange Risk

Liquidity risk tends to compound other risks. If a trading organization has a

position in an illiquid asset, its limited ability to liquidate that position at short

notice will compound its market risk. Suppose a firm has offsetting cash flows

with two different counterparties on a given day. If the counterparty that owes it a

payment defaults, the firm will have to raise cash from other sources to make its

payment. Should it be unable to do so, it too we default.

Here, liquidity risk is compounding credit risk.

_________________________________________________________________________________________________



28/58


29/58


________________________________________________________________________

4.7 Middle Office

Defined as the change in a bank's portfolio value due to interest rate fluctuations.

Taking on IRR is a key part of what banks do; but taking on excessive IRR could

threaten a bank's earnings and its capital base, raising concerns for bank

supervisors. In practice, IRR management systems have been developed to

measure and control such risk exposures, both in the trading book (i.e., assets

that are relatively liquid and regularly traded) and in the banking book (i.e.,

assets, such as loans, that are much less actively traded).

IRR can be roughly decomposed into four categories: reprising risk, yield curve

risk, basis risk, and optionally ( Basel Committee on Banking Supervision (BCBS)

2003.)

Reprising risk refers to fluctuations in interest rate levels that have differing

impacts on bank assets and liabilities; for example, a portfolio of long-term, fixed-

rate loans funded with short-term deposits (i.e., a case of duration mismatch)

could significantly decrease in value when rates increase, since the loan

payments are fixed (and funding costs have increased).

Yield curve risk refers to changes in portfolio values caused by unanticipated

shifts in the slope and shape of the yield curve; for example, short-term rates

might rise faster than long-term rates, clearly affecting the profitability of fundinglong-term loans with short-term deposits.

Basis risk refers to the imperfect correlation between index rates across different

interest rate markets for similar maturities; for example, a bank funding loans

whose payments are based on U.S. Treasury rates with deposits based on Libor

rates is exposed to the risk of unexpected changes in the spread between these

index rates.

The economic value approach takes a broader perspective on IRR management

by focusing on how interest rate changes affect total expected net cash flows

from all of a bank's operations. Thus, this approach examines expected cash

flows from assets minus expected payments on liabilities plus the expected net

cash flows from off-balance-sheet positions, such as fees charged for borrower

credit lines. This approach is more challenging to conduct since, at a minimum, it

_________________________________________________________________________________________________



30/58


________________________________________________________________________

requires collecting and aggregating more data; at the same time, it provides

greater insight into a bank's aggregate IRR exposure.

In addition to such aggregate IRR management approaches, banks use more

focused IRR measurement techniques for derivatives and other instruments with

especially complex risk profiles, such as mortgage-backed securities. While the

aggregate approaches typically involve making judgmental adjustments to

interest rates and tracking their impact across the bank, the focused techniques

explicitly use mathematical models of interest rate dynamics for various index

rates and their yield curves. For example, many possible future interest rate

paths are generated and used to examine the potential effects of interest rate

changes on portfolio values, investment returns, and cash flows from different

assets. Since the models can examine the components of interest rate risk

separately, risk managers use them to gauge and control their portfolios'

exposures to a broader range of interest rate fluctuations. In theory, the more

sophisticated IRR management techniques could be applied to the bank as a

whole. Important developments in this direction have been made, but several

important challenges still remain, especially in aggregating IRR exposures across

business lines.

A key advantage of these mathematical IRR management techniques is that theyprovide a consistent framework for analyzing a wide variety of possible interest

rate scenarios.

_________________________________________________________________________________________________



31/58


________________________________________________________________________

CHAPTER NO: 5. RISK MEASUREMENT

5.1 Repricing Gap Models5.2 EaR & Economic Value of Equity Models5.3 Value at Risk5.4 Risk Monitoring5.5 Risk Controls

_________________________________________________________________________________________________



32/58


________________________________________________________________________

CHAPTER: 5. RISK MEASUREMENT

Accurate and timely measurement of market risk is necessary for proper risk

management and control. Market risk factors that affect the value of traded

portfolios and the income stream or value of non -traded portfolio and other

business activities should be identified and quantified using data that can be

directly observed in markets or implied from observation or history. While there is

a wide range of risk measurement techniques ranging from static measurement

techniques (Gap analysis) to highly sophisticated dynamic modeling (Monte

Carlo Simulation), the banks may employ any technique depending upon the

nature size and complexity of the business and most important the availability

and integrity of data. Banks may adopt multiple risk measurement methodologies

to capture market risk in various business activities; however management

should have an integrated view of overall market risk across products and

business lines. The measurement system ideally should

a) Assess all material risk factors associated with a bank's assets, liabilities, and

Off Balance sheet positions.

b) Utilize generally accepted financial concepts and risk measurement

techniques.c) Have well documented assumptions and parameters. It is important that the

assumptions underlying the system are clearly understood by risk managers and

top management.

5.1 Repricing Gap Models

At the most basic level banks may use repricing gap schedules to measure their

interest rate risk. A gap report is a static model wherein interest sensitive assets

(ISA), Interest Sensitive liabilities (ISL) and off-balance sheet items are stratified

into various time bands according to their maturity (if fixed rate) or time remaining

to their next re -pricing (if floating rate). The size of the gap for a given time band

- that is, assets minus liabilities plus OBS exposures that re-price or mature

within that time band gives an indication of the bank's re-pricing risk exposure. If

_________________________________________________________________________________________________



33/58


________________________________________________________________________

ISA of a bank exceed ISL in a certain time band, the bank is said to have a

positive GAP for that particular period and vice versa. An interest sensitive gap

ratio is also a good indicator of banks interest rate risk exposure.

Relative IS GAP = IS GAP /Banks Total Asset

Also an ISA to ISL ratio of bank for particular time band could be a useful

estimation of a banks position.

Interest Sensitive Ratio = ISA/ISL

Measuring Risk to Net Interest Income (NII)

Gap schedules can provide an estimate of changes in banks net interest income

given changes in interest rates. The gap for particular time band could be

multiplied by a hypothetical change in interest rate to obtain an approximate

change in net interest income. The formula to translate gaps into the amount of

net interest income at risk, measuring exposure over several periods, is:

(Periodic gap) x (change in rate) x (time over which the periodic gap is in effect) =

change in NII

While such GAP measurement apparently seem perfect, practically there are

some problems such as interest paid on liabilities of a bank which are generallyshort term tend to move quickly compared with that being earned on assets

many of which are relatively longer term. This problem can be minimized by

assigning weights to various ISA and ISL that take into account the tendency of

the bank interest rates to vary in speed and magnitude relative to each other and

with the up and down business cycle.

Measure of risk to Economic Value

The stratification of Assets and liabilities into various time bands in a gap

analyses can also be extended to measure change in economic value of banks

assets due to change in interest rates. This can be accomplished by applying

sensitivity weights to each time band. Typically, such weights are based on

_________________________________________________________________________________________________



34/58


________________________________________________________________________

estimates of the duration of the assets and liabilities that fall into each time-band,

where duration is a measure of the percent change in the economic value of a

position that will occur given a small change in the level of interest rates.

Duration-based weights can be used in combination with a maturity/ re-pricing

schedule to provide a rough approximation of the change in a bank's economic

value that could occur given a particular set of changes in market interest rates.

5.2 Earnings at Risk and Economic Value of Equity Models

Many bank, especially those using complex financial instruments or otherwise

having complex risk profiles, employ more sophisticated interest rate risk

measurement systems than those used on simple maturity/re-pricing schedules.

These simulation techniques attempt to overcome the limitation of Duration is the

weighted average term to maturity of a securitys cash flow. For instance a

Rs100 5 year 8% (semi Annual) coupon bond having yield of 8% will have a

duration of 4.217 years. This could be derived by following formula

Duration = t1 x PVCF 1 + t2 x PVCF2 ---------tn x PVCFn

K x PriceWhere PVCF = present value of cash flow n= Total number of payments

.

K = Number of payments per annum

Duration however works for small change in interest rate due to convexity of yield

curve. The estimation can be improved by introducing convexity measure of a

bond.

Static gap schedules and typically involve detailed assessments of the potential

effects of changes in interest rates on earnings or economic value by simulating

the future path of interest rates and their impact on cash flows. In static

simulations, the cash flows arising solely from the bank's current on- and off-

balance sheet positions are assessed. In a dynamic simulation approach, the

_________________________________________________________________________________________________



35/58


________________________________________________________________________

simulation builds in more detailed assumptions about the future course of interest

rates and expected changes in a bank's business activity over that time.

These more sophisticated techniques allow for dynamic interaction of payments

streams and interest rates, and better capture the effect of embedded or explicit

options.

5.3 Value at Risk

Value at Risk (VAR) is generally accepted and widely used tool for measuring

market risk inherent in trading portfolios. It follows the concept that reasonable

expectation of loss can be deduced by evaluating market rates, prices observed

volatility and correlation. VAR summarizes the predicted maximum loss (or worst

loss) over a target horizon within a given confidence level. The well-known

proprietary models that use VAR approaches are JP Morgans Risk metrics,

Bankers trust Risk Adjusted Return on Capital, and Chases Value at risk.

Generally there are three ways of computing VAR

Parametric method or Variance covariance approach

Historical Simulation

5.4 Risk MonitoringRisk monitoring processes are established to evaluate the performance of banks

risk strategies/policies and procedures in achieving overall goals. Whether the

monitoring function is performed by middle-office or it is a part of banks internal

audit it is important that the monitoring function should be independent of units

taking risk and report directly to the top management/board.

5.5 Risk Control.

Banks internal control structure ensures the effectiveness of process relating to

market risk management. Establishing and maintaining an effective system of

controls including the enforcement of official lines of authority and appropriate

segregation of duties, is one of the managements most important

responsibilities. Persons responsible for risk monitoring and control procedures

_________________________________________________________________________________________________



36/58


37/58


________________________________________________________________________

CHAPTER NO:6. RISK AUDIT6.1 Risk limits6.2 Managing Liquidity Risk6.3 Early Warning Indicators6.4 Liquidity Risk Strategy and Policy6.5 ALCO/ Investment Committee

6.6 Contingency Funding Plan6.7 Cash Flow Projections6.8 Liquidity Ratios & Limits6.9 Internal Controls

_________________________________________________________________________________________________



38/58


________________________________________________________________________

CHAPTER: 6. RISK AUDIT

Banks need to review and validate each step of market risk measurement

process. This review function can be performed by a number of units in the

organization including internal audit/control department or ALCO support staff.

In small banks, external auditors or consultants can perform the function. The

audit or review should take into account.

a) The appropriateness of banks risk measurement system given the nature,

scope and complexity of banks activities

b) The accuracy or integrity of data being used in risk models.

c) The reasonableness of scenarios and assumptions

d) The validity of risk measurement calculations.

6.1 Risk limits

As stated earlier it is the board that has to determine banks overall risk appetite

and exposure limit in relation to its market risk strategy.

Based on these tolerances the senior management should establish appropriate

risk limits. Risk limits for business units, should be compatible with the

institutions strategies, risk management systems and risk tolerance. The limitsshould be approved and periodically reviewed by the Board of Directors and/or

senior management, with changes in market Conditions or resources prompting

a reassessment of limits.

Institutions need to ensure consistency between the different types of limits.

a) Gap Limits

The gap limits expressed in terms of interest sensitive ratio for a given time band

aims at managing potential exposure to a banks earnings / capital due to

changes in interest rates. Setting such limits is useful way to limit the volume of

a banks repricing exposures and is an adequate and effective method of

communicating the risk profile of the bank to senior management.

Such gap limits can be set on a net notional basis (net of asset / liability amounts

for both on and off balance sheet items) or a duration-weighted basis, in each

_________________________________________________________________________________________________



39/58


________________________________________________________________________

time band. (Duration is the weighted average term to maturity of a securitys cash

flow.

6.2 Managing Liquidity Risk

Liquidity risk is the potential for loss to an institution arising from either its inability

to meet its obligations or to fund increases in assets as they fall due without

incurring unacceptable cost or losses.

Liquidity risk is considered a major risk for banks. It arises when the cushion

provided by the liquid assets are not sufficient enough to meet its obligation. In

such a situation banks often meet their liquidity requirements from market.

However conditions of funding through market depend upon liquidity in the

market and borrowing institutions liquidity. Accordingly an institution short of

liquidity may have to undertake transaction at heavy cost resulting in a loss of

earning or in worst case scenario the liquidity risk could result in bankruptcy of

the institution if it is unable to undertake transaction even at current market

prices.

Banks with large off-balance sheet exposures or the banks, which rely heavily onlarge corporate deposit, have relatively high level of liquidity risk. Further the

banks experiencing a rapid growth in assets should have major concern for

liquidity.

Liquidity risk may not be seen in isolation, because financial risk are not mutually

exclusive and liquidity risk often triggered by consequence of these other

financial risks such as credit risk, market risk etc. For instance, a bank increasing

its credit risk through asset concentration etc may be increasing its liquidity risk

as well. Similarly a large loan default or changes in interest rate can adversely

impact a banks liquidity position. Further if management misjudges the impact

on liquidity of entering into a new business or product line, the banks strategic

risk would increase.

_________________________________________________________________________________________________



40/58


________________________________________________________________________

6.3 Early Warning indicators of liquidity risk.

An incipient liquidity problem may initially reveal in the bank's financial monitoring

system as a downward trend with potential long-term consequences for earnings

or capital. Given below are some early warning indicators that not necessarily

always lead to liquidity problem for a bank; however these have potential to ignite

such a problem. Consequently management needs to watch carefully such

indicators and exercise further scrutiny/analysis wherever it deems appropriate.

Examples of such internal indicators are:

a) A negative trend or significantly increased risk in any area or product line.

b) Concentrations in either assets or liabilities.

c) Deterioration in quality of credit portfolio.

d) A decline in earnings performance or projections.

e) Rapid asset growth funded by volatile large deposit.

f) A large size of off-balance sheet exposure.

g) Deteriorating third party evaluation about the bank

6.4 Liquidity Risk Strategy

The liquidity risk strategy defined by board should enunciate specific policies onParticular aspects of liquidity risk management, such as:

a. Composition of Assets and Liabilities

. The strategy should outline the mix of assets and liabilities to maintain liquidity.

Liquidity risk management and asset/liability management should be integrated

to avoid steep costs associated with having to rapidly reconfigure the asset

liability profile from maximum profitability to increased liquidity.

b. Diversification and Stability of Liabilities

. A funding concentration exists when a single decision or a single factor has the

potential to result in a significant and sudden withdrawal of funds. Since such a

situation could lead to an increased risk, the Board of Directors and senior

management should specify guidance relating to funding sources and ensure

that the bank have a diversified sources of funding day-to-day liquidity

_________________________________________________________________________________________________



41/58


________________________________________________________________________

requirements. An institution would be more resilient to tight market liquidity

conditions if its liabilities were derived from more stable sources.

To comprehensively analyze the stability of liabilities/funding sources the bank

need to identify:

Liabilities that would stay with the institution under any circumstances;

Liabilities that run-off gradually if problems arise; and That run-off immediately at

the first sign of problems.

c. Access to Inter-bank Market

. The inter-bank market can be important source of liquidity. However, the

strategies should take into account the fact that in crisis situations access to inter

bank market could be difficult as well as costly.

Contingency plan for handling liquidity crises

To be effective the liquidity policy must be communicated down the line

throughout in the organization. It is important that the Board and senior

management/ALCO review these policies at least annually and when there are

any material changes in the institutions current and prospective liquidity risk

profile. Such changes could stem from internal circumstances (e.g. changes in

business focus) or external circumstances (e.g. changes in economic conditions).

Reviews provide the opportunity to fine tune the institutions liquidity policies in

light of the institutions liquidity management experience and development of its

business. Any significant or frequent exception to the policy is an important

barometer to gauge its effectiveness and any potential impact on banks liquidity

risk profile.

Institutions should establish appropriate procedures and processes to implement

their liquidity policies. The procedural manual should explicitly narrate the

necessary operational steps and processes to execute the relevant

_________________________________________________________________________________________________



42/58


________________________________________________________________________

Liquidity risk controls. The manual should be periodically reviewed and updated

to take into account new activities, changes in risk management approaches and

systems.

6.5 ALCO/Investment Committee

The responsibility for managing the overall liquidity of the bank should be

delegated to a specific, identified group within the bank. This might be in the form

of an Asset Liability Committee (ALCO) comprised of senior management, the

treasury function or the risk management department. However, usually the

liquidity risk management is performed by an ALCO. Ideally, the ALCO should

comprise of senior management from each key area of the institution that

assumes and/or manages liquidity risk. It is important that these members have

clear authority over the units responsible for executing liquidity-related

transactions so that ALCO directives reach these line units unimpeded. The

ALCO should meet monthly, if not on a more frequent basis. Generally

responsibilities of ALCO include developing and maintaining appropriate risk

management policies and procedures, MIS reporting, limits, and oversight

programs. ALCO usually delegates day-to-day operating responsibilities to the

bank's treasury department. However, ALCO should establish specificprocedures and limits governing treasury operations before making such

delegation.

6.6 Contingency Funding Plans

In order to develop a comprehensive liquidity risk management framework,

institutions should have way out plans for stress scenarios. Such a plan

commonly known as Contingency Funding Plan (CFP) is a set of policies and

procedures that serves as a blue print for a bank to meet its funding needs in a

timely manner and at a reasonable cost. A CFP is a projection of future cash

flows and funding sources of a bank under market scenarios including

aggressive asset growth or rapid liability erosion. To be effective it is important

that a CFP should represent managements best estimate of balance sheet

_________________________________________________________________________________________________



43/58


________________________________________________________________________

changes that may result from a liquidity or credit event. A CFP can provide a

useful framework for managing liquidity risk both short term and in the long term.

Further it helps ensure that a financial institution can prudently and efficiently

manage routine and extraordinary fluctuations in liquidity. The scope of the CFP

is discussed in more detail below.

Use of CFP for Routine Liquidity Management

For day-to-day liquidity risk management integration of liquidity scenario will

ensure that the bank is best prepared to respond to an unexpected problem. In

this sense, a CFP is an extension of ongoing liquidity management and

formalizes the objectives of liquidity management by ensuring:

a) A reasonable amount of liquid assets are maintained.

b) Measurement and projection of funding requirements during various

scenarios.

c) Management of access to funding sources.

Use of CFP for Emergency and Distress Environments

Not necessarily a liquidity crisis shows up gradually. In case of a sudden liquidity

stress it is important for a bank to seem organized, candid, and efficient to meet

its obligations to the stakeholders. Since such a situation requires a spontaneous

action, banks that already have plans to deal with such situation could address

the liquidity problem more efficiently and effectively. A CFP can help ensure that

bank management and key staffs are ready to respond to such situations. Bank

liquidity is very sensitive to negative trends in credit, capital, or reputation.

Deterioration in the company's financial condition (reflected in items such as

asset quality indicators, earnings, or capital), management composition, or other

relevant issues may result in reduced access to funding.

6.7 Cash Flow Projections

At the basic level banks may utilize flow measures to determine their cash

position. A cash flow projection estimates a banks inflows and outflows and thus

net deficit or surplus (GAP) over a time horizon. The contingency funding plan

_________________________________________________________________________________________________



44/58


________________________________________________________________________

discussed previously is one example of a cash flow projection. Not to be

confused with the re-pricing gap report that measures interest rate risk, a

behavioral gap report takes into account banks funding requirement arising out

of distinct sources on different time frames. A maturity ladder is a useful device to

compare cash inflows and outflows both on a day-to-day basis and over a series

of specified time periods. The number of time frames in such maturity ladder is of

significant importance and up to some extent depends upon nature of banks

liability or sources of funds. Banks, which rely on short term funding, will

concentrate primarily on managing liquidity on very short term Whereas, other

banks might actively manage their net funding requirement over a slightly longer

period. In the short term, banks flow of funds could be estimated more

accurately and also such estimates are of more importance as these provide an

indication of actions to be taken immediately. Further, such an analysis for

distant periods will maximize the opportunity for the bank to manage the GAP

well in advance before it crystallizes. Consequently banks should use short time

frames to measure near term exposures and longer time frames thereafter. It is

suggested that banks calculate daily GAP for next one or two weeks, monthly

Gap for next six month or a year and quarterly thereafter. While making an

estimate of cash flows, following aspect needs attention

6.8 Liquidity Ratios and Limits

Banks may use a variety of ratios to quantify liquidity. These ratios can also be

used to create limits for liquidity management. However, such ratios would be

meaningless unless used regularly and interpreted taking into account qualitative

factors. Ratios should always be used in conjunction with more qualitative

information about borrowing capacity, such as the likelihood of increased

requests for early withdrawals, decreases in credit lines, decreases in transaction

size, or shortening of term funds available to the bank. To the extent that any

asset-liability management decisions are based on financial ratios, a bank's

asset-liability managers should understand how a ratio is constructed, the range

_________________________________________________________________________________________________



45/58


________________________________________________________________________

of alternative information that can be placed in the numerator or denominator,

and the scope of conclusions that can be drawn from ratios.

Because ratio components as calculated by banks are sometimes inconsistent,

ratio-based comparisons of institutions or even comparisons of periods at a

single institution can be misleading.

6.9 Internal Controls

In order to have effective implementation of policies and procedures, banks

should institute review process that should ensure the compliance of various

procedures and limits prescribed by senior management. Persons independent

of the funding areas should perform such reviews regularly. T he bigger and

more complex the bank, the more thorough should be the review. Reviewers

should verify the level of liquidity risk and managements compliance with limits

and operating procedures. Any exception to that should be reported immediately

to senior management / board and necessary actions should be taken.

_________________________________________________________________________________________________



46/58


________________________________________________________________________

CHAPTER:7. RISK MONITORING ANDCONTROL

7.1 Risk Management Plan7.2 Risk Register7.3 Work Performance Information7.4 Risk Reassessment7.5 Variance and Trend Analysis7.6 Technical Performance Measurement7.7 Reserve Analysis

_________________________________________________________________________________________________



47/58


________________________________________________________________________

7. RISK MONITORING AND CONTROL

Risk monitoring and control is the process of identifying, analyzing, and planning

for newly discovered risks and managing identified risks. Throughout the

process, the risk owners track identified risks, reveal new risks, implement risk

response plans, and gage the risk response plans effectiveness. The key point is

throughout this phase constant monitoring and due diligence is key to the

success.

The inputs to Risk Monitoring and Control are:

7.1 Risk Management Plan

The Risk Management Plan is details how to approach and manage project risk.

The plan describes the how and when for monitoring risks. Additionally the Risk

Management Plan provides guidance around budgeting and timing for risk-

related activities, thresholds, reporting formats, and tracking.

7.2 Risk Register

The Risk Register contains the comprehensive risk listing for the project. Within

this listing the key inputs into risk monitoring and control are the bought into,

agreed to, realistic, and formal risk responses, the symptoms and warning signs

of risk, residual and secondary risks, time and cost contingency reserves, and a

watch list of low-priority risks.

Approved Change RequestsApproved change requests are the necessary adjustments to work methods,

contracts, project scope, and project schedule. Changes can impact existing risk

and give rise to new risk. Approved change requests are need to be reviews from

the perspective of whether they will affect risk ratings and responses of existing

risks, and or if new risks are a result.

_________________________________________________________________________________________________



48/58


________________________________________________________________________

7.3 Work Performance Information

Work performance information is the status of the scheduled activities being

performed to accomplish the project work. When comparing the scheduled

activities to the baseline, it is easy to determine whether contingency plans need

to be put into place to bring the project back in line with the baseline budget and

schedule. By reviewing work performance information, one can identify if trigger

events have occurred, if new risk are appearing on the radar, or if identified risks

are dropping from the radar.

Performance Reports

Performance reports paint a picture of the project's performance with respect to

cost, scope, schedule, resources, quality, and risk. Comparing actual

performance against baseline plans may unveil risks which may cause problems

in the future. Performance reports use bar charts, S-curves, tables, and

histograms, to organize and summarize information such as earned value

analysis and project work progress.

All of these inputs help the banks and DFI manager to monitoring risks and

assure a successful risk management.

Once the Bank or DFI has gathered together all of the inputs, it is time to engage

in risk monitoring and controlling. The best practices for risk management are:

7.4 Risk Reassessment

It is normally addressed at the status meetings. Throughout the project, the risk

picture fluctuates: New risks arise, identified risks change, and some risks may

simply disappear. To assure team members remain aware of changes in the risk

picture, risks are reassessed on a regularly scheduled basis. Reassessing risks

enables risk owners and the project manager to evaluate whether risk probability,

impact, or urgency ratings are changing; new risks are coming into play; old risks

_________________________________________________________________________________________________



49/58


________________________________________________________________________

have disappeared; and if risk responses remain adequate. If a risk's probability,

impact, or urgency ratings change, or if new risks are identified, the institution

may initiate iterations of risk identification or analysis to determine the risk's

effects on the process or deals.

Status MeetingsStatus meetings provide a forum for team members to share their experiences

and inform other team members of their progress and plans. A discussion of risk

should be an agenda item at every status meeting. Open collaborative

discussions allows risk owners to bring to light risks which are triggering events,

whether and how well the planned responses are working, and where help might

be needed. Most people find it difficult to talk about risk. However,

communication will become easier with practice. To assure this is the case, the

Institution must encourage open discussion with no room for negative

repercussions for discussing negative events.

Risk Audits

Risk audits examine and document the effectiveness of planned risk responses

and their impacts on the schedule and budget. Risk audits may be scheduled

activities, documented in the Project Management Plan, or they can be triggered

when thresholds are exceeded. Risk audits are often performed by risk auditors,

who have specialized expertise in risk assessment and auditing techniques. To

ensure objectivity, risk auditors are usually not members of the project team.

Some companies even bring in outside firms to perform audits.

7.5 Variance and Trend Analysis

Variance analysis examines the difference between the planned and the actual

budget or schedule in order to identify unacceptable risks to the schedule,

budget, quality, or scope of the project. Earned value analysis is a type of

variance analysis. Trend analysis involves observing project performance over

_________________________________________________________________________________________________



50/58


________________________________________________________________________

time to determine if performance is getting better or worse using a mathematical

model to forecast future performance based on past results.

7.6 Technical Performance Measurement(TPM)

Technical performance measurement identifies deficiencies in meeting system

requirements, provide early warning of technical problems, and monitor technical

risks. The success of TPM depends upon identifying the correct key performance

parameters (KPPs) at the outset of the project. KPPs are factors that measure

something of importance to the project and are time/cost critical. Each KPP is

linked to the work breakdown structure (WBS), and a time/cost baseline may be

established for it. The project manager monitors the performance of KPPs over

time and identifies variances from the plan. Variances point to risks in the

project's schedule, budget, or scope.

7.7 Reserve Analysis - Reserve analysis makes a comparison of the

contingency reserves to the remaining amount of risk to ascertain if there is

enough reserve in the pool. Contingency reserves are buffers of time, funds, or

resources set aside to handle risks that arise as a project moves forward. These

risks can be anticipated, such as the risks on the Risk Register. They can beunanticipated, such as events that "come out of left field." Contingency reserves

are depleted over time, as risks trigger and reserves are spent to handle them.

With constraints as above monitoring the level of reserves to assure the level

remains adequate to cover remaining project risk, is a necessary task.

Outputs of the Risk Monitoring and Control process are produced continually, fed

into a variety of other processes. In addition, outputs of the process are used to

update project and organizational documents for the benefit of future project

managers. The outputs of Risk Monitoring and Control are:

Updates to the Risk Register An updated Risk Register has the outcomes from risk

assessments, audits, and risk reviews. In addition it is updated with the resulting_________________________________________________________________________________________________



51/58


________________________________________________________________________

outcome of the project risk and risk response. Was it a good response, did the

response have the desired affect? The updated Risk Register is a key part of the

historical record of risk management for the project and will be added to the

historical archives.

Updates to Organizational Process Assets

Organizational process assets should be documented in light of the risk

management processes to be used in future projects. Documents as the

probability and impact matrix, risk databases, and lessons-learned information,

as well as all of the project files are archived for the benefit of future project

managers.

Updates to the Project Management Plan

Updates to the Project Management Plan occur if any approved changes have

an impact on the risk management process. In addition, these authorized

changes incur risks which are documented in the Risk Register.

Recommend Corrective Actions

Recommended corrective actions consist of two types: contingency plans and

workaround plans. A contingency plan is a provision in the Project Management

Plan that specifies how a risk will be handled if that risk occurs. The plan may be

linked with money or time reserves that can be used to implement the plan. A

workaround plan is a response to a negative risk that was passively accepted or

not previously identified.

Recommend Preventative Actions

Recommended preventative actions assure the project follows the guidelines of

the project management plan.

_________________________________________________________________________________________________



52/58


________________________________________________________________________Requested Changes

Requested Changes are any identified changes to the project management plan.

Change requests are completed and submitted to the Integrated Change Control

process. All requested changes must are documented, and that approvals at the

right management levels are sought and obtained.

_________________________________________________________________________________________________



53/58


________________________________________________________________________

CHAPTER NO: 8. CONCLUSION ANDRECOMMENDATIONS

8.1 Conclusion8.2 Recommendations

_________________________________________________________________________________________________



54/58


________________________________________________________________________

8. CONCLUSION AND RECOMMENDATIONS

8.1 CONCLUSIONS

Risk management is the most important sector of the banking industry with thekey success by attending directly the needs of the end Commercial banks and

DFI is having glorious future in coming years.

Risk management in financial sector as a whole is