www.niit-tech.com

Thought Paper

Tripurari Jee >> BFS Practice, US GeoImtoj Oberoi >> BFS Practice, UK Geo

Risk Management in Financial Services –

an Overview

Overview 1

Challenges Facing Banks and Financial Institutes 3

Key Sources of Risk 4

Setting Up a Comprehensive Financial Risk Management Infrastructure 5

Role of Technology in Risk Management 6

Beyond Technology 6

CONTENTS

INVESTMENT

REVENUEREVENUE

INVESTMENT

INVESTMENT

INVESTMENT

FINANCE

FINANCE

FINANCE

FINAANCEFINANCEWEALTH

MARKET

MARKETMATKET

CAPITAL

CAPITALCAPITAL

CARGO CAPITALECONOMICS

ECONOMICS

BANKING

The lack of speed and agility to assess various risk exposures is a

key reason behind whybanks and financial institutions were unable

to manage the volatility in market conditions. Factors like the

inability to quickly assess and analyze the risk-reward ratio and

Overview calculate fund value on demand,resulted in managementtaking

uninformedand ill-conceived decisionsandeven losing out on new

opportunities.

Today’s volatile market environment, however, demands agility and

adaptability or missing revenue opportunities. For instance,

calculating the mark-to-market value of financial instruments held

by the firm, requires informed planning to ensure that a fair value is

calculated during a distress sale or forced liquidation or in cases

where enough price inputs are not available, the estimations are

based on a scientific assessment of the value. The lack of such

planning could result in liquidity constraints and even increased

counterparty risks during negative market upheavals. In a worst

case scenario, this lack of foresight can even translate into

regulatory violations and unnecessary risks. Some of the key

challenges that could arise from the lack of an integrated

enterprise-wide risk management strategy are listed below:

• Lack of agility and speed required to take advantage of

revenue-generation opportunities

• Reputational damage that can impact earnings and result in

lowering of shareholder value

• Inability to fully comprehend the full range of risks facing the

organization and to take appropriate actions to control potential

damage

• Possibility of violating regulatory compliance requirements

• Adverse impact on profitability and margins

3

The financial debacle, that the world endured beginning early

2008, haslargely been attributed to the increasing deregulation that

the banking and financial services industry witnessed from the

1980s onwards.After the frequent financial crisis of theglobal

markets, and the state of the American economy in the early

decades of the last century, several stringent regulatory measures

were imposed. This brought a semblance of sanity to the

functioning of these institutes by reducing the ability to take undue

risks that could put the whole economy in peril. However, aftera

half century had passed with no major crises, the rules were

relaxed only to cause the latest global economic meltdown. To a

large extent, we are still suffering the consequences of the

excesses of the previous decade. The North American economy

continues to remain fragile and the European debt crisis shows no

sign of abating anytime soon.

Not surprisingly, much more stringent regulations are back in place.

Risk management has again taken center stage in theworld of

finance. The volatility and growing complexity in the financial

services industry has made it necessary for regulatory bodies to

impose compliance regulation on capital, liquidity, and

operations.The impact on revenues isquite significant. It can have

untold impact on profitability and growth. This, in turn, has

compelled senior management to get directly involved in setting up

a robust risk management function that will deal with systemic

reforms, cost controls, reputational risks, regulatory compliances,

and credit risks.

Challenges Facing Banks and Financial Institutes

The cost of recent regulations, combined with continued low interest

rates, could reduce retail bank revenues by 30 to 50 percent.

- BAI Executive Report

The technology needed to manage risk and regulation will chew up

15 percent of IT investments. Financial services companies will

struggle to find the optimal channel mix to deliver value to clients.

- Industry Analysts

Key Sources of RiskKey Sources of RiskRisks are an inherent part of the business. Banks and financial

institutions face several types of risks due to the uncertainties

associated with market dynamics. For instance, the institution

could be facing financial risks such as credit, capital or aliquidity

crisis. Increased regulatory oversight poses risks of huge fines

and penalties, as financial institutes take regular risk-based

decisions that could lead to noncompliance if the organization

has not enabled a risk intelligent culture throughout the firm.

There are also risks that could arise from fluctuations in the

market. In addition to this, there are several risks that could be

of a non-financial nature—money laundering, operational, or

reputational, which we will present in detail later. Risks could

also arise due to reliance on legacy technology, a lack of a

homogeneous application landscape or integrated platform,

and/or compliance or network security breaches among others.

Any impact in one area could have a cascading effect that soon

engulfs the other areas. The objective of risk management is to

analyze these risks and manage them effectively in order to

ensure a profitable tradeoff. Below, we take a detailed look at

the various areas that pose significant risks to banks and

financial institutions.

Loans or credit risks

Lending is one of the central functions of a financial institution.

It is a key revenue mechanism but also poses one of the

biggest areas of risk. Effective measurement and management

of credit risk is therefore an integral part of risk management.

The objective is to minimize potential risks and maximize

returns for the firm. The value of any collateral that has been

pledged by the borrower needs to be evaluated on a regular

basis to ascertain whether the loan risk versus collateral value

is in the bank’s best interest. Additionally, credit quality also

needs to be monitored and proactive actions taken in case of

any signs of deterioration.

Unexpected events and capital inadequacyRisks can arise from both expected as well as unexpected events.

Right from 1998 when Basel I was first framed for the supervision

of the international banking to system to Basel II in that brought

some sanity into how banks and financial institutions aligned

capital markets with risks to the more recent Basel III that has

suggested regulatory standards for ensuring capital adequacy and

adequate liquidity, the industry has been moving towards a stage

where such risks are minimized. Expected risks can be considered

and factored into the product pricing. Financial institutions,

however, need to have enough reserve capital to manage any

unexpected events that may affect functioning. During upward

trends in the market, financial institutions need to plan effectively,

and reserve capital to manage any adverse events that may pose a

threat to capital. Not doing so, could result in regulatory violations.

This necessitates a plan to manage crises situations and a system

to monitor and assess the plan at regular intervals.

Market risk

The market volatility we witnessed over the past few years will not

be easily forgotten for a long time to come. The impact of a

regional issue, i.e. the subprime debacle in the US, on the global

financial sector and the rapid rate at which it engulfed and

devastated economies, that were in seemingly good health,

indicates the risks these markets can pose to businesses. The

credit or liquidity position of a bank or financial institution can be

adversely affected by factors such as interest rate changes,

inflation, currency rate fluctuations, or even stock market

movements. A risk management system can provide a framework

to continuously measure, monitor and manage the various

elements that can pose a risk to the bank in case of a change in

any key factor that could have an adverse impact.

4

The total bank write-downs in the last financial meltdown due to the

lack of comprehensive risk management could exceed a shocking

$2 trillion.

- International Monetary Fund (IMF)

MARKET

VOLATILITY

REPUTATION

EROSION LIQUIDITY

TECHNOLOGICAL

SOURCESOF

RISK

OPERATIONAL

INCREASED

REGULATIONS

UNEXPECTED

EVENTS

LOANS OR CREDIT

QUALITY

Liquidity risk

Correctly estimating liquidity is critical to effective risk

management. In times of trouble, customers can withdraw cash or

liquidate equity and commodity positions. Contractual obligations

could however impose restrictions on institutions from calling in

credits or loans before the contracted period. This necessitates

maintaining liquidity to cover unexpected withdrawals. Risk

managers also need to take into account delays in receivables or

potential bad debts. A mechanism that monitors the performance

of assets and deterioration in credit quality is necessary to take

required action to offset such possibilities.

Operational risk

Manual processes could result in human errors creeping into the

system. Fraud or failure of internal governance and control

mechanisms are other factors that constitute operational risks.

External events such as natural disasters or even terrorist attacks

can pose grave risks. In the recent past, there has been an

increase in such adverse events across the globe. This calls for

systems that enable automation where possible, standardization of

processes, implementation of various frameworks, and preparing

contingency plans for all sorts of possibilities. Internal governance

and safeguard mechanisms need to be put in place. Regulatory

bodies have mandated various measures to counter such risks,

and these requirements need to be adhered to.

Regulatory risksAs mentioned earlier, regulatory oversight has increased

considerably in the recent past. Non adherence to compliance

requirements could result in significant penalties. This necessitates

better governance mechanisms and systemic upgrades to reduce

the risks posed by unintentional violations.

Technological risksTechnological advancements have increased client expectations,

and competitive pressures necessitate staying on top of all

client-oriented technological trends. Technology also is integral to

the basic functioning of the bank. As such, this sector has

traditionally been the early adopter of technological innovations.

However, this also brings with it various risks such as downtime,

network perimeter breach, technological obsolescence, and an

increase in complexities.

Reputational risk

We had touched upon this factor earlier in the article. The erosion of

trust in the institution can even lead to bankruptcy. This can happen

irrespective of the fact that charges levied may even be proven as

false. Reputational risk can, in turn, impact liquidity by encouraging

deposit withdrawals, and loss of clients and new business, and

thereby, considerably shrink shareholder value. Hence, the risk

management policy should take into account potential sources of

reputational risk to which the institutions exposed.

5

Setting Up a Comprehensive Financial

Risk Management Infrastructure

Setting Up a Comprehensive Financial

Risk Management InfrastructurePartnering with a third party service provider with deep experience

and expertise in providing risk management services to banks and

financial institutions across segments can help accelerate your

organizational readiness to tackle risks. You may already have a

risk management infrastructure in place. However, an external view

will enable you to identify potential gaps that you may have missed.

crucial role in ensuring regulatory compliance and enabling

regulatory reporting. It provides tools to evaluate liquidity risk

regularly and thereby enables the bank or financial institution to

make informed funding decisions that can mitigate risks or capture

short-term opportunities.

Technology is a critical component of any risk management

initiative. It reduces time-to-market considerably, increases

operational efficiency, enables quick detection of high-risk

accounts, identifies potential loss making scenarios, and enables

executive management to hedge the risk. Technology also plays a

Role of Technology in Risk ManagementRole of Technology in Risk Management

6

Business intelligence tools can help quickly identify new

businessopportunities while newer data assessment technologies

can provide deep insights that can impact current and future

profitability. For instance, risk management tools can help financial

institutions make the best possible decisions for their clients using

analytical tools across data sources.

Integrating data sources can enable the institution to seamlessly

analyze credit and liquidity risks, and even keep a check on

potential market risks. Unified dashboards can enable senior

management to understand overall risk exposure and take

proactive measures to keep it under manageable limits.

Beyond TechnologyImplementation of risk controls is not only a compliance mandate

but effective risk management can also have significant impact on

a bank or financial institutions’ future profitability and long-term

growth. Technology can play a critical role in helping financial

institutions manage these risks effectively. Partner with an

accomplished third-part IT service provider to implement analytics

tools that can help identify deterioration in credit quality. This will

enable you to take various proactive measures to restructure or

refinance risky loans before they turn into nonperforming assets.

However, technology is not an isolated barrier against potential

risks. It needs to be part of the organization’s larger integrated risk

management strategy. Areas such as reporting and forecasting

should be improved and a strong governance framework and

internal control processes should be implemented along with the

supporting technology systems to enable proactive risk

management and mitigation.

Key areas that can be enabled by technological intervention are

listed below:

Risk information should be delivered in real-time and reports should provide actionable insights

Management should be provided a unified view of risks across the organization to gauge the larger impact and calculate risks in an informed manner

Sophisticated forecasting tools should be implemented to enable management to assess market risks

Data platform across the organization should be intergrated to accelerate analysis and accuracy of decision making

Manual intervention should be eliminated and transaction oriented processes automated where possible

D_4

1_30

0813

Write to us at marketing@niit-tech.com www.niit-tech.com

NIIT Technologies is a leading IT solutions organization, servicing customers in North America,

Europe, Asia and Australia. It offers services in Application Development and Maintenance,

Enterprise Solutions including Managed Services and Business Process Outsourcing to

organisations in the Financial Services, Travel & Transportation, Manufacturing/Distribution, and

Government sectors. With employees over 8,000 professionals, NIIT Technologies follows global

standards of software development processes.

Over the years the Company has forged extremely rewarding relationships with global majors, a

testimony to mutual commitment and its ability to retain marquee clients, drawing repeat

business from them. NIIT Technologies has been able to scale its interactions with marquee

clients in the BFSI sector, the Travel Transport & Logistics and Manufacturing & Distribution, into

extremely meaningful, multi-year "collaborations.

NIIT Technologies follows global standards of development, which include ISO 9001:2000

Certification, assessment at Level 5 for SEI-CMMi version 1.2 and ISO 27001 information

security management certification. Its data centre operations are assessed at the international

ISO 20000IT management standards.

About NIIT Technologies

A leading IT solutions organization | 21 locations and 16 countries | 8000 professionals | Level 5 of SEI-CMMi, ver1.2 ISO 27001 certified | Level 5 of People CMM Framework

NIIT Technologies Limited2nd Floor, 47 Mark LaneLondon - EC3R 7QQ, U.K.Ph: +44 20 70020700Fax: +44 20 70020701

Europe

NIIT Technologies Pte. Limited31 Kaki Bukit Road 3#05-13 TechlinkSingapore 417818Ph: +65 68488300Fax: +65 68488322

Singapore

India

NIIT Technologies Inc.,1050 Crown Pointe Parkway5th Floor, Atlanta, GA 30338, USAPh: +1 770 551 9494Toll Free: +1 888 454 NIITFax: +1 770 551 9229

Americas

NIIT Technologies Ltd.Corporate Heights (Tapasya)Plot No. 5, EFGH, Sector 126Noida-Greater Noida ExpresswayNoida – 201301, U.P., IndiaPh: + 91 120 7119100Fax: + 91 120 7119150