Philip Te - Risk Management in Banking Principles and Framework-Oxford Fajar Sdn. Bhd. (2016)

Format 260 x 190 mm / ext 328 / spine 13.3mm / 80 gsm matt art Principles and Framework This book offers a broad-based understanding of the types of risk faced by banks and how these risks may be identified, assessed and managed. It aims to provide general banking practitioners with insights into key risk management concepts and practices, as well as intelligently discuss developments in bank risk management. The contents are organized and presented in an easily readable format to enable learners to understand key qualitative risk factors and how they impact risk management. Each chapter contains numerous illustrative examples and case studies of real life situations to enable students to relate theories to real world events. Key features of the book: • Chapter overview complete with clear learning objectives • Real world illustrations that relate theories to real world events • Illustrative examples that contextualize and elaborate on new and complex concepts The other title in this series: Risk Management in Banking: Risk Models, Capital and Asset Liability Management About the Author Philip Te Philip Te is the Programme Director for the Quantitative Finance and Risk Management Series at the Ateneo Centre for Continuing Education—the largest continuing education institution in the Philippines. He has lectured extensively on financial risk management, Basel II/III, derivatives, IAS 39/IFRS 9, option pricing, corporate treasury management and hedging strategies. He is the author of Bank Risk Management Primer, published by the Bankers’ Association of the Philippines. A Chartered Financial Analyst (CFA), Philip is also a certified Financial Risk Manager (FRM) and Energy Risk Professional (ERP), both awarded by the Global Association of Risk Professionals (GARP). He is also a Certified Public Accountant (CPA). Philip is currently a vice president at the Client Solutions Group of a global commercial bank. Prior to this, he was the head of the Structured Products and Financial Engineering Department of a local commercial bank and a senior associate at the Ernst & Young Financial Services Risk Management (FSRM) and Quantitative Advisory Services (QAS) group. Risk Management in Banking Principles and Framework Risk Management in Banking Risk Management in Banking Principles and Framework Philip Te Risk Management in Banking Principles and Framework Philip Te Published by Oxford Fajar Sdn. Bhd. (008974-T) under licence from Oxford University Press, 4 Jalan Pemaju U1/15, Seksyen U1 Hicom-Glenmarie Industrial Park 40150 Shah Alam Selangor Darul Ehsan © Asian Institute of Chartered Bankers 2016 First published 2016 ISBN 978 983 47 1691 2 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of Asian Institute of Chartered Bankers. Impression: 9 8 7 6 5 4 3 2 1 Text set in 10.5 point ITC Legacy Serif Std Regular by Chitra Computers, India Printed by Percetakan Printpack Sdn. Bhd., Selangor Darul Ehsan INTRODUCTION This book is part of the Asian Institute of Chartered Bankers’ (AICB) Bank Risk Management Qualification. This qualification is designed as a qualitative introduction to bank risks and bank risk management. While primarily targeted at banking practitioners, this book also offers the general audience a highly readable guide to the practices and procedures for managing risks in banking. The learning support for the BRMP Qualification is provided by AICB’s premier learning partner, the Asian Banking School. This intermediate level qualification on bank risk management comprises two modules: Module 1: Risk Management in Banking: Principles and Framework Module 2: Risk Management in Banking: Risk Models, Capital and Asset Liability Management The two modules were developed in collaboration with the Ateneo-Bankers Association of the Philippines (BAP) Institute of Banking. Asian Institute of Chartered Bankers The Asian Institute of Chartered Bankers (AICB) is the professional body for the banking and financial services industry. We are committed to raising the competency standards of the banking profession by staying industry relevant and embracing innovations in the development and delivery of our qualifications and learning. Asian Banking School The Asian Banking School (ABS) is AICB’s premier learning partner. ABS aims to raise the calibre and dynamism of talent in the industry through the delivery of world-class professional qualifications and learning programmes. Ateneo-Bankers Association of the Philippines (BAP) Institute of Banking The Ateneo-Bankers Association of the Philippines (BAP) Institute of Banking is a non-stock, non-profit organization, which comprises the country’s commercial banks as its institutional members. Unique to the BAP, its mandate acts as the unifying voice of the banking industry in an environment where business interest and background both among domestic and foreign banks, in particular, are profoundly diverse. Prelims.indd 3 11/26/2015 9:45:08 AM ACKNOWLEDGEMENTS The Asian Institute of Chartered Bankers wishes to thank members of the Bank Risk Management Professional Curriculum Working Committee, who have generously contributed their time and expertise in guiding the design and development of the curriculum for the qualification. Dr John Lee Hin Hock (Chairman) Malayan Banking Berhad Mr Nigel Denby Ambank Berhad Mr Suresh V. Raman Citibank Berhad Eddie Cheong Wai Seong Bank of China (Malaysia) Berhad Dr Vijayan Paramsothy Asian Banking School Prelims.indd 4 11/26/2015 9:45:08 AM CONTENTS Introductioniii Acknowledgementsiv CHAPTER 1 CONCEPTS OF BANK RISKS 1.1 BANKING BUSINESS ACTIVITIES, PRODUCTS AND BUSINESS LINES 1.1.1 Corporate Finance 1.1.2 Trading and Sales 1.1.3 Retail Banking 1.1.4 Commercial Banking 1.1.5 Payments and Settlements 1.1.6 Agency Services 1.1.7 Asset Management 1.1.8 Retail Brokerage 3 4 6 9 10 13 13 14 15 1.2 ROLES OF BANKS IN THE ECONOMY 1.2.1 Primary Role of Banks: Financial Intermediation 1.2.2 Functions of Financial Intermediation 1.2.3 Other Roles of Banks 15 15 17 19 1.3 TYPOLOGY OF BANK RISKS 1.3.1 Financial Risks 1.3.2 Non-financial Risks 20 22 28 CONCLUSION CHAPTER 2.1 2.2 Prelims.indd 5 2 30 RISK MANAGEMENT PRINCIPLES AND FRAMEWORK RISK MANAGEMENT IN THE BANKING CONTEXT 2.1.1 Definition of Risk Management 2.1.2 Objectives of Risk Management 33 33 34 RISK MANAGEMENT PRINCIPLES 39 11/26/2015 9:45:09 AM vi Contents 2.3 RISK MANAGEMENT FRAMEWORK 2.3.1 Definition of Risk Management Framework 2.3.2 Uses of the Risk Management Framework 2.3.3 Elements of a Sound Risk Management Framework CONCLUSION CHAPTER 3 63 RISK MANAGEMENT PROCESS 3.1 OVERVIEW OF RISK MANAGEMENT PROCESS 3.1.1 Qualities of a Sound Risk Management Process 3.1.2 Risk Management Activities 67 67 68 3.2 COMMUNICATION AND CONSULTATION 68 3.3 ESTABLISHING THE CONTEXT 3.3.1 Establishing the External Context 3.3.2 Establishing the Internal Context 3.3.3 Establishing the Risk Management Process Context 3.3.4 Risk Criteria 70 71 71 72 72 3.4 RISK ASSESSMENT 3.4.1 Risk Identification 3.4.2 Risk Analysis 3.4.3 Risk Evaluation 73 73 74 74 3.5 RISK TREATMENT 3.5.1 Avoid Risk 3.5.2 Take or Increase Risk 3.5.3 Remove the Risk Source 3.5.4 Change Likelihood 3.5.5 Change Consequences 3.5.6 Share the Risk 3.5.7 Risk Retention 75 76 77 77 78 78 79 79 3.6 RISK MONITORING AND REVIEW 80 CONCLUSION Prelims.indd 6 42 42 42 43 80 11/26/2015 9:45:09 AM Contents CHAPTER 4 INTERNATIONAL RISK REGULATION 4.1 IMPORTANCE AND OBJECTIVES OF REGULATIONS FOR BANKS 4.1.1The Banking Industry and its Critical Role in the Economy 4.1.2 Financial Safety Nets 4.1.3 Special Nature of the Banking Business 83 83 84 86 4.2 ROLE OF BANKING SUPERVISION 87 4.3 TYPES AND SOURCES OF BANKING REGULATIONS 4.3.1 Sources of Banking Regulations 4.3.2 Types of Banking Regulations 91 91 94 4.4 INTRODUCTION TO RISK-BASED CAPITAL FRAMEWORK UNDER BASEL I 99 4.4.1 History of the Basel Committee on Banking Supervision 99 4.4.2 Basel I: The 1988 Basel Capital Accord 102 4.5 THE THREE PILLARS OF BASEL II 4.5.1 Pillar 1—Minimum Capital Requirements 4.5.2 Pillar 2—Supervisory Review and Evaluation Process 4.5.3 Pillar 3—Market Discipline 106 107 111 114 4.6 INTRODUCTION TO BASEL III REQUIREMENTS 4.6.1 2008 Global Financial Crisis and Basel II Weaknesses 4.6.2 Basel III—Capital Reforms 4.6.3 Basel III—Liquidity Reforms 116 116 120 123 CONCLUSION CHAPTER Prelims.indd 7 5 vii 126 CREDIT RISK 5.1 DEFINITION OF CREDIT RISK 5.1.1 Credit Risk as Potential Losses 5.1.2 Credit Risk as an Exposure 5.1.3 Credit Risk as Failure to Meet Obligations 129 129 133 137 5.2 EXPECTED AND UNEXPECTED CREDIT LOSSES 5.2.1 Expected Loss 5.2.2 Unexpected Loss 141 141 146 11/26/2015 9:45:09 AM viii Contents 5.3 CREDIT RISK MANAGEMENT FRAMEWORK 5.3.1 Credit Risk Environment 5.3.2 Credit-Granting Process 5.3.3 Credit Administration 5.3.4 Credit Monitoring 5.3.5 Credit Measurement 5.3.6 Credit Risk Control CONCLUSION CHAPTER 6 162 IDENTIFICATION OF CREDIT RISK 6.1 SOURCES OF CREDIT RISKS 6.1.1 Credit Risk from Loans and Advances 6.1.2 Credit Risk from Investment Securities 6.1.3 Credit Risk from Off-balance Sheet Exposures 6.1.4 Credit Risk from Derivatives 165 165 167 169 171 6.2 TYPOLOGY OF STANDALONE CREDIT RISK 6.2.1 Retail Credit Risk 6.2.2 Sovereign Credit Risk 6.2.3 Corporate Credit Risk 6.2.4 Counterparty Credit Risk 172 173 183 192 201 6.3 OVERVIEW OF PORTFOLIO CREDIT RISK 6.3.1 Sources of Portfolio Credit Risks 6.3.2 Credit Concentration Risk Management 203 203 207 CONCLUSION CHAPTER Prelims.indd 8 147 147 155 159 160 160 161 7 208 OPERATIONAL RISK 7.1 DEFINITION OF OPERATIONAL RISK 7.1.1 Operational Risk—the Residual Definition 7.1.2 Operational Risk—the Causal Definition 211 211 211 7.2 OPERATIONAL RISK EVENTS 7.2.1 Internal Fraud 7.2.2 External Fraud 7.2.3 Employment Practices and Workplace Safety 216 216 218 218 11/26/2015 9:45:10 AM Contents 7.2.4 7.2.5 7.2.6 7.2.7 Clients, Products and Business Practices Damage to Physical Assets Business Disruption and Systems Failures Execution, Delivery and Process Management OPERATIONAL RISK CONSEQUENCES 223 7.4 OPERATIONAL RISK MANAGEMENT GOVERNANCE AND PROCESS 7.4.1 Operational Risk Governance 7.4.2 Operational Risk Framework 7.4.3 Operational Risk Management Process 7.4.4 Business Resiliency and Continuity 225 225 229 231 233 CHAPTER 8 233 IDENTIFICATION OF OPERATIONAL RISK 8.1 SOURCES OF OPERATIONAL RISKS 236 8.2 OPERATIONAL RISK BUSINESS LINES 238 8.3 INTERNAL OPERATIONAL RISK LOSS DATA 8.3.1 Incident Reporting 8.3.2 The 8 × 7 Matrix 8.3.3 Basic Statistical Analysis 240 242 244 245 8.4 EXTERNAL OPERATIONAL RISK LOSS DATA 246 8.5 NEW PRODUCTS AND BUSINESS ACTIVITIES AND OUTSOURCING ACTIVITIES 8.5.1 New Products and Business Activities 8.5.2 Outsourcing in Financial Services 248 249 249 CONCLUSION CHAPTER 9.1 Prelims.indd 9 219 221 222 222 7.3 CONCLUSION 9 ix 252 MARKET RISK FINANCIAL MARKET ACTIVITIES 9.1.1 Functions and Roles of Financial Markets 9.1.2 Types of Financial Markets 255 255 255 11/26/2015 9:45:10 AM x Contents 9.2 DEFINITION OF MARKET RISK 9.2.1 Trading Book versus Banking Book 9.2.2 Daily Valuation and Mark to Market 264 265 266 9.3 TYPES OF MARKET RISKS 9.3.1 Foreign Exchange Risk 9.3.2 Interest Rate Risk 9.3.3 Equity Price Risk 9.3.4 Commodity Price Risk 268 269 271 273 274 9.4 MARKET RISK MANAGEMENT PROCESS 9.4.1 Market Risk Identification 9.4.2 Market Risk Assessment 9.4.3 Market Risk Control 9.4.4 Market Risk Monitoring and Reporting 280 281 281 284 285 CONCLUSION CHAPTER Prelims.indd 10 10 286 LIQUIDITY RISK 10.1 INTRODUCTION TO LIQUIDITY RISK 10.1.1 Definition of Liquidity Risk 10.1.2 Asset-based Liquidity Risk 10.1.3 Liability-based Liquidity Risk 289 290 291 291 10.2 SOURCES OF LIQUIDITY 10.2.1 Asset-based Sources of Liquidity 10.2.2 Liability-based Sources of Liquidity 292 292 299 10.3 LIQUIDITY RISK STRATEGY 10.3.1 Stored Liquidity Management 10.3.2 Purchased Liquidity Management 301 301 303 10.4 ELEMENTS OF SOUND LIQUIDITY RISK MANAGEMENT PRACTICES 10.4.1 Liquidity Risk Management Framework 10.4.2 Governance Structure 10.4.3 Measurement and Management of Liquidity Risk 10.4.4 Public Disclosure 304 304 305 309 311 CONCLUSION 312 BIBLIOGRAPHY 313 11/26/2015 9:45:10 AM C 1 P HA TE R CONCEPTS OF BANK RISKS Banking organizations face different types of risks. Generally, banking organizations are in the business of taking and managing risks. One key lesson learned from the 2008 global financial crisis is the importance of having sound risk management practices. Banks that had survived or had been relatively unscathed were found to have strong risk management practices. On the other hand, banks that had either collapsed or were on the brink of collapse were found to have weak risk management practices. This book introduces entry-level risk management students (‘students’) to foundational concepts in bank risk management. In order to understand risk management, students must have a good knowledge of the different risks that banking organizations face. It is also imperative that they understand the different banking business activities, products and the roles that banks play in the economy. This chapter begins with a review of the different banking business activities, products and business lines. It then discusses the different roles that banks play in the economy. The chapter ends with an overview of the different types of bank risks. Chapter-01.indd 1 11/26/2015 9:44:49 AM 2 Risk Management in Banking: Principles and Framework Concepts of Bank Risks Business Activities and Business Lines Roles of Banks in the Economy Typology of Bank Risks Corporate Finance Financial Intermediation Financial Risks Trading and Sales Functions of Financial Intermediation Non-Financial Risks Retail Banking Other Roles of Banks Commercial Banking Payments and Settlements Agency Services Asset Management Retail Brokerage Figure 1.1 Diagrammatic outline of this chapter’s topics LEARNING OUTCOME At the end of this chapter, you are expected to be able to: DEMONSTRATE knowledge of the different business activities, products and business lines; the important roles that banks play and the different types of risks that banks face LEARNING OBJECTIVES At the end of this chapter, you will be able to: REVIEW the different business activities and business lines of banks DISCUSS the important roles that banks play in the economy DEFINE the different types of risks that banks face Chapter-01.indd 2 11/26/2015 9:44:49 AM 3 Chapter 1 Concepts of Bank Risks 1.1 BANKING BUSINESS ACTIVITIES, PRODUCTS AND BUSINESS LINES LEARNING OBJECTIVE 1.1 REVIEW the different business activities and business lines of banks The business of banking has evolved over the years in response to the changing complexity of the global business environment. While banks are traditionally viewed as financial institutions that generate and accept deposits from the public and extend those deposits as commercial loans to individuals and households, the range of business activities and business lines that banks are engaged in are actually more diverse and more complex. This section reviews the different business activities, products and business lines of banks. For a more comprehensive discussion of the different banking business activities and business lines, the student is encouraged to review the materials in the Executive Banker programme. Banking activities can be broadly classified into two broad categories: Commercial banking Investment banking Table 1.1 Broad categories of banking activities Broad Categories Commercial banking Involves the traditional role of accepting deposits and extending consumer, commercial and real estate loans. Investment banking Involves providing specialized and non-traditional services for institutional investors, corporations and governments. It generally involves: Helping clients raise funds via the debt or equity securities market Providing corporate finance advisory services in areas such as mergers and acquisitions or restructuring Assisting in the trading of securities in the secondary markets with the bank providing brokerage or market-making services Providing risk management solutions to clients via derivative transactions To better understand the different business activities that banks engage in, the International Convergence of Capital Measurement and Capital Standards (Basel II) issued by the Basel Committee on Banking Supervision provides a helpful framework in classifying and understanding the different underlying banking business lines. The Basel Committee divides banking business activities into eight business lines: 1. Corporate finance 2. Trading and sales Chapter-01.indd 3 11/26/2015 9:44:49 AM 4 Risk Management in Banking: Principles and Framework 3. Retail banking 4. Commercial banking 5. Payments and settlements 6. Agency services 7. Asset management 8. Retail brokerage Each of these business lines is further subdivided into activity groups. 1.1.1 Corporate Finance Corporate finance business line involves two broad categories of services: Financial advisory Underwriting The corporate finance business line involves banking services that help clients (usually corporations, governments and institutional investors) raise funds via the capital markets. Financial advisory Financial advisory involves providing comprehensive advice on strategic initiatives such as purchases and disposal of assets or companies, identifying potential acquisition targets, evaluating strategic options and alternative risk management strategies. Examples of banking business activities that fall under financial advisory are: Mergers and acquisitions (M&A)—is a financial advisory service provided by a banking organization to corporations to consolidate or integrate companies. This consolidation may be executed either via a merger or acquisition. Merger refers to the combination of two or more companies to form a new company. Acquisition refers to the purchase of one company by another. In an acquisition, there is no new company formed. Real World Illustration Morgan Stanley Lands WhatsApp Sale Facebook Inc.’s $19 billion acquisition of WhatsApp Inc. caps a roller coaster seven days for Morgan Stanley. Morgan Stanley landed the sole advisory role for closely-held WhatsApp, which could earn the bank $35 million to $45 million in fees. Source: Bloomberg News, 20 February 2012 Privatization—is a financial advisory service provided by banking organizations to governments to transfer ownership of publicly-owned assets or entities to private investors or corporations. Chapter-01.indd 4 11/26/2015 9:44:49 AM 5 Chapter 1 Concepts of Bank Risks Real World Illustration Goldman Sachs and UBS to Lead Privatization of Royal Mail The United Kingdom government appointed UBS and Goldman Sachs as lead advisors for the sale of Royal Mail. Royal Mail is a state-owned postal service. The planned sale of Royal Mail will be the largest privatization in Britain since former Prime Minister John Major broke up the country’s railway more than a decade ago. The 360-year-old postal service company is one of the biggest employers of the UK with about 159,000 employees. Source: Bloomberg News, 29 May 2013 Initial public offering (IPO) advisory—involves the initial sale of a private company’s equity shares to the public. The process of going public through an IPO is complex. There are many economic, legal and regulatory considerations as well as taxation, reporting and timing considerations that private companies must address to ensure a successful IPO. Banking organizations help such private companies navigate through the complex IPO process. Real World Illustration JPMorgan, Citi and Barclays Appointed to Lead GoPro IPO GoPro, the maker of wearable sports cameras and accessories used by Discovery Channel and ESPN, appointed JPMorgan, Citi and Barclays to lead its initial public offering. GoPro plans to use the proceeds from the offering for debt repayment and investment purposes. Source: Reuters, 11 June 2014 Research—banking organizations provide value-adding research to their clients. These researches provide insights into macroeconomic developments (global, regional and local) that will impact the clients’ strategic decisions. Real World Illustration UBS Equities Research: Global Breadth, Predictive Insight UBS offers thought-leading, award-winning research bringing a truly collaborative global perspective to understanding regions, sectors and stocks: • Micro—Independent assessments of more than 3,300 companies—some 85% of the world market capitalization. • Macro—Broad and deep economics, strategy and quantitative research coverage. Source: UBS website Debt and equity advisory—involves advising companies on raising financing via debt or equity issuance. Banking organizations typically link the financing requirements of companies to the debt and equity capital markets. Chapter-01.indd 5 11/26/2015 9:44:50 AM 6 Risk Management in Banking: Principles and Framework Real World Illustration Barclays Global Finance and Risk Solutions Equity Capital Markets Barclays provide a full range of capabilities from IPOs to private equity transactions. Barclays work with bankers to operate, structure and market equity and equity-linked securities. Debt Capital Markets Barclays offer tailored solutions to the client’s specific issues, and excel at guiding issuers and investors through difficult markets. Leveraged Finance Barclays is a lead arranger and underwriter of debt capital in international and high yield markets providing clients with all aspects of debt financing. Loans Barclays provide coverage of a wide variety of specialist industry sectors, spanning corporates, project finance, structured trade, export finance and financial institutions. Source: Barclays website Underwriting Underwriting involves assisting borrowers in the issuance of new securities. It usually involves helping borrowers lower the risk of an unsuccessful issue by committing to sell a pre-agreed volume of securities for a fee. Examples of such underwriting activities are: Initial public offering (IPO) underwriting—A company going through its initial public offering sometimes takes huge risks, particularly if the IPO undertaking is not as successful as projected. Banking organizations typically provide value by making a firm commitment to purchase the company’s shares in case of an unsuccessful issue. To compensate banking organizations for taking this risk, companies pay underwriting fees. Syndications—A single bank may not have the capacity or appetite to undertake a large transaction, e.g. lending. Syndications are sometimes formed to share risks among banks. Securitization—This is the process in which certain types of assets are pooled or collected to create or repackage as a new security. The newly-repackaged security is then sold to investors. Secondary market private placements—Private placements are the sale of securities to a small group of investors. Secondary market is the market where previously issued securities are traded. Banking organizations provide value by acting as a ready market for trading privately-placed securities. 1.1.2 Trading and Sales Trading and sales business line helps clients buy and sell financial instruments such as equity securities, debt securities, foreign exchange, commodities and derivatives. It involves the use of a wide platform of products and services in the area of capital markets, fixed income, foreign exchange, commodities and derivatives. Chapter-01.indd 6 11/26/2015 9:44:50 AM 7 Chapter 1 Concepts of Bank Risks Market-Making Proprietary Trading Trading and Sales Sales Treasury Figure 1.2 Areas of trading and sales business line The following are the main areas of the trading and sales business line: Market-making Market-making involves creating a secondary market in an asset or security. There are two types of market-making roles for banks: Agency transactions—Agency market-making transactions require banks to act on behalf of their customers. A bank engaging in an agency market-making transaction typically match the client’s buying and selling requirements. Banks in agency transactions earn a fixed fee or commission. Bid-ask spread typically represents the earning of market-makers in agency transactions. The bid-ask spread is the difference between the price at which the dealer is willing to sell the security and the price at which it is willing to buy the security. Principal transactions—Principal market-making transactions allow banks to profit on the price movements of securities and may involve taking positions. In contrast to agency transactions, principal market-makers may accumulate or short sell inventory of securities and express a view on the market. Illustrative Example Agency Transactions versus Principal Transactions Bank XYZ acts as a market-maker for an equity security issued by NGP Corporation. Assume that a seller approached Bank XYZ and is willing to sell the security at $130. Another client, a buyer, approached Bank XYZ and is willing to buy the security at $140. Alternative 1: Agency Transactions If Bank XYZ plays the role of an agency transaction market-maker, Bank XYZ simply acts as a broker matching the buying and selling requirements of the buyer and the seller in the market. Since the seller is willing to sell the security at $130, Bank XYZ pays the seller $130 in exchange for the security. Bank XYZ immediately sells the security to the buyer at $140. In this transaction, Bank XYZ locks in a profit of $10—the difference between the buying and selling rate or more formally, the bid-ask spread. Alternative 2: Principal Transactions If Bank XYZ instead plays the role of a principal transaction market-maker, it does not necessarily have to match the buying and selling requirement of the seller in the market. Following the example above, Bank XYZ may buy the NGP Corporation security from the seller at $130. The bank does not necessarily need to sell the security immediately. Bank XYZ may express a view that the value of NGP Corporation will rise beyond what the buyer in the market is willing to pay for the security. Chapter-01.indd 7 11/26/2015 9:44:50 AM 8 Risk Management in Banking: Principles and Framework If the value of the security rises to $200, Bank XYZ will be able to earn a profit of $70 (market value of $200 minus the acquisition cost of $130). This is significantly higher than the bank’s locked-in profit had it locked in at the bid-offer rate in an agency transaction. This, however, also entails a higher risk. If the value of the security falls to $100, Bank XYZ will lose $30 (market value of $100 minus the acquisition cost of $130). Proprietary trading Proprietary trading involves the bank’s role of taking an active risk position in an underlying instrument or asset. This involves the use of the bank’s capital or borrowed money to take positions in any financial instruments or commodities for the sole purpose of making a profit for its own account. There is a thin line between proprietary trading and principal market-making transactions. The main difference is that proprietary trading is not related to any actual or anticipated client activity. Proprietary trading is the subject of many criticisms during the aftermath of the 2008 Global Financial Crisis due to the bulk of the losses of large banks being attributed to proprietary trading positions. Global regulatory reforms have focused on addressing the issue of whether banks should be allowed to risk their own capital in speculative trading. Proposals were made either for outright prohibition of proprietary trading or for limiting the ability of banks to engage in proprietary trading. Real World Illustration EU Unveils Plan to Ban Proprietary Trading On 29 January 2014, the European Commission unveiled the final piece in Europe’s comprehensive banking system reform measures. The European Commission plans to impose an outright ban on proprietary trading by about 30 of Europe’s largest banks. Proprietary trading declined dramatically at Europe’s biggest banks since the financial crisis, from around 15% of banks’ trading revenues before the crisis to between 0% and 4% now. This measure aims to ensure that lenders do not revert to old trading habits once markets recover. National supervisors would be allowed to force banks to wall off certain investment banking activities, including market-making and derivatives trading, from deposit-taking. But retail banks would still be allowed to carry out various risky trading activities, within limits set by supervisors. Source: Wall Street Journal, 29 January 2014 Sales Financial market sales offer solutions to clients for their risk management and investment requirements. Sales activities include marketing and distribution of the bank’s products and services. Structuring units also support sales in creating or designing customized solutions to clients. Chapter-01.indd 8 11/26/2015 9:44:50 AM 9 Chapter 1 Concepts of Bank Risks Treasury Treasury activities involve managing the bank’s liquidity risk, long-term funding programmes, and the level and composition of equity capital. 1.1.3 Retail Banking Retail banking business line refers to products and services offered by banks to consumers and small businesses through their branch networks and online infrastructure. Consumer and SME Banking Retail Banking Private Banking Card Services Figure 1.3 Retail banking—products and services The following are the key sub-business lines under retail banking: (a) Consumer and SME banking Retail banking can be further subdivided into consumer banking and small and medium enterprise (SME) banking. Consumer banking offers diverse services which cater to savings (e.g. current and savings accounts), investment and borrowing (e.g. housing loans, personal loans, special purpose loans, etc.) and other banking needs (e.g. trust services) of individuals and households. Small and medium enterprise (SME) banking, on the other hand, offers diverse services targeted to meet the unique needs of small businesses, such as merchant and payment services, cash management, insurance brokerage and payroll management. (b) Private banking Private banking activities generally involve providing customized solutions to high net-worth clients. Private banking clients typically reach the minimum threshold of the amount of assets under management by the bank (e.g. $1 million and above). Examples of services offered to private banking clients are: Cash management Fund transfers Asset management Facilitation of shell companies and offshore entities Lending services Financial planning services Trust services Custody services Chapter-01.indd 9 11/26/2015 9:44:50 AM 10 Risk Management in Banking: Principles and Framework (c) Card services Card services of retail banks are one of the most popular forms of accessing consumer credit loans. Credit card services offer the holder access to credit as the holder can charge a purchase on account represented by the card. Real World Illustration Navigating the New Era of Asian Retail Banking McKinsey published Retail Banking in Asia: Actionable Insights for New Opportunities to tackle the challenges of retail banking in Asia. Based on McKinsey’s estimates, by 2015 more personal financial assets will reside in Asia than in Europe. Retail banking revenue in Asia, growing at 9% per year since 2010, is expected to reach more than $900 billion by 2020. The key findings of the paper are: • Despite dramatic growth, banks in emerging Asia is expected to see an ROE decline by four to five percentage points in the coming years. Rapidly shifting consumer behaviour will force banks to revisit their business models. New regulatory requirements and high-risk customer segments will add to the cost of doing business, putting downward pressure on returns. Non-traditional competitors will enter the market, vying with established ones for their revenue pools. Unlike the early days of digital banking, when consumers valued low prices above everything else, today’s consumers want greater control over their finances, fair and transparent pricing, and a single, consistent, engaging experience. Banks must make digital banking an integral part of their new operational models. Banks are seeing returns on investment in their multiple channels, but physical branches are not necessarily a thing of the past. They will continue to play a role in emerging markets, but in a new way. Customer centricity is a much-discussed term in Asia but many banks have not been able to turn this vague concept into specific business models. To win in Asia, retail banks must understand their customers, their competitors, their own business models and their regulatory environments. • • • • • • Source: McKinsey Insights and Publications, July 2013 1.1.4 Commercial Banking Commercial banking activities primarily involve granting of loans to households and businesses from deposits or funds taken from depositors. The following are some of the common activity groups associated with commercial banking: (a) Lending Granting credit to households and businesses is one of the primary functions of commercial banking. Commercial banking lending allows businesses to access funding to support their general business needs or growth objectives. There are two types of general lending that a commercial bank offers: Working capital financing facilities—Working capital financing are short-term financing facilities offered by commercial banks. Examples of such facilities are overdraft facilities, short-term advances and lines of contingencies. Chapter-01.indd 10 11/26/2015 9:44:50 AM 11 Chapter 1 Concepts of Bank Risks Lending Project Finance Real Estate Export Finance Commercial Banking Trade Finance Factoring Leasing Guarantees Bills of Exchange Figure 1.4 Business activities under commercial banking Medium- to long-term facilities—Medium- to long-term loans for acquisition, investment or expansion purposes are granted to selected clients based on cash flow projections, evaluation of business plans and acceptable security packages. (b) Project finance Project finance is a specialized type of lending where the repayment is based on a project’s internally generated cash flow. Project finance is frequently applied to large capital-intensive infrastructure projects. Typical clients of project financing are companies in the power, transportation, oil and gas, leisure and property, telecommunications and mining industries. Financing is secured by the project assets and repaid from the project cash flow with only limited recourse. Real World Illustration Asian Banks Top Project Finance Deals in 2013 In a report published in January 2014, Thomson Reuters said that Japanese and other Asian banks accounted for the bulk of the $204 billion project finance deals in 2013. This catapulted the Asian banks as the top six arrangers, outperforming several big European banks which handled $90 billion worth of deals alongside the Middle East and Africa. The six Asian banks included Mitsubishi UFJ of Japan with a 5.7% market share at $11.5 billion deals followed by the State Bank of India (4.9% market share) and China Development Bank (4.1% market share). Thomson Reuters attributed the lower turn out by the European banks to changes in priorities in terms of business dealings because of the latter’s shrinking balance sheets. However, in the same report, Thomson Reuters noted that Europe, the Middle East and Africa remained to be the most active regions. It also indicated that power projects constituted more than one-third of the total value of project finance deals at $70.1 billion while oil and gas and transportation deals accounted for a fifth in terms of volume. On the other hand, the Americas deal increased by 21% to $51 billion while volume in Asia fell 29% to $63 billion. Source: Thomson Reuters, 17 January 2014 Chapter-01.indd 11 11/26/2015 9:44:50 AM 12 Risk Management in Banking: Principles and Framework (c) Real estate Commercial real estate (CRE) financing is a specialized type of lending for companies involved in industrial and commercial real estate development and construction. Examples of commercial real estate financing are term and bridge financing for launching a real estate project and construction loans to support ground-up construction, renovations or improvements. (d) Export finance Short-term export finance business activities involve providing financing options to address working capital gaps in a trading cycle. Export credit agency-supported finance is a specialized form of medium- to long-term financing provided to corporations and governments to finance the import of capital goods and services. An export credit agency (ECA) typically provides a guarantee or insurance policy to a commercial bank for a loan provided to the importer of capital goods. ECAs are governmentbacked agencies created to support their country’s exports. (e) Trade finance Trade finance business activities typically refer to the financing of working capital needs for trade transactions. (f) Factoring Factoring is a form of working capital financing that allows clients to generate cash flow. It involves the assignment of receivables in favour of the bank. Clients sell the receivables to the commercial bank in exchange for advance financing. (g) Leasing Lease financing is a specialized form of alternative financing that allows companies to acquire equipment. In a lease financing agreement, the bank (acting as the lessor) owns the property that allows the company (the lessee) to use the property in exchange for a consideration. Leasing services of a commercial bank can be broadly divided as follows: Finance lease Operational lease Sale and leaseback Hire purchase Vendor leasing Block discounting The common capital asset goods in lease agreements are aircrafts, capital assets in IT and telecommunications, plants and equipment. (h) Guarantees Commercial banks issue bank guarantees ensuring that a client’s obligations will be met. A bank guarantee represents an irrevocable obligation on the part of the commercial bank issuing the guarantee should the client fail to fulfil its obligations. Bank guarantees are issued to demonstrate a client’s performance capability and financial integrity to their customers and suppliers. Examples of guarantees issued by commercial banks: Bid bonds or tender guarantees—are guarantees provided to suppliers to demonstrate the client’s commitment to execute a contract that has been awarded. It ensures that the client submits a serious offer in a bidding transaction. Chapter-01.indd 12 11/26/2015 9:44:50 AM 13 Chapter 1 Concepts of Bank Risks Commercial guarantees—are guarantees provided to ensure that the client will fulfil its obligations to pay for goods or services. Financial guarantees—are guarantees provided to ensure that the client will repay the borrowed money. This assures lenders of repayment. Performance bonds or guarantees—In a bidding transaction, the successful bidder is required to post performance a guarantee based on a percentage of the contract amount. Banks issue performance bonds or guarantees for their bidding clients. (i) Bills of exchange A bill of exchange is a negotiable instrument containing an instruction to a third party to pay a stated amount of money on a specified future date or on demand. Commercial banks may purchase a bill of exchange in advance of its due date (discounting). 1.1.5 Payments and Settlements Banks provide payments and settlements business line that facilitates payments of goods and services on behalf of the clients. Bank branches, internet and mobile banking facilities, and automated teller machines are some of the most popular channels of payments. A payment system is an infrastructure that allows individuals and businesses to transfer funds from one financial institution to another. Payment systems are categorized either as retail payment system or large-value payment system. A retail payment system is a fund transfer system that handles a large volume of relatively low-value payments. Examples are credit card payment transactions, direct debits, cheques and credit transfers. A large-value payment system is a fund transfer system that handles large-value and high priority payments. A settlement system is an infrastructure that allows securities or financial instruments to be settled and transferred by book-entries according to a set of predetermined multilateral rules. 1.1.6 Agency Services Banks may act on behalf of their clients in managing and protecting their assets and properties via the agency services business activities of banks. Custody Agency Corporate Agency Corporate Trust Figure 1.5 Types of agency services offered by commercial banks Examples of business activities under the agency services are: (a) Custody Banks provide custodial services for the settlement, safekeeping and reporting of clients’ marketable securities and cash. Chapter-01.indd 13 11/26/2015 9:44:50 AM 14 Risk Management in Banking: Principles and Framework (b) Corporate agency Corporate agency services provide transactional services for corporations and governments. Banks performing corporate agency services act on behalf of the clients. Examples of such services are: Cheque clearing Payment processing (interest and dividends) Bills collection (as collection agency) Tax management (c) Corporate trust Corporate trust services involve banks acting in a fiduciary capacity for financial transactions. Examples of these services are: Escrow services—where the bank acts as a neutral third party for financial transactions Documentary custodian services—where the bank safe keeps collateral loan files 1.1.7 Asset Management Asset management activities involve managing or providing advice on a client’s individual assets or investment portfolios for a fee. Banks are usually compensated based on a percentage of the total assets under management. There are two primary types of accounts of asset management services: (a) Separately managed accounts Separately managed accounts are created for the purpose of investing a client’s funds on a standalone basis. (b) Pooled investment accounts Banks may serve as the investment manager for commingled or pooled investment accounts. Some of the most common pooled investment accounts are: Collective investment funds (CIF)—These are bank-administered trust funds designed to facilitate investment management by combining individual accounts into a single investment fund with a specific investment strategy. Mutual funds—These are open-ended investment companies registered with the Securities and Exchange Commission. Mutual funds pool money from their shareholders and invest in a portfolio of securities, and continuously offer to sell the shares to the public or redeem them. These funds can either be discretionary or non-discretionary. Discretionary accounts—In a discretionary account, the bank has the sole authority to purchase and sell assets, and execute transactions for the principal’s benefit. The bank’s investment authority, however, is usually defined in the investment policy guidelines. Non-discretionary accounts—In non-discretionary accounts, the bank may provide investment advisory services for a fee to the principal but must obtain the principal’s consent prior to buying or selling of assets. Chapter-01.indd 14 11/26/2015 9:44:50 AM 15 Chapter 1 Concepts of Bank Risks 1.1.8 Retail Brokerage Retail brokerage services are brokering services that primarily serve the trading and investment requirements of retail investors. There are two main types of services offered for retail brokerage clients: (a) Full service retail brokerage—provides comprehensive services to retail clients including personal finance advisory, research and market intelligence, and estate and tax planning. (b) Execution only brokerage—processes and executes client orders for independent retail investors. This service does not provide any financial or investment advice. 1.2 ROLES OF BANKS IN THE ECONOMY LEARNING OBJECTIVE 1.2 DISCUSS the important roles that banks play in the economy This section reviews the various roles that banks play in the economy. Understanding these key roles will provide a context on the rationale for the regulatory reforms that have been approved or debated, particularly those that focused on risk management. This section also aims to strengthen the case for a more focused approach for risk management in the banking context. 1.2.1 Primary Role of Banks: Financial Intermediation Financial intermediation is the primary role that banks play in the economy. Financial intermediation is defined as a productive activity in which an institution incurs liabilities on its own account for the purpose of acquiring financial assets by engaging in financial transactions in the market. By playing the role of financial intermediaries, banks channel funds from lenders of funds to borrowers of funds. Lenders or providers of funds are usually households and corporations with excess savings. Borrowers or users of funds are usually corporations with financing requirements to fund their expansions or households with investment or liquidity requirements. Figure 1.6 shows the role of banks as financial intermediaries. Banks channel excess deposit funds from depositors and lend these funds to borrowers. In a way, banks serve as ‘middlemen’ that match the investment/deposit requirements of depositors and the borrowing requirements of borrowers. To better understand the importance of financial intermediation, it will be helpful to visualize an environment where financial intermediaries do not exist. Chapter-01.indd 15 11/26/2015 9:44:50 AM 16 Risk Management in Banking: Principles and Framework SOURCE OF FUNDS USE OF FUNDS Deposit Funds Lend Funds BORROWERS DEPOSITORS Figure 1.6 Banks as financial intermediaries Figure 1.7 depicts a world with no financial intermediaries. In such a scenario, depositors with excess funds will directly place their funds with corporations or borrowers with financing requirements. Conversely, corporations with borrowing requirements will directly issue securities to depositors with investment/ savings requirements. This arrangement, while possible in theory because of technological advancements, will introduce some serious challenges for both the depositors and borrowers. Cash Investment BORROWERS DEPOSITORS Securities Figure 1.7 World with no financial intermediaries (a) From the depositors’ perspective Individual depositors will find it difficult and extremely costly to continuously monitor in a timely manner the financial health of the borrower, which ultimately will determine the likelihood of repayment. These monitoring costs will significantly decrease the attractiveness of investing in securities directly issued by the borrower. An individual depositor may suddenly need cash prior to the date when the security issued by the borrower becomes due and demandable. The individual depositor may find it difficult to seek another buyer who will be willing to purchase the security. Individual investors may incur liquidity costs and may be forced to sell the security at less than the initial investment due to lack of liquidity. (b) From the borrowers’ perspective Borrowers may find it difficult and extremely costly (in terms of money and time) to access individuals and households with excess investible fund. Marketing and distribution of their securities may not be part of their own core competencies. They will, therefore, incur high administrative and distribution costs just to seek and service depositors with excess funds. Borrowers will typically prefer to issue securities with a longer time horizon as the investments typically take time before returns and positive cash flows are generated. Depositors, on the other hand, may suddenly require liquidity prior to the borrowers’ desired borrowing horizon. This may limit the amount of securities that borrowers can tap directly. Given that borrowing is not part of the borrower’s normal course of business operations, they will incur additional processing and administrative costs to service the transactional costs associated with borrowing, e.g. processing payments of interest and principal, handling information requests by depositors, etc. Banks address the serious challenges enumerated above by performing the important functions of financial intermediation. Chapter-01.indd 16 11/26/2015 9:44:51 AM 17 Chapter 1 Concepts of Bank Risks 1.2.2 Functions of Financial Intermediation Ceccheti and Schoenholtz (2011) enumerated five main functions of financial intermediaries: (a) Pooling resources of small savers In a world with no financial intermediaries, borrowers are forced to deal directly with individual depositors. To reach the targeted amount of financing, borrowers may be forced to deal with many individual depositors. Dealing with many individual depositors increases the borrower’s administrative and processing costs. The borrower would naturally prefer to deal with fewer depositors with larger sums of excess funds. The borrower may impose a minimum investible threshold, e.g. the borrower will only deal with an individual depositor with at least US$1 million excess fund. By imposing a minimum investible threshold, the borrower has effectively limited the market in which it could raise funds. In fact, there may only be a few depositors who are willing to invest excess funds of US$1 million in a single company’s borrowing. One of the important roles of banks is the ability to pool small resources together from many individual depositors. The bank, as a financial intermediary, will then be able to collect these funds and lend the pooled resources to a borrower. The borrower will then be able to raise the required amount of financing and deal with only one entity, namely, the bank. (b) Providing safekeeping, accounting and payment mechanisms for resources Borrowers may incur high costs in safekeeping, accounting and processing payments. On the other hand, banks are able to spread the costs associated with servicing the safekeeping, accounting and processing requirements of these transactions by performing multiple financial intermediation transactions. This reduces the cost per transaction as banks take advantage of economies of scale. (c) Providing liquidity Liquidity refers to the ease of converting an asset into cash. One of the problems in a transaction with no financial intermediaries is that an individual depositor will find it difficult to seek buyers before the maturity of the security should it need liquidity. Banks provide liquidity by allowing depositors to redeem their deposits prior to maturity. By pooling funds from many depositors, a decision by some depositors to withdraw their funds early would not be an issue under normal circumstances. (d) Diversifying risk In a world with no financial intermediary, if a borrower defaults on its obligation, the depositor will shoulder all the losses. By pooling many individual deposits and by lending to as many borrowers as prudence dictates, banks provide diversification to the individual depositors. A default by one borrower will not necessarily result in a single depositor losing all its investment. (e) Collecting and processing information Individual depositors will find it extremely costly to monitor borrowers on a regular basis. It will be more cost efficient if the task of monitoring the borrowers’ financial health is delegated to financial intermediaries such as a bank. The bank monitors borrowers on behalf of the depositors/investors. This reduces the costs of monitoring the borrowers. As banks gain economies of scale in collecting and processing information, banks can invest in more sophisticated tools to collect, process and understand information relating to borrowers and gain more expertise in understanding the specific borrower risks as well as risks associated with the portfolio as a whole. In playing the role of financial intermediaries, banks perform three other important economic functions—asset transformation, maturity transformation and liquidity transformation. Chapter-01.indd 17 11/26/2015 9:44:51 AM 18 Risk Management in Banking: Principles and Framework Asset transformation—By performing their financial intermediation role, banks channel deposits from savers to borrowers as loans. Deposits Loans Figure 1.8 Asset transformation Without banks acting as financial intermediaries, the loans issued by borrowers directly to depositors will be less attractive and more costly because of high monitoring costs, low liquidity and higher risk. With the bank generating proceeds from depositors and directly issuing a financial liability (deposit liability) to the depositors, the asset becomes more attractive due to lower costs (lower monitoring costs, higher liquidity) associated with dealing with the bank directly. As the bank pools more deposits, all depositors share in the risk of a borrower defaulting. This also lowers the risks of individual depositors. With the bank investing directly in the borrower, a security that is initially viewed to be of higher risks and higher costs from an individual depositor’s standpoint is transformed into an instrument of relatively lower risks and costs from the bank’s perspective due to economies of scale. Maturity transformation—Banks transform maturities of assets and liabilities by taking short-term liabilities (deposits) and transform them into long-term assets, such as corporate loans. Banks benefit from earning a spread between the earnings on longterm assets and costs on short-term liabilities. This addresses the differences in the time horizon preferences of the depositor and the borrower. Depositors generally want to invest excess funds in shorter-term securities to give them the flexibility should there be a need for cash in the future. The ability to convert these securities into cash is, therefore, an important consideration for the depositors. Borrowers, on the other hand, prefer to borrow on a longer-term basis. This is to allow sufficient flexibility and time for the investment to generate positive cash flows and returns. Maturity Mismatch DEPOSITORS BORROWERS Short Term Long Term Figure 1.9 Maturity transformation Chapter-01.indd 18 11/26/2015 9:44:54 AM 19 Chapter 1 Concepts of Bank Risks Banks perform the important function of transforming the maturity of financial instruments by taking short-term sources of funds (deposits) and lending these funds on a long-term basis (lending). This function of maturity transformation adds value by giving both the depositors and borrowers the flexibility to meet their time horizon preferences. The performance of this maturity transformation function, however, comes with a cost. The difference in the tenor between the asset (long term) and liability (short term) exposes the bank to maturity mismatch risk. This is an important concern for the bank particularly when there is an extraordinary volume of short-term depositors who demand repayment of their deposited funds. This will force the bank to draw on its existing cash or liquidate its investments in longer-term assets, such as receivables from borrowers at less favourable prices. Liquidity transformation—Banks perform the important function of creating liquidity in the economy by accepting short-term liquid deposits (as liabilities) and channelling them to long-term illiquid assets. This allows the conversion of funds from savings to investment. Banks enhance liquidity of financial instruments in the economy by fulfilling the liquidity preference of two types of participants—the borrower and the depositor. The borrower prefers to be liquid for a longer period of time as it needs time and flexibility for investments to generate positive cash flows, which will enable the borrower to repay the obligation. This is why borrowers generally prefer to borrow over a longer period of time. Depositors, on the other hand, prefer to be liquid over a shorter period of time. Banks perform the important function of liquidity transformation by giving liquidity to both depositors and borrowers. By accepting liquidity risks, banks are able to fulfil the opposite liquidity preference of the borrowers and depositors. LIQUID ASSETS FOR DEPOSITORS Liquidity Mismatch LONG-TERM BORROWERS DEPOSITORS May demand repayment of deposits at any time Banks cannot demand repayment before maturity. Generally, banks may find it difficult to sell these loans at a high price. Figure 1.10 Liquidity transformation 1.2.3 Other Roles of Banks Other than financial intermediation, banks also perform other important roles. (a) Payments role Banks provide payment services that directly impact the economy. Two of these payment services are cheque clearing and wire transfer services. Chapter-01.indd 19 11/26/2015 9:44:55 AM 20 Risk Management in Banking: Principles and Framework (b) Risk management and investment advisor role Banks perform risk management advisory services for individuals and businesses by offering products that will allow them (customers) to hedge against possible adverse scenarios. Banks also provide financial advice to individuals and corporate clients on how to better manage their respective finances. 1.3 TYPOLOGY OF BANK RISKS LEARNING OBJECTIVE 1.3 DEFINE the different types of risks that banks face After discussing the important roles that banks play in the economy, we can now appreciate why regulators and policymakers are focusing post-2008 global financial crisis reforms on improving the risk management practices of banks. Banks encounter risks in all their business activities. We have discussed generic banking business activities in an earlier section. Before these risks are discussed in more detail, it is important to first distinguish between risk and uncertainty. The famous economist, Frank Knight, in his seminal dissertation Risk, Uncertainty and Profit, made a helpful distinction between risk and uncertainty: Risks are unknown outcomes whose odds of happening can be measured. Uncertainty, on the other hand, occurs when possible outcomes and probabilities are not known in advance. It is important to distinguish between the two as we begin our study on risk management. Despite all the technological developments and progression of our ability to assess and quantify risks in a more sophisticated manner, it is important to recognize that risk management is not about eliminating uncertainties. Rather, it is about making decisions under uncertainties. As the famous (and much derided) saying of the U.S. Secretary of Defence Donald Rumsfeld goes—“There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don’t know. But there are also unknown unknowns. There are things we don’t know we don’t know.” The entire banking industry—the risk management profession included—was humbled when an unprecedented global banking crisis unfolded despite all the sophisticated risk management models that were being used in the years before the banking crisis. Uncertainties exist and are pervasive in all aspects of banking. A new risk manager should accept this fact early on and approach the study of risk management as an enterprise for making decisions under uncertainties. Chapter-01.indd 20 11/26/2015 9:44:55 AM 21 Chapter 1 Concepts of Bank Risks In this section, the different types of risks that banks face are enumerated. This section serves as the introductory background material for the succeeding chapters. Figure 1.11 depicts the generic definitions of the different types of risks, which the student should be familiar with. Market Risks Credit Risks Financial Risks Operational Risks Asset and Liability Management (ALM) Risks Banking Risks Legal and Compliance Risks Strategic Risks Non-Financial Risks Reputational Risks Model Risks Figure 1.11 Types of bank risks Bank risks can be broadly classified into financial risks and non-financial risks. Financial risks are risks that are associated with transactions that are financial in nature. Below are the major risks that are classified under financial risks: Market risk Credit risk Asset and liability management risk mm Balance sheet interest rate risk mm Liquidity risk Operational risk (Note: For purposes of classification, this book classifies operational risk as a financial risk. However, students should be aware that operational risk has both financial and non-financial dimensions.) Non-financial risks are risks that are associated with transactions that are non-financial in nature. In the past, non-financial risks receive far less attention compared to financial risks. This is because it is more challenging to measure non-financial risks compared to financial risks. However, in recent years, non-financial risks have received closer scrutiny as many banks realized they are as exposed to non-financial risks as to financial risks. The major risks that are classified under non-financial risks are: Compliance risk Strategic risk Reputational risk Model risk Chapter-01.indd 21 11/26/2015 9:44:55 AM 22 Risk Management in Banking: Principles and Framework 1.3.1 Financial Risks Market risk Market risk is defined as the risk of losses in on- and off-balance sheet positions arising from movements in market prices. There are two different components of market risk: General market risk—is the risk arising from movements in the general level of market rates and prices. General market risk is also referred to as systematic market risk. In modern portfolio theory, general market risks are risks that cannot be diversified away. Events such as a global financial crisis and recessions are some examples of systematic risks. Specific market risk—also known as unsystematic market risk—refers to the risk arising from adverse movements in market prices that are tied directly to the performance of a particular security. In modern portfolio theory, specific market risks are risks that can be eliminated by adequate diversification. Market risk can also be categorized into the following four types of risks: Interest rate risk in the trading book—is the exposure of the bank’s earnings and financial condition to adverse movements in interest rates. Interest rate risk is commonly associated with positions in fixed income securities. There are two types of interest rate risks: mm Traded interest rate risk or the interest rate risk associated with the bank’s trading book—is the interest rate risk associated with market risk. mm Structural interest rate risk or the interest rate risk associated with the bank’s balance sheet—is more appropriately classified as an asset and liability management (ALM) risk. Foreign exchange risk—is the exposure of the bank’s earnings and financial condition to adverse movements in foreign exchange rates. There are two important sources of foreign exchange risk: mm Traded foreign exchange risk—arises from the bank’s market-making and proprietary trading activities that generate foreign exchange exposures, e.g. servicing a client’s foreign exchange hedging requirements. Traded foreign exchange risk normally resides in the bank’s trading book. mm Structural foreign exchange risk—arises from the structural foreign exchange position imbalance between the bank’s assets and liabilities. Structural mismatches arise from: –– Mismatches in the currency denomination of the bank’s assets and liabilities; and –– Accounting differences (e.g. investments in foreign currency denominated assets are translated using historical exchange rates but financial assets and liabilities are translated using the closing exchange rates). Foreign exchange risk can also be classified into three types: mm Transaction risk—arises from the impact of exchange rates on foreign currency denominated receivables and payables. It arises from the difference between the price at which the receivables are collected or payables are paid and the price at which they are recognized in the bank’s financial statements. mm Business risk—is the risk arising from the impact of exchange rates on a company’s long-term competitive position. mm Translation risk—or revaluation is the risk of changes in the reported domestic accounting results of foreign operations or transactions due to changes in foreign exchange rates. Chapter-01.indd 22 11/26/2015 9:44:55 AM 23 Chapter 1 Concepts of Bank Risks Equity price risk—is the exposure of the bank’s earnings and financial condition to adverse movements in the benchmark equity indices (systematic or general equity market risk) and individual equity prices (non-systematic or specific equity market risk). There are two main components of equity price risk: mm Systematic risk or beta risk is the risk that is associated with the general market and cannot be diversified away. The general market is frequently the equity benchmark index of the applicable individual stock. Below are some of the benchmark equity indices for different countries. Real World Illustration Benchmark Equity Indices Equity Benchmarks mm U.S. Stocks S&P 500, Dow Jones Industrial Average (DJIA) European Stocks Stoxx Europe 600 China Shanghai Stock Exchange Composite Index (SHCOMP) Malaysia Kuala Lumpur Composite Index (KLCI) Singapore Strait Times Index (STI) Thailand Stock Exchange of Thailand (SET) Philippines Philippine Stock Exchange Index (PSEI) Indonesia Jakarta Stock Exchange Composite Index (JCI) Vietnam Vietnam Ho Chi Minh Index (VN Index) Unsystematic or specific risk is the risk associated with firm-specific risks that can be eliminated by diversification. Examples are adverse industry developments, negative news on a specific company, labour problems and weather disturbance in the primary place of operation. Illustrative Example Systematic Risk versus Unsystematic Risk Identify whether the following news refers to systematic or unsystematic risk. Case 1: Death of a charismatic CEO Steven P. Jobs, the visionary co-founder of Apple who helped usher in the era of personal computers and then led a cultural transformation in the way music, movies and mobile communications were experienced in the digital era, died at the age of 56. Solution: Unsystematic risk Case 2: Weakness in the global economy More evidence of a weakening global economy emerged Thursday ahead of the Federal Reserve’s decision to take aggressive new steps to stimulate growth in the United States. A report from the Organization for Economic Cooperation and Development pointed to a slowdown in the coming months in Italy, China, India and Russia with weak growth in France and Germany—the two biggest economies of the struggling euro zone. Solution: Systematic risk Chapter-01.indd 23 11/26/2015 9:44:55 AM 24 Risk Management in Banking: Principles and Framework Case 3: Loss of market share Consumer Intelligence Research Partners on Thursday came out with its latest numbers on mobile market share in the United States and found that BlackBerry devices accounted for 0% of all smartphone activations in the fourth quarter of 2013, which is not too surprising considering that the company spent a good chunk of the quarter with a ‘For Sale’ sign hung around its neck. In its last earnings report, BlackBerry said it only sold 1.9 million smartphones for the quarter and most of those were BlackBerry 7 devices targeted toward emerging markets. Thus, BlackBerry posting a 0% market share in the US over that period is well within the realm of possibility. Solution: Unsystematic risk Commodity price risk—is the exposure of a bank’s earnings and financial condition to fluctuations in commodity prices. Compared to other types of market risks, commodity price risk requires special attention due to the following peculiarities of the commodities market: mm Concentration of supply—very few market players control supplies of many commodities. This means that prices for the commodities do not necessarily move according to their economic fundamentals. The action of a very few market players can have a significant impact on the commodity prices. Real World Illustration The Potash Cartel A turmoil broke out in the global potash industry after Russian-based potash producer Uralkali announced it was terminating its sales partnership with Belarus, one of the two big groups holding the alleged monopoly of potash with a market share of two-thirds of the total market valued at $22 billion, according to a Wall Street Journal article entitled ‘The Potash Cartel’, published on 30 July 2013. The Uralkali announcement brought the prices of potash down, which would in turn prompt potash miners to increase their production in the hope of increasing market share. But such a move would push prices even lower as well as provide customers the leverage to negotiate for lower prices. Uralkali estimated a 25% drop in the price of potash—valued at $300 per metric ton—by the end of 2013. There were also indications that stocks of potash-mining companies suffered a rapid decline in terms of value. Furthermore, the article mentioned that the market for potash, a potassium-based fertilizer ingredient, has been dominated by two big marketing groups, Belarusian Potash Co. and North America’s Canpotex. Both companies dismissed reports that they were operating as a cartel. They were thought to have pegged identical prices in India and China, two of the major markets for potash. Source: Wall Street Journal, 30 July 2013 Unique characteristics of commodities—Different commodities display different characteristics and physical attributes that affect their prices. Features such as storability could affect pricing of commodities. Gold, which is one of the most durable commodities, would display a different pricing behaviour compared to electricity, which cannot be stored, or even with an agricultural commodity. mm Seasonal factors—Seasonal changes in demand and supply could also affect commodity prices. Different commodities display different seasonal features. mm Chapter-01.indd 24 11/26/2015 9:44:55 AM 25 Chapter 1 Concepts of Bank Risks Credit risk Credit risk is defined as the potential that a borrower or counterparty will fail to meet its obligations in accordance with agreed terms. There are two levels in credit risk: Transactional credit risk—refers to credit risk exposures generated on a transactional level. It is primarily determined by the borrower or counterparty’s ability and willingness to pay its obligations as they come due. Transactional credit risk can be further subdivided according to five different types of exposures: mm Retail credit risk—is the risk of loss due to a consumer’s default on a consumer credit product arising from the bank’s retail business. The Basel Committee on Banking Supervision defines retail credit exposures as homogenous portfolios consisting of: –– Large number of small, low-value loans –– Consumer or small business focus –– Incremental risk of any single exposure is small mm Corporate credit risk—is the risk of loss due to a default of an institutional/corporate client. Corporate credit risk is usually the largest risk faced by traditional commercial banks. mm Counterparty credit risk—is the risk that a counterparty to a financial contract, such as derivatives, will default prior to the expiration of the contract and fails to meet its obligations under the contract. While counterparty credit risk is classified under credit risk, a large element that determines a bank’s counterparty credit risk exposure is closely linked to market risk. mm Sovereign risk—is the risk of loss due to a default of a government on its financial obligations. mm Country risk—is the risk of loss due to events in a particular country which are, to some extent, under the control of the government. Country risk covers a wider range of risks than sovereign credit risk. One example of a risk within the scope of country risk is transfer risk. Transfer risk refers to the borrower’s inability to fulfil its obligations because of government actions, such as restrictions imposed on the ability of private sector borrowers to source foreign exchange to repay their foreign exchange obligations. Portfolio credit risk—is the credit risk exposure of the bank on an aggregated level. Portfolio credit risk considers the impact of consolidating individual transactional credit risk exposure on a consolidated bank basis. This includes taking into account the positive diversification effect of taking individual exposures on a portfolio level. An important source of portfolio credit risk is concentration risk. mm Concentration risk refers to an exposure with the potential to produce losses that are substantial enough to threaten the financial condition of a banking institution. Concentration risk arises from excessive exposures to: –– Single counterparty or group of connected counterparties –– Specific instrument –– Specific market segment Chapter-01.indd 25 11/26/2015 9:44:55 AM 26 Risk Management in Banking: Principles and Framework Real World Illustration Concentration Risk: The Case of Continental Illinois In the mid-1970s, Continental Illinois embarked on an aggressive strategy of growth to make it among the largest commercial and industrial lender in five years. During this period, Continental spurred loan growth by becoming particularly aggressive in the energy industry, a sector which it felt it had special expertise. Not contented, Continental also developed special relationship with Penn Square Bank, a relatively small bank that specialized in oil and gas sector loans. Continental purchased a total of $1.1 billion worth of loans from Penn Square (size: $436 million). These loans represented 17% of Continental’s total oil and gas loan portfolio. After years of oil price rise, it began to drop in April 1981. Exploration and drilling companies were among the first to bear the full brunt of the downturn. Compounded by other problems, Continental filed for bankruptcy. Source: The Collapse of Continental Illinois National Bank and Trust Company: The Implications for Risk Management and Regulation, Wharton Financial Institutions Center Asset and liability management (ALM) risk Asset and liability management (ALM) risks are risks that are associated with structural mismatches in a bank’s balance sheet. There are two common sources of ALM risks: Balance sheet interest rate risk—is the exposure of a bank’s balance sheet to adverse movements in interest rates. Balance sheet interest rate risk is a normal part of the business of banking. There are four important sources of balance sheet interest rate risk: mm Repricing risk—arises from the differences in the maturity and repricing of bank assets, liabilities and off-balance sheet positions. There are two main sources of repricing risk: –– Maturity differences –– Repricing of cash flow (for variable rate assets or liabilities) Illustrative Example Repricing Risk Assume that Bank DEF has the following asset and liability profile: • • 10-year loan receivable earning 5% interest 2-year deposit liability paying 3% interest Assuming the bank can continue to fund the 10-year loan at 3% interest (deposit), it will earn a positive spread of 2% (= 5% – 3%). Suppose after two years, depositors demand 5% interest to continue to roll their deposits. Bank DEF will then face declining profitability prospects as the spread now falls to 0%. Yield curve risk—Yield curve is a linear graph depicting the relationship of interest rates over the different maturities of a bond. Yield curve risk is the risk that arises when unanticipated shifts of the yield curve have adverse effects on the bank’s income or underlying economic value. mm Basis risk—is the risk arising from an imperfect correlation in the adjustment of interest rates earned and paid on different instruments with similar repricing characteristics. mm Chapter-01.indd 26 11/26/2015 9:44:56 AM 27 Chapter 1 Concepts of Bank Risks mm Optionality risk—is the risk arising from cash flow altering options embedded in the bank assets, liability and off-balance sheet positions. Liquidity risk—is the risk arising from the bank’s inability to fund increases in assets and meet obligations as they come due. There are two main sources of liquidity risk: mm Asset-based liquidity risk One of the ways a bank can fund growth in its assets or pay its obligations as they come due is to sell its existing assets. Assets that can easily be converted into cash are generally considered to be of higher quality (in liquidity terms) than those that are not. This ensures that the bank can fund increases in assets and pay its obligations without incurring unacceptable losses. Long-term Sell existing ASSETS to generate cash to: (a) Fund increases in the bank’s other assets (b) Pay obligations as they come due LENDING Figure 1.12 Funding bank’s growth via sales of assets Another important source of asset-based liquidity risk is the off-balance sheet commitments. Banks frequently allow a client to borrow funds over a commitment period on demand. This is referred to as a loan commitment transaction. When the client draws on its loan commitment, the bank must fund the obligation immediately— creating a demand for liquidity. mm Liability or funding-based liquidity risk The bank’s liquidity profile is also largely determined by the quality of its sources of funding—the liability side of the bank’s balance sheet. When liability holders demand cash by withdrawing their deposits (or lending), the bank needs to borrow additional funds or sell assets to meet the withdrawals. Banks use cash to satisfy the demands of the liability holders. In times of liquidity stress, volatile sources of funds (liability) would force banks to replace these liabilities in order to continue to operate as a going concern. In such a situation, replacing these sources of funds will force banks to accept unacceptable increases in funding costs. Replace existing LIABILITIES to generate cash to: (a) Fund increases in the bank’s other assets (b) Pay obligations as they come due DEPOSIT Figure 1.13 Replacing bank’s liabilities during liquidity stress On the other hand, having access to stable sources of funds will give banks the flexibility not to replace/raise funding in times when it will not be optimal to do so. Chapter-01.indd 27 11/26/2015 9:44:56 AM 28 Risk Management in Banking: Principles and Framework Operational risk Basel II defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk but excludes strategic and reputational risk. There are four main causes of operational risk: Process risk—is the risk from faulty overall design and application of internal business processes. People risk—is the risk that employees do not follow the organization’s procedures, practice and/or rules or deviate from expected behaviour. Systems risk—is the risk of failure arising from deficiencies in the bank’s infrastructure and information technology systems. External events risk—is the risk associated with events outside the bank’s control. While operational risk is classified under financial risk in this book, it actually has both financial and non-financial dimensions. Key man or person risk is the risk of loss arising from losing one or more important member of the banking organization. Because of the knowledge or skills that this key person possesses, it will be difficult to immediately replace this individual. This is an example of an operational risk with a non-financial dimension. Rogue trading or the unauthorized execution of trades by an authorized trader is an example of an operational risk that has a financial consequence to the banking organization. 1.3.2 Non-financial Risks Legal and compliance risk Legal risk is defined as the possibility that lawsuits, adverse judgments or faulty contracts can disrupt or adversely affect the operations or condition of the bank. Legal risk is the exposure to fines, penalties or punitive damages resulting from supervisory actions as well as private settlements. Compliance risk, on the other hand, is the risk arising from violations of, or nonconformance with, laws, rules and regulations or internal policies. It is the risk of legal or regulatory sanctions, material financial loss, or loss to reputation that a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards, and code of conduct applicable to its banking activities. Real World Illustration European Legal Tab Tops $77 Billion as Probe Widens In November 2013, Bloomberg News reported that the legal costs incurred by Europe’s largest banks had accumulated to $77 billion since the financial crisis—five times their combined profit in 2012. Of the amount, $24.9 billion was spent on settling lawsuits and probes, $31.5 billion on compensating clients for mis-selling of banking products and $ 20.9 billion was set aside as reserve for potential further liabilities. The average gain in legal costs for the 17 listed banks included in the study was 16% in 2013. Source: Bloomberg News, 22 November 2013 Chapter-01.indd 28 11/26/2015 9:44:57 AM 29 Chapter 1 Concepts of Bank Risks Strategic risk Strategic risk is the risk of loss in earnings, capital or reputation arising from changes in the business environment, adverse strategic decisions, and improper implementation of decisions or lack of responsiveness to industry, economic or technological changes. Strategic risk arises from failure to properly formulate or implement strategies leading to significant damage to a bank’s financial position, reputation, competitiveness or business development prospects. Reputational risk Reputational risk is the risk that may arise from negative publicity regarding an institution’s business practices. Whether true or not, such reputational risk can cause a decline in customer base, costly litigations or revenue deductions. In a 2013 global survey conducted by Deloitte on more than 300 companies around the world, reputational risk was ranked as the biggest risk concern by the respondents. Reputation is rated as the highest impact risk area for most individual sectors. Real World Illustration Debate Continues over Defining Reputational Risk Reputational risk should be seen as an impact and not a risk, delegates at Risk USA were told this week. Panelists argued that measuring the impact of reputational risk is difficult—often because the link between a negative event and reputational damage is uncertain. “I don’t believe it’s a risk and we struggle with this topic because we have to ask, is it a risk?” Craig Spielmann, global head of operational risk systems and analytics at RBS, told delegates. “I look at it more as an impact than a risk—an outcome of something that goes wrong to begin with.” He said there is also wide debate in the industry over the extent to which reputation is actually impacted by significant events. “Look at the financial crisis and all these things that have happened. Look at JP Morgan in the papers this week. Will anyone not do business with them?” Stephan Schenk, head of operational risk at TD Bank, agreed. “The strange thing is that a negative event can actually have a positive impact on your reputation because more folks know about you and attempt to do more business with you.” Panelists argued that the main reason that measuring reputational risk is extremely difficult is because shareholder value in financial institutions has remained relatively steady, even in the face of repeated crises. “There is no proof that eroding shareholder value actually happens,” said Spielmann. “If you look at companies like JP Morgan, the last six months have been really tough for them, but their stock price is going up. We haven’t seen any evidence or any correlation that these things in the long term hurt shareholder value.” One area where panelists agreed financial institutions may be able to measure reputational risk is in staff turnover. “I’m sure if you went back and looked at some of these companies, the amount of turnover that there has been over the past eight or so years is significant,” said Ivan Pooran, head of enterprise and operational risk at GE Capital Americas. “And you can make an argument that is probably correlated to other things, but I’m pretty sure, having come from one of these organizations, that the link to reputational risk is pretty high.” Source: Risk.Net, 25 October 2013 Chapter-01.indd 29 11/26/2015 9:44:57 AM 30 Risk Management in Banking: Principles and Framework Model risk Banks rely heavily on models for assessing and quantifying risks. Model refers to a quantitative method, system or approach that applies statistical, economic, financial or mathematical theories, techniques and assumptions to process input data into quantitative estimates. Models provide a formal structure for banking organizations to assess, analyze and quantify risks by simplifying the often complex, dynamic and interrelatedness nature of risk exposures to enable efficient and effective decision-making. Banks often heavily rely on these simplifications. Model risk is defined as the risk of loss, incorrect business decisions, financial reporting errors or reputational damage arising from possible errors and misapplication of inputs of models. Model risk has received considerable attention during the height of the 2008 global financial crisis. Many banks relied on faulty model assumptions in measuring their risk exposures from complex derivatives. The results of the model used to formally quantify the risk exposures led to faulty decisions, which left many banks stuck with highly illiquid assets. CONCLUSION This chapter provides a review of the different business activities and business lines of the banking organization. Since these business activities and business lines generate risk exposures to the banking organization, it is important to have a firm foundation of the nature of the latter. After reviewing the different banking business activities and business lines, the critical roles of the banks in the economy were discussed. Understanding these critical roles of banks as financial intermediaries serves as a useful context for understanding risk management. In the previous section, the different types of bank risks were enumerated and briefly discussed. In the next chapter, we will discuss in further detail the basic risk management principles and framework. Chapter-01.indd 30 11/26/2015 9:44:57 AM C 2 P HA TE R RISK MANAGEMENT PRINCIPLES AND FRAMEWORK In the previous chapter, we briefly reviewed the different business activities that a typical banking organization engages in. This provided an important context for discussing the different types of risks that a banking organization faces as risks usually arise from its business activities. After discussing the different types of risks that banks face, this chapter provides an overview of risk management in the banking context. This chapter begins with an introduction to risk management in the banking context. It then proceeds with a broad overview of the different elements of a sound risk management infrastructure—principles, framework and process—in accordance with the principles laid out by the International Organization for Standardization (ISO) in ISO 31000: Risk Management—Principles and Guidelines. ISO is the world’s largest developer of voluntary international standards. ISO 31000 provides the principles and generic guidelines on risk management that can be used by any entity from any specific industry or sector. This chapter aims to apply these principles in the banking context. It then discusses the risk management principles and risk management framework in detail. Risk management process will be covered in the succeeding chapter. Chapter-02.indd 31 11/26/2015 9:44:32 AM 32 Risk Management in Banking: Principles and Framework Risk Management Principles and Framework Risk Management in the Banking Context Risk Management Principles Risk Management Framework Definition of Risk Management Definition of Risk Management Framework Objectives of Risk Management Uses of a Risk Management Framework Elements of a Sound Risk Management Framework Figure 2.1 Diagrammatic outline of this chapter’s topics LEARNING OUTCOME At the end of this chapter, you are expected to be able to: EXPLAIN the basic principles of risk management and the different elements of a sound risk management framework LEARNING OBJECTIVES At the end of this chapter, you will be able to: DISCUSS the objectives of risk management in the banking context EXPLAIN the basic principles of risk management DISCUSS the different components of a sound risk management framework—risk governance, risk appetite, risk culture, risk policy and risk management organization Chapter-02.indd 32 11/26/2015 9:44:32 AM 33 Chapter 2 Risk Management Principles and Framework 2.1 RISK MANAGEMENT IN THE BANKING CONTEXT LEARNING OBJECTIVE 2.1 DISCUSS the objectives of risk management in the banking context Banking organizations face risks as part of their business. Taking risk is part of the business of banking. These risks, however, when not understood and managed properly, may lead to huge losses and may even threaten the bank’s survival. This is a common theme in almost all bank failures and crises. Despite the pervasiveness of risks in banking activities, the focus on managing risks independently and distinctly is a relatively new phenomenon. In the past, risks were simply accepted as a consequence of doing business. There was relatively little or modest formal effort to actively understand and manage risks. As the business environment rapidly evolved and became more globalized, banks responded by introducing innovative products. This made the banking business model more complex and volatile. The banking failures in the 1970s and 1980s heightened concerns that the risks of doing business must be actively understood and managed. The lessons learned from these failures gradually resulted in the elevation of risk management as a critical and formal function and activity that is equally important as the core banking business activities. 2.1.1 Definition of Risk Management ISO 31000 defines risk management as: ‘Coordinated activities to direct and control an organization with regard to risk…’ The definition reveals some important features of risk management, which are discussed below. Coordinated Risk management is a coordinated effort from all units in the banking organization. However, the common misconception is that risk management should be the responsibility of a single function in the banking organization, for example, the risk management function. Risk management is too broad in scope and banking risks are too complex to be managed by a single function. Everyone in the organization has a role to play in risk management. The three lines of defence model used by many banking organizations is an example of a coordinated approach to risk management. The three lines of defence model puts risk ownership across the three levels in the bank: the business lines, risk management function and internal audit. Chapter-02.indd 33 11/26/2015 9:44:32 AM 34 Risk Management in Banking: Principles and Framework First Line Second Line Third Line Business Line or Front Office Risk Management Function Internal Audit Figure 2.2 The three lines of coordinated defence in risk management The first line of defence are the risk-originating units, which are the business lines. They originate products and activities, which are the sources of risks to the bank. They are, therefore, in the best position to address risk issues at the onset. Business lines are expected to embed the risk management framework and sound risk management practices into their standard operating procedures. They are responsible for monitoring and accountable for risk management performance in operation. Business lines must, therefore, adhere to all applicable policies, procedures and processes established by the risk management function. The second line of defence is the risk management function. This function is responsible for developing and implementing the risk management framework. It ensures that the risk management framework covers all risks to which the bank is exposed to. The third line of defence is internal audit, which reviews the effectiveness of risk management practices. Internal audit confirms the level of compliance, recommends improvements and enforces corrective actions where necessary. Activities Risk management is a structured and formal process. It entails the execution of different activities such as communication, consultation, establishing the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing of risk. Direct and control Risk management aims to direct and control risks that banks face. The objective is not to eliminate risks but to direct and control them. Risk management aims to make risks more manageable and ensure that the banking organization will continue to operate as a going concern, and meet the complex requirements of the bank’s internal and external stakeholders. Risk management plays a central and integral role in the banking business model. Given the important role that banking organizations play in the economy, it is thus essential to have an understanding of the main objectives of risk management. 2.1.2 Objectives of Risk Management Increase the likelihood of achieving business objectives In traditional finance, the typical business objective of corporations or other types of business entities is to maximize shareholder value. This means that the overriding objective is to maximize profitability and generate shareholder wealth over the long run. The banks’ critical roles eventually heightened public interest and involvement in the banking business. This means that banking organizations have to satisfy multiple stakeholders and not only the stockholders. Other than the stockholders, the different important stakeholders are discussed in Table 2.1. Chapter-02.indd 34 11/26/2015 9:44:32 AM 35 Chapter 2 Risk Management Principles and Framework Table 2.1 Important stakeholders of a banking organization Stakeholders of a Banking Organization Depositors Bank depositors are one of the most important stakeholders of a banking organization. The deposit base usually forms the bulk of a typical bank’s sources of funds. Many bank failures occurred due to the loss of trust and confidence of depositors in the ability of the banking organization to continue as a going concern. This loss of confidence, when not managed or mitigated properly, may result in a bank run as well as the cessation of the bank’s ability to continue to operate as a going concern. The importance of maintaining depositor trust and confidence is one of the key reasons why banks must consider, as part of their business objectives, the prudent management of trust and confidence of their deposit clients. Customers Bank customers are important stakeholders. As discussed in the previous chapter, banks play a vital role in the economy. At a more fundamental level, banks play a role in the development of a community. Failure of a banking organization may result in spillover effects to the economy in general and the community in particular. The importance of banks in the community in which it operates in makes it important for banks to consider their customers in forming its business strategy. Given the competitive landscape in the global financial landscape, banking organizations that fail to deliver the expectations of customers will face loss of business, market share and ultimately, profitability. Regulators The regulators of banking organizations are also an important stakeholder. They frequently act as lenders of last resort. Regulators exercise oversight over regulated banking entities. Failure by a banking organization to comply with regulatory requirements may affect its ability to continue to operate as a going concern. The importance of regulatory compliance in the ability of banking organizations to continue to operate as going concerns makes it imperative for banks to incorporate regulatory concerns in the design and execution of their respective business objectives. Employees Employees are the most important assets of banking organizations. Banks rely on their employees to execute the business objectives. Employees are also important stakeholders of the bank. They are often some of the most affected stakeholders in the event of a bank failure. The interest of employees should, therefore, be considered in forming banking business objectives. General public During the 2008 global financial crisis, many governments throughout the world extended sizeable financial assistance to failing banks to prevent their collapse as well as the banking industry. This financial assistance is often called a bailout. In most cases, the financial assistance given or lent came from taxes paid by the general public. Given the burden on the public by a bank bailout, the interest of the general public must be considered in the bank organization’s business objectives. Risk introduces uncertainty to the attainment of the banking organization’s business objectives. Risk management aims to increase the likelihood of the organization attaining its business objectives by designing and executing strategies that will manage risks, which cause uncertainty on the organization’s ability to achieve its stated business objectives. Risk management provides the framework and process that will allow the banking organization to mitigate the impact of those risks on the organization’s business objective. Chapter-02.indd 35 11/26/2015 9:44:32 AM 36 Risk Management in Banking: Principles and Framework Encourage proactive management of risks The absence of risk management frequently results in the banking organization taking on risks in a passive and reactive manner. The lack of a formal process to assess and mitigate risks makes the organization more vulnerable to unwanted risk exposures and frequently impairs its ability to respond to the risks in a timely and cost effective manner. Risk management provides a systematic and structured framework and process to assess and mitigate risks. The systematic and structured framework encourages management to proactively assess and mitigate the risk exposures that the organization faces. This allows the bank to anticipate emerging risks and equips the organization with the necessary tools to respond to the risks in a timely and cost effective manner. Compliance with laws and regulations The banking industry is one of the most heavily regulated industries in most jurisdictions. Special laws and regulations apply to banks that are designed to ensure the safety and soundness of the banking organizations. Failure to comply with the regulations may have adverse consequences on the bank, which could range from monetary and non-monetary penalties or sanctions to the extent of being forced to cease to exist as a going concern. Risk management plays an important role in ensuring that the banking organization complies with the relevant laws and regulations. Strong risk management practices strengthen processes and controls that ensure compliance with relevant laws and regulations. Regulation also plays an important role in risk management. After the 2008 global financial crisis, regulators are increasingly placing stronger emphasis on strengthening the banking organizations’ risk management practices. Failures in risk management practices are consciously being met with substantial fines that not only monetarily affects the banking organization but also results in significant damages to the bank’s reputation. Real World Illustration US Bank Legal Bills Exceed $100 Billion On 28 August 2013, Bloomberg released a report claiming that the six biggest U.S. banks had accumulated more than $100 billion worth of legal costs or $51 million a day since the financial crisis. This amount is reported to be worth more than all dividends that had been paid out to shareholders in the past five years. The costs may continue to rise as regulators, prosecutors and investors file new claims against these banks, which initially saw a 40% increase in litigation and legal costs since January 2012. This scenario exemplifies how risk management adds value to banking organizations. Sound risk management practices often entail establishing processes and controls in order to minimize the chance of non-compliance of regulations. Source: Bloomberg, 28 August 2013 Note: This article shows an example of risk management adding value to banking organizations. Sound risk management practices often entail establishing processes and controls that will minimize the chance of non-compliance of regulations. Chapter-02.indd 36 11/26/2015 9:44:32 AM 37 Chapter 2 Risk Management Principles and Framework Lower cost of funds Banks fund their assets through a combination of liability and equity sources of funding. Liability sources of funding typically come from depositors and borrowings with other banks and creditors. Equity sources of funding are typically sourced from shareholders. A bank’s cost of funds from both liability and equity sources of funding are positively related to the depositors and investors’ perception of the bank’s risk profile. This is consistent with the standard finance theory that the higher the risk, the higher the return required. Conversely, the lower the risk, the lower the return required. The higher the perception of the bank’s risk profile, the higher will be the cost of its funds. This is because investors, lenders and depositors will demand higher returns to compensate them for taking higher risks. Conversely, the lower the perception of the bank’s risk profile, the lower will be the cost of its funds. Investors, lenders and depositors may be willing to demand a lower return due to the bank’s lower risk profile. Risk management provides value by lowering a bank’s cost of funds. Strong risk management practices allow for efficient and effective management of ‘surprises’ in achieving a bank’s business objectives. Lowering these ‘surprises’ or uncertainties would lower the bank’s overall risk profile. Depositors, investors and creditors of the bank would view the bank’s strong risk management practices in a favourable manner. This favourable view may translate to lower perception of risk and, therefore, lower cost of funds for investors and depositors. The reverse is also true for banks with weak risk management practices. Depositors, investors and creditors will penalize banks with weak risk management practices by demanding higher returns on their investment to compensate for the higher risk they are taking. This, therefore, will increase a bank’s cost of funds. Credit rating agencies assess the risk management practices of banking organizations and this is used as a factor in coming up with the credit rating assessment of banks. Rating agencies assess the quality of a bank’s risk management approach and practices and its appropriateness to the organization’s risk profile. The stronger the risk management practices of a banking organization, the more stable the organization’s credit rating will be. The more stable the credit rating, the lower the expected cost of funds holding, other things remaining constant. Efficient allocation of capital and resources While a bank’s resources are limited and in most cases, scarce, business opportunities, on the other hand, are many and unlimited. Risk management provides a structured framework and process to assess the risk implications of each business undertaking. This assessment can then be used to allocate scarce resources to businesses that generate higher returns commensurate to the level of risk taken. This is referred to as the risk-adjusted returns. In contrast, without a sound risk management framework, banking organizations may be tempted to focus on maximizing accounting earnings, e.g. net income. This focus on maximizing accounting earnings overlooks the risk implications of a business undertaking. Risk-adjusted return or performance measures the return on a transaction or business activity after considering the risk associated with the latter. This allows management to have a fair perspective on how to best allocate scarce capital. Risk management provides relevant and timely information that management may use when deciding which business activity or business line will receive more capital and strategic focus. Chapter-02.indd 37 11/26/2015 9:44:32 AM 38 Risk Management in Banking: Principles and Framework Illustrative Example Role of Risk Management in Providing Relevant and Timely Information Bank XYZ engages in the following business lines: Business Line Net Income Asset Invested 1 $10,000,000 $5,000,000 2 $2,000,000 $5,000,000 3 $1,000,000 $2,000,000 4 $500,000 $2,000,000 If Bank XYZ’s business objective is to maximize accounting earnings, it appears that business line 1 is the most attractive option. It provides the highest accounting return per $1 of asset invested. Bank XYZ may channel all or most of its scarce capital resources to business line 1. Business Line Net Income Asset Invested Return on Investment (Accounting) 1 $10,000,000 $5,000,000 200% 2 $2,000,000 $5,000,000 40% 3 $1,000,000 $3,000,000 33% 4 $500,000 $3,000,000 17% The problem with using maximizing accounting returns as the overriding objective is that it totally ignores risk in the capital allocation decision. Risk management provides information to management on the level of risk taken for each business line. This level of risk is then taken into consideration when calculating the return and allocating capital. The table below shows how the decision and allocation will change if the level of risk is considered. Business Line Net Income Return on Investment (Accounting) Volatility (or Other Risk Measure) Return Per 1 Unit of Risk 1 $10,000,000 200% 500% 40% 2 $2,000,000 40% 100% 40% 3 $1,000,000 33% 20% 165% 4 $500,000 17% 10% 170% Enhance competitive advantage Risk management has evolved from being a compliance function to one that is now increasingly being viewed as a function that delivers competitive advantage to the organization. Strong risk management practices have proven to be a source of competitive advantage as evidenced by those banks that have performed well—even during the global financial crisis—are those with superior risk management practices. Many banking organizations, on account of their strong risk management practices, are given more flexibility to pursue business opportunities that may not be available for those with weaker risk management practices. Chapter-02.indd 38 11/26/2015 9:44:32 AM 39 Chapter 2 Risk Management Principles and Framework 2.2 RISK MANAGEMENT PRINCIPLES LEARNING OBJECTIVE 2.2 EXPLAIN the basic principles of risk management ISO 31000 Risk Management—Principles and Guidelines enumerates three different but interrelated components of risk management. Risk Management Principles Risk Management Framework Risk Management Process Figure 2.3 Interrelated components of risk management Risk management principles enumerate fundamental characteristics of effective risk management. These foundational principles serve as bases for designing a risk management framework, which is a set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization (ISO 31000). Risk management framework integrates the risk management process into the organization’s overall corporate governance, strategy and planning, management, reporting processes, policies, values and culture. Risk management process is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing risk. (Principles of risk management are discussed in this section, while the risk management framework is in the next section. We will discuss the risk management process in more detail in the next chapter.) Principles of risk management In order for risk management to be effective, ISO 31000 enumerates 11 principles: 1. Risk management creates and protects value 2. Risk management is an integral part of all organizational processes 3. Risk management is part of decision making 4. Risk management explicitly addresses uncertainty Chapter-02.indd 39 11/26/2015 9:44:32 AM 40 Risk Management in Banking: Principles and Framework 5. Risk management is systematic, structured and timely 6. Risk management is based on best available information 7. Risk management is tailored 8. Risk management takes human and cultural factors into account 9. Risk management is transparent and objective 10. Risk management is dynamic, iterative and responsive to change 11. Risk management facilitates continual improvement of the organization Principle 1: Risk management creates and protects value Risk management creates and protects value by increasing the likelihood of achieving the organization’s objectives. It also creates and protects value as it results in the improvement of the banking organization’s governance and control processes, compliance with regulations and effectiveness and efficiency in the allocation of scarce capital and resources. Principle 2: Risk management is an integral part of all organizational processes Risk management is not a standalone activity that is separate from the main activities and processes of the organization. Aside from ensuring profitability and delivering shareholder value, risk management should form part of the responsibilities of management. Principle 3: Risk management is part of decision making To be effective, risk management should be part of the decision-making process. Risk management should help decision makers make informed choices, prioritize actions and distinguish among alternative courses of action. Principle 4: Risk management explicitly addresses uncertainty Risk management does not view risk in a deterministic manner. Risk management should explicitly take into account uncertainty, the nature of the uncertainty and how that uncertainty can be addressed. Principle 5: Risk management is systematic, structured and timely Risk management is a systematic, structured and timely process that contributes to efficient, consistent, comparable and reliable results. It is a rigorous process that encourages everyone in an organization to assess uncertainty in a structured and systematic manner, and design mitigation strategies methodically. Chapter-02.indd 40 11/26/2015 9:44:33 AM Chapter 2 Risk Management Principles and Framework 41 Principle 6: Risk management is based on best available information While risk management aims to assess and manage risk in a forward-looking manner, it has to rely on the best available information as of a specified predetermined date. Below are some examples of information sources that can be used as inputs to the risk management process: Historical data Past experience Stakeholder feedback Observation Forecasts Expert judgement Principle 7: Risk management is tailored Risk management is not a one size fits all exercise. Each banking organization has unique circumstances that must be considered in designing the organization’s risk management framework and process. Risk management should be aligned with the organization’s external and internal context and risk profile. Principle 8: Risk management takes human and cultural factors into account The effectiveness of risk management processes, no matter how sophisticated the designs are, still depends on the commitment and capabilities of everyone in the organization. Risk management considers the capabilities, perceptions and intentions of external and internal people that can facilitate or hinder achievement of the organization’s objectives. Principle 9: Risk management is transparent and inclusive To be effective, risk management should not be an isolated activity. Everyone in an organization should be involved. Risk management is relevant and up-to-date if stakeholders and decision makers at all levels are involved in an appropriate and timely manner. Principle 10: Risk management is dynamic, iterative and responsive to change Risk management should continually evolve and recognize the dynamic environment in which banking organization operates in. As external and internal events occur, context and knowledge changes, monitoring and review of risks take place. New risks emerge. Some risks evolve. Some risks change. Some disappear. Risk management should be able to capture and calibrate its responses to the changing nature of uncertainty. Principle 11: Risk management facilitates continual improvement of the organization Risk management should develop and implement strategies to improve their risk management maturity alongside all aspects of the organization. Chapter-02.indd 41 11/26/2015 9:44:33 AM 42 Risk Management in Banking: Principles and Framework 2.3 RISK MANAGEMENT FRAMEWORK LEARNING OBJECTIVE 2.3 DISCUSS the different components of a sound risk management framework—risk governance, risk appetite, risk culture, risk policy and risk management organization 2.3.1 Definition of Risk Management Framework The effectiveness of risk management depends on the effectiveness of the risk management framework. Risk management framework is a set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization. Foundations of the risk management framework include policy, objectives, mandate and commitment to manage risks. Organizational arrangements include plans, relationships, accountabilities, resources, processes and activities. For risk management to be effective, the risk management framework should be embedded in the organization within the bank’s overall strategic and operational policies and procedures. Risk Management Framework Operations Strategy Figure 2.4 Risk management, strategy and operations Different banks apply different approaches in embedding their respective risk management frameworks in their strategic and operational practices. The most popular approach is the three lines of defence model. (We will extensively discuss the three lines of defence model in a later section.) 2.3.2 Uses of the Risk Management Framework Risk management framework assists in managing risks effectively through the application of the risk management process at varying levels and within specific contexts of the organization. The framework ensures that information about risk derived from the risk management process is adequately reported and used as a basis for decision-making and accountability at all relevant organizational means. The framework assists in integrating risk management into the overall management system. Chapter-02.indd 42 11/26/2015 9:44:33 AM 43 Chapter 2 Risk Management Principles and Framework 2.3.3 Elements of a Sound Risk Management Framework Figure 2.5 shows the various elements—at a minimum—of a sound risk management framework. Effective Risk Governance Risk Appetite Risk Culture Risk Management Policy Risk Management Organization Figure 2.5 Elements of a risk management framework Effective risk governance The 2008 global financial crisis exposed a number of governance weaknesses that resulted in the banks’ failure to understand the risks they were taking. The Financial Stability Board (FSB) enumerated the weaknesses on risk governance that were highlighted in the 2008 global financial crisis. FSB is an international body that monitors and makes recommendations about the global financial system and promotes international stability. FSB coordinates national financial authorities and international standard-setting bodies as they work toward developing strong regulatory, supervisory and other financial sector policies. The weaknesses are: Many members of the board of directors had little financial industry experience and have limited understanding of the rapidly increasing complexity of the financial institutions they were governing. Many boards did not pay sufficient attention to risk management or set up effective structures, such as a dedicated risk committee. Many risk committees were often staffed by directors short on both experience and independence from management. The information provided to the board were voluminous and not easily understood. Many banks lacked a formal process to independently assess the propriety of their risk governance frameworks. A culture of excessive risk-taking and leverage were allowed to permeate in the weaklygoverned banks. The International Risk Governance Council (IRGC) defines governance as the actions, processes, traditions and institutions by which authority is exercised and decisions are taken and implemented. Risk governance applies the principles of good governance to the identification, assessment, management and communication of risks. IRGC is a non-profit and independent organization involved in helping improve the understanding and governance of Chapter-02.indd 43 11/26/2015 9:44:33 AM 44 Risk Management in Banking: Principles and Framework systemic risks that have impacts on human health and safety, the environment, the economy and on society at large. Risk governance is concerned with: the roles of board of directors in setting risk strategy, an effective risk management framework and oversight of senior management actions; the role of senior management in ensuring that day-to-day management of business activities is consistent with the risk appetite, strategy and policies approved by the board; the risk management process and internal control functions are working in a sound manner; the effects of incentives and organizational culture on risk-taking behaviours and perceptions of risk in the institution; the availability of comprehensive and integrated systems to support enterprise-wide or consolidated view of risks for both the individual financial institution and for the group; and the capacity of institutions to respond swiftly to changes in the operating environment and development in the institution’s business strategies. A risk governance framework is the framework through which the board and management establish the organization’s strategy, articulate and monitor adherence to risk appetite and risk limits, and identify, measure and manage risks. The framework comprises three main functions: 1. Board of directors 2. Risk management function 3. Functions charged with the independent assessment of risk governance Board of Directors Risk Management Function Independent Assessment of Risk Governance Figure 2.6 Different functions in the risk management framework Chapter-02.indd 44 11/26/2015 9:44:33 AM 45 Chapter 2 Risk Management Principles and Framework In the next section, we look at the interactions among these three different functions of a risk governance framework proposed by the Financial Stability Board. Table 2.2 Key roles in the risk governance framework Summary of Key Roles in the Risk Governance Framework Board of directors The board is responsible for ensuring that the organization has the appropriate risk governance framework given its business model, complexity and size which is embedded in the organization’s risk culture. Risk management function The chief risk officer (CRO) and the risk management function are responsible for the organization’s risk management across the entire entity, ensuring that its profile remains within the risk appetite statement as approved by the board. The risk management function is responsible for identifying, measuring, monitoring and recommending strategies to control or mitigate risks, and reporting on risk exposures on an aggregated and disaggregated basis. Independent assessment of the risk governance framework The independent assessment of the organization’s risk governance framework plays a critical role in the ongoing maintenance of its internal controls, risk management and risk governance. It helps the organization accomplish its objectives by bringing a disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. This may involve internal parties (such as internal audit) or external parties (such as third-party reviewers, e.g. audit firms and consultants). The Financial Stability Board, in its February 2013 thematic review of risk governance practices of banks, came up with the following recommendations: Set requirements on the independence and composition of the boards, including requirements on the relevant types of skills of the board, collectively, should have (e.g. risk management, financial industry expertise) as well as the time commitment expected. Hold the board accountable for its oversight of the bank’s risk governance. Ensure that the level and types of risk information provided to the board enable effective discharge of board responsibilities. Boards should satisfy themselves that the information they receive from management and the control functions is comprehensive, accurate, complete and timely to enable effective decision-making on the organization’s strategy, risk profile and emerging risks. This includes establishing communication procedures between the risk committee and the board, and across other board committees, most importantly, the audit and finance committees. Set requirements to elevate the chief risk officer’s (CRO’s) stature, authority and independence in the organization. This includes requiring the risk committee to review the performance and objectives of the CRO; ensuring that the CRO has unfettered access to the board and risk committee, including a direct reporting line to the board and/or risk committee; and expecting the CRO to meet periodically with the directors without the executive directors and management present. The CRO should have a direct reporting line to the chief executive officer (CEO) and a distinct role from other executive functions and business line, e.g. no ‘dual-hatting’. Chapter-02.indd 45 11/26/2015 9:44:33 AM 46 Risk Management in Banking: Principles and Framework The CRO should be involved in activities and decisions (from a risk perspective) that may affect the organization’s prospective risk profile, e.g. strategic business plans, new products, mergers and acquisitions, and the internal capital adequacy assessment process (ICAAP). Require the board (or audit committee) to obtain an independent assessment of the design and effectiveness of the risk governance framework on an annual basis. An example of Bank Negara Malaysia on their principles of risk governance (1 March 2013): Board Practices The board must ensure that the financial institution’s corporate objectives are supported by a sound risk strategy and an effective risk management framework that is appropriate to the nature, scale and complexity of its activities. The board must provide effective oversight of senior management’s actions to ensure consistency with the risk strategy and policies approved by the board, including the risk appetite framework. Senior Management Oversight Senior management is responsible for ensuring that day-to-day management of the financial institution’s activities is consistent with the risk strategy, including the risk appetite and policies approved by the board. Risk Management and Internal Controls The risk management framework must enable the continuous identification, measurement and continuous monitoring of all relevant and material risks on a groupand firm-wide basis, supported by robust management information systems that facilitate the timely and reliable reporting of risks and the integration of information across the institution. The sophistication of the financial institution’s risk management framework must keep pace with any changes in the institution’s risk profile (including its business growth and complexity) and the external risk environment. Risk management must be well-integrated throughout the organization and embedded into the culture and business operations of the institution. Financial institutions must establish an independent senior risk executive role (chief risk officer or its equivalent) with distinct responsibility for the risk management function and the institution’s risk management framework across the entire organization. The executive must have sufficient stature, authority and seniority within the organization to meaningfully participate in and be able to influence decisions that affect the financial institution’s exposures to risk. Financial institutions must establish and maintain an effective risk management function with sufficient authority, stature, independence, resources and access to the board. Effective implementation of the risk management framework must be reinforced with an effective compliance function and subjected to an independent internal audit review. Financial institutions must have appropriate mechanisms in place for communicating risks across the organization and for reporting risk developments to the board and senior management. Remuneration Executive remuneration must be aligned with prudent risk-taking and appropriately adjusted for risks. The board must actively oversee the institution’s remuneration structure and its implementation, and must monitor and review the remuneration structure to ensure that it operates as intended. Chapter-02.indd 46 11/26/2015 9:44:33 AM 47 Chapter 2 Risk Management Principles and Framework Complex and Opaque Corporate Structures The board and senior management must be aware of and understand the institution’s operational and organizational structure and the risks it poses and be satisfied that it is not overly complex or opaque such that it hampers effective risk management by the financial institution. Where a financial institution operates through special-purpose structures, its board and senior management must understand the purpose, structure and unique risks of these operations. Appropriate measures must be undertaken to mitigate the risks identified. Role of Subsidiary and Parent Entities with Respect to Risk Governance The board and senior management of subsidiary financial institutions will be held responsible for effective risk management processes at the subsidiary level and must have appropriate influence in the design and implementation of risk management in the subsidiary. Conversely, the board and management of a parent financial institution with local and overseas operations is responsible for the risk management of the group and must exercise oversight over its subsidiaries with appropriate processes established to monitor the subsidiaries’ compliance to the group’s risk management practices. Source: Bank Negara Malaysia website Risk appetite Risk appetite is the aggregate level and types of risk a financial institution is willing to assume within its risk capacity to achieve its strategic objectives and business plan (Financial Stability Board). Risk appetite is a key and integral component of a bank’s risk management framework. In November 2013, the FSB released the final version of the Principles for an Effective Risk Appetite Framework. The document sets out key elements for an effective risk appetite framework, effective risk appetite statement, risk limits and defining the roles and responsibilities of board of directors and senior management. It presents high-level principles to allow banks to develop an effective risk appetite framework. The risk appetite framework is the overall approach, including policies, processes, controls and systems through which risk appetite is established, communicated and monitored. Characteristics of an effective risk appetite framework An effective risk appetite framework should: mm Establish a process for communicating the risk appetite framework across and within the financial institution as well as sharing non-confidential information to external stakeholders. mm Be driven by both top-down board leadership and bottom-up involvement of management at all levels, and embedded and understood across the financial institution. mm Facilitate embedding risk appetite into the financial institution’s risk culture. mm Evaluate opportunities for appropriate risk-taking and act as a defence against excessive risk-taking. mm Allow for the risk appetite statement to be used as a tool to promote robust discussions on risk and as a basis upon which the board, risk management and internal audit functions can effectively and credibly debate and challenge management recommendations and decisions. Chapter-02.indd 47 11/26/2015 9:44:33 AM 48 Risk Management in Banking: Principles and Framework Be adaptable to changing business and market conditions so that, subject to approval by senior management and the board as appropriate, opportunities that require an increase in limit of a business line or legal entity could be met while remaining within the agreed institution-wide risk appetite. mm Cover activities, operations, and systems of financial institutions that fall within its risk landscape but are outside its direct control, including subsidiaries and third-party outsourcing providers. mm Elements of the risk appetite framework The risk appetite framework generally has three main components: mm Risk appetite statement (RAS) mm Risk limits mm Roles and responsibilities of those overseeing the implementation and monitoring of the risk appetite framework Risk Appetite Statement (RAS) Risk Limits Roles and Responsibilities Figure 2.7 Elements of the risk appetite framework Risk appetite statement (RAS) is an articulation in written form of the aggregate level and types of risk that a financial institution is willing to accept or to avoid, in order to achieve its business objective. The RAS includes: mm quantitative measures of loss or negative outcomes expressed relative to earnings, capital, risk measures, liquidity and other relevant measures as appropriate, e.g. volatility; and mm qualitative statements. The RAS should address more difficult to quantify risks, such as reputation and conduct risks as well as money laundering and unethical practices. The statement should be directly linked to the financial institution’s strategy, address its material risks under both normal and stressed market and macroeconomic conditions, and set clear boundaries and expectations by establishing quantitative limits and qualitative statements. Key characteristics of an effective RAS: mm Includes key background information and assumptions that inform the financial institution’s strategic and business plans at the time they were approved. mm Be linked to the institution’s short- and long-term strategic, capital and financial plans as well as compensation programmes. mm Establish the amount of risk that the financial institution is prepared to accept in pursuit of its strategic objectives and business plan, taking into account the interests of its customers and its fiduciary duty to shareholders as well as capital and other regulatory requirements. Chapter-02.indd 48 11/26/2015 9:44:33 AM 49 Chapter 2 Risk Management Principles and Framework mm mm mm mm mm Determine for each material risk the maximum level of risk that the financial institution is willing to operate within, based on its overall risk appetite, risk capacity and risk profile. Includes quantitative measures that can be translated into risk limits applicable to business lines and legal entities as relevant, and also at the group level, which in turn can be aggregated and disaggregated to enable measurement of the risk profile against the risk appetite and risk capacity. Includes qualitative measures that articulate clearly the motivations for taking on or avoiding certain types of risks, including for reputational and other conduct risks across retail and wholesale markets, and establish some form of boundaries or indicators to enable monitoring of these risks. Ensure that the strategy and risk limits of each business line and legal entity are aligned with the institution-wide risk appetite statement. Be forward looking and, where applicable, subject to scenario and stress testing to ensure that the financial institution understands what events might push the organization outside its risk appetite and/or risk capacity. Below are good examples of the RAS for both financial and non-financial risks: Real World Illustration ING Bank NV Risk Appetite Statement (Financial Risks) Financial risks For financial risks, ING Bank expresses its risk appetite as the tolerance to allow key ratios to deviate from their target levels. Therefore the high-level risk ambition is translated into quantitative targets on ING Bank level for solvency risk, liquidity and funding risk and for concentration and event risk. The solvency risk appetite is closely aligned to Capital Management activities and policies. ING Bank has expressed tolerances for its risk-weighted solvency position (core tier 1 ratio), for nonrisk weighted solvency (leverage ratio) and for more value-based solvency (economic capital). The solvency risk appetite statements are not only compared to the actual reported level, but also include the potential impact of a standardised and pre-determined one in 10 years stress event (i.e. at the 90% confidence level and a one-year horizon). Based on this mild stress scenario the impact on ING Bank’s earnings, revaluation reserve and RWA is calculated (which are labelled as earnings-at-risk, revaluation reserve-at-risk and RWA-at-risk). These stressed figures are used as input for a two-year simulation which depicts the developments of ING Bank’s solvency level versus its risk appetite. Liquidity and funding risk have two dimensions—where liquidity focuses on having a sufficient buffer to cope with the short-term situation, managing the funding profile ensures long-term compliance to both internal and external targets. Managing liquidity and funding risk focuses on both ‘business as usual’ (based on the run-off profile to show the stickiness of deposits combined with the run-off of assets without new production) and a stressed situation. There we define liquidity risk as the time to survive a specific scenario, while for funding risk, we focus on the maximum funding gap allowed. The concentration and event risk appetite set at ING Bank level are directly translated into corresponding limits in the underlying credit, market and liquidity and funding risk appetite statements. Source: ING Bank Annual Report 2012 Chapter-02.indd 49 11/26/2015 9:44:33 AM 50 Risk Management in Banking: Principles and Framework Real World Illustration ING Bank NV Risk Appetite Statement (Non-Financial Risks) Non-financial risks To ensure robust non-financial risk management, ING Bank monitors the implementation of ING Bank’s Risk Policies and Minimum Standards. Business units have to demonstrate that appropriate steps have been taken to control their operational, compliance and legal risks. ING Bank applies Key Control testing scorecards to measure the quality of the internal controls within a business unit, which are based on the ability to demonstrate that the required risk management processes are in place and effective within the business units. Key Control testing forms one of the inputs of the Non-Financial Risk Dashboard (NFRD) which is a report that is a fixed item on the agenda for the meetings of the MBB and the Risk Committee. NFRD provides management at all organisational levels with information on their key operational, compliance and legal risks. NFRD is based on their risk tolerance within their business and a clear description of the risks and responses enabling management to prioritize and to manage operational, compliance and legal risks. Source: ING Bank Annual Report 2012 Risk limits are quantitative measures based on forward-looking assumptions that allocate the financial institution’s aggregate risk appetite statement to business lines, legal entities as relevant, specific risk categories, concentrations and other levels as deemed appropriate. Some of the considerations in setting risk limits are as follows: mm Risk limits should be set at a level to constrain risk-taking within the approved risk appetite, taking into account the interest of customers and shareholders as well as capital and other regulatory requirements, in the event that a risk limit is breached and the likelihood that each material risk is realized. mm Risk limits should be established for business lines and legal entities, and generally expressed relative to: –– Earnings –– Capital –– Liquidity –– Other relevant measures, e.g. growth and liquidity mm Risk limits should include material concentrations at the institution or group-wide, business line and legal entity levels. Examples of the breakdown of material risk concentrations are: –– By counterparty –– By industry –– By country/region –– By collateral type –– By product mm Risk limits should not be strictly based on comparison to peers or default to regulatory limits. mm Risk limits should not be overly complicated, ambiguous or subjective. mm Risk limits should be monitored regularly. Chapter-02.indd 50 11/26/2015 9:44:33 AM 51 Chapter 2 Risk Management Principles and Framework The following is an example of how risk limits are cascaded into statements per risk type and per business: Real World Illustration ING Bank NV Risk Limits The Bank Risk Appetite is translated per risk type, which is further cascaded down through the organization to the lowest level needed. The risk appetite statements are then translated into dedicated underlying risk limits which are used for day-to-day monitoring and management of ING Bank’s risks. For financial risks a sequence of different risk appetite frameworks are implemented to address the most significant risks. This implies that a whole framework of credit risk limits is in place that monitors the overall quality of the ING Bank credit portfolio, but also of all the underlying portfolios. In addition, specific concentration risk appetites are defined on product level, geographic level and (single name) counterparty level which are cascaded down into the organization. For market risk, the risk appetite for the trading book activities within Financial Markets is accompanied by a risk appetite framework for market risks in the banking books. For both types of market risk, limits at bank level are translated down into the organization. The liquidity and funding risk appetite statements that are defined on ING Bank level are translated down into the organization, taking the liquidity and funding specific situation of each (solo) unit into account. The non-financial risk appetite framework that is described under the previous step is cascaded down within the organization without any need to make specific adjustments for each of the reporting solo entity. Source: ING Bank Annual Report 2012 Table 2.3 Roles and Responsibilities in Risk Appetite Setting Roles and Responsibilities in Setting the Risk Appetite Framework Chapter-02.indd 51 Board of directors The board of directors is primarily responsible for approving the banking organization’s risk appetite framework. It is also responsible for holding senior management accountable for the integrity of the risk appetite framework. The board should conduct periodic high-level review of actual versus approved limits. Any breaches should be dealt with accordingly. Chief executive officer The chief executive officer (CEO) is responsible for establishing the risk appetite for the banking organization. He/She is also responsible for translating the risk appetite into risk limits for business lines and legal entities. The CEO is accountable, together with the rest of the senior management team, for the integrity of the risk appetite framework and for ensuring that the risk appetite framework is implemented throughout the organization. Chief risk officer The chief risk officer (CRO) provides relevant inputs to the CEO in developing the organization’s risk appetite. He/She is responsible for actively monitoring the organization’s risk profile relative to its risk appetite, strategy, business and capital plans, risk capacity and compensating programme. The CRO is responsible for independently monitoring the business line and legal entity risk limits against the bank’s aggregate risk profile to ensure that it is aligned with the bank’s risk appetite. He/She is also responsible for establishing a process for reporting on risk and on alignment of risk appetite and risk profile with the organization’s culture. 11/26/2015 9:44:33 AM 52 Risk Management in Banking: Principles and Framework Roles and Responsibilities in Setting the Risk Appetite Framework Chief financial officer The chief financial officer (CFO) provides relevant inputs to the CEO in developing the risk appetite of the bank, particularly in the area of integrating risk appetite into the organization’s compensation and decision-making processes. The CFO works with the CRO and CEO to ensure that breaches in risk limits and material risk exposures that could endanger the organization’s financial condition are reported in a timely manner. Business line leaders and legal entity-level management Business line leaders and legal entity-level management cascade the risk appetite statement and risk limits into their activities. They should establish and ensure adherence to approved risk limits. They are also responsible for implementing controls to effectively monitor and report risk limits adherence. Internal audit Internal audit is responsible for independently assessing the integrity, design and effectiveness of the organization’s risk appetite framework. Risk culture The Institute of International Finance (IIF) defines risk culture broadly as ‘the norms and traditions of behaviour of individuals and of groups in an organization that determine the way they identify, understand, discuss and act on the risks the organization confronts and the risk it takes’. This definition implies that risk culture influences decisions at all levels in the organization. The Institute of Risk Management (IRM) defines risk culture as ‘the values, beliefs, knowledge and understanding about risk shared by a group of people with a common purpose, in particular the employees of an organization or of teams or groups within an organization’. Many considered the lack of a sound risk culture as one of the root causes of the global financial crisis. Many banks encouraged excessive risk-taking behaviours that have impacted the banks in various ways, from damaging their reputation to incurring huge legal fines to exposing their banks to the threat of collapse. Some banks continued to build up risk before the onset of the 2008 financial crisis without considering the implications of a potential blowup. The Financial Stability Board (FSB) issued a consultative document entitled Guidance on Supervisory Interaction with Financial Institutions on Risk Culture to help understand and assess an institution’s risk culture and whether it supports appropriate behaviours and judgements within a risk governance framework. Elements of a sound risk culture There are four elements of a sound risk culture—tone from the top, accountability, effective communication and challenge, and incentives. mm Tone from the top Key Points: –– The board of directors and senior management are the starting point for setting a bank’s risk culture and promoting appropriate risk-taking behaviours, which must reflect the values being espoused. –– It is a necessary but not a sufficient condition for promoting sound risk management. –– Non-executive directors can play an important role in bringing experience from other industries where behaviours and practices generally require a sound risk culture. Examples of these industries are health-care, power and nuclear energy. These nonexecutive directors may offer a fresh perspective on the bank’s risk culture. Chapter-02.indd 52 11/26/2015 9:44:34 AM 53 Chapter 2 Risk Management Principles and Framework Real World Illustration Nuclear Safety Culture Nuclear safety culture is the core values and behaviours resulting from a collective commitment by leaders and individuals to emphasize safety over competing goals to ensure protection of people and the environment. Below are the principles of a sound nuclear safety culture: 1. Everyone is personally responsible for nuclear safety. 2. Leaders demonstrate commitment to safety. 3. Trust permeates the organization. 4. Decision-making reflects safety first. 5. Nuclear technology is recognized as special and unique. 6. A questioning attitude is cultivated. 7. Organizational learning is embraced. 8. Nuclear safety undergoes constant examination. Source: Institute of Nuclear Power Operations –– The board of directors and senior management should clearly: §§ articulate the underlying values that support the desired risk culture and behaviours; §§ recognize, promote and reward behaviour that reflects the stated risk culture and its core values; and §§ systematically monitor and assess the actual culture. Table 2.4 Indicators of tone from the top Indicators of Tone from the Top (adapted from the General Supervisory Guidance section of the Guidance on Supervisory Interaction with Financial Institutions on Risk Culture by the Financial Stability Board (FSB), 7 April 2014) Chapter-02.indd 53 Leading by example The board of directors and senior management should: establish, monitor and adhere to an effective risk appetite statement have a clear view of the risk culture systematically monitor and assess the prevailing risk culture and proactively address any identified areas of weakness or concern promote through action and words a risk culture that expects integrity and a sound approach to risk promote an open exchange of views, challenge and debate have mechanisms in place which help lessen the influence of dominant personalities and behaviours. Espoused values The board of directors and senior management should: systematically monitor and assess whether the espoused values are communicated and adhered to by management and staff at all levels ensure that the risk appetite statement, risk management strategy and overall business strategy are clearly understood and embraced by management and staff at all levels and effectively embedded in the decision-making and operations of the business establish a compensation structure that supports the institution’s espoused values and promotes prudent risk-taking behaviour. 11/26/2015 9:44:34 AM 54 Risk Management in Banking: Principles and Framework Indicators of Tone from the Top (adapted from the General Supervisory Guidance section of the Guidance on Supervisory Interaction with Financial Institutions on Risk Culture by the Financial Stability Board (FSB), 7 April 2014) Common understanding and awareness of risk The board of directors and senior management should: demonstrate a clear understanding of the quality and consistency of decisionmaking throughout the business, including how decision-making is consistent with the bank’s risk appetite and risk strategy have a clear view on the business lines considered to pose the greatest challenges to risk management and these are subject to constructive and credible challenge about the risk-return balance systematically monitor how quickly issues raised by the board, supervisors, internal audit, and other control functions are addressed by management. Learning from risk culture failures The board of directors and senior management should: establish processes to ensure that failures or near failures in risk culture are reviewed at all levels of the bank and are seen as opportunities to strengthen the bank’s risk culture and make it more robust. mm Accountability Key Points: –– The board of directors and senior management should establish a policy of risk ownership where employees are held accountable for their actions and are aware of the consequences of not adhering to the desired behaviour toward risk. –– There should be a clear delineation of responsibilities with regard to monitoring, identification, management and mitigation of risk. –– Employees at all levels should understand the core values of the bank’s risk culture and its approach to risk, be capable of performing their prescribed roles, and be aware that they are held accountable for their actions in relation to the bank’s risktaking behaviour. Table 2.5 Indicators of accountability Indicators of Accountability (adapted from the General Supervisory Guidance section of the Guidance on Supervisory Interaction with Financial Institutions on Risk Culture by the Financial Stability Board (FSB), 7 April 2014) Chapter-02.indd 54 Risk ownership Clear expectations should be set with respect to monitoring, reporting and responding to current and emerging risk information across the institution, including from the lines of business and risk management to the board and senior management. Mechanisms should be in place for the lines of business to share information on emerging and unexpected risks. Employees are held accountable for their actions and are aware of the consequences for not adhering to the desired risk management behaviour. Escalation process Escalation processes should be established and used with clear consequence for non-compliance with risk policies and escalation procedures. Employees should be aware of the process and believe that the environment is open to critical challenge and dissent. These mechanisms should be established for employees to raise concerns when they feel discomfort about products or practices. Whistleblowing should be proactively encouraged and supported by the board and senior management. Enforcement Consequences should be clearly established, articulated and applied for the business lines or individuals who engaged in excessive risk-taking relative to the risk appetite statement. Breaches in internal policies, procedures and risk limits and nonadherence to internal code of conducts should impact an individual’s compensation and responsibilities or affect career progression including termination. 11/26/2015 9:44:34 AM 55 Chapter 2 Risk Management Principles and Framework mm Effective communication and challenge Key Points: –– A sound risk culture promotes an environment of effective communication and challenge in which decision-making processes promote a range of views, allow for testing of current practices and stimulate a positive, critical attitude among employees and an environment of open and constructive engagement. –– A sound risk culture must encourage transparency and open dialogue in order to promote the identification and escalation of risk issues. Board Management Staff Figure 2.8 Open dialogue in effective communication and challenge Table 2.6 Indicators of effective communication and challenge Indicators of Effective Communication and Challenge (adapted from the General Supervisory Guidance section of the Guidance on Supervisory Interaction with Financial Institutions on Risk Culture by the Financial Stability Board (FSB), 7 April 2014) Open to dissent Alternate views or questions from individuals and groups are encouraged, valued and respected and occur in practice. Senior management should have mechanisms in place to ensure that alternate views can be expressed in practice, and should request regular assessments of the openness to dissent at all layers of management involved in the decision-making process. Stature of risk management The chief risk officer and the risk management function share the same stature as the lines of businesses, actively participating in senior management committees and proactively involved in all the relevant risk decisions and activities. They should have appropriate access to the board and senior management. Compliance, legal and other control functions should have sufficient stature not only to act as advisors but also to effectively exert control tasks with respect to the institution’s risk culture. mm Incentives Key Points: –– Financial and non-financial incentives should support the core values and risk culture at all levels of the financial institution. –– Performance and talent management should encourage and reinforce maintenance of the institution’s desired risk management behaviour. –– Remuneration systems should reward servicing the greater, long-term interest of the bank and its clients. –– Risk management and compliance considerations should have sufficient status in driving compensation, promotion, hiring and performance evaluation. Chapter-02.indd 55 11/26/2015 9:44:34 AM 56 Risk Management in Banking: Principles and Framework Table 2.7 Indicators of incentives Indicators of Incentives (adapted from the General Supervisory Guidance section of the Guidance on Supervisory Interaction with Financial Institutions on Risk Culture by the Financial Stability Board (FSB), 7 April 2014) Remuneration and performance Remuneration and performance metrics should consistently support and drive the bank’s desired risk-taking behaviour, risk appetite and risk culture. Annual performance reviews and objective-setting processes include steps taken by the individual to promote the bank’s desired core values, compliance with policies and procedures, internal audit results and supervisory findings. Incentive compensation programmes systematically include individual and group adherence to the bank’s core values and risk culture, including: mm treatment of clients, mm cooperation with internal control functions and regulators, mm respect for risk exposure limits, and mm alignment between performance and risk. Talent development and succession planning Understanding key risks and essential elements of risk management and the culture of the organization is a critical skill for senior employees. These should be reflected in the development plans for employees. Succession planning processes for key management positions include risk management experience and not only revenue-based accomplishments. Training programmes are available for all staff to develop risk management competencies. Risk management policy A risk management policy is a statement of an organization’s overall intentions and direction with respect to risk management. The risk management policy should clearly state the objectives for, and commitment to, risk management. ISO 31000 discusses the following issues that must be addressed in the risk management policy: The organization’s rationale for managing risk Links between the organization’s objectives and policies and the risk management policy Accountabilities and responsibilities for managing risk The way in which conflicts of interest are dealt with Commitment to make the necessary resources available to assist those accountable and responsible for managing risk The way in which risk management performance will be measured and reported Commitment to review and improve the risk management policy and framework periodically and in response to an event or change in circumstances. Risk management organization While a unit is mandated to carry out the risk management function, risk management is the responsibility of everyone in the organization. Everyone has a risk management role to play. The International Finance Corporation (IFC) manual on Standards on Risk Governance for Financial Institutions enumerates the different roles of those within the banking organization, who are directly or indirectly involved in risk management. It proposes a vertical structure descending from the board of directors to the board risk committee, the chief executive Chapter-02.indd 56 11/26/2015 9:44:34 AM 57 Chapter 2 Risk Management Principles and Framework officer and the chief risk officer, the risk management committee up to the dedicated risk management function. Board of Directors Executive Management Risk Committee Management Risk Committee (e.g. ALCO, Credit Committee, or Committee, etc.) Information reporting Oversight BoD RM Committee Lines of Business Risk Committees Business Units—Risk Origination Figure 2.9 Vertical risk management organizational structure by the IFC Board of directors (BoD) mm Sets policies, strategies and objectives and oversees the executive function. mm Sets the risk appetite and ensure that it is reflected in the business strategy and cascaded throughout the organization. mm Establishes and oversees an effective risk governance and organizational structure. Board risk committee mm The board risk committee is a dedicated board-level committee mandated by the BoD to perform a more focused risk oversight function. It is responsible for: –– making recommendations on risk appetite; –– reviewing periodically the bank’s risk profile; –– reviewing strategic decisions from a risk perspective; –– reviewing periodically the risk management and internal controls framework relative to the bank’s risk profile; –– approving risk policies, limits and delegations; –– considering key risk issues brought up by management or requesting information about risk issues; and –– reviewing and recommending for BoD’s approval key policy statements required by the regulators. mm The board risk committee guides the process of risk appetite setting and ensures that risk issues are given sufficient weight in deliberations by the BoD. mm The committee ensures that reporting is adequate to properly inform board decisions, and the decisions are properly communicated and understood at the executive level. mm The committee ensures that key users of risk information are given a complete picture and adequate interpretation of the bank’s risk profile. Chapter-02.indd 57 11/26/2015 9:44:34 AM 58 Risk Management in Banking: Principles and Framework Chief risk officer mm The chief risk officer (CRO) has the broad and exclusive responsibility for all risk issues. The CRO performs the most critical executive function relating to risk management. mm The CRO should have direct access to the board risk committee, both to present information and risk issues. mm The CRO should be a member of the bank’s executive/management board, reporting to either the CEO or the BoD. mm The CRO should be able to adequately communicate the risk assessment to the BoD and facilitate sound board-level risk decisions. mm The CRO should have sufficient technical expertise to understand the intricacies of the bank’s risk exposures. Real World Illustration Board Risk Committees—Risk Governance Structure HSBC Below is HSBC’s risk governance structure. Note the various board-level committees responsible for risk or risk-related matters. Authority Board Governance Risk Committee (GRC) Financial System Vulnerabilities Committee Risk Management Meeting of the Global Management Board (GMB) Chapter-02.indd 58 Governance Structure for the Management of Risk Membership Responsibilities Executive and • Approves risk appetite, strategy and non-executive Directors performance targets for the Group • Approves appointment of senior risk officers • Delegates authority for risk management • Encourages a strong risk governance culture which shapes the Group’s attitude to risk Independent non-executive • Advises the Board on: Directors − risk appetite and alignment with strategy − alignment of remuneration with risk appetite (through advice to the Group Remuneration Committee) − risks associated with proposed strategic acquisitions and disposals • Reviews the effectiveness of the Group’s systems of risk management and internal controls (other than over financial reporting) • Oversees the maintenance and development of a supportive culture in relation to the management of risk Executive Directors and • Oversees controls and procedures designed to co-opted non-director identify areas of exposure to financial crime or members system abuse • Oversees matters relating to anti-money laundering, sanctions, terrorist financing and proliferation financing • Reviews policies and procedures to ensure continuing obligations to regulatory and law enforcement agencies are met Group Chief Risk Officer • Formulates high-level global risk policy Group Chief Legal Officer • Exercises delegated risk management authority Group Chief Executive • Oversees implementation of risk appetite and Group Finance Director controls All other Group Managing • Monitors all categories of risk and determines Directors appropriate mitigating action • Promotes a supportive Group culture in relation to risk management 11/26/2015 9:44:34 AM 59 Chapter 2 Risk Management Principles and Framework Authority Global Standards Steering Meeting of the GMB Global Risk Management Board Subsidiary board committees responsible for risk-related matters and global business risk committees Membership Group Chief Risk Officer Group Chief Legal Officer Group Chief Executive Group Finance Director All other Group Managing Directors Group Chief Risk Officer Chief Risk Officers of HSBC’s global businesses and regions Heads of risk areas within the Global Risk Function Responsibilities • Develops and implements global standards reflecting best practices which must be adopted and adhered to throughout the Group • Oversees initiatives to ensure our conduct matches our values • Supports the Risk Management Meeting and the Group Chief Risk Officer in providing strategic direction for the Global Risk function, sets priorities and oversees their execution • Oversees consistent approach to accountability for, and mitigation of, risk across the Global Risk function Independent non-executive • Provides certification to the GRC or Directors and/or other intermediate risk committee on risk-related independent members, as matters and internal controls (other than over appropriate financial reporting) of relevant subsidiaries or businesses, as appropriate Source: HSBC Annual Report 2012 Risk management function mm mm mm Chapter-02.indd 59 The risk management function is an independent function reporting directly to the CRO with a comprehensive mandate covering all risk types and business lines. It is a dedicated function with the primary responsibility, together with the different business lines, for assessment and control of market, credit, liquidity and operational risk. Further functional specialization is also done to create units for risk methodology, model, reporting, policy and technology. The responsibilities of the risk management function are: –– Collects and analyzes information for risk assessment; –– Researches and implements externally- or internally-developed risk measurement methodologies, including rating systems; –– Estimates risk levels with its available methodologies; –– Estimates economic capital; –– Prepares proposals and analysis to assist the risk committee in developing risk policies and setting risk limits; –– Monitors risk pricing, rate setting, provisioning and hedging activities; –– Contributes to measuring profitabilty by developing, testing or approving riskadjusted return measures and methodologies; –– Approves risk-taking activities of significant impact within the established framework of risk limits; –– Makes recommendations to various committees regarding approvals of new products that fall outside the established framework of risk limits; –– Supports the board risk committee with routine reports and other information and analysis; 11/26/2015 9:44:34 AM 60 Risk Management in Banking: Principles and Framework –– Monitors compliance with limits and policies and reports on all exposures on a regular basis; –– Participates in identifying and managing problem exposures, including problem loans; –– Educates all departments, risk-related committees and management bodies about risk; –– Communicates risks to senior management and all relevant departments; –– Contributes risk analysis required in strategy setting and determining risk appetite; and –– Organizes regular meetings to discuss reports and issues relating to exposures, risks, profits and losses, past and planned activities. Business units—risk origination: ‘three lines of defence’ model In structuring their risk governance organizational structure, banks often rely on the ‘three lines of defence’ model. This model recognizes that everyone in an organization has a responsibility to play a risk management role. The three lines of defence model puts risk ownership across the three levels in the bank—the business lines, risk management function and internal audit. 1st Line • Business Line 2nd Line • Risk Management Function 3rd Line • Internal Audit Figure 2.10 Three lines of defence model in risk management The first line of defence is the risk-originating units of the bank, which are the business lines. They originate products and activities which are the sources of risks. They are, therefore, in a best position to address risk issues at the onset. Business lines are expected to embed the risk management framework and sound risk management practices into their respective standard operating procedures. Business lines are accountable and responsible for monitoring risk management performance in operation. They must, therefore, adhere to all applicable policies, procedures and processes established by the risk management function. The second line of defence is the risk management function. It is responsible for developing and implementing the risk management framework. It ensures that the risk management framework covers all risks to which the bank is exposed to. It exercises approval authority in accordance with delegated authorities. The third line of defence is internal audit. Internal audit reviews effectiveness of risk management practices. It confirms the level of compliance, recommends improvements and enforces corrective actions where necessary. Chapter-02.indd 60 11/26/2015 9:44:34 AM 61 Chapter 2 Risk Management Principles and Framework The case study below is a sample risk management structure from a global commercial bank. Supervisory Board Audit Committee Risk Committee Management Board Bank CRO Bank Finance and Risk Committee Risk Committees Internal Audit SB Level Executive Level 2-tier board structure CASE STUDY: ING Bank Risk Governance Structure Walkthrough GCC(P) GCC(TA) ALCO Bank Regional and BU Level Non-Financial Risk Committee Local and Regional Risk Committees BU Line Management Regional and Local Managers 1st line of defence Bank Risk Management Function Regional and BU Risk Managers 2nd line of defence 3rd line of defence Figure 2.11 The three lines of defence structure in ING Bank The framework in Figure 2.12 shows a comprehensive risk governance structure that follows the ‘three lines of defence’ model. Business unit (BU) line management, regional and local managers serve as the first line of defence, being the risk originating units. The second line of defence is the risk management function which is headed by the chief risk officer. The CRO steers a functional, independent risk organization both at the bank and regional/local levels. The third line of defence is the internal audit function, which provides an on-going independent and objective assessment of the effectiveness of internal controls of the first two lines. Chapter-02.indd 61 11/26/2015 9:44:34 AM 62 Risk Management in Banking: Principles and Framework SB Level 2-tier board structure Board level oversight Supervisory Board Audit Committee Risk Committee Management Board Bank CRO Figure 2.12 ING Bank’s two-tier board structure ING Bank has a two-tiered board structure: mm Supervisory Board is responsible for supervising the policy of the Management Board Bank and the bank’s general course of affairs and its business. The Supervisory Board is assisted by two committees: –– Audit Committee assists in reviewing and assessing ING Bank’s major risk exposures and the operation of internal risk management and control systems, as well as policies and procedures on compliance with applicable laws and regulations. –– Risk Committee advises on matters relating to risk governance, risk policies and risk appetite setting. mm Management Board Bank is responsible for managing risks associated with the bank’s activities. Its responsibilities include ensuring internal risk management and control systems are effective and that the bank complies with relevant laws and regulations. Role of the chief risk officer The chief risk officer (CRO) ensures that the board is well informed and understand ING Bank’s risk position at all times. He/She regularly reports on the bank’s risk appetite levels and actual risk profile. The CRO also briefs the committees on developments in internal and external risk-related issues and ensures that board committees understand specific risk concepts. In addition, the CRO is responsible for the management and control of risk at the consolidated level to ensure that the bank’s risk profile is consistent with its financial resources and risk appetite. Lastly, he/she is also repsonsible for maintaining a robust organizational basis for risk management. Executive Level Executive level Bank Finance and Risk Committee Risk Committees GCC(P) GCC(TA) ALCO Bank Non-Financial Risk Committee Figure 2.13 The executive-level risk committees at ING Bank Chapter-02.indd 62 11/26/2015 9:44:34 AM 63 Chapter 2 Risk Management Principles and Framework The Executive Level Bank Finance and Risk Committee is a platform for the CRO and CFO to discuss and decide on issues pertaining to finance and risk. It coordinates, at a high level, the finance and risk decisions that impact internal and/or external reporting. There are four executive-level risk committees: mm Credit Committee—Policy Responsible for discussing and approving policies, methodologies and procedures relating to country, credit and reputation risks within the bank. mm Credit Committee—Transaction Approval Discusses and approves transactions, which entail taking credit risk. mm Asset and Liability Committee Responsible for approving the overall profile of the bank’s market risks. It defines policies regarding funding, liquidity, interest rate mismatch and solvency. mm Non-Financial Risk Committee (NFRC) Responsible for the design and maintenance of the risk management framework, including the operational risk management, compliance and legal policies, minimum standards, policies and guidelines, the NFRC structure and development of tools, methods and key parameters for risk identification, measurement and monitoring/ reporting. Risk management function mm The CRO bears overall responsibility for the risk management function. mm There are three risk departments—Market, Credit and Non-financial Risk—which bear direct responsibility for risk decisions at the bank level. mm In addition, there are two departments that report to the CRO: –– Risk Integration and Analytics—Responsible for inter-risk aggregation processes and for providing bank-wide risk information to the CRO and the Management Board Bank. –– Model Validation—Carries out periodic validation of all material risk models used by the bank. This department reports directly to the CRO to ensure independence. CONCLUSION In this chapter, we have discussed the objectives of risk management. We have introduced the three elements of a sound risk management infrastructure, namely principles, framework and process. We discussed the 11 principles for effective risk management. We also covered in detail, the different elements of a sound risk management framework—risk governance, risk appetite, risk culture, risk management policy and the risk organization. In the next chapter, we will discuss the third element of a sound risk management infrastructure—the risk management process. Chapter-02.indd 63 11/26/2015 9:44:34 AM Chapter-02.indd 64 11/26/2015 9:44:35 AM C 3 P HA TE R RISK MANAGEMENT PROCESS In the previous chapter, the overall risk management infrastructure including the principles, framework and process were briefly introduced. It began with a discussion of the objectives of risk management and the principles that underlie effective risk management practices. We also discussed the risk management framework, which provides the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization. This chapter discusses the third component of the overall risk management infrastructure—the risk management process. It begins with a general overview of the risk management process, followed by a detailed discussion on the risk management process of establishing the context, risk assessment and risk mitigation. As with the previous chapter, the materials in this chapter are substantially taken or adapted from ISO 31000: Risk Management—Principles and Guidelines (2009). Chapter-03.indd 65 11/26/2015 9:45:22 AM 66 Risk Management in Banking: Principles and Framework Risk Management Process Overview of Risk Management Process Communication and Consultation Establishing the Context Risk Assessment Risk Treatment Risk Monitoring and Review Qualities of Sound Risk Management Process Establishing the External Context Risk Identification Avoid Risk Risk Management Activities Establishing the Internal Context Risk Analysis Take or Increase Risk Establishing the Risk Management Process Context Risk Evaluation Remove the Risk Source Risk Criteria Change Likelihood Change Consequences Share the Risk Risk Retention Figure 3.1 Diagrammatic outline of this chapter’s topics LEARNING OUTCOME At the end of this chapter, you are expected to be able to: ENUMERATE the different activities in the risk management process LEARNING OBJECTIVES At the end of this chapter, you will be able to: DISCUSS the general risk management process and the different activities in the process DISCUSS the importance of the communication and consultation process EXPLAIN the importance of establishing the context of the risk management process DISCUSS the different activities under the risk assessment process ENUMERATE the different risk treatment options DESCRIBE the risk monitoring and review process Chapter-03.indd 66 11/26/2015 9:45:23 AM 67 Chapter 3 Risk Management Process 3.1 OVERVIEW OF RISK MANAGEMENT PROCESS LEARNING OBJECTIVE 3.1 DISCUSS the general risk management process and the different activities in the process ISO 31000 defines the risk management process as the: ‘Systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analyzing, evaluating, treating, monitoring and reviewing risk.’ Risk Management Communicating and Consulting Establishing the Context Risk Assessment Risk Treatment Risk Monitoring and Review Figure 3.2 Key activities of the risk management process 3.1.1 Qualities of a Sound Risk Management Process In order for the risk management process to be effective, it should contain the following qualities: The process should be an integral part of management For the risk management process to be effective, it should form part of the management decision-making process. A risk management process that is divorced and separated from the management decision-making process will have limited ability to influence the likelihood that the banking organization will be able to achieve its risk management objectives. The process should be embedded in the organizational culture and practices Given the complexity of banking organizations, the risk management process can only be effective if it is deeply embedded in all the underlying business activities of these institutions. The risk management process, regardless of its sophisticated design, will not be effective unless it forms part of an organization’s culture and practices. Risk culture involves an organization’s collective behaviours and attitudes toward risks. Chapter-03.indd 67 11/26/2015 9:45:23 AM 68 Risk Management in Banking: Principles and Framework The Financial Stability Board (FSB) emphasizes the important role that risk culture plays in influencing the actions and decisions taken by individuals within the institution and in shaping an institution’s attitude toward its stakeholders. The process should be tailored to the organization’s business processes There is no risk management process template that can be imposed on any one banking organization. The process should fit the unique circumstances of the individual bank. However, the process should meet the minimum standards required by regulations and international standards. 3.1.2 Risk Management Activities The risk management process comprises different and distinct activities. Each activity has a specific objective and role. The following sections will focus on each of the risk management activities in detail. These activities are: Communication and consultation Establishing the context Risk assessment Risk treatment Monitoring and review 3.2 COMMUNICATION AND CONSULTATION LEARNING OBJECTIVE 3.2 DISCUSS the importance of the communication and consultation process For risk management to be effective, communication and consultation with all key external and internal stakeholders should take place during all stages of the risk management process. Communication and consultation is a continuous and iterative dialogue between the banking organization and its stakeholders regarding risk management. Communication is a two-way process that involves sharing information about the risk management process. It is a process that the banking organization conducts to provide, share or obtain information and to engage in dialogues with its stakeholders regarding risk management. Organization Stakeholders Figure 3.3 Two-way communication between the bank and its stakeholders Chapter-03.indd 68 11/26/2015 9:45:23 AM 69 Chapter 3 Risk Management Process Consultation is a two-way process of informed communication between the organization and its stakeholders on an issue prior to making a decision or determining a direction on that issue. Communication and consultation ensures that the interests of different stakeholders are understood and considered. This process is important as stakeholders make judgements on risk based on their perceptions of the risk. The different perceptions of risk can significantly impact the decisions and choices made by the banking organization. The different risk perceptions of different stakeholders can be illustrated by the story of the six blind men and the elephant. As the story goes, there are six blind men who have never seen an elephant all their lives. One day, they got a chance to touch and feel an elephant. After that, they argued strongly over what the elephant looks like. Blind man 1: The elephant looks like a rope—after touching the tail Blind man 2: The elephant looks like a wall—after touching the body Blind man 3: The elephant looks like a spear—after touching a tusk Blind man 4: The elephant looks like a tree branch—after touching the trunk Blind man 5: The elephant looks like a pillar—after touching a leg Blind man 6: The elephant looks like a hand fan—after touching an ear fan wall rope spear pillar branch Figure 3.4 The six blind men and the elephant Who among the blind men is correct? Clearly, no single person is correct! In the same manner, risks are viewed differently by different stakeholders. This is why it is important for the banking organization to conduct an extensive communication and consultation process to ensure that all the different perspectives of the stakeholders are adequately considered in developing the risk management infrastructure. Communication and consultation with different stakeholders also helps to bring different expertise together for analyzing risks and designing risk treatment strategies. Communication and consultation should be done continuously for all phases of risk management. This helps ensure adequacy and appropriateness of each phase of the risk management activities. Chapter-03.indd 69 11/26/2015 9:45:24 AM 70 Risk Management in Banking: Principles and Framework Establishing the Context Communication and Consultation Monitoring and Review Risk Assessment Risk Treatment Figure 3.5 Continuous communication and consultation 3.3 ESTABLISHING THE CONTEXT LEARNING OBJECTIVE 3.3 EXPLAIN the importance of establishing the context of the risk management process In this phase, the banking organization articulates its risk management objectives in a more detailed manner compared to the risk management framework design process. Establishing the context is an important prerequisite before the banking organization can perform the risk assessment in an adequate and effective manner. In other words, it allows the organization to: consider the internal and external factors that must be considered in the risk assessment phase; establish the scope of the risk management process; and define the risk criteria for analyzing and assessing risks. (a) External context—is the external environment in which the organization seeks to achieve its objectives. (b) Internal context—is the internal environment in which the organization seeks to achieve its objectives. (c) Risk management process context—includes the objectives, strategies, scopes and parameters of the organization’s activities or those parts of the organization where the risk management process is being applied. Chapter-03.indd 70 11/26/2015 9:45:24 AM 71 Chapter 3 Risk Management Process (d) Risk criteria—refers to the terms of reference against which the significance of risk is evaluated. 3.3.1 Establishing the External Context External context is the external environment in which the organization seeks to achieve its objectives. Establishing the external context helps to ensure that the objectives and concerns of external stakeholders are considered when developing the risk criteria. The external context includes: Cultural, social, political, legal, regulatory, financial, technological, economic, natural and competitive environment Key drivers and trends having impacts on the organization’s objectives Relationships with, and perceptions and values of, external stakeholders The risks the banking organization faces are, to a certain extent, influenced by external events. The bank should identify and examine these events to ensure that the risk management process adequately and appropriately captures these external factors. An example, which is of foremost relevance to ASEAN banks, is the planned regional integration. If it pushes through as planned, the ASEAN Economic Community (AEC) will be an external factor that could affect risk management decisions of many banking organizations. Towards this end, banking organizations must be prepared to seize the opportunities and to manage the risks of this event. Technological development is another example with potential effects on the banking industry. For example, crowdfunding—the raising of funds from a large number of people via the internet and social media—can potentially disrupt the business of commercial and investment banking. Another important technological development is the emergence and rising popularity of digital currencies, such as the bitcoin. Banks should, therefore, consider all crucial external developments or events in the risk management process. 3.3.2 Establishing the Internal Context Internal context is the internal environment in which the organization seeks to achieve its objectives. Internal context is anything within the organization that can influence the way in which an organization undertakes risk. The internal context can include: Governance, organizational structure, roles and responsibilities Policies, objectives and the strategies that are in place to achieve them The capabilities of the banking organization as a whole, understood in terms of resources of knowledge Information systems, information flows and decision-making process—both formal and informal Relationships with, and perceptions and values of, internal stakeholders Organization’s culture Standards, guidelines and models adopted by the organization Form and extent of contractual relationships Chapter-03.indd 71 11/26/2015 9:45:24 AM 72 Risk Management in Banking: Principles and Framework Establishing internal context is important as it helps to ensure that the risk management parameters are appropriate given the unique circumstances of the banking organization. There is no one-size-fits-all risk management infrastructure for the organization. For risk management to be properly embedded in the risk culture and processes, the organization’s unique circumstances and capacity must be considered. 3.3.3 Establishing the Risk Management Process Context Establishing the risk management process context involves defining the objectives, strategies, scope and parameters of the bank’s activities, particularly with respect to the risk management process. Establishing the risk management process context typically involves: Defining the goals and objectives of risk management activities Defining responsibilities for and within the risk management process Defining the scope as well as the depth and breadth of the risk management activities to be carried out Defining the activity, process, function, project, product, service or asset in terms of time and location Defining the relationships between a particular project, process or activity and other projects, processes or activities of the organization Defining the risk assessment methodologies Defining the way performance and effectiveness is evaluated in managing risk Identifying and specifying the decisions that have to be made Identifying, scoping or framing the studies needed, their extent and objectives, and the resources required for such studies 3.3.4 Risk Criteria Risk criteria are the terms of reference against which the significance of a risk is evaluated. They allow a banking organization to clearly define the level of risk that the institution is willing to accept. The risk criteria are used as a framework for the organization to assess the significance of its risks. This will enable the bank to decide whether a certain risk level is acceptable, tolerable or unacceptable. Defining the risk criteria and the conditions, which will make risks acceptable, tolerable or unacceptable, will be a critical input for the banking organization to assess whether taking on the risk exposure is acceptable or not. The following should be considered when defining the risk criteria: Nature and types of causes and consequences that can occur, and how they will be measured How likelihood will be defined The timeframes or likelihoods and/or consequences How the level of risk is to be determined Views of stakeholders The level at which risk becomes acceptable or tolerable Whether combinations of multiple risks should be taken into account and, if so, how and which combinations should be considered Chapter-03.indd 72 11/26/2015 9:45:24 AM 73 Chapter 3 Risk Management Process 3.4 RISK ASSESSMENT LEARNING OBJECTIVE 3.4 DISCUSS the different activities under the risk assessment process Risk assessment refers to the overall process of: Risk identification Risk analysis Risk evaluation 3.4.1 Risk Identification Risk identification is the process of finding, recognizing and describing risks. It involves the identification of the following: Risk sources A risk source is an element which alone or in combination has the intrinsic potential to give rise to risk (ISO 31000). Example—Credit risk is one type of risk. A risk source is the banking organization’s lending activities, which have the potential to give rise to credit risk. Risk events and their causes A risk event is an occurrence or change of a particular set of circumstances. The event can be one or more occurrences, and can have several causes. It can also consist of something not happening. An event without consequences can also be referred to as a ‘near miss’, ‘incident’, ‘near hit’ or ‘close call’. Example—With respect to credit risk, an example of a risk event could be the default of a borrower or the deterioration of a counterparty’s creditworthiness. Consequences Risk consequence is the outcome of an event affecting objectives. The event can lead to a range of consequences, which can be certain or uncertain and can have positive or negative impact on the objectives. Example—One risk consequence of the deterioration of a counterparty’s creditworthiness is the potential adverse impact on the banking organization’s earnings or capital. The objective of risk identification is to generate a comprehensive list of risks that are based on specific events that might create, enhance, prevent, degrade, accelerate or delay the achievement of objectives. A comprehensive risk identification process is critical as any risk that is not identified at this stage may not be included in the risk analysis stage. All significant causes and consequences must be considered. Risk identification should also include examing the knock-on effects of particular consequences. These knock-on effects may include a large number of risk events and consequences that happen quickly in a series. Chapter-03.indd 73 11/26/2015 9:45:24 AM 74 Risk Management in Banking: Principles and Framework Real World Illustration Financial Contagion One of the examples of the importance of identifying knock-on effects of a risk event is financial contagion. Financial contagion generally refers to a risk event which initially affects only a few financial institutions or a particular geographic region, but eventually escalates into a crosscountry or cross-company transmission of monetary shocks. Some examples of knock-on effects of events: September 2008—The bankruptcy of Lehman Brothers sent shockwaves globally in equity markets from Asia to the United States. The Lehman shock eventually spilled over to other financial institutions, such as the US-based insurer American International Group (AIG). This event eventually erupted into one of the greatest financial meltdowns in history. July 1997—Thailand devalued its baht after the currency came under attack from speculators, and she requested the International Monetary Fund (IMF) for technical assistance. The Thai crisis sparked a chain of currency devaluation across other Southeast Asian economies, such as Malaysia, Indonesia and the Philippines. It also spread to South Korea, Hong Kong and China. 3.4.2 Risk Analysis Risk analysis is the process of comprehending the nature of risk and determining the level of risk. It involves developing an understanding of the risk. Risk analysis provides the basis for risk evaluation and decisions about how risks should be treated and on the most appropriate risk treatment strategies and methods. It also involves quantifying the magnitude of risk or combination of risks, expressed in terms of the combination of consequences and their likelihood. Risk analysis involves consideration of the: Causes and sources of risk Positive and negative consequences of risk Likelihood that those consequences can occur Factors that affect the consequences and likelihood Risk analysis should also consider the interdependence of different risks and their sources. It can be done in a qualitative, quantitative or a combination of qualitative and quantitative approaches. Consequences and their likelihood can be determined by: Modelling the possible outcomes of an event or set of events Extrapolating from experimental studies or from available data 3.4.3 Risk Evaluation Risk evaluation is the process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude are acceptable or tolerable. Chapter-03.indd 74 11/26/2015 9:45:24 AM 75 Chapter 3 Risk Management Process Risk Evaluation Risk Analysis Risk Criteria Figure 3.6 Comparing the results of risk analysis and risk criteria The purpose of risk evaluation is to assist in making decisions based on outcomes of the risk analysis—about which risks need treatment and the priority for risk treatment implementation. It involves comparing the level of risk quantified during the risk analysis process with established risk criteria. Figure 3.7 shows the possible decisions based on the outcomes of the risk analysis vis-à-vis the risk criteria. Urgent Do Something Not Urgent Do Nothing Risk Evaluation Do Further Analysis Figure 3.7 Decision-making under the risk evaluation process The decisions reached under the risk evaluation process should consider the following: Risk appetite and tolerance of the organization Risk criteria Legal, regulatory and other requirements 3.5 RISK TREATMENT LEARNING OBJECTIVE 3.5 ENUMERATE the different risk treatment options Risk treatment involves selecting one or more options for modifying risks, and implementing those options. It entails a cyclical process of assessing the risk treatment and deciding whether the residual risks—also referred to as retained risks—are tolerable or not. Residual risk is Chapter-03.indd 75 11/26/2015 9:45:24 AM 76 Risk Management in Banking: Principles and Framework the risk remaining after a risk treatment. If the residual risks are not tolerable, the banking organization may generate a new risk treatment, which will then be assessed for effectiveness. Figure 3.8 illustrates the risk treatment process. Risk treatment assessment Residual risk levels are tolerable Do nothing Residual risks are not tolerable Generate a new risk treatment Assess the effectiveness of the new treatment Figure 3.8 Cyclical process of risk treatment assessment Risk treatment varies widely. Figure 3.9 shows some of the common risk treatment options, which are not necessarily mutually exclusive. Share the Risk Retain Risk by Informed Decision Avoid Risk Risk Treatment Options Take or Increase Risk Remove the Risk Source Change the Likelihood Change the Consequences Figure 3.9 Risk treatment options 3.5.1 Avoid Risk One of the risk treatment options is to avoid the risk by deciding not to pursue or continue with the activity that generates the risk. In a highly innovative and globalized business environment, banking organizations are often presented with numerous business opportunities. However, the organization may find it prudent to forego those opportunities where the risks outweigh the potential benefits. Chapter-03.indd 76 11/26/2015 9:45:24 AM 77 Chapter 3 Risk Management Process Real World Illustration Banks Exit Commodity Trading on Regulatory Pressures Barclays, JPMorgan and Morgan Stanley announced measures to exit their physical commodity trading business as higher capital requirements and increased political and regulatory scrutiny have diminished profits and increased risk for the banks. Regulatory developments are expected to make owning physical commodities less practical for banks. Banks Avoid Virtual Currency Craze According to the Wall Street Journal, banks are cautious of dealing with virtual currency companies (e.g. bitcoin companies) on concerns that businesses could enter into difficulty with anti-money laundering laws or be involved in illegal activities, including market-making and derivatives trading, from deposit taking. But retail banks would still be allowed to carry out various risky trading activities, within limits set by supervisors. 3.5.2 Take or Increase Risk Another risk treatment option is to take or increase risk in order to pursue a business opportunity. This option can only be taken if the banking organization is confident that it has the ability, expertise and willingness to tolerate and manage the residual risk arising from the business opportunity that generates the specific risk. Real World Illustration Goldman Sachs Stands Firm as Banks Exit Commodity Trading Goldman Sachs, whose top three executives began their careers at the firm in the commodity trading unit, is poised to gain market share as pressure from regulators drives competitors to scale back. Its Chief Executive Officer, Lloyd C. Blankfein, said that the firm was committed to the commodity trading division. According to Paul Gulberg, an analyst at Portales Partners LLC, “keeping a complete ‘food chain’ of these businesses could continue giving Goldman Sachs informational advantage over competitors, which reduce their presence in certain aspects of the commodity business, predominantly physical.” Source: Bloomberg, 15 April 2014 3.5.3 Remove the Risk Source An alternative risk treatment option is to remove the risk source. An example of this is a risk treatment option called risk transfer—a strategy that involves the contractual shifting of risk from one party to another. While this approach effectively removes this type of risk from the banking organization, other types of risks may arise. An example is the purchase of insurance. It may remove the risk from the insured events but it exposes the organization to counterparty credit risk, i.e. the risk that the insurance provider will not be able to fulfil its commitments or obligations under the contract. Chapter-03.indd 77 11/26/2015 9:45:25 AM 78 Risk Management in Banking: Principles and Framework A popular risk transfer mechanism is the use of derivatives contract. Derivatives are financial instruments whose value depends on the performance of one or more underlying variable. Derivative contracts allow the efficient transfer of risk from one party to another. Real World Illustration Operational Risk Transfer Mechanisms Fidelity bond coverage or financial institution blanket bond instrument is an example of a risk transfer mechanism to transfer operational risk. This bond coverage protects the banking organization against losses from events such as fraudulent acts committed by employees, burglary, unexplained disappearances of property, counterfeiting and forgery. Directors’ and officers’ liability coverage provides indemnity against losses incurred by directors and officers. Property insurance protects the organization against losses from fire, theft, inclement weather, etc. Source: Operational Risk Transfer Across Financial Sectors, Basel Committee on Banking Supervision Joint Forum, August 2003 3.5.4 Change Likelihood Another risk treatment option is to reduce the chance of a risk event from happening. The likelihood of a risk event occurring can be reduced if more rigorous controls are in place. Preventive controls are designed to keep risk events from occurring. They decrease the likelihood of a particular risk event from happening. Table 3.1 Preventive controls to change the likelihood of risk events from happening Examples of Preventive Controls Impact on Likelihood of Risk Events Training on policies and procedures Lower likelihood of a risk event occurring as personnel are more aware of the policies and procedures Segregation of duties Lower likelihood of a risk event occurring due to more effective checks and balances Strict access authorizations Lower likelihood of a risk event occurring as unauthorized access may be less likely to happen Other examples of risk treatment options are standardization of business processes and automation of manual processes to minimize risks due to human errors. 3.5.5 Change Consequences Aside from reducing the likelihood of a risk event from happening, another approach is to reduce the consequence if the risk event occurs. An example of this risk treatment option is the requirement for the borrower to post securities or cash as collateral. If the risk event occurs, the bank (creditor) may sell the securities or use the cash collateral to minimize the impact of losses arising from the risk event (in this case, a credit risk event). Chapter-03.indd 78 11/26/2015 9:45:25 AM 79 Chapter 3 Risk Management Process 3.5.6 Share the Risk Risk sharing is a risk treatment option where the consequence of risk is distributed among several participants. Real World Illustration Syndicated Loans For a borrower requiring a very large loan, a group of bank lenders could work together (as a syndicate) to provide a flexible and efficient source of funding under a syndicated loan. A syndicated loan simplifies the borrowing process as the borrower uses one agreement covering the group of banks and different types of facilities rather than entering into a series of bilateral loan agreements. For banks, this is an efficient way to share credit risk exposures and at the same time accommodate the borrower’s requirements. Source: Loan Market Association 3.5.7 Risk Retention Banks may also decide to retain risk using informed decision-making. Similar to the take or increase risk option, the decision should be made after considering the bank’s ability and willingness to retain the specific risk. The decision is made after carefully considering the results of the risk analysis and the pre-set risk criteria. The selection of the most appropriate risk treatment strategy involves balancing the costs and efforts of implementing the particular strategy against the benefits derived. When selecting the risk treatment options, the bank should consider the stakeholder values and perceptions and the most appropriate way to communicate with them. A risk treatment plan should also be produced to ensure that individual risk treatments are clearly prioritized in terms of implementation. Real World Illustration Risk Treatment Plan—Minimum Content Reasons for selection of treatment options Person accountable for approving the plan Person accountable for implementing the plan Proposed actions Resource requirements including contingencies Performance measures and constraints Reporting and monitoring requirements Timing and schedule The risk treatment plan should be integrated with the bank’s management processes and discussed with the appropriate stakeholders. Chapter-03.indd 79 11/26/2015 9:45:25 AM 80 Risk Management in Banking: Principles and Framework 3.6 RISK MONITORING AND REVIEW LEARNING OBJECTIVE 3.6 DESCRIBE the risk monitoring and review process Risk monitoring is the process of checking, supervising, critically observing or determining the status of the risk in order to enable change from the required or expected performance level. Risk review, on the other hand, is the process of determining the suitability, adequacy and effectiveness of the risk management process. Risk monitoring and review involves a regular process of checking. It should be a planned part of the risk management process. The responsibilities for risk monitoring and reviewing should be clearly defined. Risk reporting is an important part of the risk monitoring and review process. It involves documenting and communicating the results of the bank’s risk assessment and treatment measures to both the internal and external stakeholders. Risk reporting aims to inform the stakeholders on how the organization manages its risk exposures. It plays a critical role in ensuring that the different stakeholders impose market discipline on the organization, particularly with respect to how it assesses and manages risks. Some of the main objectives of the monitoring and reviewing process are: Ensure the controls are effective and efficient in both design and operation Obtain further information to improve risk assessment Analyze and learn lessons from events, changes, trends, successes and failures Detect changes in the external and internal context Identify emerging risks CONCLUSION In this chapter, we discussed the third component of the risk management infrastructure—the risk management process. We provided an overview of the overall risk management process involving communication and consultation, establishing the context, risk assessment, risk treatment, and risk monitoring and reviewing. In the next chapter, we will discuss the internal risk regulatory environment, which influences the practice of risk management in the banking industry context. Chapter-03.indd 80 11/26/2015 9:45:25 AM C 4 P HA TE R INTERNATIONAL RISK REGULATION In chapter 1, we discussed some of the important roles that banking organizations play in the economy. Given the critical functions that banks perform, the banking industry operates in a heavily-regulated landscape. The banking industry had undergone significant changes in the years following the 2008 global financial crisis—arguably, the worst crisis that industry players had encountered in decades. Regulatory reforms were crafted, designed and implemented to address and incorporate many of the lessons learned from the crisis. The regulatory reforms were expected to significantly impact banking business models in the years following their implementation. Given the far-reaching impact of banking regulations, it is essential for risk management students to appreciate the role of regulations in the banking business, understand how regulations mould the bank’s strategic business choices and be familiar with the international standards that shape local and global banking regulations. We begin this chapter by discussing the role, objectives and sources of banking regulations. We then look at the work of the Basel Committee on Banking Supervision (BCBS) to strengthen global capital requirements and liquidity standards. Chapter-04.indd 81 11/26/2015 9:44:11 AM 82 Risk Management in Banking: Principles and Framework This chapter does not intend to provide a comprehensive survey of the different banking regulations. Rather, it aims to provide students with basic information on the important roles of banking regulations and risk management practices. International Banking Regulation Types and Sources of Banking Regulations Introduction to Risk-Based Capital Framework under Basel I The Banking Industry and its Critical Role in the Economy Sources of Banking Regulations History of the Basel Committee on Banking Supervision Financial Safety Nets Types of Banking Regulations Importance and Objectives of Regulations Role of Banking Supervision Basel I: The 1988 Basel Capital Accord Special Nature of the Banking Business The Three Pillars of Basel II Introduction to Basel III Requirements Pillar 1: Minimum Capital Requirements 2008 Global Financial Crisis and Basel II Weaknesses Pillar 2: Supervisory Review Process Basel III: Capital Reforms Pillar 3: Market Discipline Basel III: Liquidity Reforms Figure 4.1 Diagrammatic outline of this chapter’s topics LEARNING OUTCOME At the end of this chapter, you are expected to be able to: DISCUSS the role of regulations in the business model of banking and in the practice of risk management LEARNING OBJECTIVES At the end of this chapter, you will be able to: EXPLAIN the importance and objectives of regulations for banks EXPLAIN the role of banking supervision in ensuring safety and soundness of banking organizations ENUMERATE the different types and sources of banking regulations EXPLAIN the objectives and basic features of Basel I—the first risk-based capital standard for banks DISCUSS the basic features of the ‘three pillars’ of Basel II EXPLAIN the key capital and liquidity reforms under Basel III Chapter-04.indd 82 11/26/2015 9:44:12 AM 83 Chapter 4 International Risk Regulation 4.1 IMPORTANCE AND OBJECTIVES OF REGULATIONS FOR BANKS LEARNING OBJECTIVE 4.1 EXPLAIN the importance and objectives of regulations for banks The banking industry is one of the most heavily regulated industries. There are many reasons why regulations play a central role in this industry, which can be broadly summarized into three main categories: Critical role in the economy Banks play many critical roles in the economy. Disruptions in the banking industry could adversely impact the economy. Financial safety nets The economic damages associated with banking crises provide the rationale for governments to intervene and attempt to stem any contagion. The interventions— collectively referred to as financial safety nets—result in direct costs to the governments and taxpayers. Special nature of banking The banking business is a business of trust and confidence. Lessons from previous banking crises show that a loss of trust and confidence in a bank could immediately threaten its ability to survive. Financial Safety Nets Critical Role of Banks in the Economy Special Nature of the Banking Business Banking Risk Regulation Figure 4.2 Banking risk regulation 4.1.1The Banking Industry and its Critical Role in the Economy The banking industry performs the vital role of allocating resources from households or depositors with excess funds to corporations or institutions with requirements for those funds. Corporations and institutions use these funds to pursue investment opportunities, which directly contribute to the economy’s growth and employment opportunities. Chapter-04.indd 83 11/26/2015 9:44:12 AM 84 Risk Management in Banking: Principles and Framework In the closely-linked international economy, the banking industry provides critical payment and settlement mechanisms, which facilitate both local and international trade transactions. The absence of such payment and settlement mechanisms may impact the volume of trade and business activities. The banking industry also contributes directly to a country’s economic output through the different services it performs for the economy and indirectly through the different investments the banks make, which benefit other industries, e.g. information technology industry. Disruptions in the banking industry through adverse events such as banking crises are sometimes associated with profound declines in an economy’s output and significant increases in unemployment. Banking crises frequently result in deep economic recessions. Real World Illustration The Aftermath of Financial Crises In their influential study on defining elements that followed severe financial crises, Harvard University professors, Reinhart Carmen and Kenneth Rogoff, conclude that banking crises are associated with profound declines in output and employment. Other key findings are: Unemployment rate rises an average of 7 percentage points during the down phase of the cycle, which lasts on average over four years. Output falls an average of over 9%. The real value of government debt tends to explode, rising an average of 86% in the major post—World War II. Government debt explodes due to a collapse in tax revenues in the wake of deep and prolonged economic contractions. Source: C armen M. Reinhart and Kenneth S. Rogoff, ‘The Aftermath of Financial Crises’, American Economic Review, American Economic Association, 99(2), pp 466−72, May 2009 Given the many adverse consequences associated with failures of the banking industry, regulations are designed to minimize the likelihood of banking crises from occurring. 4.1.2 Financial Safety Nets The economic damages associated with banking crises provide the rationale for governments to intervene and attempt to stem any contagion. These interventions—collectively referred to as financial safety nets—result in direct costs to the government and taxpayers. The need for financial safety nets provides some of the strongest rationale for regulating the banking industry. Regulations are designed to avoid the possibility that the government and ultimately, the taxpayers, will bear the direct costs of providing the financial safety nets associated to prevent bank failures. Figure 4.3 depicts the three main types of financial safety nets. Lender of Last Resort Deposit Insurance Government Bailouts Figure 4.3 Main types of financial safety nets Chapter-04.indd 84 11/26/2015 9:44:12 AM 85 Chapter 4 International Risk Regulation Lender of last resort Lender of last resort refers to the role of the central bank in constraining a banking crisis and stemming a contagion arising from the failure of a financial institution. To ensure financial stability, one of the central bank’s main roles is to prevent a banking crisis from occurring. As the ultimate holder of liquidity reserves, the central bank has to provide liquidity to banking institutions in times of a crisis. It may also make emergency loans of high-powered money to temporary illiquid banks. High-powered money refers to bank reserves and currencies held by the central bank. Another tool that is within the central bank’s control is to contain public fears and panics through announcements of its commitment to provide liquidity to temporary illiquid banks. The central bank, in playing the lender of last resort role, operationalizes within a strict framework. Otherwise, it may create unwanted incentives for banks to misbehave. The classical Thornton-Begehot’s Model of Lender of Last Resort is the most popular framework to implement the lender-of-last-resort role. The principal features of the framework are: Willingness to lend freely and to the public The lender of last resort should provide liquidity to the banking system as a whole and not to specific institutions. Accommodating sound institutions The liquidity should only be extended to temporary illiquid institutions. Insolvent institutions should be allowed to fail. Charging penalty rates The liquidity extended should carry high penalty rates to encourage quick repayment of the loans once the crisis ends. Requiring good collateral In providing emergency credit, the lender of last resort should require high quality collateral. This ensures that the central bank’s losses are minimized and encourages prompt repayment of the credit facility. In recent years, however, many central banks have started to forego this requirement. Real World Illustration The Federal Reserve as the Lender of Last Resort In 2008, the Federal Reserve took on the role of the lender of last resort to contain the deepening credit crisis. It allowed banks to access hundreds of billions of dollars in emergency loans to borrow U.S. Treasury securities in exchange for their illiquid assets as collaterals. The Federal Reserve was trying to ease the credit squeeze by agreeing to hold large volumes of illiquid assets that the banks were struggling to sell by providing them with either cash or Treasury securities that they could immediately convert to cash. Source: New York Times, 12 March 2008 Deposit insurance In the event that the lender of last resort fails to contain the insolvency of a financial institution or contain a banking crisis, many jurisdictions attempt to provide some form of guarantee or insurance in the event of bank insolvency. The objective of deposit insurance is to avoid bank runs, which occur when depositors rush to withdraw their deposits because they expect the bank to fail. The sudden withdrawals will force the bank to sell its illiquid assets at a loss—a fire sale—and eventually lead to its failure. Chapter-04.indd 85 11/26/2015 9:44:12 AM 86 Risk Management in Banking: Principles and Framework Deposit insurance is designed to provide explicit but limited guarantee on deposits in the event of a bank failure. It has a different objective from the lender of last resort. While the lender of last resort aims to provide liquidity to illiquid but solvent banks, deposit insurance is triggered in the event of bank insolvency. Regulations are imposed to limit the losses that these governments will incur from deposit insurance claims. The regulations are designed to provide confidence on the banks’ safety and soundness, such as requiring the banks to adhere to minimum capital and liquidity standards. Real World Illustration Deposit Insurance Schemes in ASEAN The International Association of Deposit Insurers (IADI) was formed in May 2002 to enhance the effectiveness of deposit insurance schemes by promoting guidance and international cooperation. IADI currently represents 68 deposit insurers from 67 jurisdictions. As of January 2014, 113 jurisdictions have instituted some form of an explicit deposit insurance system; up from 12 in 1974. The purpose of deposit insurance varies; it typically involves promoting financial stability and protecting small depositors from losses in event of a bank failure. Seven member states of ASEAN—Brunei, Indonesia, Malaysia, Philippines, Singapore, Thailand and Vietnam—are members of IADI. The IADI members are entities that have a deposit insurance system in place by law of agreements. Deposit insurance was first introduced in East Asia by the Philippines in 1963, followed by Japan in 1971, Taiwan in 1985 and Korea in 1996. The Asian financial crisis in 1997 spurred the rapid development of the deposit insurance system in the region with Hong Kong, Indonesia, Malaysia, Singapore and Vietnam implementing their own systems. In 2008, the Thailand Deposit Protection Agency (DPA) was established to provide protection to depositors. Prior to this, since the 1997 Asian crisis, a blanket guarantee was issued by the Financial Institutions Development Fund (FIDF). In Malaysia, the deposit insurance system was introduced in September 2005 and is administered by Perbadanan Insurans Deposit Malaysia (PIDM). Sources: PDIC Occasional Paper No. 2, IADI website Government bailouts The third level of financial safety nets is a government bailout. This involves the government stepping in to bailout insolvent banks to prevent a potential meltdown in the banking system, which will impact the economy. This usually takes the form of giving capital support to the insolvent banks. A bailout entails a huge cost on the government’s part and ultimately the taxpayers bear the costs of these failures. A bailout is usually the last resort to avert the potential damaging impact in the economy of a collapse in the banking system. The three financial safety nets comprise the tools that are at the government’s disposal to avert a banking crisis. Given the enormous costs to the government—and ultimately, to taxpayers—associated with these financial safety nets, it is clear why the banking sector is heavily regulated. 4.1.3 Special Nature of the Banking Business Trust and confidence are of central importance to the banking business. A common theme seen in previous bank failures is that the loss of public’s confidence in a bank’s ability to survive could, at times, threaten the entity’s ability to continue as a going concern. Chapter-04.indd 86 11/26/2015 9:44:12 AM 87 Chapter 4 International Risk Regulation A bank run occurs when depositors demand immediate withdrawal of their funds before the bank actually fails. In such situations, banks may need to generate liquidity by selling their assets at fire sale prices. When the sale proceeds are insufficient and the banks have exhausted all sources of liquidity, they may cease to exist as going concerns. An individual bank run may escalate into a contagion when the public loses confidence in the banking system as a whole. The contagion could potentially emerge into a banking crisis if it is not averted. Therefore, regulations are designed to ensure that banks are managed in a safe and sound manner as well as to avert bank failures by imposing minimum standards on their boards and management. 4.2 ROLE OF BANKING SUPERVISION LEARNING OBJECTIVE 4.2 EXPLAIN the role of banking supervision in ensuring safety and soundness of banking organizations Banking supervision is the comprehensive process of monitoring the performance, practices and processes of banks to ensure that these banks are managed in a safe and sound manner in accordance with applicable laws and regulations. Banking supervisors are entities authorized by law to be primarily responsible for promoting the safety and soundness of banks and the banking system. They execute this primary objective through specific powers granted by the country’s legal framework. Real World Illustration Bank Negara Malaysia One of the main responsibilities of Bank Negara Malaysia is to bring about financial system stability and fostering a sound and progressive financial sector. Bank Negara Malaysia discharges the responsibility of promoting a sound and efficient financial system by preserving the soundness of financial institutions and preserving the robustness of the financial infrastructure to withstand adverse economic cycles and shocks, thereby maintaining confidence in the country’s financial system. This is achieved through the regulation and supervision of the licensed financial institutions, by ensuring the continued reliability of major payment and settlement systems and actively contributing to the development of efficient financial markets. Bank Negara Malaysia remains vigilant to new emerging trends and challenges to the Malaysian financial system which could undermine financial stability by devoting significant resources towards instituting robust surveillance processes, which aim to identify vulnerabilities and support pre-emptive actions to prevent systemic disturbances. Source: Bank Negara Malaysia website Chapter-04.indd 87 11/26/2015 9:44:12 AM 88 Risk Management in Banking: Principles and Framework Figure 4.4 depicts the types of actions that bank supervisors may take in the event that they conclude a bank is not acting in a safe and sound manner or is in violation of laws and regulations. Supervisory Actions Take and/or require the bank to take timely (prompt) corrective action Impose a range of sanctions Revoke a bank's licence Cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank Figure 4.4 Bank Negara Malaysia—supervisory actions Bank Negara Malaysia executes its mandate through its regulation and supervision departments. Table 4.1 depicts the different sub-departments of the regulation and supervision departments. Table 4.1 Sub-departments of BNM regulation and supervision departments Regulation Department Chapter-04.indd 88 Functions Financial Sector Development Progressive development of the financial sector including the promotion of competitive and robust financial institutions and financial infrastructure enhancement Financial Surveillance Comprehensive and integrated macro-prudential surveillance and assessments of emerging trends and vulnerabilities of the financial system Prudential Financial Policy Development of a sound and robust prudential framework for financial institutions that promotes harmonization and alignment across sectors Consumer and Market Conduct Formulates and enforces market conduct policies to ensure fair treatment of financial consumers as well as undertakes initiatives to increase the financial literacy levels of Malaysian consumers Islamic Banking and Takaful Create an enabling environment through improvements in the regulatory regime and develop relevant prudential policies to effectively support an Islamic financial system Development Finance and Enterprise Promote the roles of development financial institutions in effectively and efficiently delivering its mandated roles of promoting strategic sectors of the economy. Drive, incentivize and influence financial services providers to provide financing to strategic targeted sectors and underserved stakeholders Malaysia Islamic Financial Center (MIFC) Promotion Unit Develop and implement a comprehensive range of MIFC promotional strategies and initiatives to position Malaysia as an international Islamic financial hub 11/26/2015 9:44:12 AM 89 Chapter 4 International Risk Regulation Supervision Department Functions Financial Conglomerates Supervision Supervision of domestic financial conglomerates and Islamic banks which are part of the domestic banking groups Banking Supervision Supervision of foreign banks, stand-alone investment banks, stand-alone and foreign licensed Islamic banks, and development financial institutions Insurance and Takaful Supervision Supervision of insurance companies, reinsurance companies, takaful operators, retakaful operators and international takaful operators Payment Systems Policy Development of policies and strategies to promote the safety, security and efficiency of payment systems and payment instruments, and drive migration to e-payment initiatives Specialist Risk Unit Provides prompt independent assessment and advice on emerging risks in specific and across regulated financial institutions to facilitate pre-emptive actions Source: Bank Negara Malaysia website The Core Principles for Effective Banking Supervision (Basel Committee on Banking Supervision, September 2012) discusses the supervisory approach and tools at the disposal of bank supervisors. Bank supervisors typically adopt a risk-based approach to banking supervision. This approach aims to efficiently target supervisory resources where they can be utilized for the best effect, focusing on outcomes as well as processes, moving beyond passive assessment of compliance with rules. It typically involves the following processes: Forward-looking assessment of the risk profiles of individual banks and groups Identify, assess and address risks emanating from banks and the banking system Establish a framework for early intervention Have plans to take action to resolve banks in an orderly manner if they become non-viable Forward-looking assessment of risk profile of banks Identify, assess and address risks from banks and banking system Resolution mechanism Framework for early intervention Figure 4.5 Processes in a risk-based approach to banking supervision Chapter-04.indd 89 11/26/2015 9:44:12 AM 90 Risk Management in Banking: Principles and Framework Real World Illustration SuRF Approach to Banking Supervision Since 1997, Bank Negara Malaysia (BNM) has adopted a risk-based approach to banking supervision through the Supervisory Risk-based Framework (SuRF). The framework strengthens BNM’s risk- and impact-focused approach to supervision, which is underpinned by more comprehensive and holistic risk assessments of individual financial institutions. The framework facilitates the appropriate concentrations of supervisory attention on institutions that are of higher risk. The enhanced risk-based supervision approach includes a supervisory intervention framework to promote greater granularity and clarity in terms of the appropriate level of intensity of supervisory intervention actions to be taken on financial institutions. Source: Bank Negara Malaysia website Bank supervisors can avail of a wide range of techniques and tools to implement BNM’s supervisory approach and deploy resources based on its risk-based examination strategy. They employ an appropriate mix of on-site and off-site supervision to evaluate the condition of banking organizations, their risk profiles, internal control environment and the corrective measures necessary to address the supervisory concerns. • On-site examinations Off-site examinations • Provide independent verification that adequate policies, procedures and controls exist at banks Determine that information reported by banks is reliable Obtain additional information on the bank and its related companies needed for the assessment of the condition of the bank Monitor the bank’s follow-up on supervisory concerns • • • • Regularly review and analyze the financial condition of banks Follow up on matters requiring further attention Identify and evaluate developing risks Identify priorities and scope of further off-site and on-site work • • Figure 4.6 On- and off-site examinations to assess a bank’s condition The tools that bank supervisors use to regularly review and assess the safety and soundness of banks include: Financial statements and account analyses Business model analyses Horizontal peer reviews Review of stress test outcomes Analysis of corporate governance, risk management and internal controls The supervisors will communicate to the bank their findings of the analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. Chapter-04.indd 90 11/26/2015 9:44:13 AM 91 Chapter 4 International Risk Regulation 4.3 TYPES AND SOURCES OF BANKING REGULATIONS LEARNING OBJECTIVE 4.3 ENUMERATE the different types and sources of banking regulations Banking laws and regulations provide the frameworks for banking supervisors to set and enforce minimum prudential standard for banks and banking groups. 4.3.1 Sources of Banking Regulations The sources of banking regulations include domestic/national laws, international laws and international standard of soft laws. Domestic/National laws Each country has its own laws, which are mostly derived from statutes enacted by the legislative body. These statutes are written in broad terms and, thus, require interpretation and implementation. Banking supervisors will issue their interpretation and implementation through memorandums, guidelines and/or circulars. Real World Illustration Law, Policy and Guidelines—Bank Negara Malaysia Administered legislations—vest comprehensive legal powers to Bank Negara Malaysia to regulate and supervise the financial system. The relevant legislations are: Central Bank of Malaysia Act 2009 Financial Services Act 2013 Islamic Financial Services Act 2013 Insurance Act 1996 Development Financial Institutions Act 2002 (Act 618) Anti-Money Laundering and Anti-Terrorism Financing Act 2001 (Act 613) Money Services Business Act 2011 Government Funding Act 1983 Guidelines and circulars—provide interpretation and implementation guidelines on the details of the administered legislation. The guidelines and circulars are divided into the following: Banking—capital adequacy, financial reporting, anti-money laundering and counter financing of terrorism, prudential limits and standards Insurance and takaful Development financial institutions Shariah Money services business Agent banking Representative offices Business conduct Regulation intermediaries Others Source: Bank Negara Malaysia website Chapter-04.indd 91 11/26/2015 9:44:13 AM 92 Risk Management in Banking: Principles and Framework International laws In terms of banking regulation, there are only a few international agreements that directly address the regulation of banks. There are, however, treaties that contain provisions that impact banking regulations indirectly. An example is the Financial Sector Assessment Programme (FSAP) of the International Monetary Fund (IMF). When a country joins the IMF, it agrees to subject its economic and financial policies to the scrutiny of the international community. The IMF’s regular monitoring of economies and associated provision of policy advice—referred to as surveillance—is intended to identify weaknesses that are causing, or could lead to, economic instability. Country surveillance is an ongoing process that culminates in regular comprehensive consultations with individual member countries. These are the ‘Article IV consultations’ as required under Article IV of the IMF’s Articles Agreement. The Financial Sector Assessment Programme (FSAP), established in 1999, is a comprehensive and in-depth analysis of a country’s financial sector. It is a key IMF instrument for surveillance and provides input to the Article IV consultations. The IMF 2007 Surveillance Decision clarified that financial sector policies would always be a subject of IMF’s bilateral surveillance; and the October 2008 ‘Statement of Surveillance Priorities for 2008–2011’ gave prominence to financial sector issues. Real World Illustration Summary of Findings on Financial System Stability Assessment Malaysia’s financial system has weathered the recent global financial crisis well, helped by limited reliance on financial intermediaries on cross-border funding, a well-developed supervisory and regulatory regime, and a well-capitalized banking system. Stress tests suggest that banks are resilient to a range of economic and market shocks; though the high level of reliance on demand deposits is a potential vulnerability. Other risks faced by the financial system include those related to rapid loan growth, rising house prices and high household leverage which call for enhanced monitoring of household leverage and a review of the effectiveness of macroprudential measures. The regulatory and supervisory regime for banks, insurance firms, securities markets and market infrastructure exhibits a high degree of compliance with international standards. Areas for improvement include enhancing the framework of consolidated supervision and addressing legal provisions that could potentially compromise supervisory independence. In addition, in the case of the Labuan International Business and Financial Centre (IBFC), more work needs to be done to update the prudential framework to meet current international standards. Source: Malaysia: Financial System Stability Assessment, 28 January 2013 International standards (Soft laws) International standards or ‘soft laws’ refer to a set of rules that consists of law-like statements or regulations that fall short of hard law. Basel Committee on Banking Supervision The Basel Committee on Banking Supervision (BCBS) is the primary global standardsetter for the prudential regulation of banks and provides a forum for cooperation on banking supervisory matters. Its mandate is to strengthen the regulation, supervision and practices of banks worldwide with the purpose of enhancing financial stability. Chapter-04.indd 92 11/26/2015 9:44:13 AM 93 Chapter 4 International Risk Regulation The BCBS does not possess any formal supranational authority. Its decisions do not have legal force. Rather, the BCBS relies on members’ commitments to achieve its mandate. BCBS formulates supervisory standards and guidelines to promote global financial stability. However, similar to its decisions, these supervisory standards and guidelines have no legal force. They are developed and issued upon agreement of members, and in the expectation that individual national authorities will implement them. mm mm Minimum standards BCBS establishes minimum standards for prudential regulation and supervision of banks. These standards constitute minimum requirements and members may decide to go beyond them. The key standards of the BCBS are its capital adequacy framework (Basel III), the liquidity coverage ratio and the Core Principles for Banking Supervision. Guidelines Guidelines elaborate the standards. They generally supplement the minimum standards by providing additional guidance for the purpose of their implementation. BCBS has issued a wide array of guidelines on corporate governance, liquidity risk management, operational risk and internal controls, foreign exchange settlement risk, internal and external audit, stress testing and supervisory colleges. Sound practices—BCBS also produces sound practice papers, which describe actual observed practices. Recent sound practices papers have covered topics such as stress testing, asset securitization, resolution and remuneration. Implementation—BCBS has established a more active programme to monitor members’ commitments to implement the Basel Committee standards. This is designed to promote greater consistency in the implementation of global standards and improved transparency of instances where national differences exist. International Organization of Securities Commissions The International Organization of Securities Commissions (IOSCO) is the acknowledged international body that brings together the world’s securities regulators and is recognized as the global standard setter for the securities sector. IOSCO membership regulates more than 95% of the world’s securities markets. The IOSCO Objectives and Principles of Securities Regulation have been endorsed by both the G20 countries and the Financial Stability Board as the relevant standards in this area. They form the basis for the evaluation of the securities sector for the Financial Sector Assessment Programmes (FSAPS) of the IMF and the World Bank. The Joint Forum The Joint Forum is a group of senior financial sector supervisors working under the auspices of its parent committees—BCBS, IOSCO and the International Association of Insurance Supervisors. Its objective is to support banking, insurance and securities supervisors in meeting their regulatory and supervisory objectives and, more broadly, to contribute to the international regulatory agenda. Financial Action Task Force The Financial Action Task Force (FATF) is an inter-governmental body established in 1989 by the ministers of its member jurisdictions. The FATF objectives are to set standards and promote effective implementation of legal, regulatory and operational Chapter-04.indd 93 11/26/2015 9:44:13 AM 94 Risk Management in Banking: Principles and Framework measures for combating money laundering, terrorist financing and other related threats to the integrity of the financial system. The FATF has developed a series of Recommendations that are recognized as the international standard for combating of money laundering and the financing of terrorism and proliferation of weapons of mass destruction. Financial Stability Board The Financial Stability Board (FSB) was established to coordinate at the international level the work of national financial authorities and international standard-setting bodies, and to develop and promote the implementation of effective regulatory, supervisory and other financial sector policies. In April 2008, the FSB issued its Report of the Financial Stability Forum on Enhancing Market and Institutional Resilience, wherein it proposed concrete actions in the following areas: Strengthening prudential oversight of capital, liquidity and risk management Enhancing transparency and valuation mm Changes in the role and uses of credit ratings mm Strengthening the authorities’ responsiveness to risks mm Robust arrangements for dealing with stress in the financial system mm mm International Accounting Standards Board The International Accounting Standards Board (IASB) is the independent standardsetting body of the IFRS Foundation. Its members are responsible for developing and publishing the International Financial Reporting Standards (IFRS). The IFRS Foundation’s interpretative body—the IFRS Interpretations Committee (IFRIC)—is mandated to review accounting issues that have arisen within the context of the current IFRS and to provide authoritative guidance on those issues. International Swaps and Derivatives Association The International Swaps and Derivatives Association (ISDA), established in 1985, is an organization mandated to make over-the-counter (OTC) derivatives markets safe and efficient, and to facilitate effective risk management for users of derivative products. ISDA has over 800 member institutions in 64 countries which it represents in promoting high standards of commercial conduct and leading industry action on derivatives issues, which include: Providing standardized documentation globally to ensure legal certainty and maximum risk reduction through netting and collateralization. mm Promoting infrastructure that supports an orderly and reliable marketplace as well as transparency to regulators. mm Enhancing counterparty and market risk practices, and advancing the effective use of central clearing facilities and trade repositories. mm Representing the derivatives industry through public policy, ISDA governance, ISDA services, education and communication. mm 4.3.2 Types of Banking Regulations Banking regulations can be divided into four main types. Table 4.2 describes the types of regulations that are designed to address specific policy objectives. Chapter-04.indd 94 11/26/2015 9:44:13 AM 95 Chapter 4 International Risk Regulation Table 4.2 Main types of banking regulations Regulation Types Competition Description Competition regulations address issues of non-competitive behaviour among banks. The objective is to foster competition among banks to ensure that they provide consumers with banking services and products at reasonable prices. There is a complex relationship between competition and financial stability. Some studies show that competition is favourable to bank stability. Other studies, however, conclude that competition may endanger the stability of banks. This is because banks should have sufficiently large capital and diversified exposures to withstand potential shocks in the business environment. Hence, there may be conflicting objectives. Examples: Separation of commercial and investment banking, e.g. the Glass-Steagall Act during the 1930s Great Depression Antitrust regulations in banks Banking entry restrictions Licensing criteria Branching restrictions Safety and soundness Regulations seek to promote a safe and sound banking system. The regulations are not intended to dictate how banks should be managed. Rather, they prescribe minimum standards on the management of banking organizations. Examples: Minimum capital and liquidity standards Guideline and limits on large credit exposures Corporate governance requirements Regular reporting and disclosure standards Internal control standards Accounting standards Anti-money laundering standards Consumer protection Regulations also seek to protect consumers from irresponsible and unfair banking business practices. It also aims to protect banks from potential legal liabilities and ensure public confidence in the banking organizations. Regulations aim to promote high ethical and professional standards in the banking sector. Examples: Consumer disclosures Bank confidentiality requirements The U.S. Truth in Lending Act Client suitability requirements Monetary policy Regulations are designed to implement the monetary policy objectives of a country’s central bank. Through regulations on reserve requirements and deposit rates, the central bank can control monetary supply and implement its monetary policy objectives. Examples: Reserve requirements Deposit rates regulations Minimum prudential regulations and requirements standards Prudential regulations and requirements standards provide minimum standards on risk management and condition of banks. In the document Core Principles of Effective Banking Supervision, the following minimum standards for sound prudential regulations and requirements for banks are enumerated and discussed. Chapter-04.indd 95 11/26/2015 9:44:13 AM 96 Risk Management in Banking: Principles and Framework Table 4.3 Objectives of prudential regulations Prudential Regulations Corporate governance Risk management process Objectives Reference Documents Ensure banks have robust corporate governance policies and processes. Principles for Enhancing Corporate Governance, October 2010 The policies and processes should cover the strategic direction, group and organizational structure, control environment, responsibilities of the bank’s boards and senior management and compensation. Compensation Principles and Assessment Methodology, January 2010 Ensure banks have a comprehensive risk management process to identify, measure, evaluate, monitor, report and control or mitigate all material risks on a timely basis, and to assess the adequacy of their capital and liquidity in relation to their risk profiles as well as market and macroeconomic conditions. Principles for Enhancing Corporate Governance, October 2010 Enhancements to the Basel II Framework, July 2009 Principles for Sound Stress Testing Practices and Supervision, May 2009 It also aims to develop and review contingency arrangements, including robust and credible recovery plans that take into account the specific circumstances of individual banks. Capital adequacy Ensure individual banks have prudent and appropriate capital adequacy requirements that reflect the risks undertaken by, and presented by, the bank in the context of the markets and macroeconomic conditions in which it operates. Capitalization of Bank Exposures to Central Counterparties, July 2012 Revisions to the Basel II Market Risk Framework, February 2011 Minimum Requirements to Ensure Loss Absorbency at the Point of Non-Viability, January 2011 Sound Practices for Backtesting Counterparty Credit Risk Models, December 2010 Guidance for National Authorities Operating the Countercyclical Buffer, December 2010 Basel III: A Global Regulatory Framework for More Resilient Banks and Banking Systems, December 2010 Guidelines for Computing Capital for Incremental Risk in the Trading Book, July 2009 Enhancements to the Basel II Framework, July 2009 Range of Practices and Issues in Economic Capital Frameworks, March 2009 International Convergence of Capital Measurement and Capital Standards: A Revised Framework, Comprehensive Version, June 2006 Chapter-04.indd 96 11/26/2015 9:44:14 AM Chapter 4 International Risk Regulation Prudential Regulations Credit risk Objectives Reference Documents Ensure that banks have an adequate credit risk management process that takes into account their risk appetites, risk profiles and market and macroeconomic conditions. Sound Practices for Backtesting Counterparty Credit Risk Models, December 2010 These include ensuring that a bank has prudent policies and procedures to identify, measure, evaluate, monitor, report and control or mitigate credit risk (including counterparty credit risk) on a timely basis for the full credit lifecycle— credit underwriting, credit evaluation and ongoing management of the bank’s loan and investment portfolios. Problem assets, provisions and reserves Concentration risk and large exposure limits 97 FSB Report on Principles for Reducing Reliance on CRA Ratings, October 2010 Enhancements to the Basel II Framework, July 2009 Sound Credit Risk Assessment and Valuation for Loans, June 2006 Principles for the Management of Credit Risk, September 2000 Ensure that banks have adequate policies and processes for early identification and management of problem assets, and the maintenance of adequate provisions and reserves. Sound Credit Risk Assessment and Valuation for Loans, June 2006 Ensure that banks have adequate policies and processes to identify, evaluate, monitor, report and control or mitigate c oncentrations of risks on a timely basis. Joint Forum Cross-Sectoral Review of Group-wide Identification and Management of Risk Concentrations, April 2008 Principles for the Management of Credit Risk, September 2000 Sound Credit Risk Assessment and Valuation for Loans, June 2006 Principles for Managing Credit Risk, September 2000 Measuring and Controlling Large Credit Exposures, January 1991 Related parties transactions Ensure that abuses arising from transactions with related parties are prevented and address the risk of conflict of interest. Principles for Managing Credit Risk, September 2000 Country and transfer risks Ensure that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country and transfer risks in their international lending and investment activities on a timely basis. Management of Banks’ International Lending, March 1982 Country risk is the risk of exposure to loss caused by events in a foreign country. Transfer risk is the risk that a borrower will not be able to convert the local currency into foreign exchange and, thus, will be unable to make debt service payments in a foreign currency. Chapter-04.indd 97 11/26/2015 9:44:14 AM 98 Risk Management in Banking: Principles and Framework Prudential Regulations Market risk Objectives Ensure that banks have an adequate market risk management process that takes into account their risk appetites, risk profiles, market and macroeconomic conditions, and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis. Reference Documents Revisions to the Basel II Market Risk Framework, February 2011 Interpretative Issues with Respect to Revisions to the Market Risk Framework, February 2011 Guidelines for Computing Capital for Incremental Risk in the Trading Book, July 2009 Supervisory Guidance for Assessing Banks’ Financial Instrument Fair Value Practices, April 2009 Amendment to the Capital Accord to Incorporate Market Risks, January 2005 Interest rate risk in the banking book Ensure that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk in the banking book on a timely basis. Principles for the Management and Supervision of Interest Rate Risk, July 2004 Liquidity risk Ensure that banks have prudent and appropriate liquidity requirements that reflect their liquidity needs and that they have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. Basel III: International Framework for Liquidity Risk Measurement, Standards and Monitoring, December 2010 Ensure that banks have an adequate operational risk management framework that takes into account their risk appetites, risk profiles, and market and macroeconomic conditions. Principles for the Sound Management of Operational Risk, June 2011 Operational risk Principles for Sound Liquidity Risk Management and Supervision, September 2008 Recognizing the Risk-Mitigating Impact of Insurance in Operational Risk Modelling, October 2010 High-Level Principles for Business Continuity, August 2006 Joint Forum Outsourcing in Financial Services, February 2005 Internal control and audit Ensure that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their businesses, taking into account their risk profiles. The Internal Audit Function in Banks, June 2012 Enhancements to the Basel II Framework, July 2009 Compliance and the Compliance Function in Banks, April 2005 Framework for Internal Control Systems in Banking Organizations, September 1998 Chapter-04.indd 98 11/26/2015 9:44:14 AM 99 Chapter 4 International Risk Regulation Prudential Regulations Objectives Reference Documents Financial reporting and external audit Ensure that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally, and annually publish information that fairly reflects their financial condition and performances, and bears an independent external auditor’s opinion. Supervisory Guidance for Assessing Bank’ Financial Instruments Fair Value Practices, April 2009 Ensure that banks and banking groups regularly publish information that is easily accessible and fairly represents their financial condition, performances, risk exposures, risk management strategies, and corporate governance policies and processes. Pillar 3 Disclosure Requirements for Remuneration, July 2011 Disclosure and transparency External Audit Quality and Banking Supervision, December 2008 The Relationship Between Banking Supervisors and Banks’ External Auditors, January 2002 Enhancements to the Basel II Framework, July 2009 Basel II: International Measurement of Capital Measurement and Capital Standards, June 2006 Enhancing Bank Transparency, September 1998 Abuse of financial services Ensure that banks have adequate policies and procedures, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities. FATF Recommendations, February 2012 Consolidated KYC Risk Management, October 2004 Shell Banks and Booking Offices, January 2003 Customer Due Diligence for Banks, October 2001 4.4 INTRODUCTION TO RISK-BASED CAPITAL FRAMEWORK UNDER BASEL I LEARNING OBJECTIVE 4.4 EXPLAIN the objectives and basic features of Basel I—the first risk-based capital standard for banks 4.4.1 History of the Basel Committee on Banking Supervision Prior to the Basel Committee on Banking Supervision, there was no international body or forum imposing minimum standards on how banks should be regulated and supervised. Chapter-04.indd 99 11/26/2015 9:44:14 AM 100 Risk Management in Banking: Principles and Framework Banking regulation was left to the discretion of their respective national regulators. The need to coordinate the regulation of banks at an international level happened just after the collapse of the Bretton Woods International Monetary System. Bretton Woods International Monetary System The Bretton Woods International Monetary System was the prevailing international monetary arrangement from the end of World War II to 1974. It adopted a par value system for international foreign exchange. The par value system is a fixed exchange rate system with the following features: Each country (other than the United States) agreed to fix the par value of its currency in terms of the U.S. Dollar. Each country would intervene in the foreign exchange market, either by buying or selling dollars, to maintain its parity within the prescribed 1% margin. The U.S.A., on the other hand, agreed to peg the price of its currency (U.S. Dollar) with gold. For example, in 1958, the U.S. Treasury pegged the price of the dollar at $35 per one ounce of gold. The International Monetary Fund (IMF) was established to promote international monetary cooperation and to administer the par value system. IMF exists to manage temporary imbalances to maintain the par values such as if a country’s imports exceeded its exports. The exchange rates could be adjusted only to correct a fundamental disequilibrium in the balance of payments. In a nutshell, the currencies of all member countries other than the U.S.A. were directly pegged to the U.S. Dollar which, on the other hand, was directly pegged to gold. Currencies of countries other than the U.S. U.S. Dollar Gold Figure 4.7 Pegging of currencies In the 1960s, many countries expressed concerns that the U.S. Dollar’s fixed value against gold was overvalued. The sizeable deficits due to increased domestic and military spending caused by the Vietnam War worsened the overvaluation of the U.S. Dollar. Many countries then opted to convert their U.S. Dollar to gold. These conversions led to the gradual depletion of the U.S. gold reserves. In August 1971, U.S. President, Richard Nixon, announced the temporary suspension of the Dollar’s convertibility into gold. This led to the end of the Bretton Woods System. The collapse of the Bretton Woods System led countries to choose any form of foreign exchange arrangement—allowing the currency to float freely, pegging it to another currency or a basket of currencies, adopting the currency of another country, participating in a currency bloc or a monetary union. Failure of Bank Herstatt In 1974, a relatively unknown bank in Cologne, Germany—Bank Herstatt—had a high concentration of activities in the area of foreign trade payments. Under the Bretton Woods System, this was not an issue as the par value system was relatively fixed. This means that the bank’s foreign exchange activities carried little risk. Chapter-04.indd 100 11/26/2015 9:44:14 AM 101 Chapter 4 International Risk Regulation The collapse of the Bretton Woods System led many countries to adopt a floating exchange rate system. A floating exchange rate system is an exchange rate regime where a currency’s value is allowed to fluctuate according to market demand and supply. This new regime exposed Bank Herstatt to huge risks from its foreign exchange activities. In March 1974, Germany’s Federal Banking Supervisory Office conducted a special audit on the bank. Herstatt’s open exchange positions amounted to DM2 billion, which is three times as large as its capital. At the close of business day on 26 June 1974, the regulator withdrew the banking licence of Bank Herstatt as it was deemed to be insolvent with just DM1 billion in assets against DM2.2 billion in liabilities. The failure of Bank Herstatt developed into an international problem. When the banking regulator closed Bank Herstatt at the close of business day, it was still morning in New York. Herstatt’s counterparties had already delivered one leg of a foreign exchange transaction (e.g. Deutsche Mark) not knowing Herstatt’s banking licence had been terminated. The bank’s liquidators refused to deliver the other leg of the foreign exchange transaction, e.g. U.S. Dollar. Due to the time difference, banks outside Germany took heavy losses on their unsettled trades with Bank Herstatt. This is illustrated in Figure 4.8. New York Germany Deutsche Mark U.S. Dollar Closed by German Regulator Figure 4.8 Settlement risk—failure of Bank Herstatt Basel Committee on Banking Supervision The failure of Bank Herstatt brought an international dimension to the banking crisis. It also heightened the need to coordinate bank regulatory and supervisory efforts on an international level. In 1974, central bank governors of the G10 countries established a Committee on Banking Regulations and Supervisory Practices. This committee was later renamed as the Basel Committee on Banking Supervision (BCBS). The Basel Committee was designed as a forum for regular cooperation among its member countries on banking supervisory matters. It is the primary global standard-setter for the prudential regulations of banks and provides a forum for cooperation on banking supervisory matters. It aims to enhance financial stability by improving supervisory know-how and the quality of banking supervision worldwide. The Basel Committee executes this mandate by: Setting minimum supervisory standards Improving the effectiveness of techniques for supervising international banking business Chapter-04.indd 101 11/26/2015 9:44:15 AM 102 Risk Management in Banking: Principles and Framework Exchanging information on national supervisory arrangements Engaging with challenges presented by diversified financial conglomerates Working with other standard-setting bodies The BCBS issues standards, guidelines and sound practices to achieve its objectives. Table 4.4 Role of the Basel Committee on Banking Supervision Standards The BCBS standards constitute minimum regulatory and supervisory requirements of banks. These standards are expected to be incorporated into local legal frameworks of BCBS member countries. Guidelines The BCBS guidelines elaborate the standards. They supplement the standard by providing additional guidance for the purpose of their implementation. Sound practices The BCBS sound practices describe actual observed practices among banks with the goal of promoting common understanding and improving supervisory or banking practices. Banks can compare these sound practices with their current practices and identify potential areas for improvement. The standards, guidelines and sound practices have no legal force. The BCBS relies on its members’ commitments to incorporate these standards and decisions in their own legal framework. 4.4.2 Basel I: The 1988 Basel Capital Accord In the 1980s, many Latin American countries defaulted on their foreign debt obligations. In 1970, their debt level was just US$29 billion but, by the end of 1982, the debt levels increased by more than tenfold to US$327 billion. 1970 1978 29 159 1982 327 Figure 4.9 Debt levels of Latin American economies (in US$ billion) Many U.S. commercial banks were heavily exposed to these Latin American economies. By 1982, the nine largest U.S. money-centre banks held Latin American Debt amounting to 176% of their capital. This led the Basel Committee to focus their work on capital adequacy. In 1988, the BCBS issued the International Convergence of Capital Measurement and Capital Standards, commonly referred to as the 1988 Basel Capital Accord (or Basel I). This is the first international framework for measuring capital adequacy and minimum standards, which each member countries intend to implement in their respective countries. The two main objectives of Basel I are: Strengthen the soundness and stability of the international banking system Establish a level playing field among international banks The 1988 Basel Capital Accord aims to establish minimum levels of capital for internationally active banks relative to their respective risk-weighted assets or off-balance-sheet exposures. Chapter-04.indd 102 11/26/2015 9:44:15 AM 103 Chapter 4 International Risk Regulation This system provides for the implementation of a framework with a minimum capital to riskweighted assets of 8% by end 1992. Basel I Ratio = Total Capital ≥ 8% Risk-weighted Assets The Basel I ratio is also called the Cooke Ratio—named after Peter Cooke, a former chairman of the Basel Committee on Banking Supervision. The Cooke Ratio has two main components in its calculation: Total capital Risk-weighted assets or off-balance-sheet exposures The objective of the Cooke Ratio is to encourage banks to maximize the level of capital that they hold while at the same time, to minimize their risk-weighted assets or exposures. Why focus on capital? Banks hold assets such as loans and receivables in their books. Deterioration in the credit quality of a bank’s book will result in write-downs and credit losses. They are directly recognized in the bank’s profit and loss (P&L). These write-downs and credit losses directly impact the bank’s retained earnings, which are part of the bank’s capital. As long as losses do not exceed its capital, the bank will continue to exist as a going concern. This is because the bank has no contractual obligation to pay its equity holders. If losses exceed the bank’s capital, losses will accrue to the debtholders. The bank has a contractual duty to make payments on its financial obligations to its debtholders. Debtholders have a legal recourse to force the bank to file for bankruptcy and cease to exist as a going concern. This is the reason why capital is considered as a buffer that allows the banking organization to withstand losses in a stress scenario. Total capital For regulatory capital purposes, capital is stratified into two types: mm Core capital or Tier 1 capital—comprises basic equity capital and disclosed reserves (retained earnings). This includes permanent shareholders’ equity, i.e. issued and fullypaid ordinary shares/common stocks and perpetual non-cumulative shares. Disclosed reserves are created or increased by appropriations of retained earnings or other surplus, such as share premiums, retained profit, general reserves and legal reserves. mm Supplementary capital or Tier 2 capital—is a secondary source of capital for banks. Tier 2 capital is composed of: –– Undisclosed reserves—or hidden reserves are unpublished reserves that could be freely and immediately used to meet unforeseen future losses. –– Revaluation reserves—are reserves generated as a result of the positive revaluation of fixed assets and equity investments relative to its historic cost of acquisition. –– General provisions/general loan-loss reserves—are held against unidentified losses that are freely available to meet losses, which subsequently materialize. –– Hybrid debt capital instruments—are instruments that combine the characteristics of equity capital and debt. –– Subordinated term debts—are unsecured, long-term debt instruments that rank lower than secured debt obligation of banks but rank higher than equity. Subordinated term debts are limited to a maximum of 50% of the Tier 1 capital. Chapter-04.indd 103 11/26/2015 9:44:15 AM 104 Risk Management in Banking: Principles and Framework For purposes of calculating the available capital, banks are required to deduct the following items from their capital: Goodwill Investments in unconsolidated banking and financial subsidiary companies mm Investments in the capital of other financial institutions mm mm Risk-weighted assets The other feature of the Cooke Ratio is the risk weighting of assets or exposures. These assets or exposures are weighted according to broad categories of relative riskiness. The risk weighting is kept as simple as possible. In Basel I, there are five risk weights, i.e. 0%, 10%, 20%, 50% and 100%. Riskier assets are assigned higher risk weights. Table 4.5 Risk weights under the Cooke Ratio Risk Weights 0% Category Cash Claims on central governments and central banks in their national currencies Claims on the OECD central governments and central banks 10% Claims on domestic public-sector entities (at national discretion) 20% Claims on multilateral development banks Claims on banks incorporated in the OECD* Claims on banks incorporated outside the OECD with maturity of less than one year 50% Loans secured by mortgage on residential properties 100% Claims on private sectors Claims on banks incorporated outside the OECD with maturity of greater than one year Claims on central governments outside the OECD Fixed assets Real estates and other investments * OECD countries are those which are full members of the Organization for Economic Cooperation and Development Illustrative Example Computing for Basel I Capital Ratio A simplified balance sheet of Bank XYZ: RM Chapter-04.indd 104 RM Cash 100,000,000 Deposit 470,000,000 Real estate loans (unsecured) 50,000,000 Common shares 30,000,000 Loans from Company X 200,000,000 Real estate loans (secured) 150,000,000 Total Assets 500,000,000 Total Liabilities and Equity 500,000,000 (a) Calculate the Basel I capital ratio for Bank XYZ. (b) Determine if Bank XYZ is within the minimum capital requirements under Basel I. 11/26/2015 9:44:15 AM 105 Chapter 4 International Risk Regulation Solution: (a) Step 1: Calculate the risk-weighted assets RM Risk Weights Risk-Weighted Assets (RM) Cash 100,000,000 0% 0 Real estate loans (unsecured) 50,000,000 100% 50,000,000 Loans from Company X 200,000,000 100% 200,000,000 Real estate loans (secured) 150,000,000 50% Risk-weighted assets 75,000,000 325,000,000 Step 2: Calculate the total capital Total capital = RM30,000,000 Step 3: Calculate the Basel I ratio Total capital Risk-weighted assets 30,000,000 = 325,000,000 = 9.23% Basel I ratio = (b) The bank’s Basel I ratio is 9.23%. This is above the minimum Basel I capital requirement of 8%. Basel I covers only credit risk. Risks arising from other sources, such as market risk, are left to the discretion of the respective country’s national supervisor. The 1996 market risk amendment One of the criticisms against Basel I is that it covers only the bank’s credit risk exposures. In the 1990s, many banks had substantial exposures to market risks. In 1995, Barings Bank—the oldest bank in Britain— collapsed due to the speculative activities of a single British trader based in Singapore. Trading losses peaked when a wrong bet on Japan equities led to the bank’s recognition of US$1.3 billion in losses. The 233-year-old institution’s capital and reserves were wiped out. In January 1996, the Basel Committee issued an amendment to the 1988 Basel Capital Accord which incorporated within the Basel I capital requirements, market risks arising from banks’ open positions in foreign exchange, traded debt securities, equities, commodities and options. Market risk is defined as the risk of losses in on- and off-balance sheet positions arising from movements in market prices. Market risk includes: General and specific risk pertaining to interest rate risk and equity risk in the trading book Foreign exchange risk and commodity risk throughout the bank Banks have two alternative methodologies of measuring market risks: Standardized method—involves a rule-based ‘black box’ approach to measure: mm Interest rate risk mm Equity position risk mm Foreign exchange risk mm Commodities risk The standardized methodology uses a building-block approach in which the specific risk and the general market risk arising from debt and equity positions are calculated separately. Chapter-04.indd 105 11/26/2015 9:44:15 AM 106 Risk Management in Banking: Principles and Framework Internal models approach—allows banks to use risk measures derived from their own internal risk management models, subject to the fulfillment of certain conditions and upon the explicit approval of the central bank. For purposes of calculating the regulatory capital requirement for market risk, banks are required to calculate daily value-at-risk (VAR) at the 99th percentile, one-tailed confidence interval with a 10-day holding period. The amendment also introduced another type of capital, namely Tier 3 capital. At the discretion of the respective country’s central bank, banks may employ a third tier of capital (Tier 3) consisting of short-term subordinated debt for the sole purpose of meeting a proportion of the capital requirements for market risk. This means that banks may not use the Tier 3 capital to satisfy credit/counterparty risk requirements under the Basel I Accord. The Tier 3 capital is limited to 250% of a bank’s Tier 1 capital that is required to support market risks. In addition, the combined total of Tier 2 and Tier 3 capital shall not exceed the bank’s total Tier 1 capital. 4.5 THE THREE PILLARS OF BASEL II LEARNING OBJECTIVE 4.5 DISCUSS the basic features of the three pillars of Basel II In June 2004, the Basel Committee released the Revised Capital Framework. This revised capital framework was designed to improve the way regulatory capital requirements reflect underlying risks, and address the financial and risk management innovation that occurred in the years following Basel I. Basel II consists of three pillars: Minimum capital requirements (Pillar 1) Supervisory review process (Pillar 2) Market discipline (Pillar 3) Pillar 1: Minimum capital requirements Pillar 2: Supervisory review process Pillar 3: Market discipline Figure 4.10 The three pillars of Basel II Chapter-04.indd 106 11/26/2015 9:44:16 AM 107 Chapter 4 International Risk Regulation 4.5.1 Pillar 1—Minimum Capital Requirements Pillar 1 of Basel II sets out a revised minimum capital requirements for banks. While Basel II retains the 8% minimum capital requirements for banks, it expands the mechanism of risk weighting a bank’s assets. The formula for determining a bank’s Basel II ratio is: Basel II Ratio = Total Capital Market Risk + Credit Risk + Operational Risk ≥ 8% Basel II specifies the minimum capital calculations for three types of risks: Market risk Credit risk Operational risk Market risk The Basel II capital framework consolidated the market risk amendment to the minimum capital requirements. The minimum capital requirements for market risk is essentially the same as discussed in section 4.4.2’s subtopic—The 1996 market risk amendment. Real World Illustration Fundamental Review of the Trading Book In October 2013, the Basel Committee on Banking Supervision released the second consultative paper on the fundamental review of capital requirements for the trading book. The key features of the proposed revised framework include: Revised boundary between trading book and banking book. The new approach aims to introduce a more objective boundary between the two books that remains aligned with the banks’ risk management practices and reduces incentives for regulatory arbitrage. Revised risk measurement approach and calibration. The proposal involves a shift in market risk measure from value-at-risk to expected shortfall. Market illiquidity. The proposal involves the introduction of liquidity risk horizons in the market risk metric and an additional risk assessment tool for trading desks with exposure to illiquid, complex products. Revised standardized approach. The proposal includes a new risk-sensitive approach that can be used as an alternative to the internal models approach which is appropriate for banks and do not require sophisticated measurement of market risk. Revised internal models approach. The proposal includes provisions requiring a more comprehensive model approval process and a more consistent identification and capitalization of material risk factors. Strengthened relationship between the standardized and model-based approaches. The proposal requires mandatory calculation of the standardized approach by all banks and mandatory public disclosures of standardized capital charges by all banks. Closer alignment between trading and banking book in the regulatory treatment of credit risk. The proposal considers using the standardized approach calculation as the floor or surcharge to the model-based approach. Source: Fundamental Review of the Trading Book–Second Consultative Document, October 2013, Basel Committee on Banking Supervision Chapter-04.indd 107 11/26/2015 9:44:16 AM 108 Risk Management in Banking: Principles and Framework Operational risk Operational risk is not explicitly covered in Basel I but it is formally defined in Basel II as the risk of loss resulting from inadequate or failed processes, people, systems or from external events. Figure 4.11 depicts the three measurement approaches for operational risk as outlined in Basel II. Basic Indicator Approach Advanced Measurement Approaches Standardized Approach Figure 4.11 Three measurement approaches for operational risk Basic Indicator Approach—is the simplest method and uses the average of the previous three years of a fixed percentage of the bank’s positive annual gross income as the basis for setting capital. Internationally active banks and banks with significant operational risk exposures are expected to use an approach that is more sophisticated than the Basic Indicator Approach (BIA). Standardized Approach—In this approach, banks’ activities are divided into eight business lines: Corporate finance Trading and sales mm Retail banking mm Commercial banking mm Payment and settlement mm Agency services mm Asset management mm Retail brokerage mm mm Capital charges for each of the business lines are based on a percentage (beta) of that business line’s gross income. The percentage (beta) was set according to the perceived riskiness of the business line. Table 4.6 Quantum for capital charges Business Lines Chapter-04.indd 108 Beta Factors Corporate finance (b1) 18% Trading and sales (b2) 18% Retail banking (b3) 12% Commercial banking (b4) 15% Payment and settlement (b5) 18% Agency services (b6) 15% Asset management (b7) 12% Retail brokerage (b8) 12% 11/26/2015 9:44:16 AM 109 Chapter 4 International Risk Regulation The total capital charge is the three-year average of the sum of the charges across business lines in each year. Advanced Measurement Approach (AMA)—is the most complex method of calculating operational risk regulatory capital. Under the AMA, the regulatory capital requirement will be based on the risk measure generated by the bank’s internal risk measurement system. The use of AMA is subject to supervisory approval. Subject to getting prior supervisory approval, a bank will not be allowed to revert to or choose a simpler approach once it has received approved to adopt a more advanced approach. Real World Illustration Operational Risk—Revisions to Simpler Approaches—Consultative Document In October 2014, the Basel Committee on Banking Supervision released a consultative paper that sets out proposed revisions to the Standardized Approach for measuring operational risk capital. Once finalized, the revised Standardized Approach will replace the current non-model based approaches, i.e. Basic Indicator Approach, Standardized Approach and the Alternative Standardized Approach. A statistically superior measure of operational risk, which is referred to as the Business Indicator (BI), will replace gross income as the key input for determining operational risk capital. The proposal aims to remove the differentiation by a business line which is found not to be a significant risk driver. Instead, size is found to be a significant risk-driver and is incorporated in the new methodology. Source: Operational Risk–Revisions to Simpler Approaches–Consultative Document, October 2014. Basel Committee on Banking Supervision Credit risk Basel II introduced significant changes to the minimum capital requirements for Basel I. Basel II provides capital incentives for banks to move to more sophisticated credit risk management approaches. Standardized Approach Internal Ratings-Based (Foundations) Internal Ratings-Based (Advanced) Figure 4.12 Three measurement approaches for credit risk Standardized approach—is similar to Basel I except that Basel II focuses on the credit ratings assessment of External Credit Assessment Institutions (ECAIs) to define the required risk weights. Higher-rated individual claims have lower risk weights compared Chapter-04.indd 109 11/26/2015 9:44:16 AM 110 Risk Management in Banking: Principles and Framework to lower-rated claims. Further, under the standardized approach, credit risk exposures are divided into the following exposure types: mm Sovereigns Table 4.7 Risk weights—sovereigns mm Corporate Credit Ratings Risk Weights AAA to AA- 0% A+ to A- 20% BBB+ to BBB- 50% BB+ to B- 100% Below B- 150% Unrated 100% Public sector entities, banks and securities firms Table 4.8 Risk weights—public entities, banks and securities firms Corporate Credit Ratings Risk Weights (Option 1: 1 Rating below Sovereign) Risk Weights (Option 2: External Credit Assessment Institutions Rating-Based) AAA to AA- 20% 20% A+ to A- 50% 50% BBB+ to BBB- 100% 50% BB+ to BB- 100% 100% Below B- 150% 150% Unrated 100% 50% mm Corporates Table 4.9 Risk weights—corporates Corporate Credit Ratings Risk Weights AAA to AA- 20% A+ to A- 50% BBB+ to BB- 100% Below BB- 150% Unrated 100% Internal ratings-based approach (IRB) approach—allows banks to rely on their own internal estimates of risk components to determine the capital requirement for a given exposure. This approach requires prior supervisory approval. Under the IRB approach, banks must categorize banking book exposures into broad classes of assets with different underlying risk characteristics. These classes of assets are: mm mm Chapter-04.indd 110 Corporate Sovereign 11/26/2015 9:44:16 AM 111 Chapter 4 International Risk Regulation Bank mm Retail mm Equity mm The IRB approach will be covered in more detail in Book II. 4.5.2 Pillar 2—Supervisory Review and Evaluation Process Pillar 2 of the Basel II Framework describes the mandatory processes for both banks and supervisory authorities (regulators) to establish a link between a bank’s risk profile, its risk management infrastructure and its capital. Pillar 2 goes beyond the minimum capital requirements of Pillar 1; risks that are not addressed in Pillar 1 are addressed in Pillar 2. The supervisory review process aims to: ensure that banks have adequate capital to support all the risks in their business; and encourage banks to develop and use better risk management techniques in monitoring and managing risks. Pillar 2 has two major components: Internal Capital Adequacy Assessment Process Supervisory Review and Evaluation Process Internal capital adequacy assessment process Dialogue/ Discussion Supervisory review evaluation process Figure 4.13 Major components of Pillar 2 Figure 4.13 illustrates the mandatory process for both the banks and supervisory authority to engage in dialogues. It aims to establish a link between a bank’s risk profile, its risk management infrastructure and its capital. Internal capital adequacy assessment process (ICAAP) is a process for banks to assess their capital adequacy in relation to its risk profile. Supervisory review and evaluation process (SREP) is an evaluation process to ensure that banks have adequate capital in relation to their risk profile and a forum to encourage banks to develop and use better risk measurement and management techniques. Internal capital adequacy assessment process Banks are required to implement a process for assessing their capital adequacy in relation to their risk profile as well as a strategy on capital management. This process is referred to as the internal capital adequacy assessment process (ICAAP). Chapter-04.indd 111 11/26/2015 9:44:16 AM 112 Risk Management in Banking: Principles and Framework ICAAP serves as the guideline for setting capital targets commensurate with the bank’s risk profile and control environment. Figure 4.14 depicts the five main features of a rigorous internal capital adequacy assessment process. Elements of Rigorous ICAAP Board and senior management oversight Sound capital assessment Comprehensive assessment of risks Monitoring and reporting Internal control review Figure 4.14 Main features of ICAAP Board and senior management oversight The bank’s board of directors has a responsibility for setting the bank’s tolerance for risks. It should also ensure that management: mm establishes a framework for assessing the various risks; mm develops a system to relate risk to the bank’s capital level; and mm establishes a method for monitoring compliance with internal policies. The bank management is responsible for understanding the nature and level of risk being taken by the bank, and how the risk relates to adequate capital levels. It also has to ensure that the formality and sophistication of the risk management processes are appropriate in light of the risk profile and business plan. Sound capital assessment The bank should have the following elements of sound capital assessment: mm Policies and procedures designed to ensure that the bank identifies, measures and reports all material risks. mm A process that relates capital to the level of risk. mm A process that states the capital adequacy goals with respect to risk, taking account of the bank’s strategic focus and business plan. mm A process of internal controls, reviews and audits to ensure the integrity of the overall management process. Comprehensive assessment of risks All material risks the bank faces should be assessed in the capital assessment process. The assessment should cover the following broad categories of risks: mm Credit risk mm Market risk mm Operational risk mm Interest rate risk in the banking book mm Liquidity risk mm Other related risks Chapter-04.indd 112 11/26/2015 9:44:16 AM 113 Chapter 4 International Risk Regulation Monitoring and reporting The bank should establish an adequate system for monitoring and reporting risk exposures and for assessing the impact of the bank’s changing risk profile on the need for capital. Internal control and review The internal control structure is an essential component of the capital assessment process. The bank should conduct periodic review of its process to ensure its integrity, accuracy and reasonableness. The review should encompass the following areas: mm Appropriateness of the bank’s capital assessment process mm Identification of large exposures and risk concentrations mm Accuracy and completeness of data inputs into the bank’s assessment process mm Reasonableness and validity of scenarios used in the capital assessment process mm Stress testing and analysis of assumptions and inputs Supervisory review and evaluation process The supervisory review process aims to: ensure that banks have adequate capital to support all the risks in their business; and encourage banks to develop and use better risk management techniques in monitoring and managing their risks. Figure 4.15 shows the key focus areas of the supervisory review process. Review of adequacy of risk assessment Supervisory response Supervisory review of compliance with minimum standards Assessment of capital adequacy Assessment of the control environment Figure 4.15 Key areas in the supervisory review process Adequacy of risk assessment Bank supervisors should assess the degree to which the bank’s internal targets and processes incorporate the full range of material risks, the adequacy of risk measures used in assessing the internal capital adequacy, and the extent to which the risk measures are used operationally in setting limits, evaluating business line performance, and evaluating and controlling risks. Chapter-04.indd 113 11/26/2015 9:44:16 AM 114 Risk Management in Banking: Principles and Framework Assessment of capital adequacy Supervisors should review the bank’s business process to determine the following elements: mm Target levels of capital chosen are comprehensive and relevant to the current operating environment mm Target levels are properly monitored and reviewed by senior management mm Composition of capital is appropriate for the nature and scale of the bank’s business Assessment of the control environment Supervisors should consider the quality of the bank’s management information system and reporting, the manner in which business risks and activities are aggregated and management’s record in responding to emerging or changing risks. Supervisory review of compliance with minimum standards Supervisors should ensure that banks meet the minimum requirements in capital, risk management standards and disclosures. Supervisory response Supervisors should take appropriate action if they are not satisfied with the results of the bank’s own risk assessment and capital actions. The actions may include: mm Intensifying the monitoring of the bank mm Restricting the payment of dividends mm Requiring the bank to prepare and implement a satisfactory capital adequacy restoration plan mm Requiring the bank to raise additional capital immediately 4.5.3 Pillar 3—Market Discipline Pillar 3 of the Basel II Framework aims to encourage market discipline by developing a set of disclosure requirements, which will allow market participants to assess key pieces of information on the bank’s capital, risk exposures, risk assessment process and capital adequacy. The main objective of Pillar 3—Market Discipline is to allow the public to enforce discipline on banks by requiring the institutions to provide key pieces of information to help them (the public) make informed assessment of the banks’ risks and capital adequacy profiles. Pillar 3 enforces banks’ compliance with market discipline disclosures pertaining to information on: Scope of application Bank’s capital Capital adequacy Scope of application This section establishes the scope of the Pillar 3 disclosures. The Basel Committee requires banks to apply the Pillar 3 disclosures at the top consolidated level of the banking group. This section also discusses the analysis of total capital and Tier 1 capital ratios of significant banking subsidiaries within the group. Chapter-04.indd 114 11/26/2015 9:44:16 AM 115 Chapter 4 International Risk Regulation Table 4.10 Pillar 3—scope of application Qualitative disclosures Name of the top corporate entity in the group Outline of differences in the basis of consolidation for accounting and regulatory purposes Restrictions on transfer of funds or regulatory capital within the group Quantitative disclosures Aggregate amount of surplus capital of insurance subsidiaries Aggregate amount of capital deficiencies in all subsidiaries not included in the consolidation Aggregate amounts of the bank’s total interests in insurance entities Capital Table 4.11 Tier 1—disclosures of bank’s capital Qualitative disclosures Summary information on the terms and conditions of the main features of all capital instruments Quantitative disclosures Amount of Tier 1 capital with separate disclosures of: mm Paid-up share capital / common stock mm Reserves mm Minority interests in the equity of subsidiaries mm Innovative instruments mm Other capital instruments mm Surplus capital from insurance companies mm Regulatory calculation differences deducted from the Tier 1 capital mm Other amounts deducted from the Tier 1 capital including goodwill and investments Total amount of Tier 2 and Tier 3 capital Other deductions from capital Total eligible capital Capital adequacy Table 4.12 Tier 1—disclosure on bank’s capital adequacy Qualitative disclosures Summary discussion of the bank’s approach to assessing the adequacy of its capital to support current and future activities Quantitative disclosures Capital requirements for credit risk Capital requirements for equity exposures Capital requirements for market risk Capital requirements for operational risk Total capital and Tier 1 capital ratio Risk exposure and assessment Banks are required to disclose all material risks which they face and the techniques they use to identify, measure, monitor and control those risks. The detailed disclosures will include the following key risks: Credit risk Market risk Interest rate risk and equity risk in the banking book Operational risk Chapter-04.indd 115 11/26/2015 9:44:16 AM 116 Risk Management in Banking: Principles and Framework 4.6 INTRODUCTION TO BASEL III REQUIREMENTS LEARNING OBJECTIVE 4.6 EXPLAIN the key capital and liquidity reforms under Basel III The 2008 global financial crisis highlighted many weaknesses in the banking sector, which were not adequately addressed by the Basel II capital framework. These weaknesses included excessive leverage, inadequate and low-quality capital, and insufficient liquidity buffers. These weaknesses were further amplified by a procyclical deleveraging process and the interconnectedness of systemically important financial institutions. Basel III was designed to address the lessons learned from the 2008 crisis. It does not replace the Basel II capital framework. Instead, it supplements Basel II by addressing its weaknesses. In order to understand the context in which Basel III was designed, it is important for the students to appreciate the weaknesses of the banking sector and related issues arising from the 2008 crisis. 4.6.1 2008 Global Financial Crisis and Basel II Weaknesses Figure 4.16 depicts the key weaknesses of the Basel II regime—from the bank-level (micro-level) and system-wide (macro-level) perspectives—that were highlighted by the 2008 financial crisis. Inadequate and low quality capital Bank-level weaknesses Insufficient liquidity buffers Excessive leverage 2008 financial crisis weaknesses Procyclicality System-wide weaknesses Interconnectedness of systemically important financial institutions Figure 4.16 Weaknesses of Basel II highlighted by the 2008 financial crisis Chapter-04.indd 116 11/26/2015 9:44:16 AM 117 Chapter 4 International Risk Regulation Inadequate and low-quality capital The global banking system entered the crisis with an insufficient level of high quality capital. As the crisis unfolded, many banks were forced to rebuild their common equity capital bases, at a time when it was expensive and difficult to do so. Another issue involved the many innovative instruments that were considered to be capital under the Basel II framework, but did not perform as an effective buffer for losses during the crisis. Capital is considered to be effective if it is loss-absorbing. Capital is intended to serve as an effective buffer for credit risk and to absorb losses during a financial crisis. This means that banks must not be obligated to replace this capital when it is less optimal to do so. Real World Illustration Deutsche Bank Elects not to Exercise Call Deutsche Bank AG, Europe’s biggest investment bank by revenue, passed up an opportunity to redeem EUR 1 billion of subordinated bonds, saying it would be more expensive to refinance the debt. The bank had the option to buy back the 3.875% notes on 16 January 2014 or pay a socalled step-up coupon of 88 basis points more than Euribor. Deutsche Bank’s decision startled bondholders because borrowers are expected to repay callable notes at the first opportunity and the securities are valued on that basis. “Frankly I am surprised,” said Bill Blain, a broker at KNG Securities in London. “No doubt some doomsters will say Deutsche Bank is skipping a call because it faces further losses.” Source: Bloomberg News, 17 December 2008 Insufficient liquidity buffers In the years running up to the 2008 financial crisis, liquidity did not receive adequate attention as debates about bank regulation were focused on capital adequacy. While a strong capital position was a necessary condition for banking sector stability, the crisis showed that it was insufficient. Prior to the crisis, liquidity was abundant and cost of funding was low. During the crisis, funding dried up and remained in short supply for a very long period. One of the lessons learned was that illiquid markets could last for a long period of time. For example, many banks had assumed that the liquidity crunch would not last as long as it did from the time the Federal Home Loan Mortgage Corporation (Freddie Mac) announced that it would no longer purchase most of the risky subprimes and mortgage-related securities in February 2007 to the Lehman Brothers collapse in 2008. Many banks had expressed confidence that liquidity in the markets would be restored. Excessive leverage Excessive leverage in the banking system played a crucial role in creating vulnerabilities that increased the depth and severity of the 2008 crisis. According to the Turner Report, from 2003 onwards, there were significant increases in the balance sheet leverage of many commercial and investment banks driven by dramatic increases in gross assets and derivative positions. Further, the U.S. Financial Crisis Inquiry Commission reported that, as of 2007, five major global investment banks were operating with extraordinarily high leverage. By one measure, their leverage ratios were as high as 40:1— meaning, for every $40 in asset, there was only $1 to cover for the losses. This implied that a drop in asset value of less than 3% could wipe out the bank’s entire value. Chapter-04.indd 117 11/26/2015 9:44:17 AM 118 Risk Management in Banking: Principles and Framework During the period leading up to the crisis, many banks reported strong Basel II Tier 1 risk-based ratio while still being able to build high levels of both on- and off-balance sheet leverages. Procyclicality Procyclicality refers to the mutually reinforcing mechanisms through which the financial system can amplify business fluctuations and possibly cause or amplify financial instability. It is the tendency of financial variables to fluctuate around a trend during the economic cycle. One of the unintended consequences of Basel II is encouraging behaviour that amplifies the effects of business cycle fluctuations. During periods of economic expansions, risk measurement models signal lower risk. Regulatory capital required, therefore, is lower. Banks tend to take more risk during these favourable economic conditions. Further, they do not raise capital when it is cheaper and more optimal to do so. On the other hand, during periods of economic contractions, risk measurement models signal higher risk. The regulatory capital required is higher. This forces banks to raise more capital when it is more expensive to do so. Besides, banks are restricted from taking more risks, which will further amplify the economic contraction. These reinforcing mechanisms are disruptive and apparent during a downturn. For instance, financial institutions will incur losses and capital buffers decline, which will force them to raise funding in an unfavourable environment. This will also result in tightening of credit extension and selling of assets, which will in turn weaken the economy. There are two types of procyclicality: Procyclicality of capital When conditions are good, financial institutions are profitable. Their strong capital base allows them to take larger risk positions. This triggers additional demand for assets and leads to further increase in their prices. On the other hand, when conditions are unfavourable, they make losses and their capital base deteriorates. This triggers sellingoff of assets and leads to further decrease in their prices. Procyclicality of leverage Procyclicality of leverage occurs when financial institutions’ balance sheets expand and contract with economic cycles. The different mechanisms at work are: mm mm mm Risk measurement models. Risk measurement models are procyclical, especially when constructed with short data series. Risk management practices hardwired to valuations strongly amplify fluctuations in leverage and lead to fire sales and onesided markets. Short-term money markets. When liquidity is perceived to be abundant, there is a strong incentive or appetite to lengthen asset maturity and hold strongly-leveraged positions. Risk appetite. Valuation gains may encourage further risk-taking while valuation losses may trigger sharp pull-backs. Interconnectedness of systemically important financial institutions During the financial crisis, excessive interconnectedness among systemically important banks transmitted shocks across the financial system and economy. The collapse of Lehman Brothers in 2008 sent global shockwaves across financial institutions. Chapter-04.indd 118 11/26/2015 9:44:17 AM 119 Chapter 4 International Risk Regulation Corporate issuers Insurance companies Mortgage banks Other banks/ dealers Lehman Brothers Over 7,000 legal entities in more than 40 countries Money market funds Hedge funds Sovereign and municipal debt issuers Source: Presentation by PricewaterhouseCoopers’ Financial Services Institute Figure 4.17 The Lehman shockwaves The 2008 financial crisis provided lessons on the costs to the economy in the absence of effective powers/regulatory tools for dealing with the failure of systemically important financial institutions. Basel III reforms During the period 2009−2010, the Basel Committee introduced various reform measures to address the lessons learnt from the 2008 financial crisis. They focused on strengthening global capital and liquidity rules towards promoting a more resilient banking sector. These measures—collectively referred to as Basel III—are expected to be fully implemented by 2019. The reforms aim to address the following bank-level and system-wide weaknesses that were identified in the 2008 financial crisis: Raising the quality of capital to ensure banks are better able to absorb losses on both a going-concern and gone-concern basis Increasing the risk coverage of the capital framework Raising the level of the minimum capital requirements Introducing an internationally harmonized leverage ratio to serve as a backstop to the risk-based capital measure and to contain the build-up of excessive leverage in the system Raising standards for the supervisory review process (Pillar 2) and public disclosures (Pillar 3) Chapter-04.indd 119 11/26/2015 9:44:17 AM 120 Risk Management in Banking: Principles and Framework Introducing minimum global liquidity standards Promoting the build-up of capital buffers in good times that can be drawn down in periods of stress 4.6.2 Basel III—Capital Reforms The Basel III capital reforms focus on strengthening both the quality and level of capital. It prescribes increasing the required amount of capital and at the same time limited the use of capital that is not fully loss absorbing. The two main purposes of capital are: Going-concern capital Going-concern capital is capital that absorbs losses without the bank being subjected to excessive pressure to contain its liquidity. It allows the entity to continue as a going concern and enhances its ability to stay solvent. The objective of Tier 1 capital is to allow the entity to survive and continue as a going concern. Hence, only capital that allows the bank to stay solvent and continue as a going concern can be considered as Tier 1 capital. The predominant form of Tier 1 capital must be common shares and retained earnings. The common equity Tier 1 capital includes: mm Common shares mm Share premium mm Retained earnings mm Accumulated comprehensive income mm Minority interest mm Regulatory adjustments Other than common equity shares, there are certain innovative capital structures that can be considered as Additional Tier 1 capital—an alternative Tier 1 capital with no maturity date. Additional Tier 1 capital is a hybrid debt instrument with principal loss absorption features. A common example of these hybrid debt instruments are preferred shares, which contain both debt and equity features. The principal loss absorption feature generally allows the bank to convert common shares at pre-specified trigger point or contain a write-down mechanism, which allocates losses to the instrument at a specified trigger point. Gone-concern capital Gone-concern capital refers to capital that aims to protect senior creditors, depositors and taxpayers in the event of a bank failure. Tier 2 capital, which is ranked junior to senior creditors and depositors but more senior compared to common equity holders, is considered to be a gone-concern capital. The Basel Committee on Banking Supervision held the consensus that high-quality capital means higher loss-absorbing capital to allow banks better withstand periods of stress. Chapter-04.indd 120 11/26/2015 9:44:17 AM 121 Chapter 4 International Risk Regulation Quantity of capital Common Tier 1: 4.5% Tier 1 Capital: 6.0% Total Capital: 8.0% Figure 4.18 Capital requirements under Basel III Under Basel III, there is no change in the level of total capital required to support a bank’s risk-weighted assets. As with Basel II, the minimum total capital required is 8%. (Note: The additional 2.5% capital conservation buffer is not part of the regulatory capital minimum requirement. Failure to meet this requirement will only restrict the bank’s ability to make capital distributions, but will not result in constraints to the bank’s operations.) There are, however, some changes to the level of high-quality capital required, namely: Common Tier 1 capital requirement increased from 2% of risk-weighted assets to 4.5% Tier 1 capital requirement increased from 4% of risk-weighted assets to 6% Capital conservation buffer Basel III introduced a framework to promote conservation of capital and the build-up of adequate buffers above the minimum capital requirement that can be drawn upon during periods of financial stress. The objective is to encourage banks to hold capital buffers above the regulatory minimum. At the onset of the 2008 financial crisis, a number of banks continued to make large distributions of capital through dividend payments, share buy-backs and generous compensation payments even though the financial condition and outlook the banking sector was deteriorating. Many of the activities were driven by a collective action problem where any reductions in distributions were perceived as sending a signal of weakness. This made individual banks less resilient as they did not do enough to rebuild their capital buffers, particularly during the good times. The capital conservation buffer aims to increase the resilience of the banking sector during a downturn and provide a mechanism for rebuilding capital during an economic recovery. The buffer will help to avoid breaches of the minimum capital requirement and to maintain the capital buffer above the regulatory minimum outside periods of stress. When the buffers are drawn down, banks may consider reducing their discretionary distribution of earnings or raising new capital from the private sector. Unlike the minimum capital requirement, failure to meet the capital conservation buffer requirement will not result in constraints to the bank’s operation. Rather, it will result in Chapter-04.indd 121 11/26/2015 9:44:17 AM 122 Risk Management in Banking: Principles and Framework restrictions to distributions of capital. Hence, this should not be viewed as establishing a new capital requirement. The items subject to distribution restrictions include: Dividends Share buybacks Discretionary payments on other Tier 1 capital instruments Discretionary bonus payments to staff A capital conservation buffer of 2.5% of the risk-weighted assets should be established above the regulatory minimum requirement. This buffer should fully comprise Common Tier 1 equity. Countercyclical buffer Losses in the banking sector can be extremely large when a downturn is preceded by excess credit growth. These losses can destabilize the banking sector and spark a vicious cycle. Problems in the financial system can contribute to a downturn in the real economy that feeds back to the banking sector. These problems led to the Basel III reforms where banking organizations are required to build up additional capital defences during periods when the risks of system-wide stresses are growing markedly. This countercyclical capital buffer regime aims to ensure that the banking sector capital requirements take account of the macro-financial environment in which banks operate in. The countercyclical buffer is a macro-prudential measure to protect the banking sector from periods of excess credit growth that have been often associated with a build-up of systemic risk. This capital buffer does not address the resilience of individual banks during periods of stress as this is covered by the minimum capital requirements and the capital conservation buffer. Banking supervisors will deploy the capital buffer regime when excess aggregate credit growth is judged to be associated with a build-up of system-wide risk to ensure the banking system has a buffer of capital to protect it against future potential losses. The objective is to control the supply and demand of credit to moderate the excessive build-up of credit. The countercyclical buffer between 0% to 2.5% of risk-weighted assets may be imposed by the relevant national supervisors during periods of excess credit growth. This capital buffer should fully comprise Common Tier 1 equity. Leverage ratio One of the underlying features of the 2008 global financial crisis was the build-up of excessive leverage in the banking system. In some cases, banks built up excessive leverage while still showing strong risk-based capital ratio. During the most severe part of the crisis, the market forced the banking sector to reduce leverage in a manner that amplified the downward pressure on asset prices. To prevent an excessive build-up of leverage, the Basel III framework introduces a non-risk based leverage ratio as an additional regulatory prudential tool to complement the minimum capital adequacy requirements. The leverage ratio will serve as a backstop to the risk-based capital requirement and helps contain system-wide build-up of leverage. Basel III leverage ratio The formula for calculating the Basel III leverage ratio, which is defined as the capital measure (numerator) divided by the exposure measure (denominator), is: Chapter-04.indd 122 11/26/2015 9:44:17 AM 123 Chapter 4 International Risk Regulation Basel III Leverage Ratio = Tier 1 Capital ≥ 3% Total Exposure The capital measure is the bank’s Tier 1 capital as defined by Basel III. The exposure measure for this ratio is the sum of the following exposures: On-balance sheet exposures Derivative exposures Securities financing transaction exposures Off-balance sheet items The objectives of the leverage ratio requirement are: Constrain the leverage in the banking sector Introduce additional safeguards against model risks and measurement errors by supplementing the risk-based measure with a simple, transparent and independent measure of risk Implementation of the leverage ratio requirements has started with banks submitting reports to their country’s banking regulator. This was followed public disclosures, which commenced on 1 January 2015. The Basel Committee will monitor the impact of the disclosure requirements and make final adjustments, if any, to the definition and calibration ratio by 2017. 4.6.3 Basel III—Liquidity Reforms One of the most important lessons from the 2008 financial crisis is that while strong capital requirements are a necessary condition for banking sector stability, strong liquidity is also of equal importance. During the early liquidity phase of the crisis, many banks continued to experience difficulties despite having adequate capital levels. The crisis revealed the importance of liquidity for the proper functioning of the banking system. Basel III introduces two minimum standards for liquidity, namely: Liquidity coverage ratio Net stable funding ratio These two standards have been developed to achieve the following two separate but complementary objectives: Promote short-term resilience of a bank’s liquidity profile by ensuring it has sufficient high quality liquid resources to survive an acute stress scenario for one month (liquidity coverage ratio). Promote longer-term resilience by creating additional incentives for a bank to fund its activities with more stable sources of funding (net stable funding ratio). Liquidity coverage ratio Liquidity coverage ratio is intended to promote resilience to potential liquidity disruptions over a 30-day horizon. It will help to ensure that banks have sufficient unencumbered, high-quality liquid assets to offset the net cash outflows they could encounter under an acute short-term stress scenario. Chapter-04.indd 123 11/26/2015 9:44:17 AM 124 Risk Management in Banking: Principles and Framework Cushion of high-quality liquid assets 30-day liquidity stress scenario Figure 4.19 Liquidity coverage promotes resilience The scenario is built upon circumstances experienced during the global financial crisis that began in 2007 and entails both institution specific and systemic shocks. High-quality liquid assets (e.g. cash and domestic government bonds) should be unencumbered and liquid in markets during a time of stress. Liquidity Coverage Ratio = Stock of High-quality Liquid Assets ≥ 100% Net Cash Outflows Over the Next 30 Days Net stable funding ratio Net stable funding ratio requires a minimum amount of stable sources of funding for a bank relative to the liquidity profiles of its assets as well as the potential for contingent liquidity needs arising from off-balance sheet commitments over a one-year horizon. The ratio aims to limit over-reliance on short-term wholesale funding during times of buoyant market liquidity and encourage better assessment of liquidity risk across all on- and off-balance sheet items. It covers the entire balance sheets and provides incentives for banks to use stable sources of funding. Net Stable Funding Ratio = Available Amount of Stable Funding Amount of Required Stable Funding Required stable funding (function of liquidity characteristics of assets/activities) Available amount of stable funding Figure 4.20 Limiting over-reliance on short-term funding during buoyant market conditions Stable funding is the portion of those types and amount of equity and liability financing expected to be reliable sources of funds over a one-year horizon under conditions of extended stress. Chapter-04.indd 124 11/26/2015 9:44:18 AM Chapter 4 International Risk Regulation 125 Table 4.13 Highlights of Basel II and Basel III Basel II Basel III Pillar 1—Minimum capital requirements Total capital • Tier 1 + Tier 2 = 8% risk-weighted assets Core Tier 1 • At least 2% of risk-weighted assets Basel III introduced certain reforms to the provisions of Basel II. Tier 1 must be at least These reforms are: 50% of the total capital Increasing the quantity and quality of capital Market risk Standardized approach Internal models approach Operational risk Basic indicator approach Standardized approach Advanced measurement approach Credit risk Standardized approach Internal ratings-based approach (foundation) Internal ratings-based approach (advanced) Pillar 2—Supervisory review Pillar 2 provides for a mandatory process for both banks and regulators to establish the link between a bank’s risk profile, its risk management infrastructure and its capital. Pillar 3—Market discipline Aims to encourage market discipline by developing a set of disclosure requirements which will allow market participants to assess key pieces of information on the scope of application, capital structure and adequacy, and risk positions and assessment process. Minimum capital requirement Capital conservation buffer 2.5% Countercyclical buffer 0% to 2.5% Common Tier 1: 4.5% Tier 1 Capital: 6.0% Total Capital: 8.0% Introduction of a liquidity risk framework Liquidity coverage ratio The liquidity coverage ratio aims to promote shortterm resilience of the liquidity risk profiles of banks. Stock of HQLA Ner cash outflows over next 30 days ≥ 100% Net stable funding ratio The net stable funding ratio is the amount of available stable funding to the required amount of funding. It aims to limit over-reliance on shortterm wholesale funding and encourage better assessment of liquidity risk across all on- and offbalance sheet items. Available amount of stable funding Required amount of stable funding > 100% Other reforms Introduction of a leverage ratio Capital Exposure > 100% The Basel III leverage ratio is a test minimum requirement for the trial run period of January 2013 to January 2017. The basis of calculation is the average of the three month-end leverage ratios over a quarter. Risk coverage Counterparty credit risk charge to be introduced. Credit valuation adjustment (CVA) to be introduced as a price for counterparty credit risk. Chapter-04.indd 125 11/26/2015 9:44:18 AM 126 Risk Management in Banking: Principles and Framework CONCLUSION In this chapter, we discussed the international regulatory environment of risk management. We enumerated the different reasons why banking organizations operate in one of the most heavily-regulated industries. We also enumerated the different sources and types of banking regulations. Thereafter, we talked about the most important international risk regulation— Basel Capital Accords—as well as their evolution. It was emphasized that the Basel Accords are an evolving international regulatory regime that addresses the weaknesses that were uncovered during successive financial crises. The Basel Committee on Banking Supervision continues to adjust these regulations as new concerns and issues emerge. At the end of the chapter, we enumerated the different reforms that were instituted in response to the 2008 global financial crisis. After discussing the basic concepts of risk management in the previous chapters, we will proceed with an overview of the most important and significant risks for many banking organizations—credit risk—in the next chapter. Chapter-04.indd 126 11/26/2015 9:44:18 AM C 5 P HA TE R CREDIT RISK In the previous four chapters, students were given an overview of bank risks and risk management principles and practices as well as the international regulatory context. This chapter focuses on the largest and most important risk for many banking organizations— credit risk. While credit risk is associated with bank lending activities, it is pervasive in many banking business activities. In this first chapter on credit risk, the risk management students are introduced to the fundamental concepts. In the following Chapter 6, we will look at the important processes and credit risk identification. These two chapters will provide the foundation in understanding the more advanced discussions on credit risk management, and measurement and credit reporting in Book II. This chapter begins with a definition of credit risk. It then differentiates between expected and unexpected losses. At the end of the chapter, the credit process is discussed. Chapter-05.indd 127 10/16/2015 3:48:08 PM 128 Risk Management in Banking: Principles and Framework Credit Risk Definition of Credit Risk Expected and Unexpected Credit Losses Credit Risk as Potential Losses Credit Risk as an Exposure Credit Risk Management Framework Expected Loss Credit Risk Environment Unexpected Loss Credit-Granting Process Credit Administration Credit Risk as Failure to Meet Obligations Credit Monitoring Credit Measurement Credit Risk Control Figure 5.1 Diagrammatic outline of this chapter’s topics LEARNING OUTCOME At the end of this chapter, you are expected to be able to: DISCUSS the basic principles of credit risk in the banking context LEARNING OBJECTIVES At the end of this chapter, you will be able to: DEFINE credit risk DISTINGUISH between expected and unexpected credit losses ENUMERATE the different elements of the credit risk management framework Chapter-05.indd 128 10/16/2015 3:48:08 PM 129 Chapter 5 Credit Risk 5.1 DEFINITION OF CREDIT RISK LEARNING OBJECTIVE 5.1 DEFINE credit risk The Basel Committee on Banking Supervision defines credit risk as the: Potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms. This definition of credit risk—also called default risk—has three main elements, which will be discussed in more detail in the succeeding sections: Credit risk as potential losses Credit risk as an exposure Credit risk as failure to meet obligations 5.1.1 Credit Risk as Potential Losses It is important to emphasize that the concern of credit risk management is the potential losses from a bank borrower or counterparty’s failure to meet its obligations. In short, credit risk involves uncertainty. During the various stages of the credit risk exposure, the bank faces uncertainty with respect to credit risk on two dimensions: the likelihood of occurrence or the chance that the borrower or the counterparty will fail to meet its obligations, i.e. probability of default the consequence of the borrower or the counterparty’s failure to meet its obligation, i.e. loss given default Probability of default Dimensions of credit risk Loss given default Figure 5.2 Two dimensions of uncertainty Likelihood of occurrence—probability of default The likelihood of occurrence can be described as qualitatively or quantitatively. Qualitatively— This likelihood of occurrence can range from unlikely to certainty. Unlikely events indicate that there is little or no chance that the borrower will fail to meet its obligations. Likely events indicate that there is a high chance that the borrower will fail to meet its obligations in accordance with the agreed terms. Figure 5.3 depicts the likelihood of occurrence using a continuum that ranges from no likelihood to certainty of occurrence. Chapter-05.indd 129 10/16/2015 3:48:08 PM 130 Risk Management in Banking: Principles and Framework No likelihood Medium likelihood High likelihood Certainty Higher likelihood of occurrence Figure 5.3 Likelihood of occurrence Quantitatively—If described quantitatively, the likelihood of loss is frequently referred to in practice as the probability of default (PD). It quantifies how likely the borrower or counterparty will fail to meet its obligations under the agreed terms. The probability of default—usually denoted as a percentage—is frequently expressed as a continuum between 0% to 100%. A zero per cent (0%) probability of default indicates that as at the time of assessment, there is virtually no likelihood that the borrower or counterparty will fail to meet its obligations in accordance with agreed terms. A hundred per cent (100%) probability of default indicates virtual certainty that the borrower or counterparty will not be able to meet its obligations as they come due. Probability of default (PD) 0% Probability of default (PD) 100% Higher likelihood of occurrence Figure 5.4 Probability of default Table 5.1 discusses the factors that impact the probability of default. Table 5.1 Factors impacting the probability of default Chapter-05.indd 130 Factors Probability of Default Financial standing and condition of the borrower The stronger the borrower or counterparty’s financial standing and condition, the lower the likelihood that the borrower or counterparty will fail to meet its obligations. Competitive position in the industry The borrower’s position in the industry could affect its likelihood of failing to fulfil its obligations in the future. A borrower with a dominant position in the industry (i.e. can command higher market share) is less likely to default than borrowers with less dominant positions. Developments in the borrower’s industry Developments in the borrower’s industry could also affect the probability of default. Borrowers which operate in volatile industries (e.g. high technology firms) tend to display a higher probability of default than borrowers which operate in more stable industries (e.g. utility companies). There are industries where the default rates are higher compared to other industries. For example, in the February 2014 Annual Corporate Default Survey conducted by Moody’s, media and publishing reported the highest default rate (4.8%) whereas utilities and government-related issuers—highly regulated industries with stable business models—reported 0% default rate. 10/16/2015 3:48:08 PM 131 Chapter 5 Credit Risk Factors State of the economy Probability of Default The state of the economic environment also influences the likelihood that a borrower or counterparty will fail to meet its obligations. The borrower or counterparty will more likely default during economic recessions than during economic expansions. In the 2013 Annual Global Corporate Default Study and Rating Transitions by S&P, default rates noticeably increased during periods of economic recessions and slowdowns—early 1980s recession due to hyperinflation and oil price shocks, early 1990s recession, early 2000s recession including the Dotcom crash and the September 11 attacks, and the 2008−2009 global financial crisis. Default rates were the lowest during periods of economic expansions. Consequence of occurrence—loss given default The consequence of occurrence describes the borrower’s impact or the counterparty’s failure to meet its obligations. It quantifies the magnitude of loss that the banking organization will incur in the event of the borrower or counterparty’s failure to meet its obligations. The magnitude of loss can be described qualitatively. Like in the case of the likelihood of occurrence, the magnitude of loss can range from no loss to medium loss to full loss. No loss Low High Full Higher consequence of loss Figure 5.5 Consequence of occurrence If the consequence of occurrence is described in a quantitative manner, it is frequently referred to in practice as the loss given default (LGD). It quantifies the dimension of uncertainty that is associated with the amount of loss that the banking organization will incur if the borrower or counterparty fails to meet its obligations. It is usually quantified as a percentage of loss over the bank’s total exposure in the event of default. Loss given default (LGD) 0% Loss given default (LGD) 100% Higher loss given default Figure 5.6 Loss given default The LGD is closely related to the concept of recovery rates. The recovery rate (RR) is the percentage of recovery of the bank’s total exposure in the event of default. The higher the recovery rate, the lower the loss given default. Conversely, the lower the recovery rate, the higher the loss given default. The LGD is equal to 100% minus the recovery rate. As the recovery rate increases, the amount of loss given default decreases. Chapter-05.indd 131 10/16/2015 3:48:09 PM 132 Risk Management in Banking: Principles and Framework If the recovery rate is 0%, the amount of loss is equal to the full exposure, i.e. 100%. As the recovery rate increases and approaches 100%, the amount of loss decreases to 0%. LGD = 100% − RR Table 5.2 describes the various factors that could influence the recovery rate. Table 5.2 Factors influencing the recovery rate Factors Details / Explanation Type of instruments Unlike the probability of default which depends on issuer-specific characteristics, the recovery rate of any exposure depends on the unique characteristics of the issue or specific instrument. Different credit instruments entail different rights over the borrower or counterparty’s assets of the types of obligations according to the levels of priority are: Secured obligations Secured or collateralized obligations are obligations that are backed by collateral—an asset pledged by the borrower to secure its obligations. In the event of default, the non-defaulting party (the bank) may sell the collateral and minimize (or eliminate) its losses due to the borrower or counterparty’s failure to fulfil its obligations. The higher the quality of the collateral, the higher the recovery rate of the creditor. The lower the quality of the collateral, the lower the recovery rate. Unsecured obligations Unsecured obligations are obligations that are not backed by any collateral and are granted only based on the borrower’s creditworthiness. Senior unsecured obligations Senior unsecured obligations receive priority claims on the borrower’s assets after fulfilling the obligations to secured lenders. Subordinated unsecured obligations Subordinated unsecured obligations receive lower priority than senior unsecured obligations. In the 2013 study by Standard & Poor’s on the U.S. recovery rates from 1987 to 2013, it was noted that secured obligations tend to have higher recovery rates than unsecured obligations. Within unsecured obligations, the study shows that senior unsecured obligations tend to have higher recovery rates than subordinated unsecured obligations. Quality of collateral The quality of collateral has a strong influence on the recovery rate if the borrower defaults. While obligations that are secured by collateral generally have higher recovery rates than obligations that are not secured by any collateral, the recovery rate could differ depending on the type of collateral posted. Collateral assets can either be a physical collateral (e.g. inventories and real estates) or intangible collateral (e.g. intellectual property rights). Recovery is generally the highest for physical assets such as inventories and receivables. In the 2013 study by Standard & Poor’s, mean recovery for inventories and receivables is at 87.7%. Recovery is lower for financial assets such as loans. In the 2013 study on recovery rates, the mean recovery for unsecured loans is only 36.3%. Chapter-05.indd 132 10/16/2015 3:48:09 PM 133 Chapter 5 Credit Risk Factors Industry or sector Economic cycle 5.1.2 Details / Explanation The concept of the quality of collateral is closely related to the industry which the defaulting borrower belongs to. The recovery by the lender ultimately depends on the asset quality of the borrower or counterparty. This means that industries with assets that can be easily sold may have higher recovery rates compared to industries with assets that are difficult to sell. This point is clearly illustrated in the 2013 S&P study on U.S. recovery rates for each industry or sector: Industry / Sector Recovery Rates Aerospace and defence / automotive / capital goods / metals, mining and steel 52.3% Consumer products / services 51.2% Energy and natural resources 60.2% Forest and building products / homebuilders 54.1% Health care / chemicals 49.4% High technology / computers / office equipment 48.0% Leisure time / media and entertainment 51.6% Telecommunications 37.1% Transportation 49.0% Utility 63.6% The timing of the default can also influence the recovery rate. If the borrower defaults during a recession, the recovery rate tends to be lower than that during a non-recession year. In the same 2013 S&P study, the recovery rate in the U.S. was consistently higher when the default occurred during non-recession years compared to that during recession years. Credit Risk as an Exposure Credit risk can also be viewed as an exposure to a borrower or counterparty. The bank’s exposure can be analyzed at two levels: Individual or standalone level Portfolio level Individual or standalone level The generation of credit risks typically starts at the individual or transactional level. Individual or transactional credit risk exposures are typically classified into retail, corporate, sovereign and counterparty credit risk. Chapter-05.indd 133 10/16/2015 3:48:09 PM 134 Risk Management in Banking: Principles and Framework Table 5.3 Standalone risks Types of Standalone Risks Retail credit risk* A risk is classified as a retail credit risk exposure if it meets the following criteria: Orientation criterion The exposure should be to an individual person or persons or to a small business Product criterion The exposure should take the form of any of the following: mm Revolving credits and lines of credit mm Personal term loans and leases mm Small business facilities and commitments Securities such as bonds and equities are excluded from the retail category. Granularity criterion Retail credit portfolio should be sufficiently diversified such that no aggregate exposure to one counterparty exceeds 0.2% of the total regulatory portfolio. Value criterion Individual exposures should be of low value. The maximum exposure to one counterpart cannot exceed a certain absolute threshold. Corporate credit risk* Corporate credit risk refers to a bank’s credit risk exposure to: Corporation Partnership Proprietorship Sovereign credit risk Refers to the bank’s exposure to debt obligations issued by sovereigns or other quasi-sovereigns. Counterparty credit risk This is the risk that a counterparty to a transaction could default or deteriorate in creditworthiness before the final settlement of a transaction’s cash flows. * Exposures to small and medium enterprises (SMEs) can be classified as either retail or corporate credit risk depending on the specific circumstance. Portfolio level Traditionally, credit risk is assessed and analyzed at an individual transactional level. In the traditional credit-granting process, for example, credit was extended after considering the merits from a transactional standpoint. Emphasis was made on ‘picking the superior credits’ or extending credit to ‘selected top industries’ or to ‘selected markets’. The collapse of large corporate borrowers, such as Enron, WorldCom, Parmalat and Tyco, has shown the limits of the strategy of ‘picking superior credits’. Exposures to a large single borrower may be a risky strategy, particularly when the exposures have accumulated to a level that may threaten the bank’s safety and soundness. Real World Illustration Faith in Parmalat Parmalat is a multinational Italian dairy and food corporation. It collapsed in 2003 after revealing one of the worst accounting scandals in corporate history—a EUR14 billion hole in its balance sheet. “But when you have a client like Parmalat, which is bringing in all that money and has industries around the world, you don’t exactly ask them to show you their bank statements.” Luca Sala, former Head of Corporate Finance Division, Bank of America Chapter-05.indd 134 10/16/2015 3:48:09 PM 135 Chapter 5 Credit Risk ‘Selecting top industries’ as a centerpiece credit risk strategy proved to be risky as well. During the industrial boom, many banks tend to build excessive credit risk exposures to booming industries. Industry trends, technological developments, macroeconomic or sectoral shifts could sometimes quickly reverse the fortunes of these industries and put the banks at risk. Continental Illinois National Bank and Trust Company (CINB) was one of the most notable cases of bank failures in the 1980s; and is still one of the largest bank failures in history. Many refer to Continental Illinois as the original and the first ‘too-big-to-fail’ institution. In the 1980s, CINB embarked on a lending strategy to focus on a specific sector—the energy sector— an area which the bank felt it possessed strong expertise. CINB invested its lending resources to this sector. In fact, CINB was one of the few banks that had energy sector engineering experts on its lending team. CINB also aggressively purchased speculative loans from the Oklahoma-based Penn Square Bank, which had extended billions of dollars’ worth of loans to speculative activities in the oil and gas exploration industry. In the 1980s, when oil prices dropped, many energy companies started to default on their loans. Penn Square Bank, the relatively smaller bank which specialized in oil and gas exploration loans, filed for bankruptcy. As a result, CINB faced liquidity problems which eventually led to one of the most costly failures in banking history. A credit strategy that focuses on ‘selected markets’ where the bank has expertise and knowledge is clearly a sound strategy. However, there are instances when banks display excessive optimism on certain growth markets or countries—leading to a build-up of excessive credit risk exposures in those markets. An example would be the build-up of credit risk exposures in emerging markets—where many banks held bullish sentiments throughout the 1980s and 1990s. At the height of the emerging markets turmoil during the 1980s and 1990s, the exposures posed threats to the banks’ safety and soundness. While it is important to assess and manage credit risk on a standalone level, i.e. on a per transaction level, it is also vital to assess credit risk on a consolidated portfolio level. Good credit decisions on a transactional level may turn out to be a poor credit portfolio when taken as a whole. In the same way, bad credit decisions on a transaction level may be mitigated if the banking institution has a well-constructed and diversified credit portfolio. Portfolio credit risk analyzes credit risk from the consolidated level, i.e. from the level of the institution as a whole. Portfolio credit risk considers the impact of diversification and correlation of individual loans among each other from the portfolio’s consolidated level. Figure 5.7 shows that portfolio credit risk is driven by three main factors. Correlation Standalone credit risk Concentration risk Portfolio credit risk Figure 5.7 Factors driving portfolio credit risk Standalone credit risk Standalone credit risk is the credit standing of individual–specific borrowers. The bank’s credit portfolio is composed of individual credit exposures to specific borrowers. A well- Chapter-05.indd 135 10/16/2015 3:48:09 PM 136 Risk Management in Banking: Principles and Framework constructed credit portfolio should first start with good credit decisions on an individual, transactional level. This means that individual transactions should be assessed on a name-by-name basis. Good credit decisions result in lower standalone credit risk for the bank. Bad credit decisions result in higher credit risk. (The standalone credit risk for each specific type of borrowers was discussed in the previous chapters.) Correlation Good credit decisions on a standalone level are a necessary step in constructing a robust and sound credit portfolio. However, this is rarely sufficient. Additionally, banks should consider how the individual credit risk exposures behave when aggregated on a portfolio level. One of the important sources of risk in a portfolio risk is the correlation of individual loans among each other. Correlation measures the interdependence of the standalone credit risks. Examples of highly-correlated industries are: mm Agricultural products industry and food processing industry The processed food industry is highly correlated to the agricultural products industry, given that agricultural food prices are likely a major portion of the input costs of the processed food industry. Constraints on the supply side would likely impact the bottom line of the processed food industry. Likewise, adverse shocks on the demand side of processed food consumers could affect the bottom line of agricultural products industry. The processed food industry is a major customer of the agricultural products industry. On the other hand, credit exposures that are negatively correlated tend to respond differently to risk factors. Credit risk exposures that are negatively correlated tend to provide diversification benefit to the portfolio. mm Oil and gas industry and plastics The oil and gas industry and plastics industry are another example of highly-correlated industries. A major component of the cost structure of the plastics industry is the price of oil and gas. Plastics are made from liquid petroleum gases, natural gas liquids (NGL) and natural gas. Liquid petroleum gases (LPG) are by-products of petroleum refining. Based on the Energy Information Agency’s estimate, in 2010, about 191 million barrels of LPG and NGL were used to make plastics products—about 2.7% of the total U.S. petroleum consumption. mm Alternative energy industry and agricultural products industry Another group of industries that are seemingly uncorrelated but are actually correlated are the agricultural products industry and alternative energy industry. In recent years, the search for alternative sources of energy has led to the birth of the biofuel industry. This industry is relatively new and is expected to be a significant player in the alternative energy landscape. Biofuel industry produces fuel from living organisms such as agricultural crops. Ethanol is made from crops such as corn and sugar cane. The agricultural products industry now serves not only the market for food production but for energy production as well. Chapter-05.indd 136 10/16/2015 3:48:09 PM 137 Chapter 5 Credit Risk Real World Illustration Biofuel Demand in the U.S. Driving Higher Food Prices In July 2011, The Guardian released a report published by Purdue University economists for the Farm Foundation policy organization that revealed an increased demand for corn over the last five years. This increase was attributed to the U.S. government’s support for ethanol production, which included annual subsidies for ethanol refineries amounting to $6 billion. Wallace Tyner, one of the authors mentioned in the report, claimed that in 2005 alone, the industry used about 16 million acres or 6.4 million hectares to meet ethanol demands in the United States and the Chinese soybean imports. In 2010, the usage rose to 18.6 million hectares or 46.5 million acres to meet the demand. The U.S. Department of Agriculture took notice of this remarkable surge in the demand for corn by U.S. ethanol refiners. The latter’s consumption was noted to be way above the corn consumption by livestock and poultry farmers. In 2010, 27% of the corn production was dedicated to meet the demand for corn ethanol in contrast with its 10% consumption in 2005. The Guardian article likewise cited another report from the Centre for Agricultural and Rural Development at the Iowa State University which estimates that 40% of the U.S. corn crop production currently goes to corn ethanol production, while the cobs and the husks of the corn are used as raw materials for animal feed. Ken Powell, the chief executive of General Mills, shared in an interview with the Financial Times that the government’s ethanol subsidy was to be blamed for driving up food prices in accordance with the natural law of demand and supply. Source: The Guardian, 19 July 2011 Concentration risk Concentration risk refers to the risk that any single exposure or group of exposures could potentially result in losses that are substantial enough to threaten the financial condition of a banking organization. Concentration risk occurs when a bank’s portfolio contains a high level of direct or indirect credits to: mm A single counterparty mm A group of connected counterparties mm A particular industry or economic sector mm A geographic region mm An individual foreign country or a group of countries whose economies are strongly interrelated mm A type of credit facility mm A type of collateral Concentrations can also occur in credits with the same maturity. 5.1.3 Credit Risk as Failure to Meet Obligations Credit risk is the failure of the borrower or counterparty to meet its obligations in the lending contract. Many times, credit risk is associated with the borrower or counterparty’s inability to pay its financial obligation—interest and debt—as it becomes due. This inability to pay is formally recognized in a judicial process called bankruptcy. Chapter-05.indd 137 10/16/2015 3:48:09 PM 138 Risk Management in Banking: Principles and Framework However, there are a wide range of events before bankruptcy happens. Credit risk covers all those events, which include: Administrative errors Technical default Default resolution Bankruptcy Technical default Failure to pay due to administrative errors Violation of debt covenants Administrative errors Bankruptcy Restructuring Insolvency bankruptcy filing Default resolution Figure 5.8 Credit risk events Administrative errors This refers to the failure of a borrower or counterparty to pay its financial obligations under the loan agreement in a timely manner due to an administrative error or mistake. Compared to other events involving credit risk, this failure to pay is not due to the borrower or counterparty’s inability to do so. This type of failure to pay is frequently remedied during the grace period as agreed upon by the parties. In such cases, the borrower is given a grace period—typically within five business days after the due date—to make payment. While failure to pay due to an administrative error is usually not linked to the borrower or counterparty’s inability to meet its financial obligations, this sometimes indicate weaknesses in the managerial processes of the borrower or counterparty. Real World Illustration Delinquent Debt Service due to Administrative Error On 17 March 2014, the Town of Southeast, New York was delinquent in the payment of interest and principal on its bonds. According to the town management, the town was notified by the Depository Trust Company (DTC) after 4 p.m. on 17 March that a debt service payment had not yet been received. Upon realizing the error, the town attempted to make the payment before the end of the day, but could not complete the wire transfer until the next morning. Moody’s, a major credit rating agency, believes that the payment delay was due to an administrative error, not an impairment of the town’s ability to pay. However, the delayed debt service payment reveals a weakness in managerial processes that may threaten the town’s credit rating. Source: Moody’s Global Credit Research, 1 April 2014 Technical default This refers to the failure of the borrower or counterparty to meet its obligations under the agreement other than failure to make payments. It includes violations or non-performance of the borrower or counterparty of the loan covenant. Chapter-05.indd 138 10/16/2015 3:48:10 PM 139 Chapter 5 Credit Risk Loan covenants are clauses in the loan agreement that require the borrower to adhere to certain conditions about its conduct and financial situation. They are designed to satisfy the lender that the borrower will be able to fulfil its financial obligations, and that the lender will not be disadvantaged against the borrower’s other creditors in the event that the borrower can no longer fulfil its obligations. Loan covenants could either be affirmative or negative. Affirmative covenants are clauses which require the borrower to perform certain actions. Examples of affirmative covenants are: Commitment to deliver financial statements to the lender in a timely manner Promise to pay taxes Obtain insurance on the borrower’s property against fire, theft and other risks Compliance with laws and regulations Maintenance of certain financial ratios, e.g. maximum level of indebtedness to net worth Negative covenants are clauses which require the borrower not to take certain actions that could undermine its ability to repay the loan. Examples of negative covenants are: Prohibition to incur additional indebtedness in excess of a certain level or amount Not to pledge the borrower’s assets to other creditors Not to declare dividends or other distributions Prohibition to become a guarantor for the obligations of another person or organization Not to sell assets in excess of a certain percentage of the total assets except for inventories Not to make a capital expenditure in excess of a certain level for a predefined period of time Violation of debt covenants typically allows the lender to demand the full repayment of the principal and interest even before the agreed maturity date of the loan. Should the lender decide not to require early repayment of the principal and interest, the lender may require the borrower to take remedial actions to cure the violations or amend certain provisions of the loan in the lender’s favour, e.g. increase the interest rate. Real World Illustration Conseco Inc. Debt Ratings and Violation of Debt Covenants According to a Moody’s Global Credit Research report released in April 2014, Indiana-based financial services company, Conseco Inc., was at the brink of violating the financial covenants in its secured bank facility, particularly those related to statutory capital and risk-based capital ratio, based on the review of its June 2009 financials. This resulted in Fitch Ratings assigning Conseco a negative outlook, questioning its capacity to remain compliant with the covenants. The company was granted a temporary covenant relief in order to restore the covenants to their previous levels. Source: Moody’s Global Credit Research, 1 April 2014 Restructuring Restructuring is an agreement between a lender and borrower to modify the terms of the loan agreement to avoid foreclosure or bankruptcy. It is also sometimes referred to as loan workouts. Common examples of restructuring are: Reduction in the interest payable Reduction in the amount of principal payable at maturity or at scheduled principal repayment dates Postponement or deferral for the payment of interest or principal Change in the ranking of the priority of payment of any obligation, e.g. a debt-for-equity swap agreement—a restructuring agreement where the lender agrees to cancel the debt in Chapter-05.indd 139 10/16/2015 3:48:10 PM 140 Risk Management in Banking: Principles and Framework exchange for an ownership stake in the borrower’s company. Equity holders rank lower in terms of priority of payments compared to debt holders. Change in the currency or composition of any payment of interest or principal Real World Illustration Examples of Restructuring Case 1: Write-down of Principal In October 2011, Greek bondholders agreed to voluntarily write down the value of Greek bonds by 50%, which translates into €100 billion and will reduce the nation’s debt load to 120% of the economic output by 2020. Case 2: Modification of Interest In January 2012, Greece and its creditors disagreed over the interest rate that private investors would be paid on new bonds they would receive in exchange for existing government debt. The European Union stipulated that the interest rate on the new bonds must be below 4% in order for Greece to reach its long-term debt reduction target. Case 3: Change in the Ranking of Priority SolarWorld, once Germany’s largest solar company, announced an agreement with its major creditors to reduce its €1.2 billion debt load. Part of the agreement is to exchange its debt obligations into equity holdings in a debt-to-equity swap agreement. The debt-to-swap agreement will wipe out existing shareholders by reducing the capital stock by 95% and handing ownership over the company to its creditors. Source: Various news sources Insolvency and bankruptcy Insolvency is a condition where the borrower no longer has the capacity to pay its obligations as they come due (i.e. cash flow insolvency) or when the borrower’s assets are less than its liabilities (i.e. balance sheet insolvency). Bankruptcy refers to the formal legal proceeding for borrowers who are already insolvent. While in practice, the terms insolvency and bankruptcy are used interchangeably, there is a difference between the two. An insolvent borrower may threaten its ability to continue as a going concern and may eventually lead to bankruptcy. However, insolvency may not be a permanent condition if the borrower or lender were able to resolve the state of insolvency, which then allows the borrower to continue to operate as a going concern. On the other hand, a borrower who is in the bankruptcy stage ceases to continue to operate as a going concern, and is in the liquidation stage. It is, therefore, a more permanent condition. Bankruptcy is a legal status of insolvency. Hence, all borrowers in the bankruptcy stage are insolvent. However, not all borrowers who are insolvent are in the bankruptcy stage. It is important to note that bankruptcy is a legal status of insolvency. Bankruptcy can be broadly classified as either voluntary or involuntary. Voluntary bankruptcy is when the borrower initiates the bankruptcy proceeding to protect itself from creditors and to ensure an equitable settlement of its obligations. Real World Illustration Lehman Files for Bankruptcy Lehman Brothers, a 158-year-old investment bank, initiated one of the biggest bankruptcy filings in U.S. history. Lehman filed for bankruptcy after Barclays and Bank of America abandoned talks to acquire Lehman Brothers and after Lehman Brothers lost 94% of its market value for the period ending September 2008. Source: Bloomberg News, 15 September 2008 Chapter-05.indd 140 10/16/2015 3:48:10 PM 141 Chapter 5 Credit Risk Involuntary bankruptcy occurs when creditors force the borrower into bankruptcy. Involuntary bankruptcy is requested by the creditors as a legal remedy to force the borrower to pay its obligations. Real World Illustration NMI Involuntary Bankruptcy National Medical Imaging was in the business of leasing radiology machines. The leases were bundled and sold as investment packages serviced by Lyon Financial Services, a unit of U.S. Bancorp. When the company’s business started to suffer from the economic downturn and new regulations, NMI approached the bank for a restructuring of the loan terms. NMI stopped the payments after U.S. Bancorp refused NMI’s request for restructuring. U.S. Bancorp responded by filing an involuntary bankruptcy against NMI. Source: Bloomberg News, 15 September 2008 5.2 EXPECTED AND UNEXPECTED CREDIT LOSSES LEARNING OBJECTIVE 5.2 DISTINGUISH between expected and unexpected credit losses In order to understand how credit risk affects banking organizations, the concept of expected and unexpected credit losses must be understood. Distinguishing between the two types of credit losses is an important prerequisite in measuring and managing credit risk. Credit loss is incurred by the banking organization from its lending activities. Credit loss affects a bank’s profitability. The losses can fluctuate over time. During economic booms, credit losses are generally low, and generally higher during economic recessions. 5.2.1 Expected Loss Expected loss is the average level of credit losses that the bank can reasonably experience over a specified risk horizon. The loss should be viewed as the cost of doing business. It forms part of the cost components of the business of lending. Figure 5.9 on the next page illustrates the three main components of expected credit loss. Probability of default Probability of default (PD) measures the degree of likelihood that the borrower or counterparty will not be able to meet its obligations as they come due. It is expressed as a percentage between 0% (indicating virtually no likelihood of default) to 100% (indicating virtual certainty that the borrower will default). Chapter-05.indd 141 10/16/2015 3:48:10 PM 142 Risk Management in Banking: Principles and Framework Exposure at default Probability of default Loss given default Expected credit loss Figure 5.9 Components of expected credit loss Exposure at default Exposure at default (EAD) is the estimate of the amount outstanding in the event that the borrower defaults. The amount outstanding should include the drawn amounts plus likely future drawdowns of yet undrawn lines. The EADs for loans and advances to customers are normally expressed in terms of notional amount, reflecting the values carried on the bank’s balance sheet. The EADs for financial market transactions are expressed in terms of mark-to-market net of margin. Credit exposures from loans or bonds represent the simplest and most straightforward type of exposure at default. The EAD for loans or bonds is either (1) the principal amount plus accrued interest, or (2) the market value or replacement cost of the loan or bond. It is common to simply assume that, for many loans and bonds, the EAD is equal to the principal amount plus accrued interest. Determining the exposure at default for other contracts, such as derivative transactions, is less straightforward. Derivatives are contracts whose values depend on the performance of underlying variables. The future payoff profile of a derivative transaction is not known at the start of the contract. It evolves, depending on the performance of the underlying variables. In fact, for some derivatives that generate two-way credit exposures, such as swaps and forwards, it is difficult to determine at the onset who is the exposed counterparty. In a traditional lending exposure, the lending bank is the sole exposed party. Many derivative transactions create a two-way or bilateral credit risk exposures. If the market value of the derivative transaction is positive for the bank, the bank is the exposed party as the counterparty may have an incentive to default from the transaction. On the other hand, if the market value of the derivative transaction is negative for the bank, the counterparty is the exposed party, and the bank may have an incentive to default from the transaction. Loss given default Loss given default (LGD) is the percentage of the exposure that the bank might lose in the event the borrower defaults. The loss is expressed as a percentage. Alternatively, the LGD is calculated as the difference between 100% and the recovery rate (RR). Chapter-05.indd 142 10/16/2015 3:48:11 PM 143 Chapter 5 Credit Risk LGD = 100% − RR Recovery rate (RR) is the proportion of the defaulted obligations that the bank can reasonably expect to recover from bankruptcy or foreclosure in the event of a default. The RR is frequently expressed as a percentage of the face value of exposure. Illustrative Example Computing Loss Given Default Bank ABC entered into a loan transaction with Company XYZ. The loan was not collateralized. At the end of the bankruptcy proceeding, it was determined that Bank ABC can only recover 30% of the loan transaction. Calculate the loss given default of Bank ABC. Solution: LGD = 100% − RR = 100% − 30% = 70% The formula for calculating the expected credit loss is: EL Expected Loss = PD Probability of Default × LGD Loss Given Default × EAD Exposure at Default Illustrative Example Computing Expected Credit Loss Bank XYZ has an outstanding loan commitment of MYR2,000,000 of which MYR1,500,000 is currently outstanding. It is expected that 75% of the remaining commitment would have been drawn down. It was also assessed that the default rate is 1% over the next year. Recovery rate in case of a default is expected to be only 60% of the exposure at default. Calculate the expected credit loss over a one-year horizon. Solution: Step 1: Calculate the exposure at default Outstanding loan Add: Expected drawdown on default (MYR500,000 × 75%) Exposure at default MYR1,500,000 375,000 MYR1,875,000 Step 2: Determine the probability of default Probability of default: 1% Step 3: Calculate the loss given default Loss given default = 100% − Recovery rate = 100% − 60% = 40% Chapter-05.indd 143 10/16/2015 3:48:11 PM 144 Risk Management in Banking: Principles and Framework = EL Expected loss PD = 7,500 × Probability of Default 1% Probability of Default × LGD Loss Given Default × 40% EAD Exposure at Default × Loss Given Default 1,875,000 Exposure at Default Banking organizations are expected to incorporate the expected loss in pricing loans. The pricing of loans is a key element in the credit risk management process. It ensures that the bank is adequately compensated for taking the risks associated with its lending activities. This means that the bank should earn sufficient income to cover not only the costs to fund the loans and other overhead costs but also the expected credit loss. Real World Illustration Risk-Informed Pricing On 16 December 2013, Bank Negara Malaysia (BNM) issued the policy guideline BNM/RH/STD 028-3 on Risk-Informed Pricing. The document sets out standards that define the responsibilities of financial service providers to adopt a risk-informed approach in pricing retail loan/financing products. The document sets out requirements on: Governance of loan/financing pricing Retail loan/financing policy Estimation of pricing components Profit cross-subsidization practices Source: Frequently Asked Questions on CCRIS, Credit Bureau, BNM website Banks are also required to set aside credit reserves if the revenue is not sufficient to cover for expected credit loss. The process of setting aside a portion of its earnings to cover for expected credit losses is known as loan loss provisioning. These loan loss provisions appear as operating expenses in the bank’s income statement. They generate credit reserves that the bank can draw upon. Table 5.4 discusses the manner in which the reserves are assigned on two levels. Table 5.4 Provisioning of general loans and specific loans Chapter-05.indd 144 Type of Loan Provisioning Description General loan provisioning This provision is applied to the loan portfolio as a whole. The provisions are established for losses that are known to exist but that cannot be directly addressed or attributed to any individual loans. Banking organizations are typically required to set aside a percentage of their total loan portfolios as general loan provisions. Specific loan provisioning This is a provision established against a loss that is directly attributable to a specific loan. The provision is assigned based on the loan classification under an approved loan grading system. Loan grading is a system of classifying a loan by assigning scores or grades based on the characteristics of the individual loan. 10/16/2015 3:48:11 PM Chapter 5 Credit Risk Type of Loan Provisioning 145 Description The following is an example of a loan classification system adopted from the U.S. Federal Reserve classification system: Standard loans These loans are performing and have sound credit fundamentals. Specially mentioned loans These loans are still performing but have potential weaknesses that may weaken the loans and the bank’s asset quality. Substandard loans These loans have weaknesses where the borrower’s payment capacity is already not assured. Doubtful loans These loans are substandard loans with full collection already highly questionable and improbable. Loss loans These loans are uncollectible. Real World Illustration Loan Loss Provisioning Practices in Asia In the aftermath of the 1997 Asian financial crisis, many jurisdictions in Asia adopted stronger standards particularly in establishing reserves in the loan portfolio. Many of the moves converge with internationally accepted accounting regimes (e.g. IAS 39) or improvements to loan grading or provisioning schemes. Malaysia Bank Negara Malaysia increased its reserve requirements for various prudential loan grades. Up to March 1998, no specific reserve level was required for loans graded substandard, while stipulating 50% for doubtful loans and 100% for loss loans. In March 1998, a 20% requirement for substandard loans—net of collateral—was introduced and the general reserve levels were increased to 1.5% of total loans. Philippines The Philippines adopted the IAS 39 in 2005 including the loan impairment framework. For banks, however, the Bangko Sentral ng Pilipinas (BSP) requires that the general reserve levels be maintained in accordance with the IAS 39 or BSP guidelines, whichever is higher. The BSP requirements include a general provision for loans without heightened credit risk characteristics at 1% and previously restructured loans at 5%. Specific reserves are determined based on the particular loan grade assigned. Singapore Singapore adopted the IAS 39 in 2005. The Monetary Authority of Singapore assigns a transitional arrangement of general provisions of 1% of loans net of collateral values. Thailand In 1998, Thailand significantly increased the minimum loan loss reserves required for various supervisory loan grades. In 2006 and 2007, the Bank of Thailand further tightened loan provisioning standards for all loans graded substandard or below. Indonesia The definition for prudential loan classification scheme with five grades was adopted in December 1998 and a tighter definition for each grade was instituted in 2005. General loan loss reserves should not be less than 1% net of collateral. Source: Bank for International Settlements Working Paper No. 375 Chapter-05.indd 145 10/16/2015 3:48:11 PM 146 Risk Management in Banking: Principles and Framework 5.2.2 Unexpected Loss Loss rate Unexpected loss refers to credit losses above the expected levels. These losses may occur at any time but the timing, frequency and severity of losses are difficult to estimate. Provisioning is expected to cover only for the expected value of losses from the loan portfolio. There are instances when the unexpected losses can go beyond what the bank expects. In these instances, the bank is expected to hold a buffer that would protect the entity against losses beyond the expected levels. This buffer is in the form of bank capital. Sufficient capital is necessary to cover the risks of peak losses. It would be convenient to assume that banks hold capital to cover all unexpected losses by assuming the worst-case scenario. The worst-case scenario is when the banks lose their entire assets or loan portfolios in a given year. Holding enough buffer or capital to cover such losses may not only be economically inefficient but also not economically feasible. This is the reason why, in practice, a statistical or probabilistic approach is frequently used to determine the amount of capital as provision for unexpected losses. Some banks quantify the amount of capital required for unexpected losses by estimating the amount of loss which will be exceeded in a small, pre-defined probability. The probability is determined by assessing the probability of bank insolvency arising from credit losses that the bank is willing to accept. This small-defined probability can therefore be considered as the probability of bank insolvency. Setting this probability depends on the bank’s risk appetite framework and, on a broader level, the bank’s insolvency that bank supervisors are willing to accept. Unexpected loss is the worst-case loss (or peak loss) for a given time horizon and assuming a given confidence level. Figure 5.10 illustrates the difference between expected and unexpected loss. Expected loss is represented by the dashed line which is the average loss from credit risk exposures over time. Unexpected Loss (UL) Expected Loss (EL) Time Frequency Source: Basel Committee for Banking Supervision Figure 5.10 Difference between expected and unexpected loss There are instances when the losses occur beyond the dashed line, i.e. expected loss. These may occur from time to time, but the timing and amount of loss is difficult to estimate. The losses above the dashed line represent the unexpected credit losses. In Figure 5.11, the curve shows that losses below the expected loss dashed line are expected to occur more frequently. Unexpected losses—losses beyond the expected loss dash line—are expected to occur with less frequency. Buffers are set aside to cover for both expected and unexpected credit losses. This can be quantified using different techniques but the most popular quantitative technique is the valueat-risk (VAR) model. This covers the unexpected loss determined at a certain confidence level. Loan reserves or provisioning is used to cover expected credit losses. Capital, on the other hand, is used to cover unexpected credit losses. Chapter-05.indd 146 10/16/2015 3:48:12 PM 147 Frequency Chapter 5 Credit Risk 100% minus confidence level Potential Losses Expected Loss (EL) Unexpected Loss (UL) Value-at-Risk (VaR) Source: Basel Committee on Banking Supervision Figure 5.11 Capital setting for unexpected loss The shaded region—100% confidence level—represents potential losses that are not covered by the bank’s capital. This region is the small risk of bank insolvency that the bank is willing to take. This ‘small-probability’ risk is usually set by the banking regulator. 5.3 CREDIT RISK MANAGEMENT FRAMEWORK LEARNING OBJECTIVE 5.3 ENUMERATE the different elements of the credit risk management framework The Basel Committee on Banking Supervision issued the document Principles for the Management of Credit Risk to promote sound practices for managing credit risk. The sound practices address the following areas of the credit and credit risk management process: Credit risk environment Credit-granting process Credit administration, monitoring and measurement process Credit risk control 5.3.1 Credit Risk Environment The overall credit risk environment—comprising credit risk governance structure, credit risk strategy and credit policies—sets the tone for the entire credit and credit risk process. Credit risk governance structure Credit risk governance applies the principles of good governance to the identification, assessment, management and communication of credit risks to ensure that risk-taking activities are aligned with the bank’s risk appetite and capacity. It defines the roles and responsibilities of the board of directors and senior management with respect to credit risk management. Chapter-05.indd 147 10/16/2015 3:48:12 PM Chapter-05.indd 148 The board of directors has the overall responsibility for setting the tone for the organization’s credit risk environment through approving and periodically reviewing the credit risk strategy and significant credit risk policies. It is also primarily responsible for the oversight of the credit and credit risk management infrastructure and processes. It must ensure that appropriate oversight is performed on the bank’s credit activities. The role of the board of directors is supervisory in nature. The board of directors is also responsible for: mm Periodically reviewing the financial results of the bank and based on the results, determine whether changes need to be made to the bank’s credit strategy. mm Determining that the bank’s capital level is adequate for the risks assumed throughout the organization. mm Ensuring that senior management is fully capable of managing the bank’s credit activities and that the activities are within the strategy, policies and tolerances approved by the board. mm Approving the overall credit-granting criteria including general terms and conditions. mm Approving the manner in which the bank organizes its credit-granting functions. mm Ensuring that the bank’s remuneration policies do not contradict its credit risk strategy. Senior management has the responsibility for implementing the credit risk strategy approved by the board of directors, and developing policies and procedures for identifying, monitoring, measuring and controlling credit risk. Senior management is also responsible for: mm Ensuring that the bank’s credit-granting activities conform to the established strategy, the written procedures are developed and implemented, and that loan approvals and review responsibilities are clearly and properly assigned. mm Ensuring that there is a periodic independent assessment of the bank’s credit-granting and management functions. mm Determining that any staff involved in an activity where there is credit risk is capable of conducting the activity to the highest standards and in accordance with the bank’s policies and procedures. The lending unit under the corporate banking business line is primarily responsible for originating and building the bank’s credit portfolio. The lending unit is responsible for managing lending relationships with new and existing clients. It is also responsible for developing new credit businesses and products. Senior management Corporate banking Roles and Responsibilities Board of directors Designated Groups Table 5.5 Functions of credit risk governance 148 Risk Management in Banking: Principles and Framework 10/16/2015 3:48:12 PM Chapter-05.indd 149 Credit risk management Designated Groups The credit risk management function is responsible for implementing the risk control framework with respect to credit risk. It can be classified into three main functions: mm Centralized credit function mm Credit risk management planning and control mm Credit risk portfolio management The centralized credit function’s mandate is to develop, review and update credit risk identification, assessment, measurement, and management methodology and processes. Some of the responsibilities of the centralized credit function are to: mm Develop internal guidelines on credit risk mm Review the credit decision-making structure mm Enhance credit review processes mm Develop, review and enhance credit portfolio risk models mm Streamline internal credit risk reporting Credit risk management planning and control can be subdivided into three sub-functions—strategic credit risk planning, operational credit risk analysis and credit risk control. Strategic credit risk planning involves planning and monitoring the credit risk portfolio and aligning actual credit risk with the bank’s capital management strategy. Operational credit risk analysis involves identifying, measuring and aggregating credit risk at the portfolio level. Credit risk control involves defining and monitoring credit risk limits, recommending courses of actions if limits are exceeded and setting credit riskadjusted prices. Credit portfolio risk management is responsible for managing portfolio concentration risk, ensuring that the portfolio meets regulatory standards and advising on strategies to maximize the bank’s risk-adjusted returns. The credit risk management function should be adequately segregated and independent of the risk-taking functions within the organization. Staffing levels within the credit risk management department should be adequate to support its mandate. The credit risk management function bears the primary responsibility, together with the relevant risk-taking units, for the assessment and control of credit risk. The credit risk function should: mm Independently collect and analyze information needed for credit risk assessment mm Implement and review credit risk measurement methodologies mm Estimate credit risk levels mm Prepare independent analysis to assist the board risk committee, the asset and liability management committee, and other risk-related committees in developing credit risk policies and setting credit risk limits Roles and Responsibilities Chapter 5 Credit Risk 149 10/16/2015 3:48:12 PM 150 Risk Management in Banking: Principles and Framework Real World Illustration Specific Requirements by Bank Negara Malaysia Board of Directors Senior Management The specific requirements for the board of The specific requirements for senior management directors with respect to credit risk governance with respect to credit risk governance are: are: Ensure clear delineation of roles and Review of credit policy—The board should responsibilities for credit risk management. endorse major credit policy and business plan Ensure that policies and limit structures clearly annually to ensure that they are consistent set the bank’s risk tolerance. with each other and within the banking Implement proper channels of communication organization’s credit risk tolerance. to ensure that the board’s credit policies New credit risk activity—The board should be and credit risk tolerances are clearly aware of any new credit products or significant communicated and adhered to by all levels of variations to existing credit products. It must the organization. ensure that the new activity is suitable from Ensure that adequate and effective operational the business perspective and complies with procedures, internal controls and credit risk the business plan and regulations. The board management systems. must ensure that the new activity will be Put in place an effective and comprehensive adequately incorporated within the credit risk credit risk reporting process. management process and standards of the Put in place an effective management banking organization. information system. Reports—At least every year, the board Ensure sufficient resources and competent should review the list of all existing credit personnel are deployed to manage and products and be briefed on the target markets control the daily operations and credit risk of the credit products, their performance and management functions effectively. credit quality. Commission periodic independent assessments of the banking institution’s At least every quarter, the board should be credit-granting functions. briefed on the overall credit risk exposure and should review, at a minimum, the following: mm Amount of credit risk exposures—broken down by categories such as types of exposures, products and level of credit grades mm Large concentrations of credit mm Problem loans list mm Status of significant credits under rehabilitation programmes mm Credit areas with high rapid growth mm Significant credit exception reports At least every year, the board should be briefed on the potential amount of losses from deteriorating credits that could incur due to adverse changes in the economy and under stressed situations. Source: Best Practices for the Management of Credit Risk, Bank Negara Malaysia, September 2001 Credit risk strategy Credit risk strategy establishes the objectives of guiding the bank’s credit-granting activities and adopting the necessary policies and procedures. The strategy should reflect the bank’s risk tolerance and profitability objectives. Chapter-05.indd 150 10/16/2015 3:48:12 PM 151 Chapter 5 Credit Risk In addition, the credit risk strategy should also address the following areas: Willingness to grant credit based on type of exposure, economic sector, geographical location, currency, maturity and anticipated profitability. Real World Illustration Standard Chartered—Sustainable Lending At Standard Chartered, our Group Environmental and Social Risk Policy governs our approach to integrating environmental considerations into all our lending decisions. Since the policy was established in 1997, we have factored risks such as climate change, impacts on biodiversity, deforestation, and air and water pollution into our lending decisions. We have also adopted the Equator Principles, reinforcing our commitment to provide loans only to those project sponsors who can demonstrate, to our satisfaction, the ability and willingness to undergo comprehensive scrutiny to ensure they are working in a socially responsible way and applying sound environmental management techniques. We are currently developing position statements for sectors and issues perceived to be sensitive in the context of sustainable development. These statements will set out the international standards to which customers borrowing from Standard Chartered are encouraged to operate. Source: Standard Chartered website Real World Illustration Citi Environmental Policy Framework—Prohibited Activities Citi does not directly or indirectly finance the following types of projects or activities: Production or activities involving harmful or exploitative forms of forced labour and child labour Illegal logging Production or trade in any product or activity deemed illegal under host country laws or regulations Production or trade in wildlife or products regulated under the Convention on International Trade in Endangered Species of Wild Fauna and Flora (CITES) Drift net fishing in the marine environment using nets in excess of 2.5 km in length Source: Environmental Policy Framework, Citi, August 2014 Identification of target markets and the overall characteristics that the bank would achieve in its credit portfolio, e.g. levels of diversification and concentration tolerances. Real World Illustration ING Bank As part of the focus on core clients, ING Bank further reduced its relative exposure to central governments and banks and the financial sector while growing the private individual and corporate portfolios. The category Central Banks reduced considerably as less excess liquidity was deposited at central banks. Source: 2013 Annual Report, ING Chapter-05.indd 151 10/16/2015 3:48:13 PM 152 Risk Management in Banking: Principles and Framework Goals of credit quality, earnings and growth including the bank’s credit pricing strategy. The bank’s credit pricing strategy ensures that the bank is adequately compensated for taking credit risks and an optimal risk-reward level is achieved. Risk-informed or riskbased pricing incorporates the bank’s actual costs (e.g. funding costs and overhead costs) and expected costs (e.g. expected credit loss) in the pricing of loans. Strategy for selecting risks, maximizing profits and determining acceptable risk and reward trade-off for its activities after factoring the bank’s cost of capital. The strategy must ensure that the bank’s capital level is sufficient for the risks assumed throughout the organization. Strategy to address the cyclical effect of any economy and resulting shifts in the composition and quality of the overall credit portfolio. Credit strategy should be viable in the long run through various economic cycles. Credit policies The design and implementation of written credit policies are the cornerstones of safe and sound banking related to identifying, monitoring, measuring and controlling credit risk. Credit policies are designed to guide the entire banking organization in implementing and executing the bank’s overall credit risk strategy. These policies provide guidelines to ensure compliance with the bank’s credit risk strategy. Credit policies establish the framework for lending and guide the credit granting, administration, measurement and management practices of the bank. The policies should be clearly defined, aligned with prudent banking practices and relevant regulatory requirements, and adequate for the nature and complexity of the bank’s activities. Credit policies should ensure that the bank has prudent policies and procedures to identify, measure, evaluate, monitor, report and mitigate credit risk on a timely basis for the full credit lifecycle—credit underwriting, credit evaluation and ongoing management of the organization’s loan and investment portfolios. Credit policies typically focus on four key areas: Sound credit-granting and underwriting standards—credit underwriting Monitoring and controlling credit risk—credit monitoring and control Identification and administration of problem credits—credit administration and management Framework to properly evaluate new business opportunities—credit evaluation Real World Illustration Global Standards and Regulations on Credit Risk Chapter-05.indd 152 Management of Banks’ International Lending, March 1982 Measuring and Controlling Large Credit Exposures, January 1991 Principles for the Management of Credit Risk, September 2000 Sound Credit Risk Assessment and Valuation for Loans, June 2006 Joint Forum Cross-Sectoral Review of Group-Wide Identification and Management of Risk Concentrations, April 2008 Enhancements to the Basel II Framework, July 2009 Financial Stability Board (FSB) Report on Principles for Reducing Reliance on Credit Rating Agency Ratings, October 2010 Sound Practices for Backtesting Counterparty Credit Risk Models, December 2010 Supervisory Framework for Measuring and Controlling Large Exposures, April 2014 10/16/2015 3:48:13 PM 153 Chapter 5 Credit Risk Credit policies should address the following key areas: Target markets Credit policies should clearly specify the bank’s target markets. They should also clearly specify which markets not to pursue due to various reasons, such as consistency with the bank’s strategic priorities and risk capacity or alignment with the bank’s reputational and sustainability policies. Real World Illustration Credit Suisse Credit Suisse has issued a document summarizing sector policies and guidelines for its financing and advisory activities. It articulates the industries or areas where the bank will not undertake lending or advisory activities. For example, Credit Suisse has adopted policies not to: directly finance the development, manufacture and acquisition of nuclear, biological and chemical weapons, anti-personnel mines and cluster ammunitions. finance any operations undertaken by oil and gas companies in UNESCO World Heritage Sites, Wetlands on the Register of Wetlands of International Importance of the Ramsar Convention on Wetlands, most protected areas, primary tropical moist forests and high conservation value forests or critical natural habitats. Source: Summary of Credit Suisse’s Sector Policies and Guidelines Portfolio mix Credit policies should discuss high-level policies on the bank’s target portfolio mix and its strategy of ensuring diversification. Concentration limits Credit policies should also address issues on risk concentration which refers to the bank’s exposure to a potential risk that can produce losses large enough to threaten the organization’s health or ability to maintain its core operations. Examples of risk concentration are: Individual counterparties A group of individual counterparties or related entities mm Counterparties in specific geographical regions mm Industry sectors mm Specific products mm Service providers mm Natural disasters or catastrophes mm mm Country risk For internationally active banks, their credit policies should cover how the bank intends to address the different country risks—which are associated with conditions in the home country of a foreign borrower or counterparty. These encompass the entire spectrum of risks arising from the economic, political and social environments of the foreign country that may have potential consequences for the foreigners’ debt and equity investments in that country. Mitigating transfer risks should be a part of the country risk management framework. Transfer risk is the risk arising from a borrower’s failure to obtain the foreign exchange necessary to service its cross-border debt and other contractual obligations. Chapter-05.indd 153 10/16/2015 3:48:13 PM 154 Risk Management in Banking: Principles and Framework Policies on country risk typically articulate the maximum risk appetite for each country’s exposure to ensure that the exposure and potential future losses do not exceed a certain agreed level. Real World Illustration Country Risk Framework of ING Bank Country risk is the risk specifically attributable to events in a specific country (or group of countries). Country risk is the risk of loss that ING Bank faces associated with lending, pre-settlement, money market and investment transactions in any given country or group of countries, as a result of country risk events. A country risk event can be described as any event or crisis, which relates mostly to large domestic economic, financial and political shocks, as well as transfer or exchange restrictions, affecting all counterparties in a specific country in an indiscriminate way. The occurrence of a country risk event may cause all counterparties in a country to be unable to ensure timely payments, despite their willingness to meet their contractual debt obligations. As such, country risk is an additional factor to be taken into account in the credit approval process of individual customers, as the country risk event probability may impact the default probability of individual counterparties. To manage country risk effectively, ING Bank uses two components, which together form the country risk framework. The first component is to set a maximum economic capital consumption and the second component is to assign country reference benchmarks, which define the maximum appetite for credit risk, that ING Bank has per country to ensure that exposures and potential future losses do not exceed a certain agreed level. The country reference benchmark is based on the country’s GDP and the funds entrusted locally in that country. In countries where ING Bank is active, the relevant country’s risk profile is regularly evaluated, resulting in a country rating, which is used to set the country reference benchmark. Based on these two components, country limits are set and exposures derived from lending, investment, pre-settlement and money market activities are then measured and reported against these country limits on a daily basis. Source: ING Bank Roles and responsibilities Credit policies should clearly define specific roles and responsibilities of the personnel involved in the whole credit process. In addition, policies on segregation of duties should be in place to ensure that controls (e.g. checks and balances) are working as intended. Examples of proper segregation of duties are: The process of credit administration, credit approval, credit control and review should be independent of the front-office unit responsible for originating the credit. mm The problem loan management unit should be independent of all the units involved in the credit process. mm Specific policies and procedures for the entire credit process Credit policies should cover all the important activities in the credit process. These activities include: Credit origination Credit appraisal and review mm Credit approval mm Credit documentation mm Credit administration mm Problem loan management mm Credit portfolio management mm Credit control mm mm Chapter-05.indd 154 10/16/2015 3:48:13 PM 155 Chapter 5 Credit Risk mm mm Internal audit Credit policy and process review Real World Illustration Specific Requirements by Bank Negara Malaysia Lending Policy Collateral Policy Banks should develop and maintain policies and procedures that will outline its risk management policies for their lending activities. At a minimum, the lending policy should set parameters for the following: Banks should develop standards and guidelines on acceptable collateral arrangements. At a minimum, the collateral policy should set parameters for the following: Credit authority Acceptable markets or lending areas Credit concentration limits Credits to related parties Limit on credit growth Acceptable credit maturity tenor List of unacceptable credits Risk rating of credits Collections and charge-offs, i.e. criteria and rating for delinquent credits, procedures for reporting problem credits, and guidelines and authority for charge-offs Credit exceptions Limit on concentration of collateral Approach used for the valuation and frequency of review of collateral Approved panel of solicitors, property valuers and insurance companies For secured facilities, the maximum margin of advance that may be granted against each type of collateral Collateral documentation requirements Source: Best Practices for the Management of Credit Risk, Bank Negara Malaysia 5.3.2 Credit-Granting Process Credit-granting process is the process by which the bank decides whether a prospective borrower should receive financing or lending. This process is essential in approving the credit in a safe and sound manner. The credit-granting process involves setting a criteria by which the borrower would be evaluated on its eligibility for credit based on the bank’s credit risk standards, the quantum of the exposure the bank is willing to take on, the types of credits available to the borrower, and the terms and conditions of the credit to be extended. Is the borrower eligible for credit? For how much? What types of credits are available? Under what terms and conditions? Figure 5.12 Criteria for the credit-granting process The credit-granting process starts with credit origination where the lending business unit has proposed a financing package to the prospective borrower. It then undergoes a credit evaluation and assessment process where the borrower’s ability to repay the obligation and other risk mitigants are assessed and evaluated. Thereafter, the loan application undergoes a credit approval process where the financing is either granted or rejected. Chapter-05.indd 155 10/16/2015 3:48:13 PM 156 Risk Management in Banking: Principles and Framework Credit origination Credit origination is the process where the lending business unit proposes the financing/ lending to the prospective borrower. At this stage, the bank is expected to have a comprehensive understanding of the applicant. This includes performing the appropriate customer due diligence in accordance with its know-your-customer (KYC) standards. At a minimum, the bank should be able to establish the borrower’s background details as outlined in Table 5.6. Table 5.6 Know-your-customer process—validating the borrower’s details Aspects of KYC Description of the Due Diligence Process Identity The bank should, at a minimum, be able to establish and verify the borrower’s identity. Before granting credit, the bank must ensure that all relevant information that will establish the applicant’s identity is obtained. The bank should gain sufficient understanding and appreciation of the purpose and intended nature of the relationship. Integrity and reputation Before granting credit, banks should consider the borrower’s integrity and reputation. Its integrity and reputation has a direct impact on its creditworthiness. Legal capacity The bank should perform the necessary due diligence to ensure that the borrower has the legal capacity to assume liability. Failure to do so may expose the bank not only to credit risks but also to legal risks (i.e. operational risks) arising from uncertainty on the bank’s ability to demand repayment from the borrower or counterparty despite its ability to do so. Connected interests In granting credit, the bank should be able to assess the borrower’s financial interdependence to other borrowers of the bank. The bank should have the ability to aggregate exposures across different connected borrowers and counterparties in order to establish an appropriate overall credit limit across all the connected exposures. Exposure limits are needed in all areas of the bank’s activities that involve credit risk. These are used to ensure that the bank’s credit-granting activities are adequately diversified and do not exceed the bank’s capital constraints and risk appetite. For new credits, the bank should have a clearly established process in place. For existing credits, there should be a clearly established process for amendment, renewal and refinancing. Credit evaluation and assessment process There should be sufficient information to enable the evaluation and assessment of the borrower or the counterparty’s credit risk profile. Table 5.7 details the factors that should be considered and documented in approving credits. Table 5.7 Factors for consideration during the credit assessment Factors Purpose of the credit Areas for Assessment Before granting any credit, the bank must first understand the intended usage of the loan. While the borrower’s repayment capacity is essential, the bank cannot simply approve the loan without establishing the actual purpose of its usage. Failing to properly establish the exact purpose of the credit can expose the bank to different risks, such as making the bank a conduit for violations of laws and regulations. The common examples of purposes of credit usage are: Chapter-05.indd 156 Finance working capital requirements of the organization Finance acquisitions or new business venture Finance temporary liquidity requirements Refinance existing obligations or equity 10/16/2015 3:48:13 PM Chapter 5 Credit Risk Factors Areas for Assessment Sources of repayment Before granting any credit, the bank must have a thorough understanding of the borrower’s sources of repayment. Borrowers generally have two sources of repayment: 157 Internal sources Internal sources include cash flow that the borrower generates from its operations. The strength of the borrower’s operating cash flow supports its ability to repay its obligations. The more stable the operating cash flow, the more positive the borrower’s historical track record of repaying its obligations. The larger the operating cash flow, the lower the financing requirements of the borrower are. This may indicate a higher future ability to repay its obligations. The lower the operating cash flow, the higher the future financing requirements will be. This may indicate a lower future ability to repay its obligations. External sources External sources include the borrower’s ability to raise future debt and equity from outside parties. To repay its existing obligations in the future, the borrower can raise funding from external sources. The borrower can either refinance its existing obligations by borrowing from banks or from the public. Alternatively, the borrower can repay existing obligations by either issuing shares for the first time through an initial public offering (IPO) or through issuing additional equity shares. Internal cash flows Sources of repayment Debt External sources Equity Current risk profile of the borrower or counterparty The borrower or counterparty’s current risk profile should be analyzed to understand the nature of risks that could lead an increased risk of default. It can be analyzed in two different aspects: Business risk Business risk or operating risk is the risk that the borrower will not be able to achieve its profitability due to adverse external macroeconomic and political developments, changes in the industry or developments in the company. The borrower’s business expertise and the status of the economic sector and its position within which it operates in, must also be considered when granting the credit facility. Financial risk Financial risk is the risk that the borrower will not be able to pay its obligations as they come due. The borrower’s repayment history and current capacity to repay, based on historical financial trends and future cash flow projects, under various scenarios must be taken into account before granting the credit. Collateral arrangements Chapter-05.indd 157 Collateral arrangements are assets or securities taken by the bank to secure a credit risk exposure. The bank can use these collateral arrangements as additional sources of repayment should the borrower or counterparty fails to meet its obligations. However, collateral arrangements cannot be a substitute for a comprehensive assessment of the borrower or counterparty’s repayment capacity. The bank should also analyze the dynamics of how market and economic developments affect the market value of the collateral. The analysis should be used in deciding the types of collateral arrangements that are acceptable to the bank. The legal enforceability of collateral must also be considered. This refers to the bank’s legal ability to sell the collateral in the event that the borrower or counterparty fails to pay its obligations. 10/16/2015 3:48:14 PM 158 Risk Management in Banking: Principles and Framework Factors Areas for Assessment Proposed terms and conditions The proposed terms and conditions of the credit should consider the risks involved against the expected return, factoring both price and non-price terms. Price terms include arrangements such as the interest to compensate the bank for assuming the credit risk. Non-price terms include collateral arrangements and loan covenants that are intended to protect the bank. The proposed terms and conditions should adequately address the following: Purpose of the loan Loan structure and maturity Disbursement of loan proceeds Repayment schedule Minimum standards on financial ratios Collateral requirements Credit approval Credit approval is the process of deciding whether the borrower is worthy of the credit being granted. In making the decision, the process involves considering the factors detailed in Table 5.8— the ‘5Cs of Credit’. Table 5.8 The 5Cs of credit The 5Cs Factors for Consideration Character Does the borrower have the requisite integrity and reputation of honouring its obligations as they come due? Capital Does the borrower have a sufficient stake in the success of the business? Capacity Does the borrower have the ability to meet its obligations as they come due, based on its internal and external repayment capacity? Conditions Are the credit terms and conditions—both price and non-price—sufficiently strong to enable the borrower to pay its obligations? Are the terms and conditions legally enforceable? Collateral Is the collateral arrangement of sufficient quality? Credit approval should be made in accordance with the bank’s written guidelines and granted by the appropriate management level. The credit approval process should establish accountability for decisions taken and designate who has the absolute authority to approve credits or changes in credit terms. There should be a clear audit trail documenting that the approval process was complied with and identifying individual(s) and/or committee(s) providing inputs in making the credit decision. In approving credit, the bank should ensure the risk/reward relationship is appropriately considered. Risk-informed pricing ensures that the bank is adequately compensated for the level of risks it is incurring. The bank should invest in adequate credit decision resources so that it is able to make sound credit decisions consistent with its credit strategy and meet competitive time, pricing and structuring pressures. Chapter-05.indd 158 10/16/2015 3:48:14 PM 159 Chapter 5 Credit Risk Table 5.9 Designated specialists involved in credit approval Persons Responsible Duties / Responsibilities Credit analysts Each credit proposal should be subject to careful analysis by a qualified credit analyst with experience commensurate with the size and complexity of the transaction. Specialist credit groups Banking organizations should establish specialist credit groups to analyze and approve credits relating to significant product lines, types of credit facilities, and industrial and geographic sectors. Credit risk officers Banking organizations must develop a pool of credit risk officers who have the experience, knowledge and background to exercise prudent judgement in assessing, approving and managing credit risk. 5.3.3 Credit Administration Credit administration—a critical element in maintaining the bank’s safety and soundness—is a support team within the organization that monitors the quality of credit transactions. The team performs the following roles: Review on a periodic basis the credit quality of the borrower and obtain current financial information Ensure that the borrower is compliant with the terms and conditions of the credit Monitor the quality of the collateral in the light of market and economic developments Ensure that the credit files are up-to-date. The credit files should include all the information necessary to ascertain the borrower or counterparty’s current financial condition as well as sufficient information to track the decisions made and the credit history. Prepare various documents, e.g. loan agreements Send out renewal notices Real World Illustration Minimum Contents of Credit Files Loan documentation Current financial statements Financial analyses Internal rating documentation Internal memoranda Reference letters Appraisals To ensure the effectiveness of the credit administration function, the bank should ensure the following: Efficiency and effectiveness of credit administration operations, including monitoring the documentation, contractual requirements, legal covenants and collateral Accuracy and timelines of information provided to management information systems Adequacy of segregation of duties Chapter-05.indd 159 10/16/2015 3:48:14 PM 160 Risk Management in Banking: Principles and Framework Adequacy of controls over all back office procedures Compliance with prescribed management policies and procedures as well as applicable laws and regulations 5.3.4 Credit Monitoring The credit monitoring function monitors the condition of individual credits and single obligors across the bank’s various portfolios. Among its functions are: Identify and report potential problem credits Ensure that these potential problem credits are subject to more frequent monitoring, possible corrective action, classification and/or provisioning Ensure that the bank understands the borrower or counterparty’s current financial condition Monitor compliance with existing covenants Assess collateral coverage relative to the obligor’s current condition Identify contractual payment delinquencies An important tool in monitoring the quality of individual credits and the total portfolio is the use of an internal risk rating system. The system is a means of differentiating the degree of credit risk in the bank’s different credit exposures. Internal risk rating categorizes credits into various classes that take into account different gradations of risk. The internal risk rating system allows: More accurate determination of the overall characteristics of the credit portfolio Identify credit concentrations Identify problem credits Determine adequacy of loan loss reserves Determine internal capital allocation Ensure accuracy of the pricing of credits Determine profitability of transactions and relationships Credit monitoring also involves ensuring that the actual exposures do not exceed established limits. Exposures exceeding a specific exposure limit should be reported to senior management for prompt action. Other than monitoring the performance of the credit on an individual level, the bank should also monitor the overall composition and quality of the credit at a portfolio level. 5.3.5 Credit Measurement Measuring credit risk is an important prerequisite in properly managing the bank’s credit risk exposure. One cannot manage what one cannot measure. The organization should have methodologies that will enable it to quantify risk both on a standalone (i.e. individual) level and at the product and portfolio level. The measurement of credit risk should take into account the following: The specific nature of the credit and its contractual and financial conditions The exposure profile until maturity in relation to potential market movements The existence of collateral or guarantee The potential for default based on internal ratings Chapter-05.indd 160 10/16/2015 3:48:14 PM 161 Chapter 5 Credit Risk Credit measurement models have evolved significantly for the past few years in response to the changing regulatory environment, more complex credit risk exposures and improved computing developments. Table 5.10 summarizes the different types of credit measurement models. Table 5.10 Credit measurement models Model / System Description Expert systems Credit risk measurement previously relied on expert systems or ‘rule of thumbs’ in assessing credit risk exposure by focusing on borrowers’ characteristics. The 5Cs of credit is an example of this expert system. Financial statement analysis Financial statement analysis involves analyzing the borrower’s financial statements— balance sheet, income statement, cash flow statement and statement of changes in equity—to come up with an understanding of the borrower’s overall ability to repay its obligations. These ratios are compared with other companies within the same industry or economic sector. External ratings services External ratings agencies, such as Standard & Poor’s (S&P), Moody’s and Fitch Ratings, provide a measure of the borrower’s relative creditworthiness. These external agencies assign a specific rating to individual borrowers. These ratings can be used to infer relative creditworthiness of the borrower. Accounting scoring-based models Accounting-based credit scoring models use different key accounting variables to produce a credit risk score or a probability of default measure. If the credit score or the probability of default breaches a certain benchmark, the loan application is rejected or subjected to further analysis. Quantitative models Quantitative models apply state-of-the art finance theories—such as portfolio theory and option pricing theory—to model the different factors affecting credit risk measurement, such as probability of default, loss given default and exposure. 5.3.6 Credit Risk Control Banks must establish a system of independent, ongoing assessment of the bank’s credit risk management processes. The results of such reviews should be communicated directly to the board of directors and senior management. The goal of credit risk management is to ensure that a bank’s credit risk exposure is within the parameters set by the board and senior management. The establishment and enforcement of internal controls, operating limits and other practices will help to ensure that credit risk exposures do not exceed levels acceptable to the bank. Internal credit reviews should be done by individuals who are independent of the business function. The credit review function should report directly to the board of directors and senior management. Limit systems should ensure that the granting of credit exceeding certain predetermined levels receive prompt management attention. Internal audits of credit risk processes should be conducted on a periodic basis. Credit risk reviews should be able to identify weakened or problem credits. The bank should have an objective and disciplined remedial management process. It should have policies in place to ensure that problem credits are effectively identified and managed. The workout programme should be independent of the bank’s credit origination process. Chapter-05.indd 161 10/16/2015 3:48:14 PM 162 Risk Management in Banking: Principles and Framework CONCLUSION This chapter provided the risk management students with an overview of credit risk, which is defined as a potential, as an exposure and failure to meet contractual obligations. Expected credit loss was also distinguished against unexpected credit loss. At the end of the chapter, an overview of the credit process was provided—from the credit risk environment to the creditgranting process, credit administration and monitoring, and credit risk measurement and control. In the next chapter, you will be introduced to the credit risk identification process. Chapter-05.indd 162 10/16/2015 3:48:14 PM C 6 P HA TE R IDENTIFICATION OF CREDIT RISK In the previous chapter, the risk management students were introduced to the definition of credit risk. The concepts of expected and unexpected credit loss were also distinguished. The entire credit process was later discussed in detail. This chapter focuses on the identification of credit risk. It aims to equip students with the necessary tools to find, recognize and describe credit risk in a banking organization. The different sources of credit risks are enumerated. We then discuss the different types of standalone credit risk exposures—retail, sovereign, corporate and counterparty credit risks. Before concluding, we look at the different issues relating to credit risk in the portfolio context. Chapter-06.indd 163 10/21/2015 9:49:42 AM 164 Risk Management in Banking: Principles and Framework Identification of Credit Risk Sources of Credit Risks Typology of Standalone Credit Risk Overview of Portfolio Credit Risk Credit Risk from Loans and Advances Retail Credit Risk Sources of Portfolio Credit Risks Credit Risk From Investment Securities Sovereign Credit Risk Credit Concentration Risk Management Credit Risk from OffBalance Sheet Exposures Corporate Credit Risk Credit Risk from Derivatives Counterparty Credit Risk Figure 6.1 Diagramatic outline of this chapter’s topics LEARNING OUTCOME At the end of this chapter, you are expected to be able to: IDENTIFY the different sources of credit risks in the banking context LEARNING OBJECTIVES At the end of this chapter, you will be able to: DESCRIBE how banking activities generate credit risks DISCUSS the different types of standalone credit risk exposures DISCUSS credit risk in the portfolio context Chapter-06.indd 164 10/21/2015 9:49:42 AM 165 Chapter 6 Identification of Credit Risk 6.1 SOURCES OF CREDIT RISKS LEARNING OBJECTIVE 6.1 DESCRIBE how banking activities generate credit risks For many banking organizations, credit risk remains one of their largest and most significant risk exposures. Credit risk exists in many banking activities and products. This section aims to enumerate the different sources of credit risks. While credit risk is often associated with the bank’s lending activities, it actually exists in many aspects of the banking business. This section discusses the four major sources of credit risks for a typical banking organization: Loans and advances Investment Off-balance sheet activities Derivatives 6.1.1 Credit Risk from Loans and Advances Loans and advances are debt instruments—held by banking organizations—which represent contractual claims to receive cash flows from other parties. In performing the financial intermediation role, banks lend money to customers who have short- to long-term funding requirements. This activity creates an asset that gives the bank the right to demand repayment of the principal and interest at a predetermined future date. The asset is commonly referred to as loans and advances to customers. USD10 million at 3% interest p.a. payable after 5 years 3% interest per annum X X Interest payment dates USD10 million Principal repayment date X If the borrower defaults, the bank will no longer receive both the interest and principal due. Figure 6.2 Lending relationships between bank and customer Chapter-06.indd 165 10/21/2015 9:49:46 AM 166 Risk Management in Banking: Principles and Framework At the start of the lending relationship with a customer, the bank lends funds (principal) to the customer with the expectation that the bank will receive compensation—in the form of interest on periodic payment dates—for the funds lent. On the principal repayment date, the customer is expected to return the principal. Credit risk arises when the borrower fails to meet its obligations to pay the interest and principal. The bank may lose substantially all the amounts lent to the customer. The amount of loss depends on the specific arrangements under the loan (e.g. whether the loan is secured or unsecured) and the bank’s legal rights to claim on the assets of the defaulting customer (e.g. whether the loan is senior or subordinated). Loans and advances to customers are likely the single largest asset in the bank’s balance sheet. This asset represents the largest source of credit risk exposure for many banks. Figure 6.3 gives a visual depiction of the balance sheet of one of Asia’s largest commercial banks as of December 2013. It shows that loans and advances constitute the majority of the bank’s balance sheet—62% of the total assets. This is the reason why loans and advances are the single largest source of credit risk for many banks. Cash 5% Investment securities 15% Loans and advances 62% Interbank exposures 10% Derivatives 4% Other assets 2% Goodwill 1% Properties 1% Investments in associates 0% Figure 6.3 Balance sheet composition of a top Asian bank (2013) Loans and advances can be classified according to the types of borrowers: Retail Corporate Sovereign Counterparty In drawing up a classification framework of the credit risk exposures, the various types of borrowers entail different approaches in identifying and analyzing the credit risk exposures. While the general principles of credit risk are essentially the same across different types of exposures, the risk management practitioners/students will need to apply different sets of approaches and tools in order to better understand and analyze credit risk exposures arising from each distinctive type of borrowers. For example, retail credit risk exposures, by their nature, are usually large in volume but small in amounts on an individual level. It would, therefore, make sense for the bank to analyze these risk exposures at the portfolio level. This, however, would not be the appropriate Chapter-06.indd 166 10/21/2015 9:49:46 AM 167 Chapter 6 Identification of Credit Risk approach to analyze corporate credit risk exposures which are usually smaller in volume but larger in amounts. At times, differences also arise from the different information that is available for one type of exposure versus another type. For example, the risk management practitioner frequently has access to financial statements or reports issued by corporate borrowers. These data, however, are not available for retail borrowers. It is, thus, important to understand both the general principles underlying credit risk analysis and the specific peculiarities of the different types of exposures. Loans and advances can also be classified according to the availability or unavailability of collateral to protect the lender. Table 6.1 Secured and unsecured loans Loan Type Secured loan Description Secured loan is a loan that is backed by collateral. In event the borrower fails to pay its obligations, the lender may take possession or sell the collateral to mitigate its exposure to the borrower. Examples of collateral are: Real estates—mortgage loans secured by immovable properties which are either residential or commercial Personal properties or chattels, e.g. cars, jewellery, art pieces Intangible assets, e.g. patents, trademarks, copyrights Investment securities or deposits The bank should assess both the borrower’s creditworthiness and the collateral in assessing its exposure to the loan. Unsecured loan 6.1.2 Unsecured loan is a loan that is not backed or secured by collateral. It is also called a clean loan. In an unsecured loan, the bank relies solely on the borrower’s creditworthiness. Credit Risk from Investment Securities Investment securities, such as loans and advances, represent the bank’s contractual right to receive cash flows—in the form of interest and principal—from the issuing entity. Failure of the issuing entity to pay their contractual obligations exposes the bank to credit risk. In comparison to loans and advances, investment securities are generally considered to be more marketable and tradable. This means that the holder of the investment securities generally has the right to transfer ownership of the securities without the explicit authorization from the issuer. This is not usually true for loans and advances. While investment securities are usually not as large as loans and advances, they still represent a significant portion of the bank’s balance sheet. Investment securities are more frequently associated with market risk—resulting from onand off-balance sheet positions arising from movements in market prices or variables such as interest rates, foreign exchange, commodity prices and equity prices. However, it is important to consider that investment securities also expose the bank to credit risk. More importantly, the risk management students should be aware of the complex interrelationship between market and credit risks. In the past, market and credit risks have been treated as standalone risks that are unrelated to each other. In the recent years, however, there has been an increasing attention on their complex relationship. In many instances, market and credit risks reinforce each other, which could expose the bank to huge losses. Chapter-06.indd 167 10/21/2015 9:49:46 AM 168 Risk Management in Banking: Principles and Framework Table 6.2 summarizes key points from the working paper of the Basel Committee’s Research Task Force on the Interaction of Market and Credit Risk (IMCR Group) on the interactions between market and credit risks. Table 6.2 Interactions between market and credit risks Nature of Impact Implication / Impact of Interactions Impact of credit risk on market risk Credit risk can amplify the bank’s market risk exposure. The market value of investment securities is determined by the fair value of the expected cash flows to be received by the investor. One significant driver of the market value of investment securities is the issuer’s ability and willingness to fulfil its contractual obligations, i.e. credit risk. As credit risk increases, the market value of the investment securities goes down (i.e. higher market risk). As credit risk improves, the market value of the investment securities goes up (i.e. lower market risk).This is because the market value of any investment security is influenced by its intrinsic cash flow—future dividends, interest and/or principal. Deterioration in the creditworthiness of the issuing entity lowers the probability that the intrinsic cash flow will be received in full and on schedule by the investor. This lowers the market value of the investment security, which is evidenced by how fast the value of an investment security deteriorates when there are concerns on the issuer’s credit standing. On the other hand, improving credit prospects can have a positive influence on the market value of the investment security. An improvement in the issuer’s creditworthiness increases the probability that the intrinsic cash flow of the investment security will be paid in full and on schedule. This is the reason why the value of an investment security frequently improves when there is an actual or anticipated credit rating upgrade on the issuer of the investment security. Impact of market risk on credit risk Market risk can amplify the bank’s credit risk exposure. Credit risk may be affected by fluctuations in asset prices. An example would be how a company facing falling equity or stock prices would have difficulty in refinancing or sourcing new funds as investors and lenders see falling stock prices as a negative verdict on the company. This may increase the likelihood that the company will fail to meet its obligations as they come due. Investment securities are usually associated with market risk. This is because one of their defining characteristics is their marketability or tradability. This exposes the bank to fluctuations in market prices. However, if market developments significantly restrict the marketability or tradability of the investment securities, the bank is stuck with an exposure that may force it to hold to maturity, thus exposing the bank to credit risk. Similar economic factors Market and credit risks tend to be driven by the same macroeconomic factors. For example, stock and bond prices are affected by changes in the overall macroeconomic environment, development prospects of the industry and other company specific developments. Credit risk also exists in securities financing transactions. These transactions include a wide range of secured transactions. The most common types of securities financing transactions are securities lending and repurchase agreements. A common feature of securities financing transactions is that the borrower typically posts collateral—usually in the form of acceptable securities—and receives funding from the lender. While lending is done in a secured manner, it does not fully eliminate the credit risk of the lending entity. This is because when the borrower defaults in its obligation to repay after a certain pre-agreed period, the lender is left with the security (as collateral for the securities financing transaction). The value of the security may be lower than the value of the lender’s exposure. This exposes the lender to credit risk losses if the borrower defaults. Chapter-06.indd 168 10/21/2015 9:49:47 AM 169 Chapter 6 Identification of Credit Risk This is why in a securities financing transaction, both the borrower’s ability and the credit and market risk characteristics of the security are assessed before approving and providing the funds. Frequently, the lender would impose a reduction in the valuation of the collateral, which serves as a buffer for the lender should the market value of the collateral fall. This reduction is also known as a haircut. 6.1.3 Credit Risk from Off-balance Sheet Exposures Off-balance sheet activities are banking business activities that generate potential exposures for the bank upon the occurrence of a contingent event. These activities, unlike the previous two exposures discussed—loans and advances, and investments—are not recognized in the bank’s balance sheet. Off-balance sheet assets are activities that trigger the recognition of assets in the balance sheet when a contingent event occurs. On the other hand, off-balance sheet liabilities are activities that trigger the recognition of liabilities in the balance sheet when a contingent event occurs. Off-balance sheet asset Off-balance sheet liability Contingent event Asset Contingent event Liability Figure 6.4 Off-balance sheet activities Table 6.3 describes some common examples of off-balance sheet activities that generate credit risk exposures for banks. Table 6.3 Off-balance sheet activities and credit risk Type of Activities Loan commitments Chapter-06.indd 169 Details of Exposures Loan commitments are contractual agreements to extend loans for a given period of time and at a certain interest rate. Banks typically charge an upfront fee for making the funds available to the borrower. They may also impose a back-end fee for the unused portion of the loan commitment, which can be broadly divided into: mm Irrevocable commitments Irrevocable commitments are loan commitments that the bank is bound to honour in all circumstances. A common example of irrevocable commitment is a standby facility that provides an unconditional commitment to lend money when the borrower makes a request under the facility. mm Revocable commitments Revocable commitments are loan commitments that the bank can revoke without incurring any penalty in the event that the borrower’s credit standing deteriorates. An example is the credit line extended to a borrower. A credit line is an uncommitted facility line opened up by one bank in favour of another bank or customer. mm A credit line is an arrangement where the borrower can draw funds from as long as it does not exceed the maximum limit and as long as the bank does not revoke the facility. 10/21/2015 9:49:47 AM 170 Risk Management in Banking: Principles and Framework Type of Activities Guarantees and similar contingent liabilities Details of Exposures Guarantees and acceptances are obligations by the bank to ‘stand behind’ a third party. Guarantees and acceptances expose the bank in acting as the guarantor to the guaranteed party. If the guaranteed party defaults on its obligations, the bank assumes its obligations. This is why guarantees and acceptances are viewed as full credit risk exposures on the borrower or guaranteed party. The bank is also exposed to credit risk through warranties, indemnities and performance bonds routinely issued by banks. These are akin to guarantees except that the bank does not stand behind the financial obligations of an external party. Rather, it supports the external party’s ability to meet its routine business obligations. Banks sometimes sell assets to third parties to remove assets from their balance sheets. In a normal sales transaction, all the risks and rewards of ownership are transferred to the third party. However, there are times when the bank (the seller) retains the credit risk by giving the third party (the buyer) recourse to the bank if the issuer or borrower defaults. These are also known as transactions with recourse. Loans sold to a third party may also generate credit risk exposure if the loans sold are with recourse to the bank. Recourse is the ability of the third party to sell the loan back to the seller (the bank) if the credit quality of the asset worsens. This means that credit risk on the loan sold back may be restored. Standby letter of credit is another example of a contingent liability that generates credit risk exposure to the bank. A standby letter of credit is an obligation on the bank’s part to a designated beneficiary to perform or provide compensation under the terms of the underlying contracts to which they refer, should the bank’s customers fail to do so. Commercial letters of credit or documentary letters of credit are guarantees sold by the bank to exporters or importers that payments for goods shipped or sold will be honoured even if the purchaser of the goods defaults. Table 6.4 describes the credit risk exposures arising from off-balance sheet commitments, which can be classified into relative degrees of credit risk. Table 6.4 Classification of credit risks arising from off-balance sheet activities Degrees of Risk Chapter-06.indd 170 Description Examples Full risk The credit risk is akin to a direct credit substitute. The credit risk is equivalent to that of an on-balance sheet exposure to the same borrower or counterparty. Guarantees and acceptances where the bank has the obligation to stand behind the financial obligations of a third party are comparable to a loan exposure to another party. Guarantees and acceptances are usually considered as full credit risk exposures. Medium risk There is a significant credit risk but mitigating circumstances suggest less than a full credit risk. Documentary letters of credit are examples of transactions that generate medium credit risk exposures. This is because while the credit risk exposure is equivalent to a loan exposure, the tenors of documentary letters of credit are usually very short. Further, documentary letters of credit are usually partially protected by collateral. Low risk There is a small credit risk but not one which can be ignored. Commitments that are cancellable at any time by the bank without prior notice or that can be automatically cancelled due to deterioration in the borrower’s creditworthiness can be considered as of low credit risk exposures. 10/21/2015 9:49:47 AM 171 Chapter 6 Identification of Credit Risk 6.1.4 Credit Risk from Derivatives The 2008 global financial crisis highlighted the importance of considering credit risk arising from derivative transactions. Banks can either act as end-users (used for proprietary trading or hedging purposes only) or dealers (used to service clients or counterparties’ requirements for a fee). Derivatives are financial instruments whose values depend on the performance of one or more underlying variables. The underlying variables can be practically anything, such as interest rates, foreign exchange, equity, commodities or credit. Derivatives can be broadly classified into three types—forwards, swaps and options. Table 6.5 Derivatives—forwards, swaps and options Types of Derivatives Forwards Forward contracts are derivative contracts where one party has the obligation to buy (sell) and another party has the obligation to sell (buy) an underlying asset at a fixed rate to be settled or delivered at a future date. Swaps Swap contracts are derivative contracts between two parties to exchange cash flows on periodic dates in the future. Options Option contracts are contracts where one party has the right to buy (sell) an underlying asset and another party has the obligation to sell (buy) at a future date. The party who holds the right to buy or right to sell is called the option holder. The party who has the obligation to sell or to buy is called the option seller or writer. The option holder pays an option premium at the start of the contract in exchange for the right to buy or sell. Derivative contracts generate credit risk exposures to the bank when the counterparty or client fails to meet its obligations to pay the cash flows stated in the contract. In the case of a forward or a swap contract, the exposure generates a two-way exposure. This means that the exposed party cannot be determined at the start. The exposure depends on the market value of the contract on the date of default. If the bank experiences a positive market value on its forward or swap contract, it becomes the party with a credit risk exposure as the other party to the contract will have more incentive to default in the contract. On the other hand, if the bank records a negative market value on its forward or swap contract, the other party becomes the party with a credit risk exposure as the bank may have more incentive to default in the contract. This is further illustrated in the example below: Illustrative Example Suppose we have two parties—a forward buyer and a forward seller. The forward buyer has an obligation to buy an underlying asset after one year at 100. The forward seller has an obligation to sell an underlying asset after one year at 100. Scenario 1: After one year, the underlying asset trades at 105. Who is the exposed party? Scenario 2: After one year, the underlying asset trades at 95. Who is the exposed party? Obligation to buy at 100 Forward buyer Forward seller Obligation to sell at 100 Chapter-06.indd 171 10/21/2015 9:49:47 AM 172 Risk Management in Banking: Principles and Framework Solution: Scenario 1: After 1 year, underlying asset trades at 105 In this scenario where the underlying asset trades at 105, the forward buyer is obliged to pay 100 and the forward seller is obliged to deliver the asset which is now worth 105. This means that contract has a positive value for the forward buyer and a negative value for the forward seller. The forward seller may default on this contract. Therefore, the exposed party is the forward buyer. sed Expo party 100 Forward buyer Forward seller Asset worth 105 Scenario 2: After 1 year, underlying asset trades at 95 In this scenario where the underlying asset trades at 95, the forward buyer is obliged to pay 100 and the forward seller is obliged to deliver the asset which is now worth 95. This means that contract has a positive value for the forward seller and a negative value for the forward buyer. The forward buyer may default on this contract. Therefore, the exposed party is the forward seller. Exposed party 100 Forward buyer Forward seller Asset worth 95 Option contracts, on the other hand, generate a one-way exposure. This means that the exposed party can be ascertained at the start. In a plain vanilla option contract, the option holder is always the exposed party. This is because the option holder pays the premium at the start of the contract. If the option has a positive value, the option holder will exercise its right to buy or sell under the contract. The option seller or writer may default on its obligation. If the option has a negative value, the option holder will not exercise its right to buy or sell under the contract. The option contract will not trigger a payoff. Therefore, no credit risk exposure is generated. 6.2 TYPOLOGY OF STANDALONE CREDIT RISK LEARNING OBJECTIVE 6.2 DISCUSS the different types of standalone credit risk exposures Credit risk identification can be done on two levels: Level 1—Standalone or transactional level Level 2—Portfolio level Chapter-06.indd 172 10/21/2015 9:49:48 AM 173 Chapter 6 Identification of Credit Risk Credit risk identification starts with understanding the bank’s exposure to the credit risk on a standalone or transactional level. This involves understanding the credit standing of specific types of borrowers to which the bank is exposed to. The focus of assessing credit risk exposures on a standalone or transactional level is to ensure that adequate standards on credit granting are in place for specific borrowers or transactions. The bank should be compensated on the level of risk it is taking when granting credit to specific borrowers, taking into account the nature of the transaction. While analyzing credit risk on a standalone or transactional level is a necessary requisite in evaluating credit risk, it is rarely sufficient. There are additional risks when viewed from a consolidated, bank-wide perspective. Concentration risk or the risk that any risk exposure type may result in losses that are large relative to the bank’s capital, total assets or overall risk level. Concentration risk is one of the most common sources of credit problems for banks. This section discusses standalone or transactional credit risk. Standalone or transaction credit risk exposure of a bank can be divided into four major types: Retail credit risk—section 6.2.1 Sovereign credit risk—section 6.2.2 Corporate credit risk—section 6.2.3 Counterparty credit risk—section 6.2.4 6.2.1 Retail Credit Risk The retail banking business provides banking products and services to individual consumers and small businesses. Recent regulatory reforms, particularly after the 2008 global financial crisis, heightened the attractiveness of the retail banking business as a stable source of revenue and funding for many banking organizations. This section discusses the nature of retail credit exposure and the different drivers of retail credit risk. Nature of retail credit exposure Retail credit risk exposure arises from loans and advances granted to individual consumers and small enterprises. The key feature of a retail credit risk exposure is that it is small or insignificant on an individual exposure basis compared to other types of credit risk exposures. However, when aggregated as a portfolio, it is significant. Diversification is another key feature of retail credit risk exposures due to the number of individual credit exposures. This means that there is no single individual default that can have a significant impact on the bank. This is in contrast to other types of credit risk exposures where large exposures to single names, i.e. concentration risk, are frequently an issue. For these reasons, retail credit risk exposure is viewed as a more stable and predictable exposure compared to other credit risk exposure types. Thus, retail credit risk exposure generally attracts lower capital charge than other types of exposures. In Table 6.6, we look at some of the distinguishing characteristics of retail credit risk exposures based on the parameters set by the Basel Committee on Banking Supervision. Chapter-06.indd 173 10/21/2015 9:49:48 AM 174 Risk Management in Banking: Principles and Framework Table 6.6 Characteristics of retail credit risk exposures Distinguishing Characteristics of Retail Credit Risk Exposures Orientation Retail credit risk exposures typically arise from credit risk exposure to an individual person or a small business. Products Retail credit risk exposure typically takes the form of: Personal Loans Personal loan is a type of borrowing granted to individual consumers for different purposes. The loan is typically unsecured. This means that the individual borrower is not required to put up any collateral or security to ensure the repayment of the loan. Thus, personal loans rely heavily on the individual borrower’s creditworthiness. This is why personal loans typically attract higher interest rates compared to other types of borrowings that are secured by collateral. Examples of personal loans mm Term loans Term loan is a type of borrowing that has a specific repayment schedule. mm Revolving loans Revolving loan is a type of borrowing that has no specific repayment schedule. The individual consumer can borrow up to an agreed credit limit. mm Credit cards Credit card is a popular form of borrowing for individual consumers, who are allowed up to a pre-set credit limit. Credit cards are a convenient and efficient mode of payment for individual consumers. mm Overdrafts Overdraft is a facility that allows an individual borrower to issue cheques or withdraw cash from a bank account up to a pre-approved limit. This pre-approved limit is also known as the overdraft limit, which is the maximum amount that the individual borrower can overdraw. Mortgage Loans Mortgage loan is a type of borrowing that is secured by collateral or a property. Mortgage loans can be classified as either fixed or floating. mm Fixed rate mortgage has a fixed interest rate for the entire term of the mortgage loan. mm Floating rate mortgage or adjustable rate mortgage is a type of mortgage loan where the interest is periodically adjusted based on the prevailing interest rates. Examples of mortgage loans mm Residential mortgages Residential mortgage is a type of loan that is secured by a real property used for living or dwelling purposes. mm Non-residential mortgages Non-residential mortgage loans are secured or collateralized by non-owner occupied property such as an office building or factory. Small Business Loans Small business loan is a type of financing obtained to start or expand a small business. The definition of small business may vary from one jurisdiction to another. Examples of small business loans mm Startup small business loans Startup small business loan is a type of small business loan intended for starting a new business venture. mm Franchise loans Franchise loan is a type of small business loan that allows the borrower to purchase a licence or access another business products, processes or trademarks. Low value of exposures Chapter-06.indd 174 Individual retail credit risk exposures are usually of low value. Many banks provide a maximum threshold for an exposure to be classified as a retail credit exposure. Exposures to individual consumers or borrowers are typically classified as retail credit risk exposures, regardless of the size of the exposures. 10/21/2015 9:49:48 AM 175 Chapter 6 Identification of Credit Risk Distinguishing Characteristics of Retail Credit Risk Exposures Exposures to small businesses, however, can only be classified as retail credit risk exposures if the bank’s total exposure is less than an absolute threshold. For regulatory purposes, the absolute threshold is €1 million. This means that, from a regulatory point of view, exposures to small businesses exceeding €1 million cannot be classified as a retail credit risk exposure. Large number of exposures Granularity is one of the key characteristics of retail exposures. These exposures are typically large in number. This means that the retail credit portfolio is diversified. As such, no individual exposure could have a significant material consequence to the bank. The threshold is usually set to ensure that no single exposure can materially affect the entire portfolio. For regulatory capital purposes, the Basel Committee set a numerical limit that no aggregate exposure to one counterpart can exceed 0.2% of the overall regulatory retail portfolio. This is the reason why retail credit exposures are typically managed by the bank on a pooled and consolidated basis. The diversification is an important feature of retail credit risk analysis. The credit risk characteristics of the retail credit portfolio are in most part, driven by portfolio risk characteristics. Retail credit scoring At the transactional level, retail credit risk is influenced by factors or variables that affect the individual borrower’s ability and willingness to repay its obligations. These drivers are assessed using two different types of assessment methodologies. These are the expert systems and credit scorecards. Expert systems In the past, many banking organizations rely on expert systems in their credit-granting decision process. Expert systems are subjective rule of thumb measures based on experiences used to evaluate and assess a potential credit risk exposure. One of the most popular expert systems for retail credit analysis is the 5Cs of credit, which summarizes the basic components of retail credit analysis. Character Capacity to pay Capital 5Cs Collateral Conditions Figure 6.5 Components of the 5Cs of credit Table 6.7 Five Cs of credit and the indicators Chapter-06.indd 175 The 5Cs Description Indicators Character This component of retail credit analysis aims to assess the borrower’s integrity. The borrower’s integrity can usually be quantified by referring to its repayment track record. This means that the borrower’s credit history is analyzed and assessed on how it has behaved in its past borrowings. Past repayment track record Length of the relationship between the borrower and the bank Socio-demographic factors, e.g. sex, education, marital status, age Capacity to pay This component of retail credit analysis aims to assess the borrower’s ability to repay its obligations. This is usually measured by the borrower’s income, the nature and source of the income or the stability of the borrower’s employment. One popular measure of capacity to pay is to calculate the ratio of the level of the borrower’s debt relative to its income. The higher the ratio, the higher the risk that the borrower will not be able to repay its obligations. Type of employment Industry of employment Income to expenses ratio 10/21/2015 9:49:48 AM 176 Risk Management in Banking: Principles and Framework The 5Cs Description Indicators Capital This component of retail credit risk analysis represents the cumulative net assets of individual borrowers. Capital or net worth serves as another source of repayment should the current income be insufficient for the borrower to repay its obligations. Net worth Collateral For secured loans, the value of the collateral is an important element of credit analysis. Collateral is the second line of defence which the bank can rely on. Nature of collateral Market value of collateral Type of collateral Conditions Conditions are factors, such as environmental and macroeconomic conditions, that could affect the borrower’s ability to repay its obligations. Another example of other conditions that could affect the repayment likelihood is the nature and purpose of the loan extended. Loans that are extended for risky ventures are less likely to be repaid compared to loans that are extended for more stable ventures. Economic cycle Use of loan proceeds The 5Cs is a subjective process that considers both the lender’s historical experience and forward-looking judgement on the borrower’s creditworthiness. The 5Cs main strength is that it provides a simple and easy to understand framework to form a picture of the credit risk exposure. It is also more flexible as the unique circumstances of the individual borrower can easily be incorporated in the assessment process. The 5Cs main weakness is the subjective nature of the process, which makes standardization of the credit-granting decisions difficult. Biases against or for one particular parameter (e.g. nature of employment) could result in a less optimal credit decision. Further, because the 5Cs approach relies on the past experience of the credit decision-maker, the decision may be subject to the individual’s behavioural and cognitive biases, which could unnecessarily distort the credit decision process. Credit scorecards As retail lending transactions became more voluminous and computational technology improved, the subjective expert systems were replaced with a more data-driven and quantitative approach. The 5Cs approach was replaced with a numerical measure that analyses the different factors of creditworthiness. This numerical expression of the borrowers’ creditworthiness characteristics is referred to as credit scores. Credit scoring refers to the use of statistical models to transform credit data into numerical measures that guide credit decisions. Credit scorecards are normally used for high-volume and low-value transactions. The main objective of credit scoring models is to provide predictive information on the potential for default that may be used in the credit-approval process. Retail credit risk drivers typically range from a few dozens to hundreds of factors or parameters that are deemed to be predictive of a credit risk or default. These parameters are summarized to form individual credit scores, which are the basis for the creditgranting decision process. The higher the credit scores, the higher the likelihood that the loan application is approved and the lower the interest rate will be. Chapter-06.indd 176 10/21/2015 9:49:49 AM 177 Chapter 6 Identification of Credit Risk Parameter 1 Parameter 2 Parameter 3 Parameter 4 Parameter 5 Accept Set interest Credit score Parameter X Reject Figure 6.6 Credit scoring The three main elements of a typical credit risk scorecard are: mm Characteristics mm Attributes mm Scorecard Characteristics Scorecard characteristics are variables that are statistically determined to be predictive in separating good and bad accounts. These characteristics are judged to be good predictors of default risk. Table 6.8 provides some examples of characteristics that are used in practice as predictors of default risk. Table 6.8 Scorecard characteristics as predictors of default risk Demographics Capacity to Pay Existing Relationship with the Bank Age Years at job Address Years at residence Education Sources of income Home ownership—rent or own Net worth Length of relationship with the borrower Number of products sold to the borrower, e.g. existing deposit account(s) Past performance of the borrower The scorecard characteristics should be based on the parameters described in Table 6.9. Table 6.9 Parameters for scorecard characteristics Characteristics of Scorecard Chapter-06.indd 177 Expected predictive power How effective are the selected characteristics in predicting the probability of default by the borrower? The selected characteristics should exhibit a strong ability to predict future default or non-default. The predictive power can be quantified using statistical or empirical data analysis. Ease in data collection and future availability of data How practical is it to gather data on the characteristics? The bank must balance the benefits of obtaining data on the characteristics and the costs of gathering the data. In practice, it is frequently difficult to balance between these two competing interests. Another dimension that must be considered relating to the use of practicality is the legality of gathering the data on characteristics. Data privacy principles and laws must be observed in gathering the data on characteristics. Objective and not prone to subjective interpretation Is the data characteristic prone to subjective interpretation? To ensure an objective assessment of a retail credit risk exposure, it is important that the data collected is objective and not subject to interpretation or subjective evaluation. This ensures uniformity and consistency in the output of the credit scoring process. 10/21/2015 9:49:49 AM 178 Risk Management in Banking: Principles and Framework Attributes Attributes describe and discriminate scorecard characteristics according to pre-defined parameters. Each characteristic will be assigned an attribute. These attributes will be the basis for discriminating between good and bad accounts. Attributes can either be quantitative or qualitative. An illustrative example on the relationship between characteristics and attributes is given below. Illustrative Example Characteristics and Attributes Characteristics Attributes Age < 18 years old > 18−22 years old > 22−25 years old > 25−28 years old > 28−32 years old > 32−35 years old > 35−40 years old > 40−45 years old > 45−50 years old > 50 years old Income < $10,000 > $10,000−$20,000 > $20,000−$30,000 > $30,000−$50,000 > $50,000−$70,000 > $70,000−$100,000 > $100,000 Residential status Own Rent Scorecard points Each attribute is assigned scorecard points based on statistical data analysis. The points allocated to each attribute should be tested, based on the statistical analysis of the scorecard characteristics. The scorecard points will differ from one entity to another as historical default experience will not be the same for each banking organization. Hence, a one-size-fits-all/ template approach to assigning scorecard points may not be a sound assumption. The bank should perform an extensive empirical analysis on whether the scorecard points assigned are consistent with its past and expected future credit performance. The scorecard points are statistically assigned to differential risks, based on the predictive power of the characteristic variables, correlation between the variables, and Chapter-06.indd 178 10/21/2015 9:49:49 AM 179 Chapter 6 Identification of Credit Risk other business considerations. The scorecard points should be based on a logical pattern and trend. An example of how scorecard points are assigned for each attribute is given below. Illustrative Example Attributes and Scorecard Points Characteristics Attributes Scorecard Points Age < 18 years old > 18−22 years old > 22−25 years old > 25−28 years old > 28−32 years old > 32−35 years old > 35−40 years old > 40−45 years old > 45−50 years old > 50 years old 100 110 120 130 140 150 170 190 210 190 Income < $10,000 > $10,000−$20,000 > $20,000−$30,000 > $30,000−$50,000 > $50,000−$70,000 > $70,000−$100,000 > $100,000 100 120 140 160 180 200 250 Own Rent 300 100 Residential status After the scorecard points are assigned, the bank may now assign scorecard points for each attribute. The bank may set a minimum total credit risk scorecard points before it makes the credit-granting decision. Is the credit score within the minimum threshold? YES Grant the loan application NO Reject the loan application Figure 6.7 Credit-granting decision flow chart An example on how credit risk scorecards are used in the credit evaluation process is illustrated on the next page. Chapter-06.indd 179 10/21/2015 9:49:49 AM 180 Risk Management in Banking: Principles and Framework Illustrative Example Accept or Reject a Loan Attributes Scorecard Points Age Characteristics < 18 years old > 18−22 years old > 22−25 years old > 25−28 years old > 28−32 years old > 32−35 years old > 35−40 years old > 40−45 years old > 45−50 years old > 50 years old 100 110 120 130 140 150 170 190 210 190 Income < $10,000 > $10,000−$20,000 > $20,000−$30,000 > $30,000−$50,000 > $50,000−$70,000 > $70,000−$100,000 > RM100,000 100 120 140 160 180 200 250 Own Rent 300 100 Residential status In the loan application document, the account officer summarized the attributes of Borrower Elon: Age: 27 years old Income: $45,000 Borrower Elon does not own any home and is only renting. Decide whether Borrower Elon should be granted the loan. Solution: Step 1: Determine the scorecard points per attribute Characteristics Age Income Attributes Scorecard Points 27 years old 130 $45,000 160 Rent 100 Attributes Scorecard Points 27 years old 130 $45,000 160 Rent 100 Residential status Step 2: Calculate the total credit score points Characteristics Age Income Residential status TOTAL Chapter-06.indd 180 390 10/21/2015 9:49:49 AM 181 Chapter 6 Identification of Credit Risk Step 3: Decide based on credit scorecard threshold Is the credit score above 500? YES Grant the loan application NO Reject the loan application Since the credit score is below the minimum threshold amount of 500 (credit score: 390), Bank XYZ may reject the loan application. External consumer credit scores are used by many banks to supplement the credit decision process. External consumer credit scores calculate an individual credit score for each borrower using proprietary parameters that are deemed to be determinants of default risk. In the United States, the Fair Isaac Corporation (FICO) credit score is one of the most popular credit scores for individuals. According to FICO, it is used in more than 90% of lending decisions. FICO issue credit scores between 300 to 850. A score of 300 indicates a bad credit score and 850 indicates a perfect credit score. 300 (Bad) 850 (Great) FICO credit scores are derived from an empirical analysis of three important factors that affect borrower’s repayment: mm Length of credit history mm Payment history mm Amounts owed mm New credit mm Types of credit used Types of credit used New credit 10% 10% Payment history 35% Length of credit history 15% Amounts owed 30% Figure 6.8 Factors that affect a borrower’s repayment capability Chapter-06.indd 181 10/21/2015 9:49:49 AM 182 Risk Management in Banking: Principles and Framework mm mm mm mm mm Payment history (35%) Payment history is the most important factor in the credit score. Credit payment history is examined on many types of accounts, such as credit cards, retail accounts, instalment loans, finance company accounts and mortgage loans. Public records are also examined. Negative factors such as bankruptcies, foreclosures, lawsuits, wage attachments, liens and judgements will adversely impact one’s credit score. Bankruptcy, in particular, may adversely impact credit scores for seven to ten years. Details on late or missed payments are examined, particularly as to how late the payments were, how much was owed, how recently they occurred and how many instances were recorded. Amounts owed (30%) A borrower who uses a high percentage of its available credit indicates that it is overextended, and is likely to be delinquent in future payments. Entities with higher credit utilization ratio, particularly on multiple credit cards, is viewed as an indicator that the individual borrower may be delinquent in the future. A larger number of accounts with amounts owed can indicate higher risk of over-extension. Length of credit history (15%) In general, the longer the borrower’s credit history, the higher the credit score will be. Credit scores examine the age of the borrower’s oldest account, the age of the newest account and an average age of all the accounts. New credit (10%) Taking on new credit accounts within a very short period of time indicates higher delinquency risk particularly for those with short credit history. Recent requests for credit information may also indicate higher credit risk. Types of credit used (10%) Credit risk score is also affected by the mix of credit accounts a borrower holds. A diversified credit portfolio mix of credit cards, retail accounts, instalment loans, finance company accounts and mortgage loans could have a positive impact on an individual’s credit score. Real World Illustration Central Credit Reference Information System (CCRIS) The Credit Bureau of Malaysia collects credit information on borrowers from lending institutions and furnishes the information collected back to the institutions in the form of a credit report via an online system known as the Central Credit Reference Information System (CCRIS). CCRIS is one of the sources of information used by financial institutions to help them establish a view of the credit histories of potential or current borrowers. Participating financial institutions submit the following information to the Credit Bureau: Essential identification data on their borrowers, e.g. name, identification number and date of birth Relevant data on the loans, e.g. type of credit facilities, conduct of account and credit limit As of the date of publication of this book, the database system contains credit information on about 9 million borrowers in Malaysia. Source: Frequently Asked Questions on CCRIS, Credit Bureau (BNM website) Chapter-06.indd 182 10/21/2015 9:49:50 AM 183 Chapter 6 Identification of Credit Risk 6.2.2 Sovereign Credit Risk Globalization and increasing cross-border trade and activities among different countries make it imperative for every banking organization to take a closer look at the credit risk exposures arising from their international exposures. On a regional context, many banks in the member states of the Association of Southeast Asian Nations (ASEAN) are aiming to have a more solid foothold on a regional scale by expanding the scope of their banking activities and services to other countries in the region. These developments will likely expose the banks to different countries with different risk drivers. Real World Illustration Maybank ASEAN Strategy We aim to become the leading ASEAN wholesale bank which will involve enhancing our corporate relationship model. Strategic initiatives will include: Improving domestic and regional market position for corporate and non-retail deposits Building a regional investment bank Increasing contributions to revenue from non-domestic markets and increasing the fee-toincome ratio contribution We also aim to expand to the Middle East, China and India The table below shows Maybank’s credit risk exposures. Maybank—Credit Risk Exposures by Countries Country Exposure Rate Malaysia 66% Singapore 19% Indonesia 7% Hong Kong 3% USA 1% China 1% UK 1% Philippines 1% Source: Maybank Annual Report 2013 Nature of sovereign credit exposure Nagy (1984) defines sovereign risk as the: Exposure to a loss in cross-border lending, caused by events in a particular country which are— at least to some extent—under the control of the government but not under the control of a private enterprise or individual. Chapter-06.indd 183 10/21/2015 9:49:50 AM 184 Risk Management in Banking: Principles and Framework The definition broadly defines the exposure of a typical banking organization to the actions of the sovereign or the government. The exposure of a bank operating in different markets can be broadly classified into two levels, namely direct and indirect sovereign risks. Direct sovereign risk exposure refers to the bank’s credit risk exposure from its lending and other credit exposure generating activities with a government or other governmentguaranteed exposures. Indirect sovereign risk exposure arises from the bank’s exposure of loss from its lending and other credit exposure generating activities with a private company or an individual as a result of adverse governmental action or political development, and not by the private company or individual. This is also referred to as sovereign intervention risk—the risk that governments will impose rules, regulations and policies that would adversely impact an entity’s financial, investment and operating environment. Table 6.10 describes how governments enforce sovereign interventions. Table 6.10 Ways of governments enforce sovereign interventions Types of Tools Impact of Sovereign Interventions Regulatory framework Regulations imposed by the national government can establish or alter business rules that can affect the ability of a private company or an individual (to which the banking organization has exposure) to pay its obligations as they come due. Fiscal policy or taxation The national government authority may impose taxation that could adversely affect the ability of a private company or an individual to pay its obligations. Income taxes are a substantial portion of the overall cash outlay of any organization. The government may also impose tariffs, i.e. taxes paid by foreign companies trying to sell their goods in the country. Tariffs are important factors to consider, particularly their effect on the demand for goods. Foreign exchange controls In times of financial stress, the government may impose foreign exchange controls to minimize making payments on its foreign currency denominated obligations. Foreign exchange controls affect corporations particularly if they are not able to secure foreign currencies to repay their foreign currency obligations. In both types of exposures, banks are adversely affected by the government actions. Sovereign or country risk is the risk associated with conditions in the home country of a foreign borrower or counterparty. This encompasses the entire spectrum of risks arising from the economic, political and social environments of a foreign country that may have potential consequences for the foreigner’s debt and equity investments in that country. Sovereign exposures include claims from the national government authority or from the central government. They also include exposures or claims with the sovereign’s central bank. Some examples of sovereign exposures are central governments, central banks, multilateral development banks (e.g. the IMF and The World Bank), public sector entities and exposures guaranteed by sovereigns. Sovereign credit risk drivers This section focuses on direct sovereign credit risk identification and assessment. The discussions in this section borrow heavily from the Sovereign Bond Ratings Methodology of Moody’s Investor Services, one of the largest global credit rating agencies. Moody’s approach to assigning sovereign credit risk ratings focus on the interplay of four key factors—economic strength, institutional strength, fiscal strength and susceptibility to event risk. Chapter-06.indd 184 10/21/2015 9:49:50 AM 185 Chapter 6 Identification of Credit Risk Economic strength The sovereign’s economic strength—measured by its growth potential, diversification, competitiveness, national income and scale—is an important factor that determines a sovereign’s resilience. The sovereign’s ability to generate revenue and service its debt over the medium term relies on its economic strength. Moody’s research of 29 sovereign defaults since 1997 shows that long-term economic stagnation is the principal underlying cause of default in 10% of the cases and a contributing factor to many others. In 41% of the cases, a high debt burden was the principal driver of default. Moody’s concluded that the inability to generate sufficient economic growth to service debt burden often makes high debt burden unsustainable. Table 6.11 details the factors and indicators that Moody’s uses to assess a sovereign’s economic strength. Table 6.11 Specific factors and indicators used by Moody’s Factors Growth dynamics Indicators for Assessing a Sovereign’s Economic Strength Growth dynamics is one of the most important indicators of a sovereign’s economic strength. Low growth prospects can render a high debt burden unsustainable. Indicators Recent performance and medium-term outlook for GDP Volatility in the rate of recent GDP growth Competitiveness and innovation ranking of the World Economic Forum (WEF) Global Competitiveness Index. Scale of the economy Larger and more diversified economies are generally considered to be less vulnerable to economic shocks compared to smaller countries. Scale of the economy is measured by nominal GDP. National income GDP per capita, which is a measure of the income level per sovereign citizen, is given a large weight in the sovereign risk rating (25% weighting in the methodology scorecard for economic strength). Adjustment factors Moody’s incorporates two adjustment factors in its assessment for economic strength: Credit boom adjustment Credit boom adjustment measures how excessive credit growth is artificially increasing economic strength indicators such as GDP growth, GDP per capita and nominal GDP in an unsustainable manner. The credit boom-bust cycle may expose a sovereign to years of declining GDP or even to a financial crisis. Based on Moody’s research, in the years preceding the financial crisis (2003−2007), Ireland’s annual credit growth exceeded nominal GDP growth by a multiple of 1.8 times before the country went into a recession in 2008. Diversification Diversification adjustment factor takes into account the degree of a sovereign’s economic diversification. The more diversified the country’s economy, the more flexible it is to handle potential adverse shocks in a significant industry of the economy. Institutional strength The strength of a country’s political and economic institutions has been directly linked to its ability and willingness to pay its obligations as well as its ability to implement sound policies to further boost economic growth. Based on Moody’s study, around 30% of past sovereign defaults have been directly linked to weaknesses in the political and economic institutions of a country. These weaknesses ranged from political instability to governance problems and sometimes Chapter-06.indd 185 10/21/2015 9:49:50 AM 186 Risk Management in Banking: Principles and Framework even a political unwillingness to pay. Some countries defaulted due to institutional weaknesses despite having relatively low debt-to-GDP levels. Real World Illustration Ecuador’s Political Unwillingness to Pay Debt Ecuador’s President, Rafael Correa, said yesterday that his nation is defaulting on its foreign debt, fulfilling his long-time populist pledge to leave international creditors in the lurch. The default, Ecuador’s second in 10 years, could rattle already jittery investors who have pulled billions of dollars out of emerging markets in recent months as the global financial crisis has spread. It could also set back U.S. interests in Latin America, as Correa now seeks to deepen financial ties with allies like Iran, which this week granted the South American nation a new $40 million credit line. While developing world economies have taken a sharp turn for the worse in recent months, Ecuador is ceasing payments, not because the oil-rich countries cannot afford to pay, but it has made a political decision not to. Source: Washington Post, 13 December 2008 Table 6.12 outlines the measurement tool that Moody’s uses to assess institutional strength. Table 6.12 Moody’s measurement tool to assess institutional strength Factors Institutional framework and effectiveness Indicators / Description Moody’s uses The World Bank’s Worldwide Governance Indicators (WGI) in assessing a country’s fundamental institutional framework. These indicators are used with a policy effectiveness assessment of each country. The World Bank’s Worldwide Governance Indicators reported aggregate and individual governance indicators for 215 economies over the period 1996−2012. Governance is defined as the traditions and institutions by which authority is exercised. It includes the process by which governments are selected, monitored and replaced; the capacity of the government to effectively formulate and implement sound policies; and the respect of the citizens for the institutions that govern economic and social interactions among them. The WGI focuses on six dimensions of governance: Voice and accountability Political stability and absence of violence mm Government effectiveness mm Regulatory quality mm Rule of law mm Control of corruption mm mm Moody’s focuses its credit risk assessment on government effectiveness, rule of law and control of corruption. Chapter-06.indd 186 Government effectiveness Government effectiveness measures the quality of governmental bureaucracy and administration. Government effectiveness captures policy planning, implementation capabilities and independence of the bureaucracy. Rule of law Rule of law measures contract enforcement, property rights and independence of judiciary. Control of corruption Control of corruption measures the extent and quality of transparency and accountability in a country. 10/21/2015 9:49:50 AM 187 Chapter 6 Identification of Credit Risk Factors Indicators / Description Policy credibility and effectiveness This pertains to the government’s ability to consistently and effectively implement economic reform measures. mm Inflation performance Inflation performance is the most important indicator for policy credibility and effectiveness when assessing sovereign credit risk. This is because sustainable economic growth can only be achieved with a stable inflation environment. Inflation is also an important determinant of a country’s competitiveness. High inflation frequently leads to economic and political instability. It also erodes confidence in the domestic currency and leads to capital outflows and even currency crises. Low inflation environment also gives central banks more flexibility to intervene during a financial crisis. Inflation performance of an economy shows the credibility and effectiveness of the policies of an economy’s central bank or monetary authority. mm Inflation volatility Inflation volatility measures the degree of monetary policy uncertainty and the central bank’s ability to control inflation. mm Adjustment factors The track record of default is also considered when assessing institutional strength. The impact of past default in current credit assessment will depend on how recent the default occurred and how large is the loss to investors. Fiscal strength Fiscal strength captures the overall health of a sovereign’s finances. This is measured through three levels of assessment—debt burden, debt affordability and the government debt structure. Based on Moody’s study, more than 30% of sovereign defaults occurred because of persistent external and fiscal imbalances, which had built up over time and resulted in an unsustainably high debt burden due to either unsustainable government fiscal policies or external trade shocks. Real World Illustration When is High too High? The Main Culprit—Excessive Government Debt The Federal Reserve Bank of St. Louis, in a paper When is High Too High, discussed the often discussed problem associated with sovereign debt—when is a government debt deemed to be excessive and too high? It is quite normal for governments to incur debt or to report a modest budget deficit, i.e. spending is more than revenue. However, if the deficit or debt level is deemed to be excessive, there may be fears that the government could no longer repay its debt obligations. But how high is too high? Many economists frequently look at the debt-to-GDP (gross domestic product) ratio as the gauge for determining whether the borrowing or debt level is excessive. Debt-to-GDP ratio measures the ability of a government to repay its debt obligations with its one-year economic output (measured by the GDP). There are, however, some concerns about the focus on debt-to-GDP as it is observed that many countries with high debt-to-GDP have been able to repay its obligations comfortably, while some countries with low debt-to-GDP have defaulted on their obligations. The author of the paper explained that both the ability and willingness to repay the obligations should be considered in assessing default risk. He cited the case of Japan with a high debt-toGDP ratio of 200% but has not defaulted on its obligations. Brazil and Mexico, on the other hand, have low debt-to-GDP of 50% but have defaulted in the early 1980s. It is, therefore, important to consider the perceived willingness to repay government debt in assessing default risk. The paper concluded that this perceived willingness to repay government debt is a major factor in the European sovereign debt crisis. Source: The Central Banker, Federal Reserve Bank of St. Louis, USA, Summer 2012 Chapter-06.indd 187 10/21/2015 9:49:51 AM 188 Risk Management in Banking: Principles and Framework Figure 6.9 illustrates the cyclical characteristics of sovereign defaults. Defaults occur at very high debt-to-GDP and debt burden levels, which impair a country’s ability to service its debt obligations. Slow build-up of debt Dependence on external creditors Deterioration in debt affordability Figure 6.9 Characteristics of sovereign defaults Real World Illustration High Interest Burden In an article published by The Guardian on 22 July 2011, Jamaica’s debt burden was considered one of the worst in the world. This was due mainly to its interest burden averaging 13% of the country’s GDP over the last five years. Jamaica’s debt situation is ironic when compared to Greece, considered to have the highest debt burden in the eurozone. Ironic because Jamaica’s interest burden was twice as much as that of Greece averaging 6.7% of the country’s GDP. In retrospect, Jamaica’s gross public debt was 123% of its GDP while Greece was at 166% of its GDP. This goes to show that the more important number is the interest burden. The report claimed that for the fiscal year 2009/2010, 45% of Jamaica’s government spending went to interest payments that significantly impeded the country’s growth. Source: The Guardian, 22 July 2011 Table 6.13 describes the indicators that Moody’s uses to assess a sovereign’s fiscal strength. Table 6.13 Indicators for assessing fiscal strength—Moody’s Areas Indicators Debt burden General government debt/GDP This ratio measures the level of a sovereign’s debt against its economic output. It considers the government’s gross debt including direct government debt to all regional and local governments. High government debt-to-GDP ratio has a strong correlation with past sovereign defaults. General government debt/revenues This ratio measures the level of a sovereign’s debt against its revenues. It gives an indication of a sovereign’s repayment capacity given its actual revenue base. Debt affordability General government interest payments to revenue This ratio indicates the degree to which a government’s debt service burden is within its revenuegeneration capacity. It may also indicate the willingness of creditors to finance government deficits without demanding a high risk premium. A high ratio means that a large share of revenues will be diverted to meeting interest payments. This often leads to large fiscal deficits and constrain capital expenditure, which will have an adverse impact on future growth. This ratio measures the immediate capacity of revenues to service interest payments. General government interest payments to GDP This ratio measures the broader capacity of the economy to service interest payments by taking a look at the overall economic output (GDP). Chapter-06.indd 188 10/21/2015 9:49:51 AM 189 Chapter 6 Identification of Credit Risk Areas Adjustment factors Indicators Moody’s considers additional factors in assessing the fiscal strength of a sovereign: Debt trend Debt trend analysis focuses on the percentage point in debt level compared to GDP over time. It offers retrospective and prospective views on the medium-term debt trajectory. Debt sustainability analysis Debt sustainability analysis focuses on the different scenarios with respect to nominal growth, fiscal trajectory, interest rate development and stock-flow adjustments. Foreign currency government debt One of the common causes of sovereign default is a proportionately high foreign currencydenominated debt. In Moody’s 2010 default study, the 20 sovereigns covered in the analysis exhibited an extremely high average foreign currency government debt ratio at 75.9%. This follows a phenomenon where sovereigns rely on external borrowings and face high debt service costs when a currency crisis or a macroeconomic shock happens, which causes the debt value to spike in local currency terms. Other public sector debt Many public sector companies can drain fiscal resources from the central government. This can lead to fiscalization of debt. Public sector financial assets or sovereign wealth funds The availability of government assets to be used to service debt obligations is considered in the fiscal strength analysis. These assets provide support factors for government finances. Susceptibility to event risk Susceptibility to event risk assesses the government’s ability to withstand shocks from sudden, extreme events that may severely strain public finances and sharply increase the likelihood of a sovereign defaulting. The first three factors—economic strength, institutional strength and fiscal strength— focus on the government’s ability to withstand shocks from a medium-term perspective. The fourth factor focuses on very sudden and extreme events. Susceptibility to event risk is analyzed in four risk areas. These are political risk, government liquidity risk, banking sector risk and external vulnerability risk. mm Susceptibility to event risk: Political risk Political risk is analyzed in two dimensions, namely domestic political risk and geopolitical risk. Table 6.14 briefly discusses these two dimensions. Table 6.14 Domestic political risk and geopolitical risk Indicators for Analyzing Political Risk Domestic political risk Domestic political risk is the risk arising from a country’s domestic politics. This risk can be assessed based on two indicators: The World Bank’s Voice and Accountability Index The World Bank’s Voice and Accountability Index is a component of the Worldwide Governance Indicators. Voice and Accountability (VA) captures the perception of the extent to which a country’s citizens are able to participate in selecting their government as well as freedom of expression, freedom of association and a free media. GDP per capita GDP per capita is used as a proxy for the potential of low income-related social unrest. Geopolitical risk Chapter-06.indd 189 Geopolitical risk is harder to quantify compared to other factors. There are, however, few countries that may be affected by geopolitical risk. Escalation of geopolitical risk could lead to deterioration of creditworthiness. One example frequently cited is the credit rating of South Korea. While South Korea has a strong credit rating, escalation of tensions with North Korea could adversely impact South Korea’s creditworthiness. 10/21/2015 9:49:51 AM 190 Risk Management in Banking: Principles and Framework Real World Illustration Kuwait Crisis Threatens Credit Rating Downgrade In a report released by Reuters in October 2012, Fitch Ratings warned against the escalating political turmoil in Kuwait, which could compromise the country’s AA sovereign credit rating despite its strong balance sheet. The situation was brought upon by the dissolution of the parliament by Sheikh Sabah al-Ahmed al-Sabah that eventually led to a new election which would have serious impact on the country’s economy. Of all the Fitch-rated countries, Kuwait has the strongest sovereign external balance sheet, which connotes that it can withstand further political instability. Fitch said that Kuwait registered net foreign assets of about $323 billion or equivalent to 191% of its GDP as of end of 2011. Source: Reuters, October 2012 mm Susceptibility to event risk: Government liquidity risk Government liquidity risk is the risk that a sovereign will lose its access to liquidity to enable it to service its debt obligations. Countries that have more diversified sources of liquidity are generally considered to be more resilient. High private savings and sophisticated financial system are examples of indicators of strong liquidity sources. Table 6.15 details the main indicators of government liquidity risk. Table 6.15 Main indicators of government liquidity risk Indicators of Government Liquidity Risk Fundamental metrics Gross borrowing requirements related to the GDP gives an indication of the size of a sovereign’s funding needs. The higher the borrowing requirements, the more susceptible the sovereign is to liquidity risk. Another important indicator is the share of general government debt held by non-residents. The higher the share of foreign investors, the less captive the sovereign’s investor base is. Market funding stress Market funding stress is a strong indicator of perceived or actual liquidity problems for a sovereign. Indicators such as the sovereign’s credit default swap spread or bond-implied ratings are used to monitor market-funding stress. Market funding stress can be mitigated by tapping support programmes from other sovereigns or from multilateral agencies, e.g. the International Monetary Fund (IMF). Sovereigns which tap these support programmes are generally assigned non-investment grade ratings. This is because the support programmes are usually the last-resort crisis measure and therefore indicates significant credit weakness. Susceptibility to event risk: Banking sector risk and other contingent liabilities Sovereigns are sometimes exposed to liabilities that are not apparent. These liabilities are the government’s off-balance sheet commitments that will only be triggered upon the occurrence of an adverse event. These contingent liabilities may be converted into actual liabilities on the part of the sovereign. The most common form of such off-balance sheet liabilities is explicit sovereign guarantees to cover debt repayments of third parties. There are also implicit guarantees where the government may be compelled to support third-party obligations if a certain event is triggered. An example is the banking industry. The government typically supports banks in two ways: mm Issuance of guarantees to facilitate bank debt issuance and other temporary liquidity support measures mm Direct injections of capital Chapter-06.indd 190 10/21/2015 9:49:51 AM Chapter 6 Identification of Credit Risk 191 Indicators of Government Liquidity Risk Banking sector liabilities may, therefore, be treated as a contingent liability for the sovereign. Some indicators that is relevant to assess the sovereign’s vulnerability to banking risk are: mm mm mm Strength of the banking system The strength of the banking system is measured by the average bank financial strength assessment. It is a measure of the banking system’s ability to honour its debt obligations. Size of the banking system The larger the banking system relative to the sovereign’s GDP, the larger is the sovereign’s contingent liabilities. Funding vulnerabilities Banking systems with a small deposit base and significant reliance on capital markets funding are more vulnerable than banking systems with a large deposit base. Real World Illustration Ireland Blanket Guarantee Mistake The government’s guarantee of Irish bank liabilities—that controversially saddled Irish taxpayers with billions in debt—is to end next month. Irish Finance Minister, Michael Noonan, made the announcement. Mr Noonan said the end of the scheme on 28 March signalled that Irish banking had left the ‘emergency ward’ and was now in normal conditions. The scheme was introduced in September 2008 in a panicked response to the financial crisis. With Irish banks facing collapse, the government introduced a blanket guarantee of everything within the system. Ordinary deposits were already covered up to €100,000 (£86,000) under a Europe-wide scheme and they remain covered at present. But this exceptional guarantee covered up to €400 billion (£345 billion) in liabilities, commercial and inter-bank deposits, and bank bonds and debt. The Irish government did not expect to have to pay out on the guarantee, but the banks’ financial position proved much worse than realized at the time, and Irish taxpayers ended up bailing out the failed institutions to the tune of €62 billion (£53 billion). The end of the guarantee had been expected. Under the terms, covered banks paid fees to the Irish Exchequer—some €1.1 billion (£947 million) last year. The guarantee’s end will return savings to the banks and reduce income for the government, but Minister Noonan said this had been built into the budget. In fact, he suggested the savings for the banking sector should increase profitability and benefit taxpayers, who should see their investment in Irish banks rise as a result. The ending of the guarantee marks the latest step in addressing some of the consequences of Ireland’s disastrous banking collapse. Source: BBC News, 28 February 2013 Real World Illustration Cyprus Banks 7.5 Times Larger than its Economy In a Reuters report released on 21 March 2013, Cyprus needed to halve its oversized banking sector by 2018 so as to qualify for the bailout set by the European Union. The prequalification for the bailout must be met by Cyprus and match the average EU banking sector pegged at around 3.5 times of a country’s GDP as against the size of the Cypriot banking sector which was 7.5 times the size of its GDP. The sheer size of the Cypriot banking sector led by its three largest banks produced almost $23.27 billion a year. However, the banking sector became vulnerable and suffered heavy losses during the 2012 Greek sovereign debt restructuring, the Reuters report claimed. Source: Reuters, 21 March 2013 Chapter-06.indd 191 10/21/2015 9:49:52 AM 192 Risk Management in Banking: Principles and Framework mm Susceptibility to event risk: External vulnerability risk Some countries need to generate foreign currencies to pay their foreign currencydenominated obligations. Countries with high current account deficits and/or net capital outflows may face balance of payment constraints. Table 6.16 describes some important indicators of external vulnerability risks. Table 6.16 Indicators of external vulnerability risks Indicators of External Vulnerability Risks Current account and foreign direct investment (FDI) balance Current account balance records all cross-border transactions between residents and non-residents and flows of dividends and payments on foreign assets and liabilities. A negative current account balance indicates that payments abroad exceed receipts. Large and persistent current account deficits can lead to a build-up of external debt. External vulnerability indicator This measures the sovereign’s relative capacity to use immediately available international reserves to make debt payments even if creditors refuse to roll over its debt that is due within a given year. It measures a sovereign’s ability to withstand a temporary loss of confidence resulting from a heightened risk perception or general liquidity squeeze. Net international investment position Net international investment position measures the difference between a country’s foreign assets and its liabilities relative to its GDP. 6.2.3 Corporate Credit Risk Corporate credit risk exposure primarily arises from short- and long-term loans and advances granted to the bank’s corporate, partnership and proprietorship clients. These loans and advances are granted to help the corporate clients finance their current operations or future expansion plans. Corporate credit risk also arises from the bank’s different off-balance sheet activities, e.g. providing commitments to lend, guarantees or hedging solutions to corporate clients. Banks also engage in specialized lending activities which provide customized solutions specific to the individual client’s needs. These activities generate unique exposures for many banks which require specialized knowledge and skill set. Table 6.17 describes some examples of specialized lending activities. Table 6.17 Specialized lending activities Type of Lending Project finance Description Project finance is a method of funding in which the bank looks primarily to the revenues generated by a single project, both as the source of repayment and as security for the exposure. In a project finance transaction, the bank is usually paid solely or almost exclusively out of the money generated by the contracts for the facility’s output. The borrower is usually a special purpose entity (SPE) that is not permitted to perform any function other than developing, owning and operating the installation. The implication is that repayment depends primarily on: mm Project’s cash flows mm Collateral value of the project’s assets Chapter-06.indd 192 10/21/2015 9:49:52 AM 193 Chapter 6 Identification of Credit Risk Type of Lending Description Object finance Object finance refers to a method of funding the acquisition of physical assets where the repayment of the exposure is dependent on the cash flows generated by the specific assets that have been financed and pledged or assigned to the bank. A primary source of these cash flows might be rental or lease contracts with one or several third parties. Commodities finance Commodities finance refers to structured short-term lending to finance reserves, inventories or receivables of exchange-traded commodities. The exposure will be repaid from the proceeds of the sale of the commodity, and the borrower has no independent capacity to repay the exposure. The borrower generally has no other activities or material assets on its balance sheet. The structured nature of the financing is designed to compensate for the borrower’s weak credit quality. Income-producing real estate Income-producing real estate (IPRE) financing refers to a method of providing funding to real estate where the prospects for repayment and recovery on the exposure depend primarily on the cash flows generated by the assets. The primary source of cash flows would generally be the lease or rental payments, or the sale of assets. The distinguishing characteristic of IPRE financing is the strong positive correlation between the prospects for repayment of the exposure and the prospects for recovery in the event of default, with both depending primarily on the cash flows generated by a property. High volatility commercial real estate High-volatility commercial real estate lending is the financing of commercial real estates that exhibit higher loss rate volatility (i.e. higher asset correlation) compared to other types of specialized lending. Nature of corporate credit risk exposures Compared to retail credit risk exposures, a standalone corporate credit risk exposure is frequently higher in value and lower in volume. Failure of a single corporate credit exposure may have more impact to the bank than for retail credit exposures. This makes it more critical to focus on assessing corporate credit risk exposures on a standalone level. On the other hand, for retail credit risk exposures, credit risk assessment is frequently done on a portfolio level due to the relatively more homogeneous character of the individual’s retail credit risk profile. Another distinction between a corporate credit risk exposure and retail credit risk exposure is the availability of information. Corporate governance, securities rules and local or international regulations require corporate entities to disclose information to the investing public. The information can come in various forms such as the annual or quarterly audited financial statements—balance sheet, income statement and cash flow statement. The relevant information allows the bank to proactively assess corporate credit exposures on an ongoing basis. Drivers of corporate credit risk Corporate credit risk is driven by two major factors—business risk and financial risk. Business risk Business risk is the risk associated with the operating environment of the corporate credit. These are non-financial in nature. Business risk can be classified into three levels— country-risk, industry risk and company-level risk. Chapter-06.indd 193 10/21/2015 9:49:52 AM 194 Risk Management in Banking: Principles and Framework mm Industry risk Industry risk is defined as the risk of losing revenue or market share, or incurring an overall financial decline as a result of industry changes, business cycles, product obsolescence, changes in consumer preferences, changes in technology, reduction in barriers to entry or an increase in competition. Disruptions in the industry could significantly affect the company’s future viability and ability to continue as a going concern. A recent example is the mobile phone industry. The once-dominant players in mobile phones (e.g. Nokia and Blackberry) faced significant market share erosion with the entrance of smartphones. Another example is the personal computer industry—once dominated by blue chip companies like HP and Dell—has been disrupted with the emergence of new computing alternatives such as tablets and smartphones. Industry changes and disruptions can affect the future earning capacity of corporations. Former General Electric CEO, Jack Welch, once commented—“I would rather invest in a bad company in a good industry than invest in a good company in a bad industry.” The dynamics of the industry can strongly influence a company’s performance. This is why a company is analyzed in the context of the industry in which it operates. Industry risk can be analyzed in three dimensions—sales and revenue prospects, business cycle and industry structure. –– Sales and revenue prospects An industry’s sales and revenue trends as well as its prospects can have significant implications on the assessment of a company’s own sales and revenue (S&P) prospects, and therefore its credit strength. The industry life cycle analysis is an important tool in understanding an industry’s sales and revenue growth prospects. S&P classifies an industry into five types—growth industry, mature industry, niche sector, global business and highly cyclical. Revenue is an important trend for measuring an industry’s growth, size and general strength. Analyzing the revenue trend can provide insight into the industry’s pricing power, which is defined as the industry’s ability to raise the price of a product without affecting its demand. This occurs when demand exceeds supply and buyers have little or no alternative. Figure 6.10 illustrates the different growth patterns—growth, mature, niche, global and highly cyclical—of different industries. While it is difficult to classify an industry under one of the categories, the industry life cycle framework is a useful tool to assess its growth potential. Growth Mature Niche Global Highly cyclical Figure 6.10 Industry life cycle Chapter-06.indd 194 10/21/2015 9:49:52 AM 195 Chapter 6 Identification of Credit Risk Table 6.18 Industry life cycle—growth patterns Growth Pattern Description Growth industry A growth industry is one that has not yet achieved sales in all possible markets but has great potential for growth in new markets, to new customers, for new products and at a faster pace—defined in general as greater than 5%—than other industries. Examples of companies in the growth industry are high technology start-up companies. They are characterized by high market growth potential and untapped markets. Mature industry A mature industry is already selling to most possible customers and markets, and has growth potential that is roughly average compared to that of other industries. Mature industries are generally characterized by stable growth patterns. However, they also experience constant shifts in supply and demand balances that affect sales growth and pricing power. New developments such as the entrance of new products for mature products could make the analysis of sale and revenue trends more challenging. The results could widely diverge. Examples of companies in the mature industry are food and beverage or consumer companies in mature markets. These companies are characterized by a stable sales growth pattern. Niche sector Niche sectors are small, narrow businesses or products within a larger industry where the growth potential is meaningful and opportunistic for smaller participants, and usually insignificant or marginally incremental for larger entities. Niche companies typically take advantage of the inefficiencies of larger companies by focusing on a narrow line of products to deliver better products at better prices. Niche companies’ sales growth prospects and pricing power are generally viewed as high risk. Niche companies usually cater to specialized products or service requirements of customers that are usually not met by larger entities. They usually service certain geographical areas or demographics which are untapped by larger entities. Niche companies are typically of smaller capitalization compared to large companies. Examples of niche companies are banks that specifically focus on a certain target market. Banks that specialize in lending to SMEs (which are sometimes not tapped by larger banks) may be considered as niche institutions. Because of its limited market, the niche company’s asset or capital size is not as large as those of large companies. Global business Global business is typically a mature business whose sales are achieved across country boundaries. Therefore, sales and revenue growth opportunities for competitors in a global industry can be substantial. Global businesses encompass the risks and opportunities of a mature industry but they are multiplied and complicated by scale of operations. Examples of global businesses are multinational companies that operate in multiple markets. Highly cyclical Highly cyclical industries experience wide swings in demand and supply. A major challenge for this sector is to achieve consistent sales growth performance. Examples of highly-cyclical industries are commodity trading companies whose revenues are largely dependent on movements in the prices of commodities, which are highly volatile. –– Business cycles Business cycles are short-term fluctuations in the economy. These fluctuations can be divided into two distinct phases—expansion and recession phases. The expansion phase occurs during periods when economic activities tend to trend up. The recession phase occurs during periods when the economy tends to trend down. Every industry has its own unique business cycle. Understanding the business cycle trend for a particular industry is important. Industries with shorter business cycle are more exposed to business cycle risk. Those with unpredictable and volatile expansion to recession transition patterns are more vulnerable from a credit risk perspective. Chapter-06.indd 195 10/21/2015 9:49:52 AM 196 Risk Management in Banking: Principles and Framework Business cycle, however, should be distinguished from credit cycle. Credit cycle is the fluctuation in the supply of credit. Similar to the business cycle, a credit cycle can be described in distinct phases—expansion and contraction phases. Credit cycle, therefore, describes the expansion and contraction of access to credit over time. While it can be intuitively expected that the credit cycle can influence the course of a business cycle, studies have shown that correlation between these two types of cycles appears relatively weak. In the paper, ‘Corporate Bond Default Risk: A 150-Year Perspective’ (Giesecke et al, 2011), it was found that default cycles tend to be less frequent but more persistent than the business cycle downturns. –– Industry structure Analyzing the structure of an industry in terms of the market structure—demand and supply—will yield important insights into the industry’s ability to remain resilient under changing economic conditions. Real World Illustration S&P Industries Ranked by Level of Inherent Risk Highest-risk industries Metals and mining firms Large-scale manufacturers, particularly automakers and suppliers Airlines and aerospace Homebuilders and building materials suppliers Merchant electricity generators and marketers Paper and wood products manufacturers Medium-risk industries Oil and natural gas producers Technology firms, including telecommunications equipment makers Restaurants Retail stores One of the traditional frameworks to assess an industry’s profitability is the classic five forces model—developed by Professor Michael Porter at Harvard Business School. It provides important insights on the vulnerabilities of an industry to one or more of the five forces. Figure 6.11 illustrates Porter’s five forces model, while Table 6.19 discusses Porter’s five competitive forces. Threat of new entrants Bargaining power of suppliers Rivalry among existing competitors Bargaining power of buyers Threat of substitute products or services Figure 6.11 Porter’s five forces Chapter-06.indd 196 10/21/2015 9:49:52 AM 197 Chapter 6 Identification of Credit Risk Table 6.19 The five forces model Porter’s Five Forces Competitive Model Threat of new entrants New entrants to an industry bring new capacity, the desire to gain market share and substantial resources. The seriousness of the threat of entry depends on the barriers present and on the reaction from existing competitors. If the barriers to entry are high and existing competitors are expected to retaliate aggressively, new entrants will not pose a serious threat of entering. The six major sources of barriers to entry are described below. Six Major Sources of Barriers of Entry The extent of economies of scale will force a new entrant either to come in a large scale or accept a cost disadvantage. Product differentiation Brand identification creates a barrier by forcing new entrants to invest heavily to overcome customer loyalty to existing competitors. Capital requirements The need to invest larger resources in order to compete creates a significant barrier of entry, particularly if capital is required for unrecoverable upfront expenditures. Cost disadvantages independent of size Existing competitors may have cost advantages not available to potential rivals, regardless of their size and attainable economies of scale. These advantages can be attributed to the effects of learning curves, proprietary technology, access to reliable and better raw material sources, assets purchased at pre-inflation prices, government subsidies or favourable locations. Access to distribution channels New entrants must secure distribution of their products and services. The more limited the distribution channels and current channels are controlled by existing competitors, the higher this barrier of entry will be. Government policy Government can limit entry to an industry with controls such as licence requirements and limit access to raw materials. Bargaining power of suppliers Suppliers can exert bargaining power on an industry by raising prices or reducing the quality of purchased goods and services. Powerful suppliers can squeeze profitability out of an industry that is unable to recover cost increases from its own prices. Bargaining power of buyers Customers can also force down prices, demand higher quality or more services, and play competitors off against each other—all at the expense of industry profits. Threat of substitute products or services Substitute products or services limit an industry’s potential by placing a ceiling on prices the industry can charge. Substitute products that deserve the most attention strategically are those that: are subject to trends that improve their price-performance tradeoff with the industry’s product are produced by industries earning high profits Rivalry among existing competitors As an industry matures, its growth rate changes and results in declining profits. Rivalry among existing competitors may force the players to use tactics like price competition, product introduction, and advertising slugfests. mm Chapter-06.indd 197 Economies of scale Company-specific risks Company-specific risks can be defined as all the non-financial factors that can affect a company’s financial performance and influence the specific strategy that its management employs. Business risk can be broken down into three aspects—company strength, product and sales diversity and management. –– Company strength Market share is a key indicator of a company’s position in the industry. It is the proportion of industry sales—measured in either units or revenue—the company controls. 10/21/2015 9:49:52 AM 198 Risk Management in Banking: Principles and Framework –– Product and sales diversity Stronger companies may have unique products or services that are desired by customers. This serves as a competitive advantage as it creates a bargaining power that translates into consistent sales demand. Table 6.20 discusses some indicators that should be monitored to assess product and sales diversity. Table 6.20 Indicators for monitoring product and sales diversity Indicators for Monitoring Product and Sales Diversity Consistency and stability of growth Consistency and stability of a company’s business is a key component of credit analysis. Consistency and stability is measured in terms of: mm Stability of revenue mm Unit sales mm Profitability mm Cash flow Operational diversity An organization’s breadth and scope can be an important ingredient that brings stability to the business. Diversity helps smooth out the effects of business cycles. This means that if there is a slowdown in one business line, this can be mitigated by relying on the other aspects of the business. Operational diversity could be several businesses, product lines, manufacturing plants, distribution outlets or even types of customers. Financial diversity The concept of financial diversity is closely linked to operational diversity, which can provide stability in financial performance by having multiple businesses delivering varied portions of revenue and income. This gives management the flexibility to shift resources among business units even during different business cycles. Asset flexibility Asset flexibility means having the flexibility to sell a company’s asset in times of need. This is why the quality of a company’s assets should be evaluated. Regulations As discussed in an earlier section, regulations could have an important impact on the financial performance of the industry in general and on the company in particular. The objective of evaluating the regulatory environment is to understand its impact on a company’s revenue and income, and its ability to compete. –– Management Corporate governance or the manner in which a company is managed is an important factor in the analysis of credit risk. A company must be managed with high integrity with regard to ethics, internal control and corporate culture. Some indicators used by S&P to assess a company’s corporate governance are: §§ Degree of aggressiveness in a company’s business model, growth and acquisition strategy/patterns. Examples of signals that indicate high aggressiveness are history of setting overly ambitious or optimistic growth; revenue growth materially in excess of peer-group average; rapid growth through acquisitions §§ Aggressiveness of expansion into new or unproven products, business lines, industries and/or markets §§ Major shifts in business/operating strategy §§ History of restructurings, asset sales and layoffs §§ Aggressiveness in shareholder value creation or equity price appreciation strategy §§ Degree of aggressiveness or excessiveness of CEO and senior executive compensation and benefits §§ Overreliance on/excessive power of/domination by CEO or other senior executives §§ High and/or unexpected senior management or board of director turnover/ departures Chapter-06.indd 198 10/21/2015 9:49:53 AM 199 Chapter 6 Identification of Credit Risk §§ Aggressive corporate culture and practices §§ Frequency of litigation and legal disputes against company §§ History of government or regulatory actions §§ Aggressiveness or complexity in corporate/operating/tax/ownership structure §§ Aggressiveness/complexity in financial/leverage structure §§ Financial stability §§ Degree of reliance on derivatives and off-balance sheet structures for profitability and/or capital management §§ Aggressive strategy/history of revenue or income recognition and/or understating costs or liabilities §§ Aggressiveness, frequent changes and/or complexity in accounting practices and reporting Financial risk Financial statements are usually the primary source in assessing an entity’s financial risk. Financial statements are structured representation of an entity’s financial position and financial performance. A complete set of financial statements comprises a balance sheet, income statement, cash flow statement, statement of changes in equity and notes to the financial statements. Analyzing the financial statements may provide important information on the corporate entity’s creditworthiness. The borrower’s balance sheet can provide important indications on emerging credit problems. Borrowers generate income and liquidity from their assets. It is, therefore, important to understand the relationship of income and liquidity to the assets and how they change over time. Capitalization and liquidity provide important insight on how borrowers can withstand adverse economic events. The borrower’s cash flow statement can provide indications on its credit condition. Borrowers usually cut capital expenditures in order to generate cash to pay for debt repayment. These reductions provide important insight on emerging credit conditions. Table 6.21 describes some of the common ways to analyze financial risks using financial statements. Table 6.21 Using financial statements to analyze financial risks Tools Financial Risk Analysis Common sizing analysis Common sizing analysis involves assessing all items of the financial statements as a percentage of total assets or revenues. It standardizes comparison of different entities or different time horizons. An excerpt to an item in a common size financial statement is shown below: Company 1 Company 2 Industry Level 75% 30% 25% Long-term liabilities (percentage of total assets) Company 1 clearly has significant long-term liabilities as a percentage of total assets particularly when compared against Company 2 and the industry level. This could indicate a more leveraged profile (three times the industry level) and may affect the bank’s appetite to continue to lend funds to this company. Long-term liabilities as a percentage of total asset Current Year Previous Year Previous Two Years 75% 23% 20% Common sizing analysis can also uncover changes over a multiple-year period. It can be seen that major increases in debt level was observed only this year. The credit risk analyst may want to explore the causative event(s) or factor(s) for this significant change. Chapter-06.indd 199 10/21/2015 9:49:53 AM 200 Risk Management in Banking: Principles and Framework Tools Financial Risk Analysis Trend analysis Trend analysis aims to show how financial statement items changed over time. It provides insights into the company’s business performance across economic cycles. Ratio analysis Ratio analysis involves the use of relative measures in the financial statements. It has the following objectives: Structural analysis—to clarify the relationship between items appearing on the financial statements, i.e. balance sheet, income statement, cash flow statement, etc. Time-series analysis—to match borrowers’ performance against historical levels Cross-sectional analysis—to compare performance with benchmarks or industry averages Ratio analysis involves the assessment of the following: Focus of Analysis Liquidity Solvency The ability of the corporate entity to meet its short-term obligations as they come due The entity’s ability to meet its obligations on a longer-term basis Common Ratios Current Asset Current Liabilities Current Ratio = Quick Ratio = Current Assets – Inventories Current Liabilities Cash Ratio = Cash and Cash Equivalents Current Liabilities Debt to Equity = Equity Ratio = Total Debt Total Equity Equity Total Assets Total Debt Total Assets EBITDA Leverage Ratio = Debt Ratio = Total Debt – Cash Earnings before Interest, Taxes, Depreciation and Amortization Debt service ability The entity’s ability to meet its interest payment obligations using its earnings or cash flows Interest Cover Ratio = Earnings before Interest and Tax Interest Costs Interest Costs Sales Interest to Sales Ratio = Free Cash Flow Ratio = Free Cash Flow – Capital Expenditure – Interest Interest Cash Cover Ratio = Cash Flow from Operating Activities Interest Payments Performance ratios Measure the performance of a corporate entity Sales Growth = Current Sales – Previous Sales Previous Sales Gross Profit Margin = Gross Profit Sales Operating Profit Margin = Chapter-06.indd 200 Operating Profit Sales Net Profit Margin = Net Profit Sales Return on Assets = Net Profit Average Total Assets Return on Equity = Net Profit Equity 10/21/2015 9:49:53 AM 201 Chapter 6 Identification of Credit Risk In 1968, Professor Edward Altman conducted a study of publicly-listed, non-financial companies to identify which accounting ratios are important in detecting financial distress. The values are combined and weighted to produce a credit risk score that discriminates between firms that will fail and those that will survive. The five financial ratios that are determined to be most predictive of bankruptcy are: Working capital to total assets ratio (X1) mm Retained earnings to total assets ratio (X2) mm Earnings befor e interest and taxes to total assets ratio (X3) mm Market value of equity to book value of total liabilities ratio (X4) mm Sales to total assets ratio (X5) mm From the financial ratios, a credit risk score—Altman Z-score—is calculated (see below). The calculated Z-score is used as the basis for the approval or rejection of loan applications. Original Z-score = (1.2 × 1) + (1.4 × 2) + (3.3 × 3) + (0.6 × 4) + (1.0 × 5) 6.2.4 Counterparty Credit Risk The failure of Lehman Brothers at the height of the 2008 financial crisis highlighted weaknesses in the way banks managed their counterparty risks. The results of a survey by the Senior Supervisors Group showed that of the 20 major global financial institutions surveyed, only nine had processes in place to actively manage their counterparty credit risk exposures in line with industry best practices. The Interagency Supervisory Guidance on Counterparty Credit Risk Management defines counterparty credit risk as: …the risk that a counterparty to a transaction could default or deteriorate in creditworthiness before the final settlement of a transaction’s cash flows. Counterparty credit risk versus traditional lending exposure In a traditional lending exposure, the lending bank is the established exposed counterparty. The risk of loss only accrues to the lending bank. Many derivative transactions, however, create a two-way credit or bilateral credit risk exposure. This is because the market value of the transaction can either be positive or negative to either counterparty. Counterparty credit risk is influenced by two factors: Exposure to the counterparty mm Credit quality of the counterparty mm Both of these factors are sensitive to market changes. Right-way and wrong-way risk The International Association of Swaps and Derivatives Association (ISDA) defines wrong-way risk as the risk that occurs when exposure to a counterparty is adversely correlated with the counterparty’s credit quality. It arises when both the counterparty credit risk and derivative exposure increase together. Chapter-06.indd 201 10/21/2015 9:49:53 AM 202 Risk Management in Banking: Principles and Framework Illustrative Example Wrong-Way Risk Company XYZ, a Malaysia-based company, entered into a forward transaction with Bank ABC where it sells US$10,000,000 at an exchange rate of 3.4 (local currency value: MYR34,000,000). If the MYR weakens against the US$ (i.e. US$ strengthens) to 3.5, Company XYZ is still required to pay US$10,000,000 but will receive only MYR34,000,000 from Bank ABC. Had Company XYZ not entered into this transaction, it would have been able to sell US$10,000,000 at a more favourable rate of MYR35,000,000. This means that the hedge has a negative mark-to-market value for Company XYZ and a positive mark-to-market value for Bank ABC. Recall that Company XYZ is a Malaysia-based company. A weakening of the MYR (domestic currency) may be an indication of a weakness in the domestic economy. This means that Company XYZ’s creditworthiness may have deteriorated as well. Bank ABC, therefore, is exposed to the correlation between the increase in exposure—positive mark-to-market (MTM) value—and deteriorating creditworthiness of the counterparty. Right-way risk, on the other hand, occurs when the exposure to the counterparty is negatively correlated with the counterparty’s credit quality. Illustrative Example Right-Way Risk Company DEF, a Malaysia-based company, entered into a forward transaction with Bank ABC where it buys US$10,000,000 at an exchange rate of 3.4 (local currency value: MYR34,000,000). If the MYR weakens against the US$ (i.e. US$ strengthens) to 3.5, Company DEF will receive US$10,000,000 from Bank ABC but will pay only MYR34,000,000 to Bank ABC. The value of US$10,000,000 in local currency terms is now MYR35,000,000. This means that Company DEF has no incentive to default. Bank ABC will have a positive MTM exposure to Company DEF in this transaction only if the MYR strengthens against the US$. If the MYR strengthens against the US$, this may indicate a generally positive development on the local economy. This means that, holding other things constant, Company DEF, a Malaysiabased company, may be facing improving credit prospects. In this transaction, Bank ABC’s exposure is negatively correlated to Company DEF’s credit quality. Given the complexity of counterparty credit risk exposures, banks should have a comprehensive set of tools or metrics to understand and quantify counterparty credit risk exposures. Table 6.22 discusses some exposure metrics that are widely used to quantify counterparty credit risk. Chapter-06.indd 202 10/21/2015 9:49:53 AM 203 Chapter 6 Identification of Credit Risk Table 6.22 Exposure metrics for quantifying counterparty credit risks Exposure Metrics Quantifying Counterparty Credit Risks Current exposure or replacement cost Current exposure is the market value of a transaction or a portfolio of transactions within a netting set with a counterparty that would be lost upon the counterparty’s default, assuming no recovery on the value of those transactions in bankruptcy. Current exposure allows banks to assess their counterparty’s credit risk exposure at any given time. Jump-to-default exposure Jump-to-default exposure is the change in the value of the counterparty transactions upon the default of a reference name in the credit default swap positions. Jump-to-default exposure allows banks to assess the risk of a sudden, unanticipated default before the market can adjust. Expected exposure Expected exposure is calculated as the average exposure to a counterparty on a future date. Expected exposure is used as a measure of exposure at a common time in the future. Expected positive exposure Expected positive exposure is the weighted average over time of expected exposures where the weights are the proportion that an individual expected exposure represents of the entire time interval. Peak exposure Peak exposure is a high percentile of the distribution of exposures—typically 95% or 99%—on any particular future date before the maturity date of the longest transaction in the netting set. Peak exposure allows banks to estimate their maximum potential exposures on a specified future date or over a given time horizon with a high level of confidence. 6.3 OVERVIEW OF PORTFOLIO CREDIT RISK LEARNING OBJECTIVE 6.3 DISCUSS credit risk in the portfolio context 6.3.1 Sources of Portfolio Credit Risks The Basel Committee on Banking Supervision (BCBS) enumerates two important sources of portfolio credit risk—systematic risk and idiosyncratic risk. Chapter-06.indd 203 10/21/2015 9:49:53 AM 204 Risk Management in Banking: Principles and Framework Table 6.23 Systematic and idiosyncratic risks Sources of Portfolio Credit Risks Systematic risk Represents the effect of unexpected changes in macroeconomic and financial market conditions on the performance of borrowers. Borrowers may differ in their degree of sensitivity to systematic risk. There are a few firms (e.g. utility companies) that are completely indifferent to the wider economic conditions in which they operate. This is why the systematic component of portfolio risk is frequently referred to as undiversifiable risks. Idiosyncratic risk Represents the effects of risks that are particular to individual borrowers. As the portfolio increases in size and becomes more diversified, the largest individual exposure accounts for a smaller share of the total portfolio exposure. Idiosyncratic risk can be diversified away at the portfolio level. Correlation of exposures in credit portfolios is an important aspect of portfolio credit risk. Historical experience shows that concentration of risks in the loan asset portfolio has been one of the major causes of bank failures. Risk concentration is the single most important cause of major credit problems. Credit concentrations are viewed as any exposures where the potential losses are large relative to a bank’s capital, total assets or the bank’s overall risk level. Relatively large losses may reflect not only large exposures, but also indicate the potential for an unusually high percentage losses given default (LGD). Credit risk concentrations can be grouped into two categories—conventional credit concentrations and concentrations based on correlated risk factors. Table 6.24 Types of credit risk concentrations Categories of Risk Concentrations Conventional credit concentrations Conventional credit concentrations would include concentrations of credits to: Single borrowers or counterparties Group of connected counterparties mm Sectors or industries mm mm Concentrations based on common or correlated risk factors Concentrations based on common or correlated risk factors reflect subtler or more situation-specific factors, and often can be uncovered through analysis. The 1997 Asian financial crisis, the 1998 Russian default and the 2008 global financial crisis illustrate how close linkages among emerging markets under stress conditions and previously undetected correlations between market, credit and liquidity risks can produce widespread losses. The Basel Committee on Banking Supervision has identified the common reasons as to the occurrence of credit concentration risks. In the competitive banking environment, banks face a trade-off between focusing on key areas or diversifying their credit loan portfolio. Banks that aim to gain market leadership frequently choose to specialize in key areas or prioritize relationship over key counterparties. This sometimes leads banks to build up large exposures to certain markets or certain counterparties. At times, banks would identify ‘hot’ and rapidly-growing sectors or industries and use overly optimistic assumptions about a sector or industry’s growth prospects. This has been the common theme for some of the worst banking crises in history—from the emerging markets Chapter-06.indd 204 10/21/2015 9:49:53 AM 205 Chapter 6 Identification of Credit Risk debacle in the 1980s and 1990s to the dotcom bubble in the early 2000s and the 2008 global financial crisis. The search for asset growth and market share sometimes results in banks loosening their credit underwriting standards and taking on heightened concentration risk to certain single counterparties, industries or markets. Real World Illustration Bank Negara Malaysia Guidelines on Risk Concentration In February 2013, Bank Negara Malaysia issued the BNM/RH/GL 001-38 on Single Counterparty Exposure Limit (SCEL) guideline. SCEL serves as a non-risk adjusted back-stop measure to ensure that exposures to a single counterparty or a group of connected counterparties are within prudent limits at all times. The policy sets out: BNM’s expectations of banking institutions in managing and monitoring exposures to a single counterparty—role of the board of directors and senior management with respect to SCEL. The prudential limit for exposures to a single counterparty—total exposure to a single counterparty should not exceed 25% of the banking institution’s capital, treatment of guarantee or credit derivatives protection. Parameters for identifying connected counterparties that constitute a single counterparty— definition of connected counterparties, power of control and economic dependence. Scope and treatment of exposures applicable to a single counterparty—definition of exposures, methods of measuring on- and off-balance sheet exposures, facilities and derivatives, and collateralization. Expectations with respect to on-going compliance with SCEL—SCEL should be observed at all times, breach reporting. General Principles for Concentration Risk Management In September 2010, the European Banking Authority (EBA) released its Guidelines on the Management of Concentration Risk under the Supervisory Review Process. The guidelines provide high-level principles for concentration risk management from multiple perspectives—credit, market and liquidity. This section focuses on the credit risk aspect of concentration risk. The general risk management framework of a banking institution should clearly address concentration risk and its management. Banks should address concentration risk in their governance and risk management frameworks, assign clear responsibilities, and develop policies and procedures for the identification, measurement, monitoring and reporting of concentration risk. Management should understand and review how concentration risk derives from the bank’s overall business model. Banks should have a definition on what constitutes a material concentration in line with their risk tolerance. Any exceptions from the policies and procedures should be properly documented and reported to the appropriate management level. Banks should have an integrated approach for looking at all aspects of concentration risk within and across risk categories. Concentration risk can be analyzed in two main dimensions—intra- and inter-risk concentrations. Chapter-06.indd 205 10/21/2015 9:49:54 AM 206 Risk Management in Banking: Principles and Framework Table 6.25 Intra-risk and inter-risk concentrations Dimensions of Concentration Risk Intra-risk concentration Refers to risk concentrations that may arise from interactions between different risk exposures within a single risk category. Intra-risk may be assessed in two ways: mm mm Inter-risk concentration as a separate risk category fully embedded in the risk management framework Refers to risk concentrations that may arise from interactions between risk exposures across different risk categories. These interactions between different risk exposures may stem from a common underlying risk driver or from interacting risk drivers. Inter-risk concentrations may not be fully considered when risks are identified and measured on a silo basis. Banks should have a framework for identifying inter-risk concentrations. Banks should have a framework for the identification of intra- and inter-risk concentrations. The risk concentration identification framework should be comprehensive enough to consider all risk concentrations—which are significant to the institution—are covered including on- and off-balance sheet risks, committed and uncommitted exposures, across risk types, business lines and entities. Banks should consider economic developments that influence financial markets and their actors and vice versa. An important element to consider is system-wide interactions and feedback effects. Banks should constantly monitor the evolving interplay between the markets and the economy to facilitate the identification and understanding of potential concentration risks and the underlying drivers of these risks. Stress testing in the form of both sensitivity analysis and scenario stress testing is a key tool in the identification of concentration risk. Banks should have a framework for the measurement of intra- and inter-risk concentrations. The measurement framework should enable the bank to evaluate and quantify the impact of risk concentrations on earnings/profitability, solvency, liquidity position and compliance with regulatory requirements. Multiple methods or measures may be required to provide an adequate view of the different dimensions of the risk exposure. Banks should have adequate arrangements in place for actively controlling, monitoring and mitigating concentration risk. Active management of risk concentration exposures is required to mitigate the potential emergence of undesired concentrated exposures within portfolios. Constant assessment and adjustment of business and strategic goals are required. Banks should set top-down and group-wide concentration limit structures for exposures to counterparties or groups of related counterparties, sectors or industries, specific products or markets. The limit structures and levels should reflect the bank’s risk tolerance and consider all relevant interdependencies within and between risk factors. Chapter-06.indd 206 10/21/2015 9:49:54 AM 207 Chapter 6 Identification of Credit Risk Banks should carry out regular analyses of their portfolios and exposures. The analyses could be on the following elements: mm Risk environment in each particular sector mm Economic performance of existing borrowers mm Approval levels for businesses mm Risk mitigation techniques—value and legal enforceability mm Outsourced activities and contracts signed with third parties mm Funding strategy mm Business strategy Banks should also assess whether the amount of capital is adequate, given the level of concentration risk in the portfolios. 6.3.2 Credit Concentration Risk Management Banks should have a definition of what constitutes a credit concentration. The definition should encompass the sub-types of credit concentration such as: Counterparties Groups of connected counterparties Counterparties in the same economic sector Counterparties in the same geographical region Counterparties from the same activity or commodity Exposures under the same credit risk mitigation technique Banks should be able to aggregate and consolidate credit risk exposures and manage credit limits in a robust manner. The models and indicators used to measure credit concentration risk should adequately capture the nature of interdependencies between exposures. Survey of industry practices The Research Task Force Concentration Risk Group of the Basel Committee on Banking Supervision conducted an informal survey of a small number of best practice institutions. The results of the survey—published as a working paper in 2006—are briefly enumerated below: Banks have different measures in place to capture and manage concentration risk, including: mm Exposure limit systems—Depend on the bank’s strategic goals mm Internal economic capital models—Measure risk contribution of exposures for risk management purposes mm Pricing tools—Allow banks to account for concentration risk in the pricing of a new exposure The more sophisticated banks employ internal economic capital models that can adequately measure concentration risk. However, these are often constrained by data problems. The less sophisticated institutions employ simpler concentration measures such as the Herfindahl-Hirschman Index, which does not allow the translation of concentration risk into an economic capital figure. Chapter-06.indd 207 10/21/2015 9:49:54 AM 208 Risk Management in Banking: Principles and Framework Real World Illustration Herfindahl-Hirschman Index The Herfindahl-Hirschman Index (HHI) is a widely-used measure of industry concentration. It is often used as a measure to assess the extent to which an industry’s output is concentrated among a few firms. The HHI is calculated by squaring the market share of each firm competing in the market and then summing the resulting numbers. The higher the HHI, the more concentrated the industry is. HHI between 1,500 to 2,500: Moderately concentrated HHI > 2,500: Highly concentrated Limit systems often do not capture concentration risk from distinct but correlated exposures. Limits are often applied to single obligors or to specific geographical regions and less on exposures to business sectors. Limits are decided on a variety of business considerations and strategic objectives of which controlling concentration risk is only one aspect. Banks use a mix of vendor models and in-house built models to capture concentration risk in their economic capital calculations. Multi-factor asset value models and sensitivity to industry and/or geographical factors are measured through asset correlations. Correlations are estimated using either equity correlations or correlation estimates derived from rating migrations or default events. Credit risk mitigation techniques are considered if economic capital models are used. Concentration risk is managed on a centralized basis through monitoring of exposures. Banks reported using different methods of stress testing for concentration risk. Test scenarios include : mm downgrade of all large exposures or of a large sector mm increase of exposures to a cluster of borrowers mm increase of the probability of default and/or the loss given default for a group of exposures Concentration risk stress tests are conducted on an ad hoc rather than on a regular basis. Measuring concentration risk is a challenge due to lack of data. This is particularly true for emerging markets where the markets are less liquid. While credit concentration risk usually exists in the bank’s wholesale business activities, there are also credit concentration risks in the retail side. For example, retail lending to certain geographic regions or to a certain demographic characteristics—age, gender or religion—could be an important source of credit concentration risk for banks. CONCLUSION This chapter provided important tools and the framework to help risk management students identify the different credit risk exposures that a typical banking organization faces. Credit risk is the most important risk for many banks. This risk arises in many aspects of the banking business. While credit risk from loans and advances continue to be the single largest source of credit risk for banks, it also exists in the bank’s investments portfolio and from other business activities which generate off-balance sheet exposures. Credit risk can be analyzed on two different levels—standalone or transactional level and the portfolio level. Standalone credit risks can be further subdivided into retail credit risk, sovereign credit risk, corporate credit risk and counterparty credit risk. Portfolio credit risks, on the other hand, can be analyzed in two dimensions, namely systematic and idiosyncratic risks. Chapter-06.indd 208 10/21/2015 9:49:54 AM C 7 P HA TE R OPERATIONAL RISK This chapter introduces risk management students to the topic on operational risk. Operational risk has received far less attention compared to market risk and credit risk. This is because compared to other types of risks, operational risk has been seen as a ‘soft’ risk—particularly, when compared with the other more quantitative ‘hard’ risks such as market and credit risks. This is unfortunate given that one of the leading causes of banking failures can be attributed to operational risk failures. This chapter begins with a definition of operational risk. It then discusses the different types of operational risk events. After which, the impact of operational risks is discussed. The chapter ends with a discussion on operational risk governance and the operational risk management process. Chapter-07.indd 209 10/16/2015 3:56:48 PM 210 Risk Management in Banking: Principles and Framework Operational Risk Definition of Operational Risk Operational Risk Events Residual Definition Internal Fraud Causal Definition External Fraud Operational Risk Impact Operational Risk Governance and Process Employment Practices and Workplace Safety Clients, Products and Business Practices Damage to Physical Assets Business Disruption and Systems Failures Execution, Delivery and Process Management Figure 7.1 Diagrammatic outline of this chapter’s topics LEARNING OUTCOME At the end of this chapter, your are expected to be able to: DISCUSS basic principles of operational risk in the banking context LEARNING OBJECTIVES At the end of this chapter, you will be able to: DEFINE operational risk ENUMERATE the different types of operational risk events DISCUSS the different types of operational risk consequences DISCUSS the different elements of sound operational risk management practices Chapter-07.indd 210 10/16/2015 3:56:48 PM 211 Chapter 7 Operational Risk 7.1 DEFINITION OF OPERATIONAL RISK LEARNING OBJECTIVE 7.1 DEFINE operational risk Operational risk was recently recognized as a major banking risk when the Basel Committee on Banking Supervision issued the Basel II framework. For the first time, operational risk was accorded the same level of importance as credit risk and market risk. There were, indeed, many banking failures which were attributed directly or indirectly to operational risks. Prior to Basel II, there had been no universal consensus on the definition of operational risk. Different banking organizations had different definitions of operational risk. The lack of consensus on the definition made it difficult to come up with a standard approach to identifying, assessing and measuring operational risk. 7.1.1 Operational Risk—the Residual Definition Operational risk was originally defined as the ‘risk of everything other than market and credit risks’. Prior to Basel II, market risk and credit risk were the only recognized risks for regulatory capital-setting purposes. Operational risk was defined in a residual manner. The ‘residual’ definition did not recognize operational risk as a standalone risk. Rather, it was viewed as the remaining risk after considering market and credit risks. One of the major limitations of the residual definition of operational risk is that it does not actually define what operational risk is. Rather, all failures or losses not considered as market or credit risks are routinely attributed to operational risk. This is a problematic approach as it does not create an incentive for banks to identify and assess operational risk as a standalone risk. It is also not accurate to attribute all the risks other than market or credit risks to operational risk. While there are risks that are not market or credit risks, they are also not operational risk in nature. An example is liquidity risk. This risk is neither a credit nor a market risk. It is also not an operational risk either. This is why it is not accurate to attribute an event or failure that is neither a market nor credit risk to operational risk. 7.1.2 Operational Risk—the Causal Definition The definition of operational risk has evolved from the traditional ‘residual’ view to a more precise definition on what it is. Basel II defines operational risk as: Risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk. Chapter-07.indd 211 10/16/2015 3:56:49 PM 212 Risk Management in Banking: Principles and Framework This definition is a major improvement from the earlier ‘residual’ definition. Operational risk is now recognized as a distinct risk and assigned equal importance as market and credit risks. Towards this end, ‘total risk’ embraces multiple risk elements comprising: Market risk Credit risk Operational risk Basel II adopts a causal approach to defining operational risk. The definition is based on what causes an operational risk event. Figure 7.2 shows the origination of operational risk while Table 7.1 discusses the causes of operational risks in greater detail. People People risk is the risk that arises when people do not follow the organization’s procedures, practices and/or rules. Process Process risk is the risk from faulty overall design and application of business processes. Systems Systems risk is the risk of failure arising from deficiencies in the bank’s infrastructure and information technology systems. External events External events risk is the risk associated with events outside the banking organization’s control. Sources of operational risks Figure 7.2 Causes of operational risks Table 7.1 Causes of operational risks—definitions and examples Definition Examples People People risk is the risk that people do not follow the organization’s procedures, practices and/or rules. It is the risk that people deviate from expected behaviours. Operational losses due to human errors Employee fraud Process Process risk is the risk from faulty overall design and application of business processes. Inadequate segregation of duties Absence of internal controls Erroneous legal documentation Systems Systems risk is the risk of failure arising from deficiencies in the bank’s infrastructure and information technology systems IT system breakdown resulting in losses for the bank Power outage External events External events risk is the risk associated with events outside the bank’s control. Natural calamities Wars Terrorist attacks People risk People risk is the risk that people do not follow the organization’s procedures, practices and/ or rules. It is the risk that people deviate from expected behaviours. People risk is considered as Chapter-07.indd 212 10/16/2015 3:56:49 PM 213 Chapter 7 Operational Risk the ‘softer’ aspect of operational risk, particularly when compared to other types of operational risks. This is because people risk is harder to quantify than the other types of operational risks. There are two different types of people risks: Non-deliberate deviations are deviations from expected behaviours or set of rules that are not intended by the bank’s personnel. An example is human error. Deliberate deviations are deviations from expected behaviours or set of rules intended to result in a personal or financial gain by the bank’s personnel. Fraud is a common example. People risk is an area of operational risk management that has received relatively little attention compared to the more quantitatively measurable operational risk areas. People risk has mostly been restricted to human resource (HR) processes. This is unfortunate because people risk is an important source of risk for all organizations including financial institutions. In a 2012 survey conducted at the OpRisk Europe Conference in London, more than 60% of the respondents believed that people risk posed the biggest operational risk to their businesses. People risk is closely related to the bank’s risk culture. Unlike failures in other aspects of operational risk, failure from people risk may be an indication of a more pervasive failure in the organization’s corporate culture. Process risk Process risk is the risk arising from a faulty overall design and application of business processes. Some examples of operational risks in the business processes are: Missing/Incorrect process descriptions Bottlenecks and redundancies Project risk Real World Illustration Mortgage Lenders Still Falling Short of Settlement’s Terms Shaila Dewan of the New York Times reported that many banks have failed to comply with a requirement to inform borrowers of any documents that are missing from their applications. In an agreement with the US regulators, banks are required to notify borrowers of missing documents within five days and give 30 days for borrowers to provide the missing documentation. The bank should make a decision within 30 days after an application is completed. Many banks failed to comply with the servicing standards. The attorney general of Illinois noted that 60% of loan services failed to comply with the missing documents notification requirement. Source: Shaila Dewan, The New York Times, 19 June 2013 Process risk can be further classified into model risk, transaction risk and operational control risk. Model risk The Federal Reserve defines model risk as the risk of incurring adverse consequences, including financial losses, as a result of making decisions based on models that are incorrect or misused. The model can be a quantitative method, system or approach that applies statistical, economic, financial or mathematical theories, techniques and assumptions to process input data into quantitative estimates. Chapter-07.indd 213 10/16/2015 3:56:49 PM 214 Risk Management in Banking: Principles and Framework Model risk occurs for two primary reasons: The model may have fundamental errors and produces inaccurate output when viewed against its design objectives and intended business uses. mm The model may be used incorrectly or inappropriately due to misunderstanding about its limitations and assumptions. mm Transaction risk Transaction risks are risks that occur due to failure on execution of transactions. Examples are: Execution error mm Booking error mm Settlement error mm Operational control risk Operational control risk is the risk that occurs due to failure of established controls to work as intended. Real World Illustration Spreadsheet Errors and the J.P. Morgan’s ‘London Whale’ A J.P. Morgan Task Force found that the bank’s value at risk (VaR) was being calculated with an Excel spreadsheet that ‘required time-consuming manual inputs to entries and formulas, which increased the potential for errors’. At another point, the report found ‘the model operated through a series of Excel spreadsheets, which had to be completed manually, by a process of copying and pasting data from one spreadsheet to another’. The news about Excel has bounced around blogs, like James Kwak’s Baseline Scenario, and drawn comments from people who are as ‘Shocked, Shocked’ as Captain Renault in Casablanca to find that manual Excel processes are playing a fundamental role in large and complex financial operations. Source: Forbes, 19 February 2013 Systems risk Systems risk is the risk of failure arising from deficiencies in a bank’s infrastructure and information technology systems. Infrastructure typically becomes a risk if it is either missing or deficient. Examples are: Outdated measures or facilities Insufficient maintenance and repairs Unclear responsibilities that lead to mistakes in infrastructure procurement, management and/or maintenance Lack of practical tests Risks associated with information technology systems are identified with deficiencies or inadequacy in software quality, IT security, interruption of day-to-day operations and outsourcing. Chapter-07.indd 214 10/16/2015 3:56:49 PM 215 Chapter 7 Operational Risk Real World Illustration Technology Breakdown at Knight Capital The Trefis Team of Forbes published an article (3 August 2012) that revealed how the world’s largest equities trader could be taken down to the hilt. Knight Capital suffered a staggering $440 million worth of pre-tax loss after its new software went online on 1 August 2012. According to the Trefis report, a small bug in the firm’s new software caused errors in the trading transactions within a few minutes after the new software was launched. By the time the software was pulled out of the system, it had already created billions of dollars’ worth of trades that left Knight Capital with no other option but to close out those deals. The Knight Capital technology breakdown resulted in an immediate plunge of the price of its shares from $10.30 at the beginning of 2 August to $2.50 upon closing the next day. The Trefis Team also reported that Knight Capital had found a line of credit. Source: Trefis Team, Forbes, 3 August 2012 External events risk External events risk is the risk associated with events outside the bank’s control. Examples of these events are: Natural disasters External crimes Terrorism Wars Political risks While these events are outside the entity’s internal processes and organization’s control, external events risk can be mitigated by the bank’s operational risk process and infrastructure, i.e. people, process and systems. Real World Illustration External Events Risk The World Economic Forum (WEF) surveyed multi-stakeholder communities to explore the nature of global risks that the world was facing in 2014. Its Global Risks 2014 report highlights how global risks are not only interconnected but also have systemic impacts. The top 10 global risks of highest concern are: Chapter-07.indd 215 Fiscal crises in key economies Structurally high unemployment/underemployment Water crises Severe income disparities Failure of climate change mitigation and adaptation Greater incidences of extreme weather events Global governance failures Food crises Failure of a major financial mechanism/institution Profound political and social instability 10/16/2015 3:56:49 PM 216 Risk Management in Banking: Principles and Framework Legal risk Legal risk can be caused by both internal and external risks. Legal risk is defined as the possibility that lawsuits, adverse judgements or contracts that turn out to be unenforceable can disrupt or adversely affect the bank’s operations or condition. Legal risk may arise from: People, e.g. violation of labour law Process, e.g. violation of anti-money laundering law Systems, e.g. violation of contractual provisions External events, e.g. risks relating to changes in regulation 7.2 OPERATIONAL RISK EVENTS LEARNING OBJECTIVE 7.2 ENUMERATE the different types of operational risk events The Basel Committee recognizes that operational risk is a term that has a variety of meanings within the banking industry, and therefore for internal purposes, banks may choose to adopt their own definition of operational risk. Whatever the definition, banks should have a clear understanding of what is meant by operational risk and that it is critical to the effective management and control of this risk. The definition should consider the full range of material operational risks the bank faces and capture the most significant causes of severe operational losses. The Basel Committee, in cooperation with the banking industry, has identified seven operational risk event types that have the potential to result in substantial losses. These event types are: Internal fraud External fraud Employment practices and workplace safety Clients, products and business practices Damage to physical assets Business disruption and systems failures Execution, delivery and process management 7.2.1 Internal Fraud Internal fraud is an operational risk event that arises due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity/discrimination events, which involves at least one internal party. The definition of Chapter-07.indd 216 10/16/2015 3:56:49 PM 217 Chapter 7 Operational Risk internal fraud excludes violation of law or company policies related to discrimination and/or diversity policies as these are covered in a separate operational risk event. The two key distinguishing features of an internal fraud event are: The involvement of one internal party (e.g. an employee) which made the occurrence of the operational risk event possible. The presence of intent to commit fraud, misappropriate assets or circumvent laws, regulations and company policies. Internal fraud can be further categorized into two types—unauthorized activity and theft or fraud. Unauthorized activity Unauthorized activities refer to acts by at least one internal party to violate laws, regulations and company policies or to act beyond what is mandated or allowed by company policies. Rogue trading is a type of unauthorized activity. Rogue trading occurs when a bank employee engages in authorized trades on behalf of its employer. Rogue trading has gained a lot of publicity in the recent years as many traders—individuals or a group of individuals—single-handedly caused huge losses to their respective banking organizations by engaging in risky trades in the hope of recouping trading losses or reporting huge gains. While the usual motivation for rogue trading is economic gain through compensation arrangements, it is not the only motivation for rogue trading. Many traders engage in rogue trading to hide or to correct an error. Regardless of the motivation, the main element that defines rogue trading is the willful intent to engage in unauthorized trading. Theft or fraud Theft or fraud refers to an act involving at least one internal party to misappropriate or defraud the bank. The following are examples of operational risk events that are classified as theft or fraud: Theft—extortion, embezzlement, robbery, misappropriation of assets Fraud—forgery, cheque kiting, credit card fraud, electronic fraud, willful tax evasion, bribes/kickbacks, insider trading (not on firm’s account), account take-over/ impersonation Real World Illustration Internal Fraud Example: Ex-Merrill Trader is Banned for Mismarking Positions The Financial Services Authority (FSA) has banned a former senior trader at Bank of America’s Merrill Lynch unit in London for at least five years after he mismarked positions by $100 million between January and March 2009 to hide losses. The senior trader admitted to the mistake and blamed stressful working environment as one of the reasons for his action. Merrill Lynch was also fined €2.75 million over the incident for failing to exercise adequate supervision over the actions of its traders. Source: Caroline Binham, Bloomberg, 16 March 2010 Chapter-07.indd 217 10/16/2015 3:56:50 PM 218 Risk Management in Banking: Principles and Framework 7.2.2 External Fraud External fraud is an operational risk event that arises due to acts of a type intended to defraud, misappropriate property or circumvent the law, which involves a third party. In contrast to internal fraud, this type of operational risk event does not involve an internal factor. These operational risk events are caused by acts of external parties. External fraud arises from two types of operational risk events: (a) Theft and fraud Theft and external fraud arises from willful misappropriation of assets or willful intent due to the acts of external parties. The most popular examples of theft is bank robberies, which has been romanticized in many films and books. However, the prevalence of bank robberies has declined in many advanced economies. This can be attributed to the increasing importance of electronic banking transactions and banks’ investment in sophisticated security systems, which make bank robberies less likely. (b) Systems security With more banking transactions being done electronically, banks are now more susceptible to cyber-attacks. In a global survey conducted by PwC, cybercrime is the second most common form of economic crime for financial services firms. Almost half of the respondents cited that they had been victims of economic crimes. Financial services organizations believe that cybercrime is becoming an increasing threat. Real World Illustration Distributed Denial of Service (DDOS) In an article published in Bloomberg on 6 May 2013, Jordan Robertson recounted how hackers would use less dangerous attacks on banks’ websites as smokescreens for potentially more damaging attacks, such as stealing account information and creating fake debit cards. Information security company Symantec Corp. noted that these two-pronged attacks were more common. The distributed denial-of-service (DDOS) entails hackers flooding a computer system with data to shut it down. Such attacks have not only damaged the websites of banks but have also, at times, resulted in compromising client accounts. Source: Jordan Robertson, Bloomberg, 6 May 2013 7.2.3 Employment Practices and Workplace Safety Employment practices and workplace safety are operational risk losses arising from human resource-related operational risk losses. These losses arise from acts inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims, or from diversity/discrimination events. These types of losses arise from the following events: (a) Employee relations These are operational risk losses arising from policies and practices related to the management of the banking organization’s employees. Examples of operational risk losses arising from employee relations are compensation and benefit disputes, termination issues and organized labour activities. Chapter-07.indd 218 10/16/2015 3:56:50 PM 219 Chapter 7 Operational Risk (b) Safe environment These are operational risk losses arising from injury, illness or other losses incurred by employees in the workplace environment at the bank. An example of operational risks event due to the work environment are the general liabilities that a bank may incur due to violation of employee health and occupational safety regulations in the workplace. (c) Diversity and discrimination These are operational risk losses arising from violations or deviations from equal employment opportunity regardless of age, sex, race, disability or national origin. Examples of operational risk events due to diversity and discrimination are gender discrimination lawsuits filed by bank employees. Real World Illustration Employment Practices and Workplace Safety: Wells Fargo Settles Discrimination Suit In an article by Adam O’ Daniel published in the Charlotte Business Journal on 25 February 2011, San Francisco-based Wells Fargo & Co. had to put aside a $32 million fund in order to settle a class-action lawsuit, including legal feels, filed against its brokerage and wealth-management arm Charlotte-based Wachovia Securities, now known as Wells Fargo Advisors. Furthermore, the author said that the settlement was made after the firm was found liable for discriminating against female financial advisers in terms of employee benefits such as promotions, compensation, account assignments and training opportunities among others. On top of the settlement, the firm had to implement changes in its policies relating to promotions and distribution of work to its financial advisers. The firm had to pay damages to female financial advisers who worked at Wells Fargo Advisors at any time between 17 March 2003 and 25 January 2011 or those who worked at Wells Fargo Investments at any time between 31 December 2008 and 25 January 2011. Source: Adam O’ Daniel, Charlotte Business Journal, 25 February 2011 7.2.4 Clients, Products and Business Practices These are losses arising from unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature or design of a product. The business of banking is a business of trust. The bank has a duty of care to its clients. Failure to fulfil this obligation will expose the bank to operational risk losses arising from either lawsuits or lost business. This operational loss event risk can be categorized into two different types: Failure to perform the professional obligation to specific clients, e.g. suitability, disclosure and fiduciary Defects in the nature or design of the product Suitability, disclosure and fiduciary Banking organizations have duties to their clients. Depending on the circumstances, the level of duty or care will vary from one client to another. Suitability refers to the obligation that the bank needs to exercise due diligence to ensure that the banking product offered is appropriate to its client’s risk appetite and capacity. Failure to exercise due diligence on the product’s suitability will expose the bank to liability due to mis-selling. Chapter-07.indd 219 10/16/2015 3:56:50 PM 220 Risk Management in Banking: Principles and Framework Disclosure refers to the bank’s obligation to be transparent on the material information that the clients need to be aware of before deciding on a particular banking product. Fiduciary refers to the legal relationship of trust between the bank and its clients. Fiduciary requires a higher standard of prudent care. Examples of operational risk events arising from failures in suitability, disclosure and fiduciary are fiduciary breaches or guideline violations, suitability or disclosure violations, aggressive sales, account churning, misuse of confidential information and lender liability. Real World Illustration Suitability, Disclosure and Fiduciary: RBS Reached Agreement on Lehman Brothers EquityLinked Notes In July 2013, the Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) announced that a settlement has been reached between the regulators and the Royal Bank of Scotland (RBS) for the sale of Lehman Brothers’ equity-linked structured notes to retail clients for the period of July 2007 to May 2008. RBS had agreed to repurchase the notes at 100% of the principal value. Eligible retail clients are those assessed with a risk tolerance level that are more conservative than the risk rating that was assigned to the product sold. SFC estimated that about 540 customers were eligible. Source: Securities and Futures Commission, 18 July 2013 In the recent years, much focus has been made on combatting money laundering activities. The Financial Action Task Force (FATF) defines money laundering as the processing of criminal proceeds to disguise their illegal origin. This process enables the criminal to enjoy the profits without jeopardizing their source. Money laundering is usually effected through different stages and in each of these stages, the criminal sometimes uses a bank to hide the origin or source of the illegal funds. Table 7.2 gives a brief outline of how criminals launder their illegal funds. Table 7.2 Three-stage money-laundering process Stage Stage 1 Placement Stage Stage 2 Layering Stage Stage 3 Integration Stage Description Illegal profits introduced to the financial system (including banks) through various means such as breaking up large amounts of cash into smaller amounts or purchasing a series of monetary instruments. Once illegal profits have been introduced, these funds are then converted or moved to distance them from their source. This is effected by either purchasing and selling of financial instruments or disguising the transfers as payments for goods or services. These funds now re-enter the formal, legitimate economy and it is now difficult to determine their actual source. Defects in the nature or design of a product These operational risk losses arise from flaws in a product or in the bank’s business practices. Table 7.3 describes some examples of defects in the nature or design of a product; the list is not in any way, exhaustive. Chapter-07.indd 220 10/16/2015 3:56:50 PM 221 Chapter 7 Operational Risk Table 7.3 Operational risk losses arising from defects in the nature or design of a product Definition Examples Improper business or market practices These are operational risk losses arising from flaws in the bank’s business practices or market practices. Business practices are the processes employed by the bank to achieve its business objectives. Market practices, on the other hand, are practices that are generally accepted by a specific market. Antitrust Improper trade/market practices Market manipulation Insider trading on the firm’s account Unlicensed activities Money laundering Product flaws These are operational risk losses arising from flaws in the design of a banking product. Product defects, e.g. products with legal defects Selection, sponsorship and exposure These are operational risk losses arising from flaws in the client selection process and in managing overall client exposure in accordance with the bank’s policies and guidelines. Know Your Customer (KYC) flaws Anti-money laundering violations Failure to investigate client per guidelines Exceeding client exposure limits Advisory activities These are operational risk losses arising from the bank’s advisory activities. In advisory activities, banks are required to perform a higher standard of prudent care as the clients may rely on the bank’s advice. Negligence in advisory role performance Real World Illustration Improper Business or Market Practices: JPMorgan May Settle California Energy Market Manipulation Case According to an article published by the Financial Action Task Force in October 2009, Stephanie McCorkle, spokeswoman for the California Independent System Operator (Cal-ISO), said that JPMorgan may have to face charges filed by the Federal Energy Regulatory Commission for manipulating the power market and accumulating an apparent unjust profit of more than $100 million. The allegations stemmed from Cal-ISO’s suspicion in 2011 that JPMorgan was involved in placing deceptive bids to gain profits from energy trading and inflated payments. Furthermore, according to an unnamed source familiar with the matter, JPMorgan might end up paying approximately $500 million including civil penalties. The fund would go first to the utilities and then to the California utility customers through a California Public Utilities Commission proceeding. Source: Financial Action Task Force, October 2009 7.2.5 Damage to Physical Assets These are losses arising from loss or damage to physical assets due to natural disasters or other events. Examples are natural disaster losses, human losses from external sources, e.g. terrorism and vandalism. Chapter-07.indd 221 10/16/2015 3:56:50 PM 222 Risk Management in Banking: Principles and Framework Real World Illustration Damage to Physical Assets: Lessons Learned from Hurricane Katrina In a Los Angeles Times report published on 18 July 2013, journalists Andrew Tangel and Marc Lifsher wrote that Hurricane Katrina rendered financial institutions more vulnerable to physical assets damages that they could ever imagine. In a joint effort to solicit lessons learned from the effects of Hurricane Katrina, the Federal Financial Institutions Examination Council (FFIEC) member agencies and the Conference of State Bank Supervisors came up with a summary of the challenges that financial institutions had to contend with. Foremost among these challenges were the outage of communication and utilities, inaccessibility to areas devastated by the hurricane and facilities that sustained severe damages or had been completely wiped out. Some of these facilities included ATMs which remained under water for several weeks as well as mail operations that had been interrupted for months in some areas. The journalists said that despite the major challenges encountered by the financial institutions, they held a high regard for their extra efforts and improvisations in order to stay operable during those difficult times. This meant that the business continuity plans that were put into place by the financial institutions became their saving grace, with some institutions having to adjust their plans in order to address situations that had exceeded their initial scope. Source: Andrew Tangel and Marc Lifsher, Los Angeles Times, 18 July 2013 7.2.6 Business Disruption and Systems Failures These are losses arising from disruption of business or system failures. Examples of systems failures are hardware, software, telecommunications and utility outages or disruptions. Real World Illustration Business Disruption and System Failures: Bank of America Online and Phone Service Disrupted A report by E. Scott Reckard in the Los Angeles Times on 1 February 2013 said that due to unexplainable disruption in its online, mobile and telephone banking services, the Bank of America Corp. struggled to return to its normal operations on the same day the report was written. The journalist suspected a hacker attack had likely caused the shutdown although the real reason remained unclear. Since September 2012, there had been hacker attacks by a Middle East-based shadowy hacker group targeting the electronic operations of the largest banks such as Bank of America, Wells Fargo & Co., JPMorgan Chase & Co., Citigroup Inc., US Bancorp and PNC Financial Services. Reckard claimed that the electronic platforms came under attack caused by a surge of automated requests for service until the latter broke down. But even worse was a recent hacking case where the hacker was able to breach a bank’s security systems, thereby gaining access to customers’ funds. Source: E. Scott Reckard, Los Angeles Times, 1 February 2013 7.2.7 Execution, Delivery and Process Management These are losses from failed transaction processing or process management and from relations with trade counterparties and vendors. There are six categories of operational losses from execution, delivery and process management. These are: Transaction capture, execution and maintenance—Examples are miscommunication, data entry/maintenance/loading errors, missed deadlines or responsibility, model/system Chapter-07.indd 222 10/16/2015 3:56:51 PM 223 Chapter 7 Operational Risk misoperation, accounting errors/entity distribution errors, other tasks misperformance, delivery failures, collateral management failure and reference data maintenance Monitoring and reporting—Examples are failed mandatory reporting obligation, inaccurate external report (loss incurred) Customer intake and documentation—Examples are client permissions and/or disclaimers missing, legal documents missing or incomplete Customer/client account management—Examples are unapproved access given to accounts, incorrect client records (loss incurred), negligent loss or damage to client assets Trade counterparties—Examples are non-client counterparty misperformance, miscellaneous non-client counterparty disputes Vendors and suppliers—Examples are outsourcing or vendor disputes Real World Illustration Execution, Delivery and Process Management: Is Outsourcing the Cause of RBS Debacle? The article dated 25 June 2012 by the BBC News business editor, Robert Peston, mentioned that the Royal Bank of Scotland had to address and resolve a technical failure that severely affected the operations of NatWest, RBS and Ulster Bank. The criticism stemmed from the RBS’ failure to allow its customers to view their up-to-date balances and that the bank’s warning that there might be more technical difficulties. To Preston, it did not look like the problem would be resolved immediately. In his view, there was a direct correlation between the bank’s ability to immediately address the situation and maintain the confidence level of its customer base. In a similar case which Preston also cited in the article, on 14 September 2007 Northern Rock also suffered the same situation where its customers could not access their online accounts on the evening of 13 September. This was attributed to insufficient server capacity, thus creating a bottleneck in their online traffic during peak hours, which is equivalent to 300% of the normal peak demand. For this reason, the Financial Services Authority has since been urging banks to bolster their server capacity so that they are able to handle any surge in demand for online services. Source: Robert Peston, BBC News, 25 June 2012 7.3 OPERATIONAL RISK CONSEQUENCES LEARNING OBJECTIVE 7.3 DISCUSS the different types of operational risk consequences Given the pervasiveness of operational risk, a wide range of consequences can result from the operational risk losses. The consequence can be described by the probability of the operational risk loss occurring and the severity of an operational risk loss event. The probability of an operational risk loss is the frequency of the occurrence of an operational risk loss event. This probability or frequency can be expressed quantitatively and qualitatively. If expressed quantitatively, this probability can range from 0% (no likelihood of Chapter-07.indd 223 10/16/2015 3:56:51 PM 224 Risk Management in Banking: Principles and Framework occurrence) to 100% (virtual certainty of occurrence). If expressed qualitatively, the probability or frequency of occurrence can range from high to low frequency. The severity of an operational risk loss is the impact of the operational risk loss event. The severity ranges from low to very high monetary impact. PROBABILITY SEVERITY High Low High High probability, high severity High probability, low severity Low Low probability, high severity Low probability, low severity Figure 7.3 Probability and severity of operational risk loss events The relationship between probability and severity can be jointly analyzed to come up with different types of operational risk loss consequences. High probability, high severity These operational loss events have high chances of occurring and the impact is also high. These are operational risks that are of critical importance for the bank. The bank should immediately address and mitigate these risks. High probability, low severity These are operational risk losses that have low severity (impact) but are expected to occur more frequently. In terms of prioritization, these risks may be considered as medium risks given the expected low impact. However, the bank should address the high frequency of operational risk losses by instituting effective preventive controls to lower the frequency of occurrences. Low probability, low severity These are operational risk losses that have low chances of occurring and the impact of losses is also quite low. Given their low probability and low severity, these risks should be placed on the lowest priority level. The bank may decide to do nothing about these low probability and low severity operational risk loss events. Low probability, high severity These are operational risk losses that have low frequency of occurrence but when they occur, the impact is very high and may threaten the bank’s survival. These events are also referred to as black swan events, which are high impact but low probability events. Examples of low probability but high severity events are the rogue trading scandals that resulted in huge losses to the banks or have threatened the survival of many banking organizations. Chapter-07.indd 224 10/16/2015 3:56:51 PM 225 Chapter 7 Operational Risk These risks need to be mitigated. Alternatively, the bank must build up sufficient capital or buffer to withstand potential losses from such events. 7.4 OPERATIONAL RISK MANAGEMENT GOVERNANCE AND PROCESS LEARNING OBJECTIVE 7.4 DISCUSS the different elements of sound operational risk management practices The Basel Committee on Banking Supervision’s paper on Principles for the Sound Management of Operational Risk and the Role of Supervision outlines sound practices in operational risk management that are relevant to all banks. This section provides an overview of the overall operational risk management practices for banking organizations. Operational risk is inherent in all banking products, activities, processes and systems. Sound practices address the following four areas in operational risk management: Operational risk governance Operational risk management framework Operational risk management process Business resiliency and continuity 7.4.1 Operational Risk Governance Sound internal governance is the foundation of an effective operational risk management framework. Sound operational risk governance should start at the top given the pervasiveness of operational risk across all products, business activities and processes. Operational risk governance applies the principles of governance to the identification, assessment, management and communication of operational risks to ensure that the operational risk-taking activities and the bank’s overall risk profile are aligned with its risk appetite and risk-taking capacity. Operational risk governance defines the roles and responsibilities of the board of directors and senior management with respect to operational risk management. Chapter-07.indd 225 10/16/2015 3:56:51 PM 226 Risk Management in Banking: Principles and Framework Table 7.4 Operational risk governance in a banking organization Roles and Responsibilities of the Board and Senior Management Board of directors The board of directors is responsible for the overall governance of the bank including ensuring that its operational risk profile is in line with its risk appetite and capacity. The board’s responsibility with respect to operational risk management can be divided into three areas: Operational risk culture Operational risk framework Operational risk appetite and tolerance Responsibilities of the Board Operational risk culture Strong risk management culture and ethical business practices minimize the likelihood of occurrence of potentially damaging operational events and equip the bank with the capacity to deal with those events more effectively. The board is responsible for establishing a strong risk management culture. The board should establish a code of conduct or ethics policy that sets clear expectations for integrity and ethical values of the highest standard and identify acceptable business practices and prohibited conflicts. Operational risk framework The board is responsible for developing, implementing and maintaining an operational risk management framework which is fully integrated into the bank’s overall risk management process. The board of directors should: Establish a management culture and supporting processes to understand the nature and scope of operational risks; and to develop comprehensive, dynamic oversight and control environments that are fully integrated into or coordinated with the bank’s overall risk management framework. mm Provide senior management with clear guidance and direction regarding the principles of the bank’s operational risk management framework and approve the policies developed by senior management. mm Regularly review the operational risk framework. mm Ensure that the operational risk framework is subject to an effective independent audit review. mm Ensure that management is availing themselves of the advances in best practices. mm Operational risk appetite and tolerance Senior management Chapter-07.indd 226 The board of directors should approve and review a risk appetite and tolerance statement for operational risk. The board of directors should regularly review the appropriateness of limits and the overall operational risk appetite and tolerance statement. Responsibilities Should develop a clear, effective and robust governance structure with well defined, transparent and consistent lines of responsibility. Responsible for consistently implementing and maintaining throughout the organization policies, processes and systems for managing operational risk consistent with the bank’s risk appetite and tolerance. Should translate the operational risk management framework established by the board of directors into specific policies and procedures that can be implemented and verified within the different business units. Responsible for assigning authority, responsibility and reporting relationships and for ensuring the appropriateness of oversight process. Should ensure that the personnel responsible for operational risk coordinates and communicates with the staff responsible for managing market, credit and other risks. 10/16/2015 3:56:51 PM 227 Chapter 7 Operational Risk Governance structure The bank’s operational risk management exposure is pervasive in all banking strategies and activities. This is why the bank may create an operational risk management committee with board-mandated responsibilities to oversee operational risk matters. Table 7.5 Board-mandated operational risk committee Operational Risk Management Committee Structure Composition Operations For large banks, the board of directors may create an enterprise-level committee for overseeing all risks to which a dedicated management-level operational risk committee should report. The operational risk committee may receive inputs by country, by business or by functional area. For smaller banks, a flatter organizational structure may be allowed. Operational risk committee should include a combination of members with: mm Expertise in business activities mm Expertise in risk management and financial matters Committee meetings should be held at appropriate frequencies with adequate time and resources to permit productive discussion and decisionmaking. Records of committee operations should be maintained. It can also include independent non-executive board members. Operational risk management is too complex and too broad to be handled by a single function in the bank. Many banks adopt the ‘three lines of defence’ model in operational risk management. It should be the responsibility of everyone in the banking organization. The ‘three lines of defence’ model comprises: First line of defence—Business line management This is the business line management. It is responsible for identifying and managing risks inherent in the products, activities, processes and systems for which it is accountable. Second line of defence—Independent corporate operational risk management function, and legal and compliance This is an independent corporate operational risk management function. It complements the business line’s operational risk management activities. As a best practice, particularly for larger organizations, the corporate operational risk management function will have a reporting structure that is independent of the risk-generating business lines; it is responsible for the design, maintenance and ongoing development of the operational risk framework within the bank. A key objective of this function is to challenge the business lines’ inputs to, and outputs from, the bank’s risk management, risk measurement and reporting systems. The second line of defence also includes the bank’s legal and compliance department. Third line of defence—Independent review This entails an independent review and challenge of the bank’s operational risk management controls, processes and systems. Internal audit is responsible for verifying the effectiveness of the bank’s operational risk framework. The clear assignment and definition of roles and responsibilities is important and is integral to the operational risk management framework. Chapter-07.indd 227 10/16/2015 3:56:51 PM 228 Risk Management in Banking: Principles and Framework Real World Illustration Organizational Structure The Head of Operational Risk Management (ORM) chairs the Operational Risk Management Committee (ORMC) which is a permanent sub-committee of the Risk Executive Committee and is composed of the operational risk officers from our business divisions and our infrastructure functions. It is the main decision-making committee for all operational risk management matters. Source: Annual Report 2012, Deutsche Bank Organizational structure Based on a Global Financial Services Industry Operational Risk Survey conducted by Protiviti and Operational Risk magazine, there are generally three organizational models to choose from when designing a dedicated operational risk management function. These are the centralized, distributed or decentralized organizational models. Centralized corporate activities ‘Centralized’ ‘Distributed’ ‘Decentralized’ ORM officer/ committee ORM officer/ committee No centralized corporate ORM activities Business line activities No dedicated business line support Business line ORM managers and/ or dedicated staff members Largely independent ORM programmes managed by each business line Figure 7.4 Organizational models under the operational risk management function mm mm mm Chapter-07.indd 228 Centralized designs are those with a central operational risk management function at the corporate level. This is usually characterized by an operational risk management officer and/or operational risk committee with responsibility for the oversight of the centralized operational risk management function. Decentralized designs reflect the creation of operational risk management functions within selected or all the business lines and infrastructure support areas, e.g. technology and operations. The design does not usually have a unifying organizational framework across the entity, and tends to be directed by the lineof-business management to address operational risks relevant to its own business propositions. Distributed designs represent a hybrid of the two prior approaches, with a core operational risk management function at the corporate level and supplemented by operational risk managers at the business unit level. The line-of-business risk managers can be either dedicated or ‘part-time’ resources, and may report directly or indirectly to the corporate operational risk function. 10/16/2015 3:56:51 PM 229 Chapter 7 Operational Risk 7.4.2 Operational Risk Framework Operational risk is ingrained in all business products, activities, processes and systems. It is therefore important that banks understand the nature and complexity of the risks inherent in the bank’s products, services and activities. Banks should develop, implement and maintain an operational risk framework that is fully integrated into the bank’s overall risk management process. This framework is a vital means of understanding the nature and complexity of operational risks. An operational risk management framework serves to inform employees of the essential objectives and components of operational risk management. A bank’s operational risk management framework includes: Risk organizational and governance structure Policies, procedures and processes Systems used in identifying, measuring, monitoring, controlling and mitigating operational risks Operational risk measurement system The framework documentation should clearly: Define operational risk; Identify the governance structures used to manage operational risk, including reporting lines and accountabilities; Describe the risk assessment tools and how they are used; Describe the bank’s accepted operational risk appetite and tolerance as well as thresholds or limits for inherent and residual risks, and approved risk mitigation strategies and instruments; Describe the bank’s approach to establishing and monitoring the thresholds or limits for inherent and residual risk exposures; Establish risk reporting and management information systems (MIS); Provide for a common taxonomy of operational risk terms to ensure consistency of risk identification, exposure rating and risk management objectives; Provide for appropriate independent reviews and assessments of operational risks; and Provide for the policies to be reviewed and revised, as required, whenever a material change in the bank’s operational risk occurs. Operational risk strategy A bank’s operational risk strategy should reflect the nature and source of the organization’s operational risks for all operational risk elements. The strategy should be current and reflect material changes to the internal and external environment. Real World Illustration DZ Bank Group’s Risk Strategy The DZ BANK Group aims to manage operational risk efficiently. The following substrategies represent areas in which the DZ BANK Group has taken action, or is planning to take action, to ensure this core objective is achieved: Continuous enhancement of risk awareness, so that it is reflected in an appropriate risk culture focusing not only on individual areas of responsibility but also on the overarching interests of the group. Establishment of comprehensive, open communication systems to support these aims. Chapter-07.indd 229 10/16/2015 3:56:52 PM 230 Risk Management in Banking: Principles and Framework An open and largely penalty-free approach to operational risk promoting a problem-solving culture. Preference for a balanced relationship between opportunities and risks rather than a general strategy of risk avoidance. Risk reduction, risk transfer and risk acceptance are core management strategies in addition to risk avoidance. Risk appetite defined in the form of upper loss limits and materiality limits for operational risk and continuously adjusted in line with prevailing circumstances. Individual methods for managing operational risk coordinated with each other to provide an accurate, comprehensive picture of the risk situation coherently integrated into the overall management of all risk types. Mandatory rule for all material decisions to take into account the impact on operational risk; this applies in particular to the new product process and to business continuity planning. Subject to cost effectiveness, appropriate resources for managing operational risk to be made available. Incentive systems compatible with risk to ensure a sustained contribution based on performance from the perspective of the entire business. Management of operational risk on a decentralized basis. Compliance with relevant regulatory requirements guaranteed at all times. Source: Annual Report 2012, DZ Bank Strong operational risk management culture Banks with a strong culture of risk management and ethical business practices are less likely to experience potentially damaging operational risk events and are placed to effectively counter such risk events. The Institute of Risk Management (IRM) defines risk culture as a term describing the values, beliefs, knowledge and understanding about risk shared by a group of people with a common purpose, in particular the employees of an organization. Real World Illustration What does a Good Risk Culture Look Like? A successful risk culture would include: 1. A distinct and consistent tone from the top—from the board and senior management—in respect of risk taking and avoidance (and also consideration of tone at all levels). 2. A commitment to ethical principles, reflected in a concern with the ethical profile of individuals and application of ethics and the consideration of wider stakeholder positions in decisionmaking. 3. A common acceptance through the organization of the importance of continuous management of risk, including clear accountability for and ownership of specific risks and risk areas. 4. Transparent and timely risk information flowing up and down the organization with bad news rapidly communicated without fear of blame. 5. Encouragement of risk event reporting and whistle-blowing, actively seeking to learn from mistakes and near misses. 6. No process or activity too large or too complex or too obscure for the risks to be easily understood. 7. Appropriate risk-taking behaviours rewarded and encouraged, and inappropriate behaviours challenged and sanctioned. Chapter-07.indd 230 10/16/2015 3:56:52 PM 231 Chapter 7 Operational Risk 8. Risk management skills and knowledge valued, encouraged and developed, with a properly resourced risk management function and widespread membership of, and support for, professional bodies. Professional qualifications supported as well as technical training. 9. Sufficient diversity of perspectives, values and beliefs to ensure that the status quo is consistently and rigorously challenged. 10. Alignment of risk culture management with employee engagement and people strategy to ensure that people are supportive socially but also focused on the task in hand. Source: Risk Culture Under the Microscope—Guidance for Boards, Institute of Risk Management, 2012 The board should establish a code of conduct or ethics policy that sets clear expectations for integrity and ethical values of the highest standard as well as identify acceptable business practices and prohibited conflicts. Strong and consistent senior management support for risk management and ethical behaviour reinforces the code of conduct and ethics, compensation strategies and training programmes. 7.4.3 Operational Risk Management Process A sound operational risk management process is a comprehensive process of identifying and assessing, monitoring and reporting, and control and mitigation of the operational risk exposures that banking organizations face. Control and mitigation Identification and assessment Monitoring and reporting Figure 7.5 The operational risk management process Identification and assessment Risk identification and assessment are fundamental characteristics of an effective operational risk management system. Effective operational risk identification considers both internal and external factors. The bank should ensure that all operational risks inherent in all material products, activities, processes and systems are identified and comprehensively assessed. Sound risk assessment allows the bank to better understand its risk profile and allocate risk management resources and strategies most effectively. Banks should have an approval process for all new products, activities, processes and systems that adequately considers operational risk. Chapter-07.indd 231 10/16/2015 3:56:52 PM 232 Risk Management in Banking: Principles and Framework A bank’s operational risk exposure is increased when the bank engages in new activities or develops new products, enters into unfamiliar markets, implements new business processes and systems and/or engages in businesses that are geographically distant from the head office. The review and approval process should consider: Inherent risks in the new product, service or activity Changes to the bank’s operational risk profile and appetite and tolerance, including risk exposures from existing products and services Necessary controls, risk management processes and risk mitigation strategies Residual risk Changes to relevant risk thresholds or limits Procedures and metrics to measure, monitor and manage the risk of a new product or activity Monitoring and reporting Banks should implement a process to regularly monitor operational risk profiles and material exposures to losses. The quality of operational risk reporting should continuously be improved. Banks should implement appropriate reporting mechanisms at the board, senior management and business line levels to support proactive management of operational risk. Reports should be comprehensive, accurate, consistent and actionable across business lines and products. The reports should be manageable in scope and volume as well as prepared in a timely manner. Operational risk reports may contain internal financial, operational and compliance indicators as well as external market or environmental information about events and conditions that are relevant to decision-making. The reports should include: Breaches of the bank’s risk appetite and tolerance statement as well as thresholds or limits Details of recent significant internal operational risk events and losses Relevant external events and potential impact on the bank and operational risk capital Operational loss data collection plays an important role in operational risk reports. This will be discussed in more detail in Chapter 8. Control and mitigation Banks should have a strong control environment that utilizes policies, processes and systems, appropriate internal controls and appropriate risk mitigation and/or transfer strategies. The internal controls should be designed to provide reasonable assurance that the bank will have efficient and effective operations, safeguard its assets, produce reliable financial reports, and comply with applicable laws and regulations. Control processes and procedures should include a system for compliance with existing policies. Examples of the system elements are: Top-level reviews of progress towards stated objectives Verify compliance with management controls Review the treatment and resolution of instances of non-compliance Chapter-07.indd 232 10/16/2015 3:56:52 PM 233 Chapter 7 Operational Risk Evaluation of required approvals and authorizations to ensure accountability to an appropriate level of environment Track reports for approved exceptions to thresholds or limits, management overrides and other deviations from established policies An effective control environment should include the following aspects: Appropriate segregation of duties; assignments that establish conflict of duties for individuals or team without dual controls or other countermeasures may enable concealment of losses, errors or other inappropriate actions Clearly established authorities and/or processes for approvals Close monitoring of adherence to assigned risk thresholds or limits Safeguards for access to, and use of, bank assets and records Appropriate staffing level and training to maintain expertise Ongoing processes to identify business lines or products where returns appear to have deviated from reasonable expectations Regular verification and reconciliation of transactions and accounts Vacation policy that provides for officers being absent from their duties for a period of not less than two consecutive weeks. 7.4.4 Business Resiliency and Continuity Banks should have in place business resiliency and continuity plans to ensure an ability to operate on an ongoing basis and limit losses in the event of severe business disruption. The business continuity plan should ensure resiliency against risks of disruptive events. It should take into account the different types of likely or plausible scenarios to which the bank may be vulnerable. Continuity management should incorporate: Business impact analysis Recovery strategies Testing Training and awareness programmes Communication and crisis management programmes Banks should identify critical business operations, key internal and external dependencies, and appropriate resilience levels. Contingency plans should establish contingency strategies, recovery and resumption procedures, and communication plans for informing management, employees, regulatory authorities, customers, suppliers and, where appropriate, the civil authorities. CONCLUSION In this chapter, an overview of operational risk was discussed. The evolution of the definition of operational risk from a residual definition to a causal definition was also discussed. The different types of operational risk causes, events and consequences were enumerated. At the end of this chapter, an overview of the sound practices in operational risk management was discussed. Chapter-07.indd 233 10/16/2015 3:56:52 PM Chapter-07.indd 234 10/16/2015 3:56:52 PM C 8 P HA TE R IDENTIFICATION OF OPERATIONAL RISK In the previous chapter, an overview of operational risk was discussed. The redefinition of operational risk from a ‘residual’ to a causal definition was also discussed. The different types of operational risk events were enumerated. At the end of the chapter, an overview of the sound practices in operational risk management was discussed. This chapter focuses in greater detail on the first step in the operational risk management process, i.e. operational risk identification. This is the process of finding, recognizing and describing operational risks in a banking organization. This chapter begins with an overview of the operational risk identification process. It then discusses the different business lines that generate operational risks. Before the conclusion, the risk management student will be introduced to an important tool in identifying operational risk—the operational loss database. Chapter-08.indd 235 11/26/2015 9:43:58 AM 236 Risk Management in Banking: Principles and Framework Identification of Operational Risks Sources of Operational Risks Basel II Business Lines Internal Operational Loss Database External Operational Loss Database Figure 8.1 Diagrammatic outline of this chapter’s topics LEARNING OUTCOME At the end of this chapter, you are expected to be able to: IDENTIFY the different sources of operational risks in the banking context LEARNING OBJECTIVES At the end of this chapter, you will be able to: EXPLAIN the different sources of operational risks ENUMERATE the Basel II business lines and their importance in identifying operational risks DISCUSS the role of internal operational loss data in identifying operational risks DISCUSS the role of external operational loss data in identifying operational risks ENUMERATE the operational risks associated with new products/business activities and outsourced processes 8.1 SOURCES OF OPERATIONAL RISKS LEARNING OBJECTIVE 8.1 EXPLAIN the different sources of operational risks Operational risk is inherent in almost all banking strategies, products and business activities. You will recall from the previous chapter that operational risk has received far less attention compared to market and credit risks. In fact, in the area of risk measurement, operational risk is still at the infancy stage particularly when compared against market and credit risks. This is partly due to difficulty in setting a standard definition for this risk. In the past, many risk practitioners adopted a residual mindset on operational risk management. They simply affirmed that banks should accept operational risk as a residual risk. However, the banking failures that occurred over the past few decades due to failures Chapter-08.indd 236 11/26/2015 9:43:58 AM 237 Chapter 8 Identification of Operational Risk in operational risk management erased all doubts that banking organizations should elevate operational risk to the same level as the other types of risks such as market and credit risks. In fact, the Basel Committee on Banking Supervision (BCBS) had since formally recognized operational risk as one of the three major types of risks that banks should, at a minimum, set aside capital for. The BCBS has provided an important framework to better understand and identify operational risk exposures. Operational risk identification involves finding, recognizing and describing operational risk. Given the broad scope of operational risks, it would be helpful to classify operational risks in terms of sources, events and consequences. Table 8.1 Classification of operational risks Causes Events Consequences Operational risk sources classify operational risk types according to their causes. Understanding the causes or sources is an important step in identifying and assessing operational risk, which is pervasive in the bank’s products, business activities and services. To get a full picture of the bank’s operational risk profile, it is important to identify the different sources of operational risks. As discussed in the previous chapter, Basel II has adopted a causal approach in defining operational risk. Operational risk arises from the following causes: Operational risk events describe their types according to the condition when the operational risk happens. These events describe the different types and kinds of operational risk failures. Operational risk events are useful tools for the bank to understand the nature and types of operational risk losses it encountered in the past. An operational risk loss can only arise from an operational risk event. Understanding the events that trigger operational risks provide an important framework that could help the risk management practitioner in structuring the operational risk identification process. Examples of operational risk events as defined by Basel II are: Operational risks can also be classified according to the results or outcomes of the operational risk occurrences. Operational risk can result in either favourably or adversely impacting the bank. While the usual concern is on the adverse or loss side, it would be useful if operational loss data are collected and assessed even if the occurrence of an event resulted in a gain. This is because all operational risk events may provide valuable insights into weaknesses in the bank’s processes or systems that must be addressed. Operational risk consequences can be assessed in two dimensions: Internal fraud External fraud Employment practices and workplace safety Clients, products and business practices Damage to physical assets Business disruption and system failures Execution, delivery and process management Likelihood of occurrence refers to the frequency of occurrence of an operational risk event. It can range from low to high frequency of occurrences. The severity of operational loss event refers to the financial impact on the bank if an operational risk event occurs. The severity can range from low to high impact. People Process Systems External events From the definition of operational risk, it can be inferred that operational risks arise from both internal and external events. The first three—people, process and systems—are internal in nature. The last one—external events—are external in nature. The Basel II definition of operational risk includes legal risks that can be classified as both internal and external operational risks. Likelihood of occurrence Severity of occurrence As will be discussed in a later section, these events can be used to better understand the operational risk profile of the whole banking organization by relating these events to each of the significant business lines. In the operational risk identification process, it is important for risk management practitioners to understand the operational risk sources, events and consequences Chapter-08.indd 237 11/26/2015 9:43:58 AM 238 Risk Management in Banking: Principles and Framework independently as well as their interrelationships. Operational risk sources—ranging from internal to external events—help the practitioner in understanding the underlying causes of operational risk failures. Operational risk events describe the operational risk failures. These events, which arise from the different operational risk sources, provide valuable information that will trigger the recognition of the occurrence of operational risk failures. These operational risk events result in operational risk consequences for the bank. Operational risk consequences help the bank in assessing, measuring and managing operational risk events. Identifying the different operational risk consequences will enable the bank to appropriately prioritize different operational risk losses. For instance, high frequency and high severity operational risk losses should receive higher prioritization than low frequency and low severity operational risk losses. Identifying the different operational risk consequences sets the foundation for quantifying the amount of operational risk capital required to support the bank’s risk-taking activities and the design of strategies to mitigate the exposures. For example, the bank may purchase insurance to hedge its low frequency but high severity operational loss events. 8.2 OPERATIONAL RISK BUSINESS LINES LEARNING OBJECTIVE 8.2 ENUMERATE the Basel II business lines and their importance in identifying operational risks The Basel Committee on Banking Supervision recognizes that operational risk is inherent and pervasive in all banking business activities. This is why under the Basel II standardized approach, the gross income for each business line is used as the basis for calculating the minimum capital requirement for operational risk. The implicit assumption behind this is that the larger the scale of business operations, the more susceptible the bank is to operational risk management failures. Table 8.2 enumerates the eight major Level 1 business lines from which the bank can map the operational risk losses. Table 8.2 Mapping operational risk losses from Level 1 business lines Level 1 Business Lines of Banking Organizations Chapter-08.indd 238 Corporate finance The corporate finance business line involves banking services that help clients—usually corporations, governments and institutional investors—raise funds via the capital markets. Trading and sales Trading and sales business line helps clients buy and sell financial instruments such as equity securities, debt securities, foreign exchange, commodities and derivatives. It involves the use of a wide platform of products and services in the area of capital markets, fixed income, foreign exchange, commodities and derivatives. 11/26/2015 9:43:58 AM 239 Chapter 8 Identification of Operational Risk Level 1 Business Lines of Banking Organizations Retail banking Retail banking business line refers to products and services offered by banks to consumers and small businesses through their branch networks and online infrastructure. Commercial banking Commercial banking activities primarily involve granting of loans to households and businesses from deposits or funds taken from depositors. Payments and settlements The payments and settlements business line facilitates payments of goods and services on behalf of clients. Bank branches, internet and mobile banking facilities, and automated teller machines are some of the most popular channels of payments. Agency services Banks may act on behalf of their customers in managing and protecting their assets and properties via the banks’ agency services business activities. Asset management Asset management activities involve managing or providing advice on the individual assets or investment portfolios of clients for a fee. Banks are usually compensated based on a percentage of the total assets under their management. Retail brokerage Retail brokerage services are brokering services that primarily serve the trading and investment requirements of retail investors. Each major business line can be further subdivided into secondary Level 2 business lines to better classify operational risk losses. Figure 8.2 depicts the different Level 2 business lines classified under the respective Level 1 business lines. Corporate finance Sales and trading Retail banking Corporate finance Sales Retail banking Municipal/ government finance Market making Merchant banking Proprietary positions Advisory services Treasury Private banking Card services Commercial banking Commercial banking Payments and settlements External clients Agency services Asset management Custody Discretionary fund management Corporate agency Corporate trust Retail brokerage Retail brokerage Nondiscretionary fund management Figure 8.2 Level 1 business lines with corresponding Level 2 business lines Chapter-08.indd 239 11/26/2015 9:43:58 AM 240 Risk Management in Banking: Principles and Framework Additionally, each of the bank’s business activities should be mapped to the Level 1 business lines. This is enumerated in Table 8.3. Table 8.3 Business activities mapped against their Level 1 business lines Activity Groups Level 1 Business Lines Mergers and acquisitions, underwriting, privatizations, securitization, research, debt (government, high yield), equity, syndications, IPOs, secondary private placements Corporate finance Fixed income, equity, foreign exchanges, commodities, credit, funding, own position securities, lending and repos, brokerage, debt, prime brokerage Trading and sales Retail lending and deposits, private lending and deposits, banking services, trust and estates, investment advice, merchant, commercial, corporate cards, private labels and retail Project finance, real estate, export finance, trade finance, factoring, leasing, lending, guarantees, bills of exchange Retail banking Commercial banking Payments and collections, funds transfer, clearing and settlements Payments and settlements Escrow, depository receipts, securities lending (customers), corporate actions, issuer and paying agents Agency services Pooled, segregated, retail, institutional, closed, open, private equity funds Asset management Execution and full services Retail brokerage Operational risks in support services should be allocated to the respective business line that it supports. 8.3 INTERNAL OPERATIONAL RISK LOSS DATA LEARNING OBJECTIVE 8.3 DISCUSS the role of internal operational loss data in identifying operational risks The starting point in the operational risk identification stage is the collection and analysis of operational loss data specific to the bank’s loss experience. This allows the bank to understand and appreciate not only its operational risk profile but also the weaknesses in its processes. The internal loss database is an essential prerequisite for developing the operational risk measurement system. Unlike market risk data, the internal operational loss data is bank entity-specific. The data collected is specific to the size, nature and risk-profile of the bank. Therefore, the bank has to rely on its own loss experience. Operational risk data is also unlike credit risk data. As discussed in the previous two chapters, prior to Basel II, there was no universal definition of operational risk. This makes it difficult Chapter-08.indd 240 11/26/2015 9:43:58 AM 241 Chapter 8 Identification of Operational Risk to gather operational loss data. Unlike in credit risk where default events are legally defined, there has been no clear definition of operational risk until recently. This made gathering of operational loss data more challenging than for credit risk data. Before the details of the internal operational loss data collection are discussed, it would be helpful to discuss the four different types of data that banks may collect. These data could provide important insights into the bank’s operational risk profile. Table 8.4 describes these events. Table 8.4 Types of data for operational risk profiling Description Examples Loss events Event Type These are operational risk events that lead to actual losses for the bank. Failure to execute a client’s order in a timely manner which resulted in a loss. Embezzlement which resulted in monetary loss. Near-miss events These are operational risk events that do not lead to a loss. Systems disruption after banking hours which did not result into a loss. Operational risk gain events These are operational risk events that generate a gain. Erroneous execution of an order to buy a financial instrument, i.e. executed a larger size. The price of the financial instrument rallied on the date of discovery, resulting in the recognition of a gain on the date the financial instrument was sold. Opportunity costs/ lost revenues These are operational risk events that prevent undetermined future businesses from being conducted. Failure to offer a high-margin product or service to the bank’s clients due to unavailability of systems to process the product or service. Analysis of loss events provides important insights into the causes of large losses and information as to whether the failures in control are isolated cases or systematic. The lack of data on actual losses from operational risk is one of the key problems in measuring and modelling operational risk exposures. An internal operational loss database is a key input in any effective operational risk management framework. Internal loss data is the foundation to quantitatively estimate the bank’s operational risk exposure. An internal operational loss database captures and accumulates individual loss events across business units and risk types. The database is used to record and classify loss events. The Basel Committee on Banking Supervision has set minimum standards for collecting and tracking internal loss data. Table 8.5 describes these standards. Table 8.5 Standards for the collection and tracking of internal loss data Chapter-08.indd 241 Data Description Relevance of historical data The bank must ensure that its internal historical operational loss data is clearly linked to its current business activities, technological processes and risk management procedures. Quantum of data To be used for calculating the minimum regulatory capital, the bank must gather a minimum five-year observation period of internal loss data. Internal loss data mapping The bank must be able to map the historical internal loss data to the relevant Level 1 business line categories. There should be an objective and documented policy for allocating operational losses to the specified business lines and event types. 11/26/2015 9:43:58 AM 242 Risk Management in Banking: Principles and Framework Data Description Comprehensiveness The internal operational loss data collection process should capture all material activities and exposures. The bank may provide a de minimis gross loss threshold for internal loss data collection, e.g. operational loss data of at least €10,000 will be collected and documented in the internal operational loss database. Minimum data required The bank must collect the gross operational loss, i.e. gross of any recoveries. This is to give a more accurate picture on the magnitude of the operational risk loss. Apart from the gross operational loss amount, the following data should be collected: Date of the operational loss event Recoveries of gross loss amount Descriptive information about the drivers or causes of the operational loss event Allocation The bank must develop specific criteria for assigning loss data arising from a centralized function or an activity that serves more than one business line. Relationship with other types of risks Credit risk The bank may monitor operational losses that are related to credit risk for internal operational risk management purposes. However, these losses would be treated as credit risk for regulatory capital purposes and are not subject to the operational risk charge. Market risk Operational losses that are related to market risk are treated as operational risk for regulatory capital purposes. 8.3.1 Incident Reporting Banks use the incident reporting mechanism for collecting internal operational loss data across all business lines. The reporting mechanism allows each business line to report its operational risk losses as they occur. This serves as the strategic starting point for many banks in populating their internal operational loss database. To ensure comparability across different types of operational losses, banks should implement a standard and documented approach in reporting internal operational losses. As an example, the incident reporting form will contain the following items: Date of report Date of occurrence Date of accounting Gross loss amount Recovery amount Business line Type of operational loss event Description of operation loss event Dates of occurrence of internal losses Ideally, the operational loss event should be reported on the date of its occurrence. Unfortunately, this is not always the case in practice. Operational loss events may be discovered weeks or months after the date of their occurrences. Further, not all operational losses will materialize on the date of occurrence or discovery. For example, losses from legal cases normally take months or years to materialize. Table 8.6 depicts the three important dates in the recognition of internal losses. Chapter-08.indd 242 11/26/2015 9:43:58 AM 243 Chapter 8 Identification of Operational Risk Table 8.6 Recognition of internal losses Important Dates for Recognition of Internal Losses Date of occurrence The date when the operational loss event happened. Date of discovery The date when the operational loss event was discovered. Date of accounting The date on which the bank is required to recognize losses for accounting purposes. Under the accounting standards, there are specific requirements in recognizing obligations or losses. Remote possibility—no recognition or disclosure. Possible but not probable—classified as a contingent liability; with disclosure but not recognition. Probable—may be recognized as a liability. Based on the 2006 BIS survey on the range of practices on operational risk for the Advanced Measurement Approach (AMA), banks tend to favour the use of date of occurrence or date of discovery over the date of accounting, except for litigation cases. Gross loss amount Gross operational loss exposure is the gross amount of loss that the bank incurred before recoveries. Net operational loss exposure is the net amount of loss incurred after recoveries from clients, insurance or other sources. Based on the 2006 BIS survey, banks generally collect information about the gross loss amount and the corresponding recovery. In many cases, determining the gross operational loss exposure amount is less straightforward. There is a variety of measurement approaches to derive an estimate of the gross internal operational loss amount. Table 8.7 gives some examples. Table 8.7 Estimating operational loss amount—some measurement approaches Approaches for Determining Amount of Operational Loss Exposure Book value This refers to the value of the security or asset in the bank’s balance sheet. Replacement value This refers to the cost of replacing the asset at the current time. Market value This is the amount that would be received in selling an asset in an orderly transaction between market participants. Internal loss data collection threshold Banks may provide for de minimis levels below which the loss amounts are not collected or recorded in a bank’s internal loss database. In choosing an appropriate level of threshold, the bank should be aware of the trade-off between the benefits of collecting smaller losses and the cost of collecting such information. In the results from the 2008 loss data collection exercise for operational risk, the Basel Committee revealed that a majority of banking institutions had reported thresholds of less than €10,000. The most common threshold was between €0 and €1,000. While the thresholds vary from one bank to another, the quantum should be reasonable. Additionally, the thresholds should not omit operational loss event data that are material for operational risk exposure and for effective risk management. The choice of threshold for modelling should not adversely impact the credibility and accuracy of the operational risk measures. Chapter-08.indd 243 11/26/2015 9:43:58 AM 244 Risk Management in Banking: Principles and Framework Business lines and event types allocation Another issue worth discussing is the allocation of internal operational loss event arising from a single operational risk event that affects multiple business lines. For example, how should a bank allocate operational risk losses that occur in a centralized function such as in information technology? Table 8.8 details two common approaches that bank uses. Table 8.8 Internal operational loss events—allocation mechanisms Allocation Mechanisms Alternative 1 Allocate the entire operational loss to the business line for which the impact is the greatest. 8.3.2 Alternative 2 Allocate the loss on a pro rata basis across the affected business line. The 8 × 7 Matrix The bank must be able to map its historical internal loss data into the relevant Level 1 supervisory categories and provide these data to supervisors upon request. It must have documented objective criteria for allocating losses to the specified business lines and event types. Internal operational loss data can be categorized under two dimensions—by business lines and event types. Table 8.9 Categories of internal loss data by business lines and event types Corporate Finance Trading and Sales Retail Banking Commercial Banking Payments and Settlements Agency Services Internal fraud xxx xxx xxx xxx xxx xxx xxx xxx xxx External fraud xxx xxx xxx xxx xxx xxx xxx xxx xxx Employment practices and workplace safety xxx xxx xxx xxx xxx xxx xxx xxx xxx Clients, products and business practices xxx xxx xxx xxx xxx xxx xxx xxx xxx Damage to physical assets xxx xxx xxx xxx xxx xxx xxx xxx xxx Business disruption and systems failure xxx xxx xxx xxx xxx xxx xxx xxx xxx Execution, delivery and process management xxx xxx xxx xxx xxx xxx xxx xxx xxx TOTAL xxx xxx xxx xxx xxx xxx xxx xxx Chapter-08.indd 244 Asset Retail Total Management Brokerage 11/26/2015 9:43:58 AM 245 Chapter 8 Identification of Operational Risk 8.3.3 Basic Statistical Analysis The bank should conduct a basic statistical analysis on the internal loss data collected. Examples of this statistical information are: Number of incidents Average loss Volatility or standard deviation Table 8.10 Type of statistical information for analysis of internal loss data Level 1 Business Lines Loss Events Descriptive Statistics Retail Banking Commercial Trading Corporate Asset Banking and Sales Finance Management Payments and Settlements Agency Services No. of incidents Internal fraud Average Standard deviation No. of incidents External fraud Average Standard deviation Employment practices and workplace safety Clients, products and business practices Damage to physical assets Business disruption and systems failure Execution, delivery and process management Chapter-08.indd 245 No. of incidents Average Standard deviation No. of incidents Average Standard deviation No. of incidents Average Standard deviation No. of incidents Average Standard deviation No. of incidents Average Standard deviation 11/26/2015 9:43:58 AM 246 Risk Management in Banking: Principles and Framework Real World Illustration Loss Data Collection Faces Pitfalls Practitioners agreed that incentivizing staff to report losses tops the list of challenges in loss data collection, in a discussion at the OpRisk Asia Conference in Singapore. “We could do better than rely only on people for our loss data collection, but rely on people is what we do,” said Anthony Rizzo, risk executive for operational risk in the institutional banking and markets division of the Commonwealth Bank of Australia. Alongside the challenge of encouraging staff to share information about losses without fear of those losses being held against them, practitioners spoke of the difficulty in testing the proportion of losses they are accurately identifying. “People are at the core of how we collect data,” said Rizzo, adding that for this reason educating staff about how collecting loss data is valuable to the bank is essential. Employees will also need to know that information they supply will not be used against them, he said. “We can definitely close the gap in understanding,” said Yusuf Yasin, senior operational risk officer at Standard Chartered in Singapore, emphasizing the need for operational risk managers to improve their understanding of business units as well as the reverse. Jennifer Koo, head of operational risk capital and reporting at Credit Suisse in Singapore, spoke of the challenge of setting loss data collection policies for a global organization across countries and business units in a way that is meaningful for front-line employees. She suggested firms might set global high-level policies with additional supplemental guidance for specific lines of business and local training on that guidance. This can be used to detail what losses might look like in specific areas and set out the information risk managers would like to be recorded with relevant examples. On the additional challenge of back-testing loss-data capture, she said doing so can be difficult because operational risk losses often are recorded in a way that makes tracing their derivation impossible. Losses due to incorrect mark-to-market valuations, for example, will be corrected in the trading book and reflected in a bank’s general ledger, rather than a specific profit and loss account. Practitioners also spoke of the special difficulties presented by operational risk events that lead to a gain rather than a loss for the firm. In such cases, there is no incentive for the trader involved to report the incident, Koo pointed out. Yasin described a research exercise in which the distribution of operational risk events reported within a firm was found to be unevenly skewed towards losses. This shows that traders were under-reporting accidental gains, he said, since positive and negative outcomes from operational risk events might be expected to be normally distributed—in fact, accidental gains were probably either reported as deliberate trading profits, or unofficially used to offset losses elsewhere. Source: Risk.net 8.4 EXTERNAL OPERATIONAL RISK LOSS DATA LEARNING OBJECTIVE 8.4 DISCUSS the role of external operational loss data in identifying operational risks The bank’s operational risk measurement system must use relevant external data particularly if the bank is exposed to infrequent, yet potentially severe losses. External loss data comprises operational risk losses experienced by third parties. Given this experience, the bank can use this information to assess its own vulnerability. It is important to supplement the internal loss data with external loss data, particularly when the bank is exposed to low frequency but high severity operational risk losses. These external data shall include: Chapter-08.indd 246 11/26/2015 9:43:59 AM 247 Chapter 8 Identification of Operational Risk Data on actual loss amounts Information on the scale of business operations where the event occurred Information on the causes and circumstances of the operational loss events Other information that would help in assessing the relevance of the loss event for other banks External loss data can be compared with internal loss data or used to explore possible weaknesses in the control environment or consider previously identified risk exposures. In the 2008 survey by the Basel Committee, one finding shows that most banks factored external loss data in their operational risk capital estimates. There are three popular providers of external loss data—ORX, bbaGOLD and ORIC. Operational Riskdata eXchange Association (ORX) The Operational Riskdata eXchange Association (ORX) is a not-for-profit industry association dedicated to advancing the measurement and management of operational risk in the global financial services industry. ORX was founded in 2002 with the primary objective of creating a platform for the secure and anonymized exchange of high-quality operational risk loss data. Today, ORX operates the world’s leading operational risk loss data consortium for the financial services industry. The ORX Global Operational Risk Database is the world’s largest operational risk loss data resource. As of 31 December 2012, the database contained 299,672 loss events equating to a total value of €151,559,050,244. The data that ORX collects is confidential. In general, ORX only makes its data available to member institutions which contribute to the database. Table 8.11 shows an aggregated data of total gross losses by event types and business lines. Table 8.11 Global total gross losses by event types and business lines (2012) Internal Fraud External Fraud Employment Practices Clients, Products and Business Practices Disasters and Public Safety Technology and Infrastructure Execution Delivery and Process Management Malicious Damage Total % by Business Line Aggregated Global Data of Total Gross Losses—2012 Corporate Finance 0.08% 0.42% 0.18% 24.79% 0.00% 0.00% 1.24% 0.00% 26.71% Trading and Sales 1.34% 0.69% 0.30% 4.74% 0.00% 0.28% 7.00% 0.00% 14.35% Retail Banking 1.97% 7.13% 2.12% 8.51% 0.33% 0.61% 7.46% 0.02% 28.17% Commercial Banking 1.04% 2.10% 0.28% 3.35% 0.01% 0.09% 5.08% 0.00% 11.97% Clearing 0.11% 0.26% 0.03% 0.31% 0.00% 0.08% 0.63% 0.00% 1.42% Agency Services 0.02% 0.03% 0.04% 2.03% 0.00% 0.02% 0.69% 0.00% 2.84% Asset Management 0.06% 0.05% 0.17% 3.11% 0.00% 0.02% 0.89% 0.00% 4.30% Retail Brokerage 0.14% 0.09% 0.26% 1.57% 0.01% 0.01% 0.30% 0.00% 2.38% Private Banking 0.55% 0.20% 0.11% 2.44% 0.00% 0.01% 0.65% 0.00% 3.96% Corporate Hems 0.10% 0.07% 0.33% 1.28% 1.12% 0.03% 0.97% 0.01% 3.90% Total % by Event Type 5.42% 11.04% 3.84% 52.14% 1.48% 1.15% 24.90% 0.03% 100.00% Key> 1%–5% 5%–10% >10% Source: Operational Riskdata eXchange Association Chapter-08.indd 247 11/26/2015 9:43:59 AM 248 Risk Management in Banking: Principles and Framework British Bankers’ Association (BBA) GOLD bbaGOLD is the operational risk event data consortium managed by the British Bankers’ Association (BBA) using online services provided by Risk Business International Ltd. It provides participating institutions with external information pertaining to their respective risk management practice. bbaGOLD has taken the basic Basel categorization of loss event types and business lines and significantly expanded the range of available information on the events. For each event, it is possible to assess its life cycle, the originating source of the occurrence, the business line in question, the product or function involved, the contributing causal factors, which controls failed, the nature of the loss event, the consequent impact and the amount of associated loss. ORIC data The Association of British Insurers (ABI) founded Operational Risk Consortium Ltd (ORIC) in 2005 together with 16 core insurers to provide thought leadership, and to enhance quantitative and qualitative understanding of operational risk. The ABI is constantly growing both in the UK and internationally, adding new members every year. It remains a not-for-profit organization, with its current members being drawn from both life and non-life types of business. ORIC deals with operational risk data—information on losses due to failed people, processes, systems or external events. It provides a quality-controlled database to improve the members’ risk measurement and modelling skills. The consortium had set a standard for the industry in terms of risk event categorization. The Level 1 and 2 categories are consistent with the Basel II Accord. ORIC and its members have developed a further Level 3 categorization system to increase the granularity of its database. The ORIC ‘Loss’ database provides in-depth narratives of the events leading to losses. It also captures the causes that lead risks to materialize and turn into loss events. The database design suits ORIC’s international expansion as it captures the geography of losses and allows member firms to submit data in various currencies. The database infrastructure supports data relating to actual monetary losses as well as near misses. When it is not possible to accurately quantify near miss losses in monetary terms, they can be stored in the ORIC database as ‘unquantifiable near misses’. The database currently stores over 3,016 loss events collected over the last five years, with total gross operational risk losses of over €2 billion. 8.5 NEW PRODUCTS AND BUSINESS ACTIVITIES AND OUTSOURCING ACTIVITIES LEARNING OBJECTIVE 8.5 ENUMERATE the operational risks associated with new products/business activities and outsourced processes Entering into new products, engaging in new business activities and outsourcing internal processes often expose the banking organization to new or emerging operational risks Chapter-08.indd 248 11/26/2015 9:43:59 AM 249 Chapter 8 Identification of Operational Risk that could easily be overlooked. The Basel Committee on Banking Supervision (BCBS) has discussed in detail the different operational risks that banks need to consider when introducing new products, engaging in new business activities or when outsourcing internal processes. 8.5.1 New Products and Business Activities Entering into new banking products, markets or activities expose a bank to operational risks. In many instances, the operational risk exposure is heightened when the bank introduces new products and activities, or enters into new markets. Examples of these new products and business activities are: Developing new banking products for clients Entering into unfamiliar markets Implementing new business processes or technology systems Engages in businesses that are geographically distant from the head office Operational risk is especially heightened during the product or activity introduction stage and when the bank starts to earn material revenue for new products or rely on the new activity at a more critical level. Introductory stage Transition to growth Figure 8.3 Heightening milestones in operational risk occurrence In order to address the risks arising from the new products or new business activities, the bank should have a process for the review and approval of new products, activities, processes and systems. This review and approval process should consider the following aspects: Inherent risks in the new product, service or activity Changes to the bank’s operational risk profile, and appetite and tolerance including the risk of existing products or activities Necessary controls, risk management processes and risk mitigation strategies Residual risk Changes to the relevant risk thresholds or limits Procedures and metrics to measure, monitor and manage the risk of new products or activities Whether the bank has appropriately and adequately invested in human resources and technology infrastructure before introducing new products 8.5.2 Outsourcing in Financial Services Banking organizations are increasingly using third parties to perform activities that they would normally have handled using internal resources. Outsourcing is seen by many as a Chapter-08.indd 249 11/26/2015 9:43:59 AM 250 Risk Management in Banking: Principles and Framework strategic tool that banks use to reduce costs and optimize their respective business practices. Figure 8.4 depicts some of the commonly outsourced business processes. Information technology Contract functions Commonly outsourced activities Finance and accounting Back-office processing and administration Figure 8.4 Banks’ commonly outsourced activities In February 2005, the Joint Forum* issued a paper which enumerated the different risks arising from the engagement of third parties to perform outsourcing services. Table 8.12 details these risks. Table 8.12 Risk concerns when using outsourced service providers Risk Type Chapter-08.indd 250 Major Concerns Strategic risk The third party may conduct activities on its own behalf which are inconsistent with the bank’s strategic goals. Failure to implement appropriate oversight of the outsource provider. Inadequate expertise to supervise the outsource provider. Reputation risk Poor service from the third party. Third-party provider’s interactions with customers are not consistent with the bank’s standards. Third-party provider’s practices are not in line with the bank’s stated practices. Compliance risk Privacy laws are not complied with. Consumer and prudential laws are not adequately complied with. Outsource provider has inadequate compliance systems and controls. Operational risk Technology failure. Inadequate financial capacity to fulfil obligations and/or provide remedies. Fraud or error. Risk that the bank finds it difficult or costly to undertake inspections. 11/26/2015 9:43:59 AM 251 Chapter 8 Identification of Operational Risk * Risk Type Major Concerns Exit strategy risk The risk that appropriate exit strategies are not in place. Limited ability to return services to home country due to lack of staff or loss of intellectual history or knowledge. Counterparty risk Inappropriate underwriting or credit assessments. Quality of receivables may diminish. Country risk Political, social and legal climate may create added risk. Business continuity planning is more complex. Contractual risk Ability to enforce contract. For offshoring, choice of law is important. Access risk Outsourcing arrangement hinders the bank’s ability to provide timely data and other information to regulators. Additional layer of difficulty in regulator understanding activities of the outsource provider. Concentration and systemic risk Overall industry has significant exposures to the outsource provider. The Joint Forum was established in 1996 under the aegis of the Basel Committee on Banking Supervision, the International Organization of Securities Commissions (IOSCO) and the International Association of Insurance Supervisors (IAIS) to deal with issues common to the banking, securities and insurance sectors. The Joint Forum has also drawn up a set of high-level principles on banks’ responsibilities in their outsourcing activities. These are enumerated in Table 8.13. Table 8.13 High-level principles on bank’s outsourcing activities Responsibilities of Banks in Outsourced Services Chapter-08.indd 251 Outsourcing assessment policy Banks should establish a comprehensive policy to guide its outsourcing assessment process. Outsourcing risk management programme Banks should establish a comprehensive outsourcing risk management programme to address outsourced activities and the relationship with service providers. Third-party practices are not in line with the bank’s stated practices. Responsibility to clients and regulators Banks should ensure that outsourcing arrangements do not diminish their ability to fulfil their obligations to customers and regulators. Selection process Banks should conduct appropriate due diligence in selecting third-party service providers. Documentation Outsourcing relationships should be appropriately documented via written contracts that clearly describe all the material aspects of the outsourcing agreements. Contingency plans The bank and the third-party service providers should establish and maintain contingency plans including a plan for disaster recovery and periodic testing of back-up facilities. Confidentiality Banks should ensure that third-party service providers protect the confidential information of both the bank and its clients from intentional or inadvertent disclosure to unauthorized parties. 11/26/2015 9:43:59 AM 252 Risk Management in Banking: Principles and Framework CONCLUSION This chapter provided important tools and framework for the operational risk identification process. The chapter started with a review of the different sources of operational risk. It then discussed the Basel II operational risk business lines, which provides an important foundation in understanding and identifying operational risk exposures. Next, it discussed two of the most important operational risk identification tools—the internal operational loss database and the external operational loss database. The chapter ended with a discussion of two of the most important sources of operational risks for a banking organization, i.e. new products and outsourcing activities. Chapter-08.indd 252 11/26/2015 9:43:59 AM C 9 P HA TE R MARKET RISK Banking organizations engage in financial market activities both to service client requirements and to hedge their risk exposures. As the global economy becomes more integrated, financial markets play an increasing important role in the banking business activities. For many banks, revenues earned from financial market-related activities make up a sizeable share of their total revenue. This is why, for many banking organizations, market risk is second only to credit risk in terms of importance. Market risk is the risk associated with a bank’s financial market-related activities. This chapter begins with an introduction to the importance of financial markets in the business of banking. It then provides a formal definition of market risk. This is followed with a detailed discussion on the different sources of market risks. At the end of this chapter, an overview of the market risk management process is discussed. This chapter covers only market risk identification. Book II will cover market risk measurement, monitoring, control and mitigation. Chapter-09.indd 253 11/26/2015 9:43:40 AM 254 Risk Management in Banking: Principles and Framework Market Risk Financial Market Activities Definition of Market Risk Types of Market Risks Market Risk Management Process Foreign Exchange Risk Market Risk Identification Interest Rate Risk Market Risk Assessment Equity Price Risk Market Risk Control Commodity Price Risk Market Risk Monitoring and Reporting Figure 9.1 Diagrammatic outline of this chapter’s topics LEARNING OUTCOME At the end of this chapter, you are expected to be able to: DISCUSS the basic principles of market risk in the banking context LEARNING OBJECTIVES At the end of this chapter, you will be able to: DISCUSS the roles of financial markets in the banking business activities DEFINE market risk ENUMERATE the different types of market risk exposures DISCUSS the basic market risk management process Chapter-09.indd 254 11/26/2015 9:43:40 AM 255 Chapter 9 Market Risk 9.1 FINANCIAL MARKET ACTIVITIES LEARNING OBJECTIVE 9.1 DISCUSS the roles of financial markets in the banking business activities Before discussing market risk in detail, it is important for the risk management student to be familiar with the roles of financial markets in banking business activities. This provides a critical context for the student to understand the importance and objectives of market risk management. Financial market is a mechanism that allows buyers and sellers to exchange financial instruments (e.g. equities, bonds, foreign exchange and derivatives) and commodities. 9.1.1 Functions and Roles of Financial Markets Table 9.1 describes the roles of financial markets in an economy. Table 9.1 Financial markets Roles of Financial Markets Access (or deploy) short-term liquidity Financial markets allow market participants with excess cash to deploy liquidity, and market participants with temporary shortfall in cash to access liquidity. Efficient allocation of capital Financial markets match borrowers—usually corporations—with longterm funding requirements with lenders or investors with long-term investment requirements. Risk transfer Financial markets allow the efficient transfer of risk from a party which has no capacity or is not willing to bear a specific risk to another party which has the capacity and is willing to bear the same risk. Facilitate international trade Financial markets play a major role in international trade by allowing the purchase and sale of foreign currencies and commodities. Importers need to purchase foreign currencies for payment of goods or services. Exporters need to sell foreign currencies earned from the sale of goods or services rendered. 9.1.2 Types of Financial Markets Financial markets can be broadly classified into the following types: Chapter-09.indd 255 (a) Money market (c) Foreign exchange market (b) Capital market (d) Derivatives market 11/26/2015 9:43:40 AM 256 Risk Management in Banking: Principles and Framework Money market The money market is where borrowers with short-term credit requirements—usually one year or less—are matched with lenders with short-term excess liquidity. Money market securities are the simplest and one of the least risky instruments in the financial markets due to their relatively short maturity. Figure 9.2 illustrates how the money market allows borrowers with short-term or temporary funding requirement to access funds. Investors with short-term investment requirement can also deploy their excess liquidity to the money market. Investors with Excess Liquidity Short-Term Investment Money Markets Allow Short-Term Borrowing and Lending Short-Term Funding Borrowers with Liquidity Requirements Figure 9.2 Money markets perform matching function The matching function performed by money markets is a critical function that allows banks and corporations to have a more stable cash flow by ‘smoothening’ their respective working capital needs, i.e. short-term investment and borrowing. Money markets are also the foundation of the more sophisticated capital markets, derivative markets and foreign exchange markets. Money markets frequently serve as a benchmark for these more sophisticated markets. Furthermore, a well-functioning money market is frequently a prerequisite before the more sophisticated financial market is developed. Table 9.2 describes some of the common types of money market instruments. Table 9.2 Money market instruments Common Types of Money Market Instruments Chapter-09.indd 256 Treasury bills Treasury bills are short-term money market securities issued by the government. Their tenors are usually one year or less. These bills are considered to be the safest type of investments. Commercial papers Commercial papers are short-term promissory notes issued by corporations. In the U.S., the maturities can range up to 270 days but average about 30 days. Bank deposits Bank deposits are funds placed in a bank and represent a legal liability owed by banks to depositors. Time deposits are deposits placed with a bank with a fixed interest rate for a predefined deposit period. Banker’s acceptance A banker’s acceptance (BA) is a short-term money market instrument issued by a corporation that is guaranteed by a commercial bank. BAs are usually used in international trade transactions to finance shipment or storage of goods. Certificate of deposit A certificate of deposit (CD) is a money market instrument with a fixed term and a fixed interest rate. The key distinguishing feature between a CD and a regular deposit is that pre-termination of the CD will usually incur a penalty. Repurchase agreement A repurchase agreement (repo) is a contractual agreement between two parties, where one party agrees to sell securities to another party at a specified price with a commitment to repurchase the securities on a later date at another specified price. 11/26/2015 9:43:40 AM 257 Chapter 9 Market Risk Capital market Capital markets facilitate the efficient allocation of capital. They provide a venue for entities with shortage of funds to borrow from entities with excess funds. This role is traditionally played by the capital market. Figure 9.3 illustrates how capital markets facilitate efficient allocation of capital. Corporations with long-term funding requirements may access the debt or equity markets to generate funding to finance their expansion. Investors with excess funds may invest in these debt or equity securities. The capital market can be broadly divided into two different types: (a) Debt capital markets (b) Equity capital markets Corporations with Fund Requirements Fund Requirements Capital Markets Facilitate Efficient Allocation of Capital Excess Funds Investors with Excess Funds Figure 9.3 Capital markets facilitate allocation of capital Foreign exchange market The foreign exchange market is one where different currencies are traded. It facilitates the exchange of goods, services and investments among different countries by allowing the conversion of one currency to another. Importer Exporter $ $ Malaysia Malaysia RM $ Goods Malaysian exporter converts the USD received to MYR (functional curency of the exporter) RM Malaysian importer buys USD using MYR (functional currency of the Malaysian importer) Goods USA $ USA Malaysian exporter sells palm oil to U.S.-based company, Malaysian exporter receives USD as payment Malaysian importer uses the USD received to pay U.S.based company Figure 9.4 Foreign exchange market facilitates international trade Chapter-09.indd 257 11/26/2015 9:43:40 AM 258 Risk Management in Banking: Principles and Framework Exporter—An exporter sells goods or services to a buyer in a foreign market. In exchange, the exporter receives payment in an international currency. The exporter then converts the proceeds denominated in an international currency to its local currency through the foreign exchange market. Importer—An importer, on the other hand, buys goods or services from a foreign market. The importer is required to pay for these goods/services in an international currency. To facilitate this requirement, the importer converts its local currency to an international currency through the foreign exchange market. Foreign exchange rate A foreign exchange rate is the price of one currency expressed in terms of another currency. A spot transaction is a straightforward purchase or sale of one currency against another. The International Organization for Standardization publishes a list of standard currency codes referred to as the ISO 4217 code list. The ISO 4217 establishes internationally recognized codes for the representation of currencies. Currency codes comprise three characters. The first two characters represent the country codes, which are frequently used as the basis for the national top-level internet domains. The third character represents the currency unit. Table 9.3 ISO currency codes First Two Characters (Country Code) Third Character (Currency Unit) ISO Currency Code US Dollar US Dollar USD Malaysian Ringgit MY Ringgit MYR Australian Dollar AU Dollar AUD Philippine Peso PH Peso PHP British Pound GB Pounds GBP mm Trends in the foreign exchange market As of April 2013, trading in the foreign exchange markets averaged US$5.3 trillion per day. This is an increase from US$4.0 trillion in April 2010 and US$3.3 trillion in April 2007. The role of the US dollar as the world’s dominant vehicle currency remains unchallenged. In April 2013, foreign exchange deals with the US dollar on one side of the transaction represents 87% of all deals initiated. The euro remains the second most important currency worldwide. However, the international role of the euro has shrunk since the beginning of the euro area sovereign debt crisis in 2010. The Australian dollar (AUD) and New Zealand dollar (NZD) continue to be among the most actively traded advanced economy currencies. Table 9.4 details the world’s most actively-traded currencies. Table 9.4 World’s most actively-traded currencies Currency Unit Chapter-09.indd 258 Code Turnover US Dollar USD 87% Euro EUR 33.4% 11/26/2015 9:43:40 AM 259 Chapter 9 Market Risk Currency Unit Code Turnover Japanese Yen JPY 23.0% Great Britain Pound GBP 11.8% Australian Dollar AUD 8.6% Swiss Franc CHF 5.2% Canadian Dollar CAD 4.6% Mexican Peso MXN 2.5% Chinese Yuan (Renminbi) CNY 2.2% New Zealand Dollar NZD 2.0% Swedish Krona SEK 1.8% Russian Ruble RUB 1.6% Hong Kong Dollar HKD 1.4% Singapore Dollar SGD 1.4% Turkish Lira TRY 1.3% Source: Triennial Central Bank Survey, Foreign Exchange Turnover in April 2013, Bank for International Settlements mm Foreign exchange rate regimes To understand the market dynamics that influence the movements of foreign exchange rates, it is important to appreciate the different exchange rate regimes. Exchange rate regimes determine how a sovereign chooses to govern its exchange rates. At the end of one spectrum is the fixed exchange rate regime. At the other end is the floating exchange rate regime. In the middle of this continuum of exchange rate regimes are the hybrid exchange rate regimes that combine different features of the fixed and floating exchange rates. Fixed Rate Regimes Hybrid Regimes Floating Rate Regimes Figure 9.5 Exchange rate regimes –– Fixed rate regimes Fixed rate regimes are characterized by foreign exchange rate regimes where a government ties its exchange rate to gold or to another country’s currency—usually an international currency such as the US dollar—or to a basket of currencies. This is why the fixed rate regimes are also referred to as pegged exchange rates. Fixed rate regimes can be broadly classified as: §§ Hard exchange rate pegs §§ Soft exchange rate pegs Chapter-09.indd 259 11/26/2015 9:43:40 AM Chapter-09.indd 260 Full dollarization is a hard exchange rate peg regime where a country officially adopts another country’s currency for all financial transactions. This arrangement is also known as an exchange rate arrangement with no separate legal tender. The key feature of a full dollarization regime is that the foreign currency acts as the legal tender for all financial transactions. A country adopting full dollarization will usually result in its central bank losing the role to act as the lender of last resort for its banking system and to implement monetary policy measures. Hard exchange rate pegs Hard exchange rate peg is an exchange rate regime where a country’s exchange rate is fixed against the currency of another country—usually, the US dollar. Currency or monetary union is a group of two or more countries sharing a common currency. Details Classification Examples The euro is the most prominent example of a monetary union. It is the single currency shared by 18 European Union member states. As of the date of this publication, the following countries use the euro: Austria Belgium Cyprus Estonia Finland France Germany Greece Ireland Italy Latvia Luxembourg Malta Netherlands Portugal Slovakia Slovenia Spain Source: IMF, ABC News In January 2000, Ecuador announced that it would adopt full dollarization to avert an economic crisis (7.5% contraction in 1999 and 60% inflation) and abandoned its national currency, the sucre. In January 2001, El Salvador decided to make the U.S. dollar as its official currency in the context of sound macroeconomic fundamentals while inflation was low and stable, and the economy was growing. The decision to adopt full dollarization was to tighten links to the U.S. economy and spur foreign investment, trade and growth. Other countries using the U.S. dollar as legal tender are the Democratic Republic of Timor-Leste, Marshall Islands, Micronesia, Palau, Panama and Zimbabwe. Some countries, such as Kosovo, Montenegro and San Marino, have adopted the euro as their legal currencies. Table 9.5 Classification of fixed rate regimes 260 Risk Management in Banking: Principles and Framework 11/26/2015 9:43:41 AM Chapter-09.indd 261 Soft exchange rate pegs Soft exchange rate peg is a type of fixed rate regime where the currency maintains a stable value against an anchor currency or a composite of currencies. The anchor currency or composite of anchor currencies are usually based on the currency or currencies of the country’s major trading or financial partners. Classification Stabilized arrangement entails a spot market exchange rate that remains within a margin of 2% for six months or more with respect to a single currency or basket of currencies. Conventional peg is a soft exchange rate peg arrangement where a country formally pegs its currency at a fixed rate to another currency or basket of currencies. Equatorial Guinea, Niger and the Republic of Congo Fiji, Kuwait, Libya, Morocco and Samoa EUR Composite Macedonia Vietnam EUR Composite Countries Cambodia, Iraq, Lebanon and the Republic of Maldives USD Currency Examples of countries which adopted a stabilized arrangement with the following as the anchor currency: The Bahamas, Bahrain, Eritrea, Jordan, Oman, Qatar, Saudi Arabia, United Arab Emirates and Venezuela Countries USD Currency The Moroccan exchange rate regime is a conventional peg based on a basket of currencies consisting of the euro and the U.S. dollar. The euro is given a weight of 80% while the U.S. dollar is given 20%. The allocation broadly reflects Morocco’s trade flows. Examples of countries which have adopted the convention pegs with the following exchange rate anchors are: Countries which have adopted a currency board mechanism with the euro as the anchor are Bosnia, Bulgaria, Herzegovina and Lithuania. Source: Hong Kong Monetary Authority Under the currency board system, the stability of the Hong Kong dollar exchange rate is maintained within a convertibility zone (7.75–7.85). The Hong Kong Monetary Authority may intervene to preserve exchange rate stability. US$ 1 The Hong Kong dollar is officially linked to the U.S. dollar at the rate HK$7.8 to US$1. The linked exchange rate system through a currency board mechanism requires the monetary base to be fully backed by foreign reserves and any change in the monetary base is to be fully matched by a corresponding change in foreign reserves. A currency board mechanism is a hard exchange rate peg regime where the domestic currency can be issued only to the extent that it is fully covered by the country’s central bank holdings of foreign exchange. The key feature of the currency board regime is that it is complemented by a minimum backing requirement for the domestic money in a foreign currency. HK$ 7.8 Examples Details Chapter 9 Market Risk 261 11/26/2015 9:43:41 AM Classification Chapter-09.indd 262 Malaysia is an example of a country with an exchange rate policy that is classified as other managed arrangement. The country follows a fixed rate arrangement which does not have an explicitly stated nominal anchor for its monetary policy but it monitors various economic indicators. Other countries classified by the IMF as having a managed arrangement regime are Bangladesh, Belarus, Malawi, Myanmar, Nigeria, Russia and Switzerland. Other managed arrangement is a fixed rate regime that cannot be classified under any of the above. Singapore Composite Only one country, Tonga, is classified by the IMF to be following this regime. Croatia EUR Pegged exchange rate within horizontal bands is an exchange rate arrangement where the value of a currency is maintained within certain margins of fluctuation of at least positive or negative 1% around a fixed central rate or a margin between the minimum and maximum value of the exchange rate that exceeds 2%. Ethiopia, Jamaica and Kazakhstan Countries USD Currency Countries which follow the crawl-like arrangement are: Source: MAS, Financial Times Singapore’s exchange rate regime is known as the ‘basket, band and crawl’ system. Its currency is managed against a basket of currencies of its major trading partners and competitors. It is allowed to fluctuate within an undisclosed policy band. The Monetary Authority of Singapore (MAS) usually steps in if the exchange rate moves outside the band. The exchange rate, therefore, floats within a set policy band which lets the currency crawl up or down. Crawl-like arrangement is an exchange rate arrangement where the currency must remain within a narrow margin of 2% relative to a statistically identified trend for six months or more. Examples Countries which adopted the crawling peg arrangement are Botswana (composite) and Nicaragua with the U.S. dollar as the anchor currency. Details Crawling peg arrangement is an arrangement where the currency is adjusted in small amounts at a fixed rate or in response to changes of selected indicators such as inflation differentials. 262 Risk Management in Banking: Principles and Framework 11/26/2015 9:43:41 AM 263 Chapter 9 Market Risk –– Floating rate regimes Floating rate regimes are characterized by foreign exchange rate regimes where the market primarily determines the level of the exchange rates. There are two main types of floating rate regimes: §§ Pure floating rate regimes §§ Floating rate regimes with discretionary intervention Table 9.6 Classification of floating rate regimes Classification Details Examples Pure floating rate regimes In a pure floating regime, the exchange rate is determined in the market without any public sector intervention or public sector intervention is only done on a very exceptional basis. IMF classifies a country as a pure floating rate regime if intervention is limited only to at most three instances in the previous six months each lasting no more than three business days. The Canadian Dollar (CAD) is one of the examples of currencies that are determined on a pure floating rate basis. The exchange rate is determined solely by the demand and supply of the currency in the foreign exchange market. The Central Bank does not intervene in the foreign exchange markets. Other countries which adopted a free floating approach are Australia, Chile, Czech Republic, Israel, Japan, Mexico, Norway, Sweden and United Kingdom. Floating rate regimes with discretionary intervention In floating rate regimes with discretionary intervention, the exchange rates are also largely market determined. However, the authorities can and do intervene. Philippine exchange rate is determined by forces of supply and demand. The Bangko Sentral ng Pilipinas (BSP) intervenes in the foreign exchange market to temper sharp fluctuations in the exchange rate. Countries with floating rate regimes with discretionary intervention are Brazil, Colombia, Peru, Philippines, New Zealand, Romania, South Africa, India, Mongolia, Pakistan, Thailand, Turkey, Korea, Hungary, Iceland, Papua New Guinea, Sri Lanka, Afghanistan, Madagascar, Turkey and Uruguay. Derivatives market Derivatives markets facilitate the efficient transfer of risks by allowing market participants to access different types of risk management products. Figure 9.6 illustrates how financial markets help facilitate the efficient transfer of risk through the derivatives market by providing hedging tools for market participants. Farmers and Producers Hedge against Falling Prices Derivatives Markets Facilitate Efficient Transfer of Risks Hedge against Falling Prices Food Manufacturers Figure 9.6 Derivatives markets facilitate transfer of risk Hedging is a risk management strategy used to limit or offset the amount or probability of losses from fluctuations in the prices of interest rates, foreign exchange, commodities and other financial variables. Chapter-09.indd 263 11/26/2015 9:43:41 AM 264 Risk Management in Banking: Principles and Framework Using examples, Figure 9.6 shows how farmers or producers hedge their revenues against falling agricultural prices while food manufacturing companies also use the derivatives market to hedge their costs against rising agricultural prices. 9.2 DEFINITION OF MARKET RISK LEARNING OBJECTIVE 9.2 DEFINE market risk The Basel Committee on Banking Supervision defines market risk as the: Risk of losses in on- and off-balance sheet positions arising from movements in market prices. In other words, market risk is the risk of loss in the value of a bank’s financial instruments due to changes in market conditions. Market risk affects the bank in two ways: (a) Earnings. Market movements may affect the bank’s earnings due to unrealized or realized losses; and (b) Economic or balance sheet value. The economic or balance sheet value of a bank’s assets and liabilities may also be affected by changes in market rates. Table 9.7 is an excerpt from the income statement of HSBC, a global bank. It can be seen that income from trading and investment activities represents a significant portion of the bank’s total operating income. Table 9.7 HSBC income statement (2013) Consolidated income statement for the year ended 31 December 2013 2013 US$m 2012 US$m 2011 US$m Interest income 51,192 56,702 63,005 Interest expenses (15,653) (19,030) (22,343) Net interest income 35,539 37,672 40,662 Free income 19,973 20,149 21,497 Fee expense (3,539) (3,719) (4,337) Net fee income 16,434 16,430 17,160 Trading income excluding net interest income 6,643 4,408 3,283 Notes Chapter-09.indd 264 11/26/2015 9:43:41 AM 265 Chapter 9 Market Risk 2013 US$m 2012 US$m 2011 US$m Net interest income on trading activities 2,047 2,683 3,223 Net trading income 8,690 7,091 6,506 Changes in fair value of long-term debt issued and related derivatives (1,228) (4,327) 4,161 Net income/(expense) from other financial instruments designated at fair value 1,996 2,101 (722) 768 (2,226) 3,439 2,012 1,189 907 322 221 149 Notes Net income/(expense) from financial instruments designated at fair value 3 Gains less losses from financial investments Dividend income Net earned insurance premiums 4 11,940 13,044 12,872 Gains on disposal of US branch network, US cards business and Ping An Insurance (Group) Company of China, Ltd. (‘Ping An’) 25 – 7,024 – Other operating income 2,632 2,100 1,766 Total operating income 78,337 82,545 83,461 9.2.1 Trading Book versus Banking Book From a regulatory perspective, a bank’s assets are divided into two different and distinct categories—the banking book and trading book. Assets that are classified in the trading book portfolio are generally those that are liquid and easy to trade. These assets are required to be fair valued on a daily basis with changes in the fair value being reflected in the profit or loss (P&L). On the other hand, assets that are classified in the banking book portfolio are generally those that are less liquid and are intended to be held on a longer-term horizon. Based on current practices, the decision as to whether a financial instrument is classified in the trading book or banking book is largely intent-based. The decision to classify a financial instrument in the trading book depends on the bank’s self-determined and largely undefined intent to hold the financial instrument: (a) For short-term resale (b) To benefit from short-term price movements (c) To take advantage of locked-in arbitrage profits Financial assets that are classified in the trading book should be valued on a daily basis at readily available closed-out prices. This means that the financial instruments should be valued at market prices. There is no specific guidance under Basel II on the types of financial Chapter-09.indd 265 11/26/2015 9:43:41 AM 266 Risk Management in Banking: Principles and Framework instruments to be classified in the trading book. There are, however, some instruments which may not be classified in the trading book due to the bank’s significant inability to liquidate their positions and provide a reliable mark-to-market value. Examples of these instruments are: (a) Equity stakes in hedge funds (b) Private equity investments (c) Positions in securitization warehouse (d) Real estate holdings The banking book positions are intended to be held for long term or until maturity or for the purpose of hedging other banking book positions. Daily valuation is not required for financial instruments held in the banking book. Given the uncertainty in the values of the financial instruments held in the banking book, higher regulatory capital charges are often assigned for banking book exposures. This led many market participants to choose to classify financial instruments under the trading book, which attract lower capital charges. Trading intent as a criterion has proven to be inherently subjective. One of the Basel Committee’s intended reforms is to strengthen the objectivity in defining the boundary between trading and banking books. The Basel Committee is proposing a revised boundary approach that introduces more objective rules for determining the classification of financial instruments under either the trading book or banking book. 9.2.2 Daily Valuation and Mark to Market The Generally Accepted Accounting Principles (U.S. GAAP) provides a useful definition of financial instruments. They are defined as: (a) Cash (b) Ownership interest in a company or other entity or (c) A contract that does both of the following: (i) Imposes on one entity a contractual obligation either to deliver cash or another financial instrument to a second entity, or to exchange other financial instruments on potentially unfavourable terms with the second entity (financial liability) (ii) Conveys to that second entity a contractual right either to receive cash or other financial instrument from the first entity, or to exchange other financial instruments on potentially favourable terms with the first entity (financial asset) Chapter-09.indd 266 11/26/2015 9:43:41 AM 267 Chapter 9 Market Risk This definition is clearly illustrated in Figure 9.7. Financial Liability First Party Financial Asset Second Party First Party Second Party Right to receive cash or other financial instrument from the first party or to exchange other financial instruments on potentially favourable terms with the first entity Obligation to deliver cash or another financial instrument to the second party or to exchange other financial instruments on potentially unfavourable terms with the second party Figure 9.7 Definition of financial instruments A bank’s investment in debt securities is an example of a financial instrument. The investment represents a right on the bank’s part to receive cash in the future—both the interest and principal—from the issuer of the debt security. From the bank’s perspective, this represents a financial asset. On the other hand, the issuer of a debt security has contractual obligations to repay the interest and principal in the future to the holder of the debt security. From the issuer’s perspective, this represents a financial liability. Market risk arises when the value of the financial instrument deteriorates due to changes in market conditions. Financial instruments are measured in a banking organization’s balance sheet either at historical cost or at fair value. Historical cost Financial instruments that are measured at historical cost are measured at the initial acquisition costs throughout their lives. Changes in the value of a financial instrument measured at historical cost have no impact to the bank as long as there is no objective evidence of impairment in the value of the financial instrument. Fair value Financial instruments that are measured at fair value are also measured at the initial acquisition costs at inception. However, unlike the historical-cost accounting, the fair values of these financial instruments are measured periodically—usually at each financial reporting period or daily. Changes in fair value may impact a bank’s profit or loss (P&L) or equity. The process of periodically measuring the fair value based on current market prices is called the mark-to-market process. The objective is to have a realistic appraisal of the financial instrument’s value on a regular basis. The distinction between the historical cost and fair value approaches is illustrated below. Chapter-09.indd 267 11/26/2015 9:43:41 AM 268 Risk Management in Banking: Principles and Framework Illustrative Example Mark to Market Bank XYZ purchased an investment in the debt securities of JLN Corporation at $100. At the end of the year, the investment in the debt securities traded lower at $80. Discuss the different implications if Bank XYZ accounts for the investment at (a) (b) historical cost fair value Solution: (a) If accounted for at historical cost, the investment in the debt securities will be reflected in the balance sheet as a financial asset with an initial value of $100. Throughout the life of the investment, it will be reflected at $100, unless the asset is impaired. Hence, the change in fair value to $80 has no impact. (b) If accounted for at fair value, the investment in the debt securities will be reflected in the balance sheet as a financial asset with an initial value of $100. However, the asset’s value is re-appraised on a periodic basis through the mark-to-market process. Hence, at the end of the year, the value of the investment is decreased from $100 to $80. The $20 decrease (i.e. $100 – $20) is reflected as a loss on the value of the investment and will affect Bank XYZ’s profitability. 9.3 TYPES OF MARKET RISKS LEARNING OBJECTIVE 9.3 ENUMERATE the different types of market risk exposures Banking organizations face four different types of market risk exposures: (a) Foreign exchange risk (b) Interest rate risk (c) Equity price risk (d) Commodity price risk Chapter-09.indd 268 11/26/2015 9:43:41 AM 269 Chapter 9 Market Risk 9.3.1 Foreign Exchange Risk Foreign exchange risk is the exposure of a bank’s earnings and financial condition to fluctuations in exchange rates. The foreign exchange market helps facilitate international trade and investment by allowing the conversion of one currency to another. The foreign exchange rate is the price of one currency expressed in terms of another currency. A spot transaction is a straightforward purchase or sale of one currency against another. Foreign Exchange Gains and Losses Foreign exchange gain or loss is the difference between the buying and selling rates of the foreign exchange. Exchange differences arise from translating a given number of units of one currency into another currency at different exchange rates. Foreign exchange gains/losses are calculated based on the difference in the number of units between the sales proceeds (purchase cost) and the actual spot rate as of the transaction date. Assume that ABC Corporation bought US$10,000,000 at US$/MYR3.3. Assuming that ABC Corporation was able to sell the US$ at US$/MYR3.0, calculate the foreign exchange gains or losses from the foreign exchange transaction. Solution: MYR profit (loss) = Sales Proceeds – Purchase Cost = (10,000,000 × 3.0) – (10,000,000 × 3.3) = 30,000,000 – 33,000,000 = (MYR3,000,000) There is a loss of MYR0.3 for every US$1 exposure as a result of the strengthening of the MYR against the US$. This is equivalent to an absolute loss of MYR3,000,000. For financial statement purposes, an entity needs to establish its functional currency. Functional currency is the currency of the primary economic environment in which the entity operates. The primary economic environment where an entity operates is normally the one in which it primarily generates and expends cash. Exchange differences arising from settlement of monetary items or on translating monetary items at rates different from those at which they are translated on initial recognition during the period or in previous financial statements shall be recognized in the profit and loss statement during the period in which they arose. The results and financial position of an entity whose functional currency shall be translated into a different presentation currency is possible by using the following: Asset and liabilities—closing rate on the date of the statement of financial position Income and expenses—exchange rates on the dates of the transactions Foreign exchange risk can be classified into three types, i.e. transaction risk, business risk and translation risk. Chapter-09.indd 269 11/26/2015 9:43:41 AM 270 Risk Management in Banking: Principles and Framework (a) Transaction risk Foreign exchange transaction risk arises from the impact of exchange rates on foreign currencydenominated receivables and payables. Transaction risk arises from the difference between the price at which the receivables are collected or the payables are paid and the price at which they are recognized in the bank’s financial statements. Illustrative Example Transaction Risk Bank DEF is a bank with its functional currency denominated in MYR. Bank DEF has a US$denominated payable of $20,000,000 which is payable after one year. The spot exchange rate as of the date of transaction was US$/MYR3.3. After one year, the US$/MYR weakened to 3.5. Demonstrate how the fluctuation in exchange rates affected Bank DEF’s position. Solution: At the start of the transaction, Bank DEF (functional currency—MYR) has recognized a financial obligation to pay MYR66 million (= $20,000,000 × spot exchange rate of 3.3). After one year, the US$/MYR weakened to 3.5. This means that Bank DEF will need to buy US$20,000,000 at a rate of US$/MYR3.5. The total cash that Bank DEF needs to pay will be equal to MYR70 million. The difference between the amount that Bank DEF actually paid—MYR70 million—and the amount of payable initially recognized in the financial statements—MYR66 million—is referred to as the foreign exchange transaction risk on the part of Bank DEF. (b) Business risk Business risk arises from the impact of exchange rates on a country’s or a company’s long-term competitive position. (c) Translation risk Foreign exchange translation risk or revaluation risk is the risk brought about by changes in the reported domestic currency accounting results of foreign operations due to changes in foreign exchange rates. It is the risk that adverse developments in the exchange rates could affect the value of an entity’s foreign currency-denominated assets or liabilities. Illustrative Example Maximum Amount of Exposure to Credit Risk Exposure The Group is exposed to two sources of foreign exchange risk. (a) Transactional foreign exchange exposure Transactional foreign exchange exposures represent exposures on banking assets and liabilities, denominated in currencies other than the functional currency of the transacting entity. The Group’s risk management policies prevent the holding of significant open positions in foreign currencies outside the trading portfolio managed by Barclays Capital which is monitored through DVaR. Chapter-09.indd 270 11/26/2015 9:43:41 AM 271 Chapter 9 Market Risk There were no material net transactional foreign currency exposures outside the trading portfolio at either 31 December 2011 or 2010. Due to the low level of non-trading exposures no reasonably possible change in foreign exchange rates would have a material effect on either the Group’s profit or movements in equity for the year ended 31 December 2011 or 2010. (b) Translational foreign exchange exposure The Group’s investments in overseas subsidiaries and branches create capital resources denominated in foreign currencies principally US$, Euro and South African Rand. Changes in the Sterling value of the investments due to foreign currency movements are captured in the currency translation reserve, resulting in a movement in Core Tier 1 capital. During 2011, total structural currency exposures net of hedging instruments increased from £15.3bn to £16.7bn, driven by the redemption of US$2bn Reserve Capital Instruments that formed part of the economic hedges. Structural currency exposures pre-economic hedges remained broadly flat. US$ exposures increased by US$8bn due to the restructuring of our holding in BlackRock, Inc from a GBP entity to a US$ entity, offset by the increase in US$ derivatives which hedge net investments. South African Rand exposures increased £1.1bn as a result of a reduction in the hedging of the investment in Absa Group. Euro exposures reduced by £0.8bn driven by the Spain goodwill write off, which had no impact on Euro-denominated Core Tier 1 capital as goodwill is deducted for regulatory capital purposes. Source: Annual Report 2012, Barclays Capital Banks may be exposed to foreign exchange risk in an indirect manner. A bank may be exposed to foreign exchange risk even if it does not have any foreign currency denominatedassets or liabilities; an adverse movement in the foreign exchange rates could result in losses to the bank. For example, the bank extends a loan facility to an exporter; a strengthening of the domicile currency may weaken the exporter’s capability to pay its obligations to the bank. Hence, the bank is exposed to additional credit risk. 9.3.2 Interest Rate Risk Interest rate risk is the exposure of a bank’s earnings and financial condition to adverse movements in interest rates. Interest rate risk can be subdivided into traded interest rate risk and interest rate risk in the banking book. (a) Traded interest rate risk Traded interest rate risk arises from a bank’s position in debt securities. The value of the debt securities is highly sensitive to changes in interest rates. (b) Interest rate risk in the banking book (or gap risk) Interest rate risk exists due to mismatched maturity positions of a bank’s assets and liabilities. A typical bank normally sources its funding requirements from deposits. It then lends the funds to corporations or borrowers. While deposits are typically very short term in nature, lending is long term in nature. This mismatch between the tenor of a bank’s deposit liabilities (short term) and its lending assets (long term) is also referred to as a negative gap exposure. A negative gap exposure exists Chapter-09.indd 271 11/26/2015 9:43:41 AM 272 Risk Management in Banking: Principles and Framework when the liability is of a shorter tenor than the asset. Figure 9.8 illustrates the maturity mismatch. Maturity Mismatch DEPOSITORS Short Term BORROWERS Long Term Figure 9.8 Maturity mismatch This mismatch creates an interest rate risk exposure. As interest rates increase, the bank’s cost of funds—from deposits—increases as it replaces the maturing deposits. On the other hand, the bank cannot adjust its interest income from its lending activities which will mature on a longer-term basis. Interest Rates and Bond Prices Market interest rates and bond prices generally move in an inverse manner. Figure 9.9 illustrates the inverse relationship between market interest rates and bond prices. As market interest rates increase, bond prices fall. Conversely, as market interest rates decrease, bond prices rise. This means that as interest rates increase, the bank’s holdings in debt securities decline in value. Bond prices decrease Interest rates increase Interest rates decrease Bond prices increase Figure 9.9 Interest rates and bond prices—inverse relationship Interest rate risk can be measured by quantifying the potential impact on the market value of the position if interest rates move adversely. Potential losses from interest rate risk can be quantified by taking the value of the position after an adverse interest rate scenario and its current market value. Interest rate risk arises primarily from debt securities. Debt securities are issued by an entity, which represents a financial obligation that must be repaid on a specified maturity date at a specified interest rate. Chapter-09.indd 272 11/26/2015 9:43:42 AM 273 Chapter 9 Market Risk Real World Illustration Interest Rate Risk from QE Taper The U.S. Federal Reserve Bank (the Fed), in an effort to contain the 2008 financial crisis, implemented unprecedented monetary stimulus measures to ease liquidity and credit conditions in the market. The unprecedented measures are collectively referred to as quantitative easing (QE). Quantitative easing entails massive asset purchases by the Fed to give cash to the banks. The Fed is committed to keep interest rates near zero until the unemployment rate falls below a certain target. As interest rates are near zero and the banking system is flooded with cash, the banks would either lend money to their clients or invest the excess cash in risky assets. Consequently, risky assets rallied in prices (interest rates are low). On 22 May 2013, Federal Reserve Chairman Ben Bernanke hinted that the unexpected recovery in the U.S. economy could prompt the Fed to gradually unwind or withdraw the unprecedented monetary stimulus. This would mean that the era of cheap money would be over. This move to withdraw the monetary stimulus is frequently referred to as the QE taper. The Federal Reserve will taper the quantitative easing measures by slowing down or cutting its bond purchase programme, which will result in a decline in the prices of bonds. Banks will face tighter liquidity as a significant source of liquidity—arising from the quantitative easing measures—is being wound down. Scarce liquidity will result in higher interest rates. This is why market participants, especially those in the bond markets, are wary of the unexpected QE tapering. 9.3.3 Equity Price Risk Equity price risk is the exposure of a bank’s earnings and financial condition to adverse movements in equity indices and individual equity prices. There are two main aspects of equity price risk—systematic risk and non-systematic risk. (a) Systematic risk Systematic risk or beta risk is the risk associated with the market and cannot be diversified away. It is measured by a statistical measure called beta. This is a measure of an asset’s risk in relation to the market, e.g. KLSE. It measures the degree to which an equity security fluctuates in relation to the general market. The higher the beta, the more volatile the stock is and, therefore, the riskier the stock. Stocks with beta of less than one are generally considered to be less volatile than the general market. They are generally referred to as defensive stocks or countercyclical stocks. The performance of defensive stocks is generally seen as not highly correlated to the performance of the general market and general economy. These stocks tend to remain stable even during economic recessions. Some common examples of defensive stocks are utility stocks and food manufacturing stocks. Utilities and food are considered to be essential, regardless of the economic cycle. Chapter-09.indd 273 11/26/2015 9:43:42 AM 274 Risk Management in Banking: Principles and Framework Stocks with a beta equals one are generally considered to be as volatile as the market. They generally move in tandem with the general market. On the other hand, stocks with a beta greater than one are generally considered to be more volatile than the general market. They are referred to as cyclical stocks. They tend to display higher risk than the general market and also offer higher potential return. Some examples of stocks with a high beta are high technology stocks, consumer discretionary (non-essential) stocks and luxury stocks. Table 9.8 Interpreting an investment’s beta Beta Value Interpretation Examples Beta <1 Equity security is less volatile than the general market. Utility industry stocks Beta = 1 Equity security moves in conjunction with the general market. Equity indices that replicate the performance of the general equity benchmark index, e.g. funds replicating the performance of the S&P 500 Beta >1 Equity security is more volatile than the general market. High technology stocks, retail industry stocks, consumer discretionary stocks, manufacturing stocks, small capitalization companies, biotechnology companies (b) Non-systematic risk Non-systematic risks or specific risks are firm-specific risks that can be eliminated by diversification. Examples are: (i) Adverse industry developments (ii) Negative news on a specific company (iii) Labour problems (iv) Weather disturbance in the primary place of operation 9.3.4 Commodity Price Risk Commodity price risk is the exposure of a bank’s earnings and financial condition to fluctuations in commodity prices. Commodities can be classified into hard commodities and soft commodities. (a) Hard commodities Hard commodities generally refer to energy, industrial metals and precious metals commodities. They are generally storable and not perishable by nature. Examples are: (i) Energy—crude oil, coal, jet fuel, gas, heating oil (ii) Industrial metals—aluminum, copper, lead, mercury, nickel, zinc (iii) Precious metals—gold, silver, platinum Chapter-09.indd 274 11/26/2015 9:43:42 AM 275 Chapter 9 Market Risk (b) Soft commodities Soft commodities generally refer to agricultural commodities that are weather dependent and perishable in nature. Examples are: (i) Livestock—live cattle, live hogs, pork bellies (ii) ‘Softs’—coffee, cocoa, cotton, orange juice, rubber, sugar, milk (iii) Grains and seeds—barley, corn, canola, rice, soybeans Price risk from commodities arises from two main components of commodity prices— adverse movements in spot prices of commodities and investment demand. Adverse movements in spot prices of commodities Spot prices of commodities are generally driven by supply and demand factors. Spot prices of different commodities are influenced by different factors. Gold The balance of supply and demand plays a less important role in gold prices. This is because gold is not a perishable commodity and has a huge above-ground supplies— 174,100 tonnes as of end 2012. This indicates that an increase in demand can be met by the large inventory held above ground. mm Demand factors –– Investment. Since 2003, investment has represented the strongest source of growth in demand for gold. One of the strongest reasons for investment demand is that gold is perceived as a hedge against instability. –– Exchange-traded funds. Gold exchange-traded funds (ETFs) are investment products designed to provide investors with exposure to the price performance of gold without the necessity of taking physical delivery of the commodity. These funds have increased the appeal and accessibility of gold as an investment. –– Central banks and governments. Central banks are one of the key players in the gold market. As of end 2012, central banks held one-fifth of the global aboveground stocks of gold as reserve assets. On average, governments hold 15% of their official reserves in gold. In 2009 and 2010, central banks and governments were net buyers of gold—for the first time in 21 years—from the private sector markets. –– Technology. Gold has wide electronic, industrial, medical and dental applications. Technological demand accounted for 11% of the gold demand as of end 2012. –– Jewellery demand. Jewellery is the largest component of gold demand. The demand is directly driven by consumers’ ability to spend more for gold. Gold demand rises during periods of price stability or gradual rising of gold prices and declines during periods of price instability. India and China continue to be the world’s largest consumer of gold. Chapter-09.indd 275 11/26/2015 9:43:42 AM 276 Risk Management in Banking: Principles and Framework Investment* (1,483 t) 36.3% Technology (439 t) 10.8% Jewellery (2,002 t) 49.0% Central bank net purchases (160 t) 3.9% Sources: Thomson Reuters GFMS, World Gold Council *Investment excludes OTC investment and other stock flows Figure 9.10 Gold demand trends—five-year average (2008–2012) mm Supply factors –– Mine production. Gold is produced from several hundred gold mines around the world. Supply from mine production has been relatively stable at around 2,690 tonnes per year over the last five years. Most of the time, new mines are developed to replace current production rather than expand production levels. Gold production does not respond quickly to a change in price outlook due to the long 10-year lead time for production. –– Recycled gold. Recycled gold is a potential source of readily-available supply when needed. For the period 2008–2012, recycled gold contributed an average 39% to the annual supply flows. Mine production* (2,547 t) 61.4% Recycled gold (1,600 t) 38.6% Sources: Thomson Reuters GFMS, World Gold Council *Net of producer hedging Figure 9.11 Gold supply trends—five-year average (2008–2012) Oil Oil spot prices are driven by many factors. These drivers can be classified into macroeconomic factors, political risk, supply chain consideration and investment demand. Chapter-09.indd 276 11/26/2015 9:43:43 AM 277 Chapter 9 Market Risk mm Macroeconomic factors Strong economic indicators, e.g. strong GDP, that signal increased economic activities could drive oil prices higher. Increased economic activities indicate stronger future demand for oil. Weak indicators, on the other hand, that signal decreased economic activities could drive oil prices lower. Decreased economic activities indicate weaker future demand for oil. Figure 9.12 illustrates this point. Note that oil consumption— depicted by the bar graph—generally increases during periods when the GDP—depicted by the line graph—increases, and vice versa. per cent change (year-on-year) 14 Forecast 12 10 8 6 4 2 0 –2 –4 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 non-OECD liquid fuels consumption non-OECD GDP Sources: EIA Short-Term Energy Outlook, Thomson Reuters Figure 9.12 Impact of economic growth on oil consumption Political risk Crude oil prices are affected by events that have the potentials to disrupt the flow of oil products to the markets. These events create uncertainties over future oil supply and demand, which can lead to higher price volatility, especially over the short run. Crude oil prices react to several geopolitical and economic events. Figure 9.13 illustrates this point. Market participants are constantly assessing the possibility of future disruptions and their potential impact. However, their influence tends to be relatively short-lived. mm Supply chain consideration Crude oil is a finite resource. The available oil reserves, therefore, would have a significant impact on oil prices. There are many differing definitions of oil reserves, which refer to quantities available for production plus those that will become available within a certain time frame through additional oil fields coming on stream, technological advances or exploration. mm Chapter-09.indd 277 11/26/2015 9:43:43 AM 278 Risk Management in Banking: Principles and Framework price per barrel (real 2010 dollars, quarterly average) 140 Global financial collapse 120 Iran-Iraq war 100 Low spare capacity 80 Saudis abandon swing producer role U.S. spare 60 capacity exhausted 9-11 attacks Asian financial crisis 40 OPEC cuts targets 4.2 mmbpd Iranian revolution 20 0 1970 1975 1980 OPEC cuts targets 1.7 mmbpd Iraq invades Kuwait Arab oil embargo 1985 1990 1995 2000 2005 2010 imported refiner acquisition cost of crude oil WTI crude oil price Sources: U.S. Energy Information Administration, Thomson Reuters Figure 9.13 Crude oil prices react to geopolitical and economic events Crude oil production by the Organization of Petroleum Exporting Countries (OPEC) is an important factor that affects oil prices. OPEC manages oil production by seeking production targets which often act to balance the oil market. Historically, oil prices tend to increase when the OPEC targets are reduced. million barrels per day change (year-on-year) 6 per cent change (year-on-year) 150 4 100 2 50 0 0 –2 –50 –4 –100 –150 –6 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 OPEC production targets WTI crude oil price Sources: U.S. Energy Information Administration, Thomson Reuters, 30 September 2013 Figure 9.14 Changes in OPEC production and crude oil prices Chapter-09.indd 278 11/26/2015 9:43:43 AM 279 Chapter 9 Market Risk In the 1970s, a popular theory called the peak oil theory had a significant influence on crude oil prices. This theory contends that global conventional sources of crude oil have reached, or about to reach, the maximum capacity by the mid-21st century. It predicts that supply shortfalls could then lead to an oil price inflation. The theory, however, applies only in respect of conventional oil sources and not to non-conventional sources. According to the International Energy Agency (IEA), the U.S. will surpass Saudi Arabia and Russia as the world’s largest oil producer by 2016. This is because of a new technology the U.S. uses in extracting shale oil. Rich oilshale deposits are extracted using the horizontal drilling and hydraulic fracturing processes. The EIA estimates that the U.S. production will reach 4.8 million barrels per day by 2021. mm Investment demand A growing number of investors have gained exposures to commodities through investing in index funds that provide exposures to a basket of commodities. These funds usually hold shares in various energy companies and commodities. Figure 9.15 illustrates the relationship between investment flows to commodity index funds and commodity prices. Commodity index investment flows tend to move together with commodity prices. Commodity Index Assets under Management and Dow Jones Index Level per cent change (year-on-year) 200 150 100 50 0 –50 –100 2006 2007 2008 2009 2010 2011 2012 2013 Dow Jones UBS commodity price index assets under management (Five largest public U.S. commodity index funds) commodity index assets under management reported to CFTC under ‘special call’ Sources: U.S. Commodity Futures Trading Commission (CFTC), Bloomberg Published by: U.S. Energy Information Administration Updated: Quarterly | Last updated: 30 September 2013 Figure 9.15 Oil prices and investment flows Increased trading activities in commodity index funds are believed to have a significant impact on energy prices. In one of the popular commodity index funds—the Dow Jones UBS Commodity Index—energy commodities accounted for about one-third of the 2013 target weights in the Index. Crude oil comprises 15% of the Index. Figure 9.16 shows the composition of the Dow Jones UBS Commodity Index. Note that crude oil (WTI plus Brent) comprises 15% of the total allocation. Chapter-09.indd 279 11/26/2015 9:43:43 AM 280 Risk Management in Banking: Principles and Framework Composition of the Dow Jones UBS Commodity Index 2013 Target Weights Lean hogs: 1.9% Live cattle: 3.3% Nickel: 2.2% Crude oil: WTI: 9.2% Zinc: 2.5% Crude oil: Brent: 5.8% Silver: 3.9% Aluminum: 4.9% Natural gas: 10.4% Copper: 7.3% Heating oil: 3.5% Gasoline: 3.5% Gold: 10.8% Corn: 7.0% Cotton: 1.8% Coffee: 2.4% Soy meal: 2.6% Soybean oil: 2.7% Soybeans: 5.5% Wheat: 4.8% Sugar: 3.9% Sources: Dow Jones Indexes, CME Group Published by: U.S. Energy Information Administration Updated: Annually | Last updated: 2013 Figure 9.16 Oil prices and investment flows Many commodities—particularly gold and crude oil—are denominated in the U.S. dollar. The U.S. dollar will, therefore, have an impact on commodity prices. There is typically an inverse relationship between commodities and the U.S. dollar. This means that when the U.S. dollar strengthens, prices of commodities typically drop. When the value of the dollar increases, commodities buyers will have less purchasing power— relative to their domestic currencies—thus, resulting in lower demands that will cause a drop in commodity prices. When the U.S. dollar weakens, prices of commodities typically rise. Given the lower value of the U.S. dollar, commodities buyers will have more purchasing power—relative to their domestic currencies—and the increased demand will result in an increase in commodity prices. 9.4 MARKET RISK MANAGEMENT PROCESS LEARNING OBJECTIVE 9.4 DISCUSS the basic market risk management process The market risk management process is a continuous cycle of identification, assessment and measurement, mitigation and control, and monitoring and reporting of all market risk exposures. Chapter-09.indd 280 11/26/2015 9:43:43 AM 281 Chapter 9 Market Risk Identification Assessment and measurement Monitoring and reporting Mitigation and control Figure 9.17 Risk management process—a continuous cycle 9.4.1 Market Risk Identification Market risk identification is usually the first step in the market risk management process. The objective is to identify and enumerate all sources and types of market risk exposures arising from every banking products and services. Another important objective in this phase is the proper classification of financial instruments in the trading or banking book. Based on current practices, financial instruments that are held in trading books are usually liquid assets that are held for short-term profittaking. Financial instruments that are less liquid are held in the banking book. In the trading book, market risks are categorized and classified under interest rate, equity, foreign exchange or commodity. For each risk category, primary and secondary risk factors are identified. The key output of the market risk identification phase is the identification and selection of key market risk factors. 9.4.2 Market Risk Assessment The next step in the market risk management process is the quantification or measurement of risks. Quantification is an important prerequisite to risk management. As quality guru, W. Edwards Deming once said, “You can’t manage what you can’t measure.” Market risk assessment and measurement could be one of the most complex activities in the market risk management process. The objective of this process is to generate potential loss forecasts that are expressed in terms of severity and probability. Severity is the expected magnitude of loss. Probability is the likelihood of loss. A comprehensive suite of market risk measures should be used. Each tool serves different purposes and is designed to complement each other. This will be discussed in more detail in the succeeding chapter on market risk assessment and measurement. Notional exposure Sensitivity measures Probabilistic/ statistical measures Scenario/ analysis stress testing Figure 9.18 Suite of market risk measurement tools Chapter-09.indd 281 11/26/2015 9:43:44 AM 282 Risk Management in Banking: Principles and Framework Nominal or notional exposure The use of the nominal or principal exposure as the basis for estimating market risk has been one of the earliest and crudest forms of market risk estimation. Notional exposure is one of the simplest ways of estimating market risk exposures. It involves using the face amount of the transaction as the basis for quantifying risk. Illustrative Example Maximum Amount of Exposure to Credit Risk Exposure Bank RST has a trading portfolio comprising the following: $100 million investment in bonds $50 million investment in commodities $20 million holdings in gold bullion $50 million equivalent of EUR cash Determine Bank RST’s market risk exposure using the notional amount approach. Solution: The notional exposure is simply the additive value of each of the notional or principal exposures to each asset type. Investment in bonds US$100,000,000 Investment in commodities US$50,000,000 Holdings in gold bullion US$20,000,000 EUR cash US$50,000,000 Total notional exposure US$220,000,000 The use of notional exposure as a market risk exposure is simple and straightforward but has several disadvantages: 1. The use of nominal exposure does not distinguish between assets that have lower volatility and those with higher volatility. It does not recognize that different assets have different volatility. It assumes that a $10,000,000 investment in a low-volatility asset—therefore, a low-risk asset—is as risky as a $10,000,000 investment in a high-volatility asset. 2. Nominal exposure does not recognize an exposure’s market value. Two investments with nominal amount of $10,000,000 are treated similarly even if investment 1 (market value—$40,000,000) is trading twice as high as investment 2 (market value—$20,000,000). 3. The use of nominal exposure does not take into consideration that different asset classes tend to move positively or negatively against each other. Correlation measures the relationship between different asset classes. A strongly correlated relationship means that two assets tend to move in tandem with each other. This means that if Asset 1 increases in value by 20%, a strongly correlated Asset 2 will also increase in value by close to 20%. Assets that have a low correlation tend to display a weak relationship between two assets. This means that the two assets do not perform in the same way. If Asset 1 increases in value by 20%, Asset 2 will increase in value by less than 20%. Assets that have a low correlation against each other tend to have lower risks from a portfolio perspective. This is because a poor performance in one investment can be offset by a good performance of the other. This provides diversification benefits to the investor. The problem with the use of nominal exposure is that it treats assets with a high correlation against each other similarly as assets with a low correlation against each other. For example, Bank XYZ has a $10,000,000 investment in Asset 1 and $10,000,000 investment in Asset 2 which is highly correlated to Asset 1. The nominal exposure is equal to $20,000,000. Even if Asset 3 has a low correlation with Asset 1, a $10,000,000 investment each in Asset 1 and Asset 3 (low correlation) will have a notional exposure equal to $20,000,000. The use of nominal exposure does not take into consideration that certain positions tend to cancel out each other. Chapter-09.indd 282 11/26/2015 9:43:44 AM 283 Chapter 9 Market Risk Sensitivity measures The limitations of nominal exposure as a market risk measurement tool led to the use of more sophisticated tools. Sensitivity measures calculate the potential loss due to adverse movements in a single risk factor. The risk factor is a measurable variable that affects the value of a financial asset, e.g. fixed income and currency. Sensitivity measures reflect the cause (risk factor) and its adverse impact on the bank’s earnings. Fixed income Interest rates Equity Beta Figure 9.19 Asset class and risk factor Figure 9.19 exemplifies the relationship between an asset class and a risk factor. The value of a fixed income or equity instrument is affected by movements in a risk factor—interest rates and beta. There are three market risk sensitivity measures commonly used in practice: Duration Beta Greeks Probabilistic/Statistical measures (value at risk) Probabilistic measures of market risk provide a statistical estimate of potential losses, given a confidence level and time horizon. Probabilistic measures are the most sophisticated risk measures of market risk. Value at risk (VAR) is one of the most commonly-used probabilistic measures of market risk. VAR is a widely-used model. In fact, even Basel II uses VAR as a basis for setting the regulatory capital. History of VAR The development of VAR as a statistical measure of a portfolio’s losses was credited to J.P. Morgan. As a large commercial bank with diverse and complex exposures to various securities, it needed a tool to measure and summarize all its risk exposures into a single measure. Sir Dennis Weatherstone, the chairman of J.P. Morgan, asked his staff to produce a concise summary of the bank’s risk at the end of each trading day. It started with the question—“How much can we lose on our trading portfolio by tomorrow’s close?” This report is popularly known as the ‘4:15 Report’. J.P. Morgan developed a firm-wide value-at-risk system that modelled several hundred key risk factors. Each day, trading units would e-mail their risk positions with respect to each key risk factor. These were aggregated to express the portfolio’s risk factors as a single statistical measure. With the VAR measure, J.P. Morgan replaced the crude system of notional market risk limit with a system of VAR limits. Starting 1990, the VAR numbers were combined with the P&L’s in a report for its daily ‘4:15 PM’ treasury meeting in New York. These reports were then forwarded to Weatherstone. The use of VAR became prevalent, in part, when J.P. Morgan decided in May 1995 to make its proprietary RiskMetrics publicly available. Definition of VAR VAR is a single, summary statistical measure of possible portfolio losses due to normal market events. VAR captures the potential losses from market risk that can occur over Chapter-09.indd 283 11/26/2015 9:43:44 AM 284 Risk Management in Banking: Principles and Framework a time interval given a certain confidence level. For example, if the VAR on an asset is US$10,000,000 at a 10-day, 95% confidence level, there is only a 5% chance that the value of the asset will drop by more than US$10,000,000 over a 10-day period. The VAR is, therefore, the maximum loss for any 10-day period 95% of the time. It is important to note the following three key considerations in the VAR interpretation: VAR is not an absolute measure of risk The most common error is that the VAR is frequently misinterpreted as an absolute maximum measure of loss. An important element that is missed in this interpretation is that the VAR is a probabilistic/statistical measure. This means that the VAR statistics should be interpreted with a confidence level (e.g. 95% confidence level) as part of the interpretation. mm VAR covers only normal market scenarios VAR covers only potential losses arising from normal market losses. It does not answer the ‘worst-case scenario’. VAR has received many criticisms for failing to anticipate the 2008 global financial crisis. While many of the criticisms against the VAR are not without merit, it should be recalled that VAR measures potential maximum losses under normal market conditions. It does not measure losses in black swan market events. VAR relies heavily on assumed statistical distributions. The most common distribution used is either the distribution of recent historical returns or normal distribution. The term ‘black swan’ event was coined by Nassim Nicolas Taleb, one of the most prominent critics of the VAR. It refers to events that are highly improbable or unpredictable but can cause massive adverse consequences when they occur. Such events are not captured by the VAR approach. mm VAR applies only to a specific time horizon VAR applies only to a selected time horizon. A calculated 10-day VAR should apply only over the 10-day time horizon. A common misinterpretation is that the calculated 10-day VAR is the absolute maximum loss at any time. This is an erroneous interpretation. VAR cannot be viewed as an open-ended number. mm Stress testing/Scenario analysis VAR is a statistical tool that measures the maximum loss assuming a holding period and a given confidence level. Extreme losses beyond the confidence level are not captured. Complementing the use of VAR with stress testing will provide information on the extreme losses beyond the confidence level. VAR also provides a maximum loss measure that is based on normal market conditions. Stress testing assesses potential losses based on breaks in normal market conditions. VAR assumes that changes in risk factors are normally distributed. Stress testing estimates extreme losses that may not be captured by the normal distribution assumption. 9.4.3 Market Risk Control The objective of market risk control and mitigation step is to ensure that market risk exposures are managed appropriately. It aims to ensure that proper response is made when risk limits are exceeded. The two main components of market risk control and mitigation are: Market risk limits A well-designed market risk limit system is one of the key mechanisms for market risk control and mitigation. Limits can be set on various risk measures: Chapter-09.indd 284 11/26/2015 9:43:44 AM 285 Chapter 9 Market Risk Exposures Sensitivity mm Probabilistic/Statistical measures mm Potential loss mm Actual loss mm mm New product approval Developing and launching a new product should undergo a special process, namely the new product approval process. This process covers the following situations: mm New products or services mm Significant changes in the features of existing products mm Significant differences in new market segments where existing products are to be offered mm New processes 9.4.4 Market Risk Monitoring and Reporting The objective of the market risk monitoring and reporting phase is to ensure that information is effectively prioritized and escalated to the bank’s key decision-makers. Organizational responsibilities mm Board of directors The board of directors is primarily responsible for setting market risk policies, strategies and objectives. At a minimum, the market risk policy should contain: –– Roles and responsibilities of the board and senior management with regard to market risk management –– Organizational structure with roles and responsibilities for market risk management. It should also enumerate the roles and responsibilities of the risk-taking unit, the market risk management division and the back office. The organizational structure should match the nature, scale, complexity and risk profile of the bank. –– Policies on market risk limits –– Policy on market risk identification, assessment, monitoring and mitigation of market risks The board should set the market risk appetite and ensure that it is reflected in the bank’s business strategy and cascaded throughout the entity. It should also establish and oversee an effective market risk governance structure and organizational structure that complies with legal and regulatory requirements. mm Board risk committee The board may choose to perform its risk oversight responsibilities through a dedicated group—the board risk committee. This committee’s responsibilities are: –– Make recommendations regarding market risk appetite –– Conduct period reviews of the bank’s market risk profile –– Review strategic decisions and market risk consequences –– Approve market risk policies, limits and delegations –– Consider key market risk issues –– Review market risk strategies, policies and controls mm Market risk management function There should be an independent market risk management function that is primarily responsible for implementing the risk control framework on market risk. Its function Chapter-09.indd 285 11/26/2015 9:43:44 AM 286 Risk Management in Banking: Principles and Framework should be adequately segregated and independent of the risk-taking functions within the organization. Staffing levels within the market risk management department should be adequate to support its mandate. The market risk management function bears the primary responsibility, together with the relevant risk-taking units, for assessing and controlling market risk. The market risk function should: –– Independently collect and analyze information needed for market risk assessment –– Implement and review market risk measurement methodologies –– Estimate market risk levels –– Prepare independent analysis to assist the board risk committee, the asset and liability management committee, and other risk-related committees in developing market risk policies and setting market risk limits CONCLUSION This chapter provided an important background on the role of financial markets in the economy and in the business of banking. The different types of financial markets according to the roles they play are then discussed. After which, market risk was defined according to the different sources of market risks—interest rate risk, foreign exchange risk, equity price risk and commodity price risk. The chapter ended with an overview of the market risk management process. Chapter-09.indd 286 11/26/2015 9:43:44 AM 10 C P HA TE R LIQUIDITY RISK Before the 2008 global financial crisis, liquidity risk had received less attention than the other major banking risks. The focus of international risk regulation had been on the banks’ long-term solvency. Hence, the focus had been to set minimum capital standards to cover for market, credit and operational risks. An important lesson learned from the 2008 financial crisis is that despite many banking organizations—such as Bear Stearns, Lehman Brothers and Northern Rock— being adequately capitalized, they ceased to exist as going concerns when confronted with a liquidity crisis. The financial crisis highlighted the importance of establishing strong liquidity risk management standards to ensure short-term survival. It appeared that focusing on long-term solvency was a necessary but not sufficient condition for organizational survival. As the eminent economist, John Maynard Keynes once said, “In the long run, we are all dead.” Indeed, for banks to survive it is no longer sufficient to think about long-term solvency (capital) but also to ensure their ability to withstand short-term shocks (liquidity). Chapter-10.indd 287 11/26/2015 9:43:18 AM 288 Risk Management in Banking: Principles and Framework This chapter begins by discussing the role of liquidity risk management in the asset and liability management (ALM) process and then the role of liquidity risk in the banking context. This is followed by enumerating the different sources of liquidity. This chapter ends with a discussion on sound practices in liquidity risk management. This chapter covers only liquidity risk identification. The topics on liquidity risk measurement, monitoring, controlling and mitigation will be discussed in Book II. Liquidity Risk Introduction to Liquidity Risk Sources of Liquidity Liquidity Risk Strategy Elements of Sound Practices in Liquidity Risk Definition of Liquidity Risk Asset-based Sources of Liquidity Stored Liquidity Management Liquidity Risk Management Framework Asset-based Liquidity Risk Liability-based Sources of Liquidity Purchased Liquidity Management Governance Structure Liability-based Liquidity Risk Measurement and Management of Liquidity Risk Public Disclosure Figure 10.1 Diagrammatic outline of this chapter’s topics LEARNING OUTCOME At the end of this chapter, you are expected to be able to: DISCUSS the importance of liquidity risk in the banking context LEARNING OBJECTIVES At the end of this chapter, you will be able to: DEFINE liquidity risk in the banking context ENUMERATE the different sources of liquidity DISCUSS the two main strategic approaches to managing liquidity risk ENUMERATE the elements of a sound liquidity risk management practice Chapter-10.indd 288 11/26/2015 9:43:19 AM 289 Chapter 10 Liquidity Risk 10.1 INTRODUCTION TO LIQUIDITY RISK LEARNING OBJECTIVE 10.1 DEFINE liquidity risk in the banking context Asset and liability management (ALM) is a set of key structured activities for matching or mismatching the mix of assets and liabilities in a bank’s balance sheet. ALM is concerned with the strategic management of the bank’s balance sheet. While the scope of ALM is wide, there are three main objectives: Optimize net interest income by maximizing interest income earned from loans and investments; or by minimizing interest expenses incurred from funds generated— interest income management. Maximize return on capital by choosing the optimal level of risk-weighted assets and the appropriate level and quality of capital—capital management. Manage liquidity by strategically deploying excess liquidity while ensuring that the bank maintains sufficient level of liquidity that will allow it to withstand stress events— liquidity management. From the above discussion, the key ALM activities are: Liquidity risk management Interest risk in the banking book Capital management The need to manage ALM risk arises from the mismatches in the bank’s balance sheet. To recap—in the course of a bank performing its asset-transformation role, the bank carries a structural mismatch in its balance sheet. The bank generates funds primarily from short-term deposits and lends them to corporations, investors and individuals. The loan tenors are usually medium to long term. Consequently, this generates a structural mismatch in its balance sheet, exposing the bank to a maturity mismatch risk. Maturity mismatch DEPOSITORS Short term BORROWERS Long term Figure 10.2 Maturity mismatch risk Chapter-10.indd 289 11/26/2015 9:43:20 AM 290 Risk Management in Banking: Principles and Framework From an interest rate risk standpoint, as market interest rates rise, the bank’s funding cost increases—interest expense—as it needs to pay higher interest rates to maturing deposits. Interest income, however, does not change as this income from loans has already been locked in for a longer tenor. From a capital management standpoint, the structural mismatch generates negative income, which will impact the bank’s retained earnings and ultimately, its capital. From a liquidity management standpoint, this generates a mismatch, particularly in a stress scenario. On the one hand, depositors may demand repayment at a shorter tenor. On the other hand, banks cannot immediately liquidate the use of its funds as the tenor of the loans and investments have typically longer time to maturity. The three diverse but interrelated risks build the case for an integrated asset and liability risk management. 10.1.1 Definition of Liquidity Risk Liquidity refers to a bank’s ability to fund increases in assets and meet obligations as they come due without incurring unacceptable losses. Maturity transformation role of banks The fundamental role of banks in the maturity transformation of short-term deposits into long-term loans makes them inherently vulnerable to liquidity risk. Virtually every financial transaction or commitment has implications for a bank’s liquidity. Short-term Long-term Deposit Lending Figure 10.3 Maturity transformation of short-term deposits into long-term loans Liquidity risk is the risk that the bank will not be able to fund increases in assets and meet obligations as they come due without incurring unacceptable losses. This definition reveals two important aspects of liquidity—the asset aspect and liability aspect of liquidity risk. Liquidity risk arises for two main reasons, namely: Asset-based reason Liability-based reason Chapter-10.indd 290 11/26/2015 9:43:21 AM 291 Chapter 10 Liquidity Risk 10.1.2 Asset-based Liquidity Risk One way a bank can fund its asset growth or pay its obligations as they come due is to sell its existing assets. In liquidity term, assets that can easily be converted into cash are generally considered to be of higher quality than those that are not. This enables the bank to fund increases in assets and pay its obligations without incurring unacceptable losses. Sell existing ASSETS to generate cash to: (a) Fund increases in the bank's assets (b) Pay obligations as they come due Long-term Liquidity Figure 10.4 Asset-based liquidity risk Another important source of asset-based liquidity risk is the off-balance sheet commitments. Banks frequently allow clients to borrow funds over a commitment period on demand. This is referred to as a loan commitment transaction. When a client draws on its loan commitment, the bank must immediately fund the obligation, thus creating a demand for liquidity. 10.1.3 Liability-based Liquidity Risk A bank’s liquidity profile is also largely determined by the quality of its funding sources—the liability side of the bank’s balance sheet. When liability holders demand cash by withdrawing their deposits or lending, the bank needs to borrow additional funds or sell assets to meet the withdrawals. The bank uses cash to satisfy the demands of its liability holders. In times of liquidity stress, volatile sources of funds (liabilities) will force the bank to replace the liabilities in order to continue to operate as a going concern. During such conditions, the bank is forced to accept unacceptable increases in funding costs to replace its sources of funds. However, if there are reliable or stable sources of funds, the bank has the flexibility of not having to replace or raise funds when it is not conducive to do so. Replace existing LIABILITIES to generate cash to: (a) Fund increases in the bank's assets (b) Pay obligations as they come due Figure 10.5 Liability-based liquidity risk Chapter-10.indd 291 11/26/2015 9:43:22 AM 292 Risk Management in Banking: Principles and Framework 10.2 SOURCES OF LIQUIDITY LEARNING OBJECTIVE 10.2 ENUMERATE the different sources of liquidity The two major sources of liquidity for banks are: Asset-based sources of liquidity Liability-based sources of liquidity 10.2.1 Asset-based Sources of Liquidity A bank’s assets are one of the primary sources of its liquidity. Asset-based sources include: Cash flows from the bank’s assets Ability to use the assets as collateral to raise funds Liquidation of the assets for cash Securitization of the assets to raise cash Cash flows from the bank’s assets The primary source of a bank’s asset-based liquidity comes from the principal and interest cash flows produced by its assets, i.e. loans and investment securities. Examples of assets in the balance sheet that can be relied upon to provide liquidity are: Investments Investments can provide liquidity through cash flows that can be generated by: mm Maturing securities mm Sale of securities for cash mm Use of these securities as collateral The International Accounting Standards (IAS) No. 39 provides for the following classifications of investment securities: mm Held for trading These securities are acquired principally for the purpose of selling or repurchasing in the near term. mm Held to maturity (HTM) These are investments with fixed or determinable payments and fixed maturity that an entity has the positive intention and ability to hold to maturity. HTM investments may not be sold prior to maturity for liquidity sources. Otherwise, this will call into question the bank’s ability and intent to hold these securities to maturity. mm Available for sale These types of financial assets are not classified as loans and receivables, HTM investments or held for trading. Banks typically classify securities that will be used for liquidity sources as available-for-sale (AFS) securities. AFS securities are not subject Chapter-10.indd 292 11/26/2015 9:43:22 AM 293 Chapter 10 Liquidity Risk Real World Illustration Assets by Contractual Maturity Amounts presented in these tables by contractual maturity are the amounts as presented in the balance sheet. 2012 Less than 1–3 3–12 1 month(1) months months 1–5 years Over 5 years Maturity not applicable Total Cash and balances with central banks 15,447 15,447 Amounts due from banks 25,636 3,630 3,894 5,597 296 39,053 33,877 7,603 11,222 29,787 31,831 114,320 non-trading derivatives 231 115 650 3,971 4,108 9,075 designated as at fair value through profit and loss 288 40 806 722 912 2,768 available-for-sale 2,991 3,256 9,442 30,955 25,001 held-to-maturity 1,267 1,168 1,007 2,774 329 6,545 Loans and advances to customers 63,981 13,752 31,944 125,556 306,313 541,546 Financial assets at fair value through profit and loss trading assets Investments Intangible assets 175 Assets held for sale 1,253 (1) (2) (3) 1,778 8,439 2,184 6,781 4,914 1,860 3,695 Remaining assets (for which maturities are not applicable)(3) Total assets 74,279 6,781 (2) Other assets 350 2,634 21,092 3,384 152,157 38,529 64,054 201,572 372,485 3,384 7,271 836,068 Includes assets on demand. Assets held for sale consist of the assets of the disposal groups classified as held for sale as disclosed in Note 10 ‘Assets and liabilities held for sale’. For these assets and liabilities, the underlying contractual maturities are no longer relevant to ING. For businesses for which a binding sale agreement exists, all related assets and liabilities held for sale are classified in accordance with the agreed or expected closing date. For other businesses, for which no sale agreement exists, assets and liabilities held for sale are included in ‘maturity not applicable’. Included in remaining assets for which maturities are not applicable are property and equipment, real estate investments and investments in associates. Due to their nature remaining assets consist mainly of assets expected to be recovered after more than 12 months. Source: Annual Report 2012, ING Bank to the positive intention and ability to hold to maturity requirement as in the case of HTM. AFS securities are regularly marked to market with changes in fair value that is recognized as a separate equity component—other comprehensive income. Chapter-10.indd 293 11/26/2015 9:43:22 AM 294 Risk Management in Banking: Principles and Framework Loans and receivables The loan portfolio is typically one of the largest items in a bank’s balance sheet. Like investments, loans can be used as: mm Collateral for secured borrowings mm Sold for cash, if a secondary loan market exists Use of assets as collateral Banks may also use its existing assets as collateral to raise funds. Various types of assets are routinely pledged to secure borrowings or line commitments. Secured or collateralized borrowings generally are reliable sources of liquidity. A repurchase agreement or repo is a collateralized arrangement between two parties whereby one party agrees to sell a security at a specified price with a commitment to buy back the security at a later date at another specified price—the repurchase price. Below is an illustration of a repo transaction: Illustrative Example Repurchase Agreement Transaction Bank A decides to raise funds via the repo market for the next 14 days. The bank currently has $10,000,000 of U.S. Treasuries maturing in 2023. The accrued interest is $31,929.35. The bonds are currently trading at par value (100%). Trade date: 01 October 2013 U.S. Treasury maturing in 2023 (Principal: $10,000,000) Bank A (Repo seller) $10,032,208.01 Bank B (Repo buyer) On the trade date, Bank A (the repo seller) enters into a repurchase agreement with Bank B (the repo buyer). Assume that the repo rate is 1% per annum. Assuming the U.S. Treasury 2023 series is currently trading at par value (100%) and Bank B will not require any haircut, Bank B will lend $10,031,929.35—price of the bond including accrued interest net of haircut. Bank A was thus able to generate $10,032,208.01 in funding. Repurchase/Termination date (after 14 days) $10,032,208.01 + 3,901.31 (Repo interest) Bank A (Repo seller) Chapter-10.indd 294 U.S. Treasury maturing in 2023 (Principal: $10,000,000) Bank B (Repo buyer) 11/26/2015 9:43:23 AM 295 Chapter 10 Liquidity Risk On the termination date, Bank B returns the U.S. Treasury. Bank A pays the loan amount ($10,031,929.35) plus the repo interest. Repo interest calculation 1% × 14 days ÷ 360 × $10,031,929.35 = $3,901.31 T2 12 08/15/23 Govt 98-26/98-26+ Type Repo Repo Information Settlement Date Price Yield All In 1) Send (VCON)... 2.637/2.635 BGN @ 23:00 Trade Date 10/01/13 23:00 Repo/Reverse Repo Analysis 91) Settings CUSIP 912828VS6 ISIN US912828VS66 99) Feedback 10/01/13 Settlement 100.0000000 2.4998305 100.3192935 Fixed Repo Rate 10000 M Termination Date 10/15/13 (AI 0.414402 for 61 days) Money At Termination Wired Amount ) Market 100-00 (AI 0.3192935) 2.4998305 (AI 47 days) 100.319293 Collateral Face Amt Floating 1.0000 % (Act/ 360 Haircut OR Settlement Money OR Term (# days) Open Trade N 100.0000 % Roll No 10,031,929.35 14 Call Notification None 10,031,929.35 Repo Interest 3,901.31 Term money 10,035,830,.66 Source: Bloomberg The following characteristics will affect the amount that the bank can raise via secured/ collateralized borrowings: Credit quality of the assets Liquidity of the instrument or collateral Market value of the instrument or collateral Credit quality of the pledging bank Counterparty’s funding rates on the various types of collateral Liquidation of assets for cash Banks can raise funds by selling or liquidating assets. This is why banks need to have a portion of their total assets that could be a liquidity source under adverse liquidity circumstances. The assets must be unencumbered and marketable to be eligible for sale. Unencumbered assets These are assets that are not pledged as collateral. The bank has the flexibility to sell or transfer these assets to meet its liquidity needs. Chapter-10.indd 295 11/26/2015 9:43:23 AM 296 Risk Management in Banking: Principles and Framework Encumbrance Asset encumbrance arises from collateral pledged against secured funding and other collateralized obligations. Barclays funds a portion of trading portfolio assets and other securities via repurchase agreements and other similar secured borrowing and pledges a portion of customer loans and advances as collateral in securitization, covered bond, and other similar secured structures. Barclays monitors the mix of secured and unsecured funding sources within the Group’s funding plan and seeks to efficiently utilize available collateral to raise secured funding and meet other collateralized obligations. Over the last 18 months, the proportion of term funding requirements met with secured funding has increased, resulting in an increase in the encumbrance of loans and advances to customers. We expect to moderately increase encumbrance of loans and advances to customers through additional term secured funding in the Group’s Funding Plan, however, this is not expected to materially impact the overall proportion of assets that are encumbered. As at 31 December 2012, only £231bn of the Group’s balance sheet assets were encumbered (excluding reverse repurchase agreements), which primarily related to firm financing of trading portfolio assets and other securities and to funding secured against loans and advances to customers. In addition, £308bn of the total £359bn securities accepted as collateral, and held offbalance sheet, were on-pledged, the significant majority of which relates to matched-book activity where reverse repurchase agreements are matched by repurchase agreements entered into to facilitate client activity. The remainder relates primarily to reverse repurchases used to settle trading portfolio liabilities as well as collateral posted against derivatives margin requirements. Source: Annual Report 2012, Barclays Capital Figure 10.6 Encumbrance—Barclays Capital (2012) Banks must be able to monitor the amount of assets that are not encumbered and that are available to be pledged. The level of available collateral must be monitored by the legal entity and jurisdiction, and by currency exposures. Marketable assets Assets that are highly marketable can be easily converted into cash. Those that are marketable typically exhibit the following characteristics: There is an active market for the asset. Pricing is transparent. mm Even during a liquidity stress scenario, an entity will be able to sell assets at acceptable prices and not incur huge losses by selling at fire-sale prices, i.e. heavily discounted. Market liquidity refers to the bank’s ability to trade its assets at a short notice, at low cost and with little impact on their prices. Market liquidity risk is the risk that the bank will not be able to sell an asset without incurring unacceptable losses. The degree of market liquidity is traditionally measured on the basis of the following parameters: mm mm Low bid-ask spread Market depth mm Market resilience mm mm Securitization of assets Securitization of assets is another option that a bank may consider to raise funds. It involves pooling of assets and transforming them into securities that will redistribute the risk of the collateral among different classes of investors. This enables the bank to monetize the assets into liquid funds. It involves creating, combining and recombining categories of assets into new forms. Chapter-10.indd 296 11/26/2015 9:43:23 AM 297 Chapter 10 Liquidity Risk Banks that securitize assets transform a pool of assets into cash. Asset securitization typically involves the transfer or sale of a bank’s balance sheet assets to a third party who issues asset-backed securities that are sold to investors in the public debt market. Some of the assets that are frequently used in securitization are: Auto loans Credit card receivables Home equity loans Equipment leases Student loans Commercial loans Residential mortgages Securitization converts illiquid assets or receivables that cannot be easily sold into liquid, marketable securities. Parties to the securitization Originator Originators are the sellers of the asset. They transfer the assets to the securitization entity. Issuer Issuers of asset-backed securities typically are the special purpose vehicles (SPV) created for the purpose of acquiring the underlying assets and issuing securities. Rating agencies Most securitizations will contain multiple tranches. Most will be rated by one or more rating agencies. These multiple tranches are created to appeal to a wider variety of investors. Some institutions are only allowed to invest in investment grade-rated tranches while other institutions are allowed to invest in non-investment grade-rated tranches and receive higher yields. Credit enhancement provider One key reason behind the rapid expansion of securitizations is the availability of thirdparty credit enhancement. With credit enhancement, the credit profiles of asset-backed securities are transformed and are viewed as safe, liquid and high-yielding investments. Credit enhancement providers are used to create highly-rated tranches that can be sold to credit risk conscious investors. Below are examples of credit enhancements: mm Letters of credit mm Senior subordination which involves over-collateralization. This involves division of the product into two parts: –– Senior tranche—to be sold to investors seeking limited credit risk –– Subordinated tranche—to be sold to investors who have a higher risk appetite as this is junior in payment priority versus the senior tranche mm Cash collateral accounts mm Financial guarantee or bond insurance Liquidity facility provider Liquidity facilities are used in structures to cover potential time lags between inflows of revenue from the securitization’s asset pool and its payment obligations. Underwriter Underwriters assume responsibility for both pricing and marketing the rated tranches in a securitization. They take a lead role in structuring securitizations. Chapter-10.indd 297 11/26/2015 9:43:23 AM 298 Risk Management in Banking: Principles and Framework Servicer A servicer is responsible for routine asset portfolio administrative duties such as making and processing collections, and administering the day-to-day operations of the issuer. Generic securitization structure While there are many forms of securitization, the generic structure usually starts with the originator bank transferring the financial assets to a special purpose vehicle (SPV). The SPV is usually bankruptcy-remote. This means that this legal vehicle has to be isolated from any bankruptcy or insolvency of the originator bank (the asset seller). The SPV issues multiple tranches or classes of securities representing different slices of payment streams from the pooled assets. Credit enhancements can also be obtained to ensure a highly-rated tranche. Rating agencies will assign a higher rating to senior tranches. Assets Special Purpose Vehicle CASH PROCEEDS ORIGINATOR Payment Securities Fees CREDIT ENHANCEMENT UNDERWRITER Enhancement Investment Issuance of securities SENIOR TRANCHE INVESTORS SUBORDINATED TRANCHE Figure 10.7 Generic securitization structure Figure 10.7 illustrates how banks generate liquidity through a generic securitization structure. The bank sells assets to a SPV. Depending on the structure, the risks and rewards of owning these assets should be transferred to the SPV. The SPV then issues securities. The performance of these securities is linked to the SPV’s assets. These securities are issued to an underwriter who sells them to investors. The securities may be sold as two different tranches—senior tranche and subordinated tranche. Senior tranche investors have higher level of protection and security compared to the investors in the subordinated tranche. Therefore, the earnings are expected to be higher for investors in the subordinated tranche to compensate for the additional risks taken. Proceeds from the securities issued are then paid by the SPV to the bank in exchange for the assets. Chapter-10.indd 298 11/26/2015 9:43:23 AM 299 Chapter 10 Liquidity Risk 10.2.2 Liability-based Sources of Liquidity An alternative source to meet a bank’s liquidity needs is through its liability sources. There are generally two sources of funding: Stable sources of funding Non-stable sources of funding The Basel Committee on Banking Supervision has defined the following as sources of stable funding: Capital Preferred stocks with maturities of equal to or greater than one year Liabilities with effective maturities of one year or greater Portion of non-maturity deposits and/or term deposits with maturities of less than one year that would be expected to stay with the institution for an extended period in an idiosyncratic stress event Portion of wholesale funding with maturities of less than a year that is expected to stay with the institution for an extended period in an idiosyncratic stress event The sources of funding can also be divided into customer types: Retail deposits Unsecured wholesale funding mm Small business customers mm Operational deposits generated by clearing, custody and cash management mm Deposits in institutional networks of cooperative banks Secured funding Deposit listing services Brokered deposits Funds that are sourced from the capital markets (e.g. wholesale funding) are typically more volatile than traditional retail deposits. For example, under conditions of stress, investors in money market instruments may demand higher compensation for the risk exposure, require rollover at considerably shorter maturities or refuse to extend financing. The 2008 global financial crisis highlighted that reliance on full-functioning and liquidity of financial markets may not be realistic as the assets and funding markets may dry up in times of stress. Market illiquidity may make it difficult for a bank to raise funds by selling assets and thus, increase the need for funding liquidity. Given that a bank’s liability profile can affect its liquidity risk, it should establish a funding strategy that provides effective diversification and sources, and tenor of funding. The bank should diversify available funding sources for the short, medium and long term. Diversification targets should be part of the medium- to long-term funding plans and aligned with the budgeting and business planning process. Funding plans should take into account the correlations between sources of funds and market conditions. The desired diversification should include limits by: Counterparties Secured versus unsecured market funding Instrument types Securitization vehicles Currencies Geographic markets Chapter-10.indd 299 11/26/2015 9:43:24 AM 300 Risk Management in Banking: Principles and Framework A bank needs to identify alternative sources of funding towards strengthening its capacity to withstand liquidity shocks. Some potential sources of funding are: Deposit growth Lengthening the maturities of liabilities New issues of short- and long-term debt instruments Intragroup fund transfers or new capital issues Drawing down committed facilities Borrowing from the central bank’s marginal lending facilities Diversification of our funding profile in terms of investor types, regions, products and instruments is an important element of our liquidity risk management framework. Our most stable funding sources are capital markets and equity retail, and transaction banking clients. Other customer deposits and borrowing from wholesale clients are additional sources of funding. Discretionary wholesale funding represents unsecured wholesale liabilities sourced primarily by our Global Markets Finance business. Given the relatively short-term nature of these liabilities, they are primarily used to fund cash and liquid trading assets. To ensure the additional diversification of our refinancing activities, we hold a Pfandbrief licence allowing us to issue mortgage Pfandbriefe. In 2012, we continued to focus on increasing our most stable funding components, and we have seen increases of €12.2 billion (4.4%) and €21.4 billion (12.4%) from retail and transaction banking clients respectively. We maintain access to short-term wholesale funding markets, on both a secured and unsecured basis. Discretionary wholesale funding comprises a range of unsecured productse, e.g. Certificates of Deposit (CDs), Commercial Paper (CP) as well as term, call and overnight deposits across tenors primarily up to one year. In addition, included within Financing Vehicles is €8.6 billion of asset-backed commercial paper (ABCP) issued through conduits. The following chart shows the composition of our external funding sources that contribute to the liquidity risk position as of 31 December 2012 and 31 December 2011, both in EUR billion and as a percentage of our total external funding sources. Composition of external funding sources in € bn 300 291 225 202 279 213 194 193 173 202 150 109 110 133 93 75 18 23 0 18% 19% 26% 24% Capital Retail markets and equity 18% 15% Transaction banking 10% 10% Other customers1 8% 12% 18% 18% Discretionary Secured wholesale funding and shorts 2% 2% Financing vehicles2 31 December 2012: total €1,101 billion 31 December 2011: total €1,133 billion 1 2 Others include fiduciary, self-funding structures (e.g. X-markets), margin/prime brokerage cash balances Includes ABCP-conduits Source: Annual Report 2012, Deutsche Bank Figure 10.8 Funding diversification—Deutsche Bank Chapter-10.indd 300 11/26/2015 9:43:24 AM 301 Chapter 10 Liquidity Risk 10.3 LIQUIDITY RISK STRATEGY LEARNING OBJECTIVE 10.3 DISCUSS the two main strategic approaches to managing liquidity risk Saunders and Cornett (2012) proposed two major approaches in addressing both asset and liability-based liquidity risks. These approaches are: Stored liquidity management Purchased liquidity management 10.3.1 Stored Liquidity Management Stored liquidity management relies on asset-based sources of liquidity to address either assetbased or liability-based liquidity risk. Illustrative Example Stored Liquidity Management Case Study 1—Liability-based Liquidity Risk Summary balance sheet of Bank XYZ: Balance Sheet of Bank XYZ (in MYR billion) Cash 10 Deposits 90 Other assets 90 Borrowings 5 Equity Total assets 100 Total liabilities and equity 5 100 Liability-based liquidity risk occurs when the liability holders (e.g. depositors) decide to withdraw their funds. Suppose the depositors collectively demanded to withdraw MYR5 billion in deposits; there will be a reduction in deposits by MYR5 billion. This will result in a deficit of MYR5 billion— liability side is lower than the asset side. Balance Sheet of Bank XYZ (in MYR billion) Cash 10 Deposits 85 Other assets 90 Borrowings 5 Total assets 100 Equity 5 Total liabilities and equity 95 To address this deficit, the bank may pursue a stored liquidity management strategy. This means that the bank will rely on the asset side of the balance sheet to address this deficit. The bank can use its available cash reserves to cover the deficit. Balance Sheet of Bank XYZ (in MYR billion) Chapter-10.indd 301 Cash 5 Deposits 85 Other assets 90 Borrowings 5 Total assets 95 Equity 5 Total liabilities and equity 95 11/26/2015 9:43:24 AM 302 Risk Management in Banking: Principles and Framework Suppose the depositors collectively demanded to withdraw MYR20 billion instead of MYR5 billion. This will result in a deficit of MYR20 billion—assets exceed liabilities. The impact on the balance sheet is illustrated below: Balance Sheet of Bank XYZ (in MYR billion) Cash 10 Deposits 70 Other assets 90 Borrowings 5 Total assets 100 Equity 5 Total liabilities and equity 80 To address the deficit, the bank may use its existing cash reserves to pay the obligations. This, however, will not be enough to cover the MYR20 billion deficit. The bank may need to sell its other assets to meet its obligations. Given the need to cover the deficit immediately, the bank may be forced to sell the other assets at low fire-sale prices. This will result in losses for the bank. The MYR20 billion deficit can be funded by: Paying cash—currently at MYR10 billion only Sale of other assets Balance Sheet of Bank XYZ (in MYR billion) Cash 0 Deposits 70 Other assets 80 Borrowings 5 Equity 5 Total liabilities and equity 80 Total assets 80 Case Study 2—Asset-based Liquidity Risk Asset-based liquidity risk occurs when certain asset-side on- and off-balance sheet items could trigger a demand for liquidity. An example is when a client decides to tap on the bank’s commitment to lend (the client) over a certain period (commitment period). Suppose the client decides to borrow on demand MYR5 billion from the bank’s off-balance sheet commitment to lend; this will generate an excess on the asset side by MYR5 billion. Balance Sheet of Bank XYZ (in MYR billion) Cash 10 Deposits 90 Other assets 90 Borrowings 5 Loan receivables 5 Equity 5 Total assets 105 Total liabilities and equity 100 This excess needs to be funded immediately. The bank may do so by pursuing a stored liquidity management strategy. This means that it will use asset-based sources of liquidity to fund this new asset. This will close the excess asset. Balance Sheet of Bank XYZ (in MYR billion) Cash 5 Deposits 90 Other assets 90 Borrowings 5 Loan receivables 5 Equity 5 Total assets Chapter-10.indd 302 100 Total liabilities and equity 100 11/26/2015 9:43:24 AM 303 Chapter 10 Liquidity Risk 10.3.2 Purchased Liquidity Management Purchased liquidity management relies on asset-based sources of liquidity to address either asset-based or liability-based liquidity risk. Illustrative Example Purchased Liquidity Management Case Study 1—Liability-based Liquidity Risk Summary balance sheet of Bank XYZ: Balance Sheet of Bank XYZ (in MYR billion) Cash 10 Deposits 90 Other assets 90 Borrowings 5 Equity 5 Total assets 100 Total liabilities and equity 100 Liability-based liquidity risk occurs when liability holders (e.g. depositors) decide to withdraw their funds. Suppose the depositors collectively demanded to withdraw MYR5 billion in deposits; there will be a reduction in deposits by MYR5 billion. This will result in a deficit of MYR5 million—liability side is lower than the asset side. Balance Sheet of Bank XYZ (in MYR billion) Cash 10 Deposits 85 Other assets 90 Borrowings 5 Equity 5 Total liabilities and equity 95 Total assets 100 To address the deficit, the bank may pursue a purchased liquidity management strategy, i.e. the bank will rely on the liability side of the balance sheet to address this deficit. This can be done by raising new funds to cover the shortfall. Balance Sheet of Bank XYZ (in MYR billion) Cash 10 Deposits 85 Other assets 90 Borrowings 10 Total assets 100 Equity Total liabilities and equity 5 100 Case Study 2—Asset-based Liquidity Risk Suppose a client decides to borrow on demand MYR5 billion from the bank’s off-balance sheet commitment to lend; this will generate an excess of MYR 5 billion on the asset side. Balance Sheet of Bank XYZ (in MYR billion) Cash 10 Deposits 90 Other assets 90 Borrowings 5 Loan receivables 5 Equity 5 Total assets Chapter-10.indd 303 105 Total liabilities and equity 100 11/26/2015 9:43:24 AM 304 Risk Management in Banking: Principles and Framework This excess needs to be funded immediately. The bank may do so by pursuing a purchased liquidity management strategy. This means that it will use its liability-based sources of liquidity to fund this new asset. This will close the excess asset balance. The bank may do this by raising fresh fund either from deposits or borrowings. Balance Sheet of Bank XYZ (in MYR billion) Cash 10 Deposits 90 Other assets 90 Borrowings 10 5 Equity Loan receivables Total assets 105 Total liabilities and equity 5 105 10.4 ELEMENTS OF SOUND LIQUIDITY RISK MANAGEMENT PRACTICES LEARNING OBJECTIVE 10.4 ENUMERATE the elements of a sound liquidity risk management practice The Basel Committee on Banking Supervision segregates sound liquidity risk management practices into four different elements: Liquidity risk framework Liquidity risk governance Measurement and management of liquidity risk Public disclosure This section discusses these four elements in detail. 10.4.1 Liquidity Risk Management Framework The bank should establish a robust liquidity risk management framework that is well integrated into its bank-wide risk management process. The objectives of a liquidity risk management framework are: Ensure a high degree of confidence that the bank is in a position to address its daily liquidity obligations. Ensure the bank is able to withstand a range of stress events affecting both its secured and unsecured funding. Ensure the bank holds an adequate liquidity cushion of unencumbered, high-quality liquid assets commensurate with its liquidity profile. Chapter-10.indd 304 11/26/2015 9:43:24 AM 305 Chapter 10 Liquidity Risk Real World Illustration Liquidity Risk Framework Barclays has a comprehensive Liquidity Framework for managing the Group’s liquidity risk. The Liquidity Framework is designed to deliver the appropriate term and structure of funding consistent with the Liquidity Risk Appetite set by the Board. The Liquidity Framework incorporates a range of ongoing business management tools to monitor, limit and stress test the Group’s balance sheet and contingent liabilities. Limit setting and transfer pricing are tools that are designed to control the level of liquidity risk taken and drive the appropriate mix of funds, which together reduce the likelihood that a liquidity stress event could lead to an inability to meet the Group’s obligations as they fall due. The stress tests assess potential contractual and contingent stress outflows under a range of scenarios, which are then used to determine the size of the liquidity buffer that is immediately available to meet anticipated outflows if a stress occurred. In addition, the Group maintains a Contingent Funding Plan which details how liquidity stress events of varying severity would be managed. Since the precise nature of any stress event cannot be known in advance, the plans are designed to be flexible to the nature and severity of the stress event and provide a menu of options that could be used as appropriate at the time. Barclays also maintains Recovery Plans which consider actions to generate additional liquidity in order to facilitate recovery in a severe stress and is developing documentation to meet Resolution Planning in line with regulatory requirements. The overall framework therefore provides the necessary tools to manage the continuum of liquidity risk as summarized below: Ongoing business management Early signs/Mild stress Severe stress • Liquidity Limits • Pricing and Incentives • Early Warning Indicators • Risk Appetite and Planning • Monitoring and review • Low cost actions and balance sheet optimization • Activate Contingency Funding Plan • Balance sheet reductions and business limitations Recovery • Asset and Liability actions to generate additional liquidity Source: Annual Report 2011, Barclays Capital 10.4.2 Governance Structure Liquidity risk tolerance The board of directors is ultimately responsible for the liquidity risk assumed by the bank and the manner in which this risk is managed. The board, therefore, should establish the bank’s liquidity risk tolerance in the light of its business objectives, strategic direction and overall risk appetite. The liquidity risk tolerance should: Define the level of liquidity risk that the bank is willing to assume. This should be appropriate and consistent with the bank’s business strategy, its role in the financial system and reflect the bank’s financial condition and funding capacity. Ensure that the bank manages its liquidity during normal times in such a way that it is able to withstand a prolonged period of stress. Be articulated in such a way that all levels of management clearly understand the tradeoff between risks and profits. Chapter-10.indd 305 11/26/2015 9:43:24 AM 306 Risk Management in Banking: Principles and Framework Liquidity risk management strategy Senior management is responsible for developing and implementing the liquidity risk management strategy in accordance with the bank’s risk tolerance. The liquidity risk management strategy should include: Specific policies on liquidity risk management mm Composition of assets and liabilities mm Maturity of assets and liabilities mm Diversity and stability of funding sources mm Approach to managing liquidity in different currencies, across borders and across business lines and legal entities Approach to intraday liquidity management Assumptions on liquidity and marketability of assets Strategy on liquidity needs under normal conditions as well as under periods of liquidity stress High-level quantitative and qualitative targets The board of directors should endeavour to do the following: Approve the liquidity risk management strategy and critical policies and practices, and review them at least annually. Ensure that senior management translates the strategy into clear guidance and operating standards in the form of policies, controls or procedures. Senior management should determine the structure, responsibilities and controls for managing liquidity risk and for overseeing the liquidity positions of all legal entities, branches and subsidiaries in the jurisdictions in which the bank is operating, and outline these elements clearly in the bank’s liquidity policies. Organizational structure The structure for managing liquidity (i.e. the degree of centralization or decentralization of a bank’s liquidity risk management) should take into account any legal, regulatory or operational restrictions on the transfer of funds. In some cases, there may be strict regulatory restrictions on funds being transferred between entities or jurisdictions. Whatever the structure, senior management should be able to monitor the liquidity risks across the banking group and at each entity on an ongoing basis. Liquidity risk pricing Senior management should incorporate liquidity costs, benefits and risks in the internal pricing, performance measurement and new approval process for all significant business activities. Liquidity transfer pricing is a process that attributes the costs, benefits and risks of liquidity to respective business units within the bank. The objective is to transfer liquidity costs and benefits from the business units to a centrally-managed pool. The basic idea of the liquidity transfer pricing process is to charge the users of funds (i.e. assets/loans) for the cost of liquidity and give the benefit of liquidity to the providers of funds (i.e. liabilities/deposits). Chapter-10.indd 306 11/26/2015 9:43:24 AM 307 Chapter 10 Liquidity Risk Liquidity transfer pricing (LTP) also requires recouping the cost of carrying liquidity cushion by charging contingent commitments based on their expected use of liquidity. Figure 10.9 shows a graphical representation of the LTP process: A graphical representation of the LTP process Business unit 1 receives credits from treasury based on the commitment of funds provided. Credits are reduced by any charges against contingent commitments, such as deposit run-off. Interbank market: provides funds Business unit 2 incurs charges from treasury based on the commitment of funds required. Additional charges will apply to contingent commitments, such as lines of credit. Internal treasury (central pool) Business unit 1: provides funds Business unit 2: uses funds Liquidity cushion Trading business The trading business uses funds, provides funds (through the sale of marketable securities) and receives charges against contingent commitments, such as collateral calls on derivative positions. Figure 10.9 Liquidity transfer pricing Importance of the LTP process As discussed in an earlier section, the business of banking involves maturity transformation, i.e. banks make money by funding long-term loans (assets) with short-term deposits (liabilities). This makes banks inherently vulnerable to liquidity risk. LTP should be used to account for the costs, benefits and risks of liquidity in the following: Product pricing New product approval processes Profit and performance assessments An efficient and effective LTP process leads to banks playing a more effective role in the maturity transformation process. Banks with poor LTP practices are more likely to accrue larger amounts of long-term illiquid assets, contingent commitments and shorter-dated volatile liabilities, thereby substantially increasing their vulnerability to liquidity risk. Different approaches to LTP Zero cost of funds approach The zero cost of funds approach views funding liquidity as essentially free. This means that no charge is attributed to the assets for the cost of funding liquidity and, likewise, no credit/benefit is attributed to the liabilities for providing funding liquidity. Pooled cost of funds approach The pooled cost of funds approach entails the calculation of a single average rate based on the cost of funds across all existing funding sources. All assets, irrespective of their maturities, are charged the same rate for the use of the funds. Chapter-10.indd 307 11/26/2015 9:43:24 AM 308 Risk Management in Banking: Principles and Framework Illustrative Example Different Approaches to Liquidity Transfer Pricing (LTP) Suppose Bank XYZ has the following sources of funds: Volume Cost per annum Deposit 1 MYR100 million 2% Deposit 2 MYR200 million 1.5% Deposit 3 MYR300 million 1% 1 Determine the charge for the use of funds on the following transactions: (a) 1-year MYR10 million loan (b) 5-year MYR 10 million loan (c) 10-year MYR10 million loan 2 Determine the benefit to be credited for the following sources of funds: (a) 1-week MYR10 million deposit (b) 30-day MYR10 million deposit (c) 5-year MYR10 million deposit Solution: Step 1: Calculate the total interest expense Volume Cost per annum Total Interest Expense MYR100 million 2% MYR2 million MYR200 million 1.5% MYR3 million MYR300 million 1% MYR3 million Total interest expense MYR8 million Step 2: Calculate the average interest expense Average interest expense = = Total interest expense Total volume MYR8 million MYR600 million = 1.33% 1 Charge for use of funds Loan 1 Tenor Loan 2 Loan 3 1 year 5 years 10 years Principal MYR10,000,000 MYR10,000,000 MYR10,000,000 Charge (%) 1.33% 1.33% 1.33% MYR133,000 MYR133,000 MYR133,000 Charge for use of funds Note: Under the pooled cost of funds approach, the charge for the use of funds will be the same regardless of the maturity of the asset. This is because the basis for charging the use of funds is the average cost of funds. There are two main problems under this approach: Longer-tenor assets/loans are generally more risky—less liquid and more sensitive to interest rate risk—than a similar shorter-tenor asset. By charging the same rate for the use of funds, the bank may be incentivized to build up longer-tenor assets. Chapter-10.indd 308 11/26/2015 9:43:25 AM 309 Chapter 10 Liquidity Risk The single rate that was used is the blended average cost of funds. Longer-tenor deposits should theoretically fund longer-tenor assets. A longer-tenor deposit is generally more expensive than a comparable shorter-tenor deposit. By charging a single average rate, the shorter-tenor assets, which should be charged less than the average, are in effect subsidizing the longer-tenor assets, which should be charged more than the average rate. 2 Credit for sources of funds Tenor Principal Charge (%) Credit for providing liquidity Loan 1 Loan 2 Loan 3 1 week 30 days 5 years MYR10,000,000 MYR10,000,000 MYR10,000,000 1.33% 1.33% 1.33% MYR133,000 MYR133,000 MYR133,000 Note: Under the pooled cost of funds approach, the credit for the source of funds will be the same regardless of the maturity of the liability. There are two main problems under this approach: Longer-tenor sources of liability are generally considered to be more stable compared to shorter-tenor sources of liability. Under the pooled cost of funds approach, no additional credit is provided for generating longer-tenor sources of funding. By charging a single pooled rate, the bank will be encouraged to promote unhealthy maturity transformation. The bank will tend to book long-term assets—as it earns higher yields— because it does not receive higher charges for the use of funds over a longer period. Banks are also discouraged to raise long-term liabilities because there is no premium credited to long-term liabilities that provide funding for longer periods of time. Matched maturity of funding approach The matched maturity of funding approach is the current best practice for assets and liabilities. Under the matched maturity cost of funds approach, rates charged—for the use of fund—and rates credited—for the benefit of funding—are based on term liquidity premiums corresponding to the maturity of the transaction. Internal control Senior management should have adequate internal controls to ensure the integrity of its liquidity risk management process. Senior management should ensure that operationally independent, appropriately trained and competent personnel are responsible for implementing the internal controls. Internal audit should regularly review the implementation and effectiveness of the agreed framework for controlling liquidity risk. 10.4.3 Measurement and Management of Liquidity Risk The measurement and management of liquidity risk is one of the key elements of sound liquidity risk management practices. At the height of the 2008 global financial crisis, many banks lacked the ability to properly measure and monitor their liquidity risk exposures in an effective and timely manner. This significantly hampered their ability to manage their liquidity risk exposures as the crisis unfolded. Chapter-10.indd 309 11/26/2015 9:43:25 AM 310 Risk Management in Banking: Principles and Framework A bank should have a sound process for identifying, measuring, monitoring and controlling liquidity risk. Figure 10.10 depicts this process. Controlling liquidity risk Identifying liquidity risk Monitoring liquidity risk Measuring liquidity risk Figure 10.10 Process of managing liquidity risk Identifying liquidity risk A bank should define and identify the liquidity risk to which it is exposed. A bank’s liquidity needs and sources of liquidity to meet those needs depend significantly on the following: Bank’s business and product mix Balance sheet structure Cash flow profiles of its on- and off-balance sheet obligations Measuring liquidity risk Liquidity measurement involves assessing a bank’s cash inflows against its outflows and the liquidity value of its assets to identify the potential for future net funding shortfalls. Monitoring liquidity risk A bank should monitor and control vulnerabilities to liquidity risk by observing the following time horizons: Intraday liquidity risk Day-to-day liquidity risk Liquidity needs over short- and medium-term horizons up to one year Longer-term liquidity needs over one year Banks should be able to monitor emerging concentration risks in the bank’s liquidity profile. Reliance on one source of funding may threaten the bank’s liquidity position. This is what happened at the height of the 2008 global financial crisis when many investment banks relied on wholesale funding which disappeared, leaving them exposed to the risk that they would no longer be able to repay their obligations as they came due. Controlling liquidity risk A bank should set limits to control its liquidity risk exposures and vulnerabilities. It should regularly review such limits and corresponding escalation procedures. Limits should be relevant to the business in terms of its location, complexity of activities, nature of products, currencies and markets served. Limits should be used for managing day-to-day liquidity within and across lines of business and legal entities under normal conditions. The limit framework Chapter-10.indd 310 11/26/2015 9:43:25 AM 311 Chapter 10 Liquidity Risk should include measures aimed at ensuring that the bank can continue to operate in a period of market stress, bank-specific stress or a combination of the two. 10.4.4 Public Disclosure Banks should publicly disclose information on a regular basis to market participants to enable them to make an informed judgement on the soundness of the bank’s liquidity risk management framework and liquidity position. The minimum contents of public disclosure of the bank’s liquidity risk are: Organizational structure for liquidity risk management The bank should explain the roles and responsibilities of its relevant committees as well as those of different functional and business units. Framework for the management of liquidity risk The bank should indicate the degree to which the treasury function and liquidity risk management is centralized or decentralized. It should describe this structure with regard to its funding activities, limit-setting systems and intra-group lending strategies. Governance and organization Barclays Treasury operates a centralized governance control process that covers all of the Group’s liquidity risk management activities. The Barclays Treasurer is responsible for designing the Group Liquidity Risk Management framework (the Liquidity Framework) which is sanctioned by the Board Risk Committee (BRC). The Liquidity Framework incorporates liquidity policies, systems and controls that the Group has implemented to manage liquidity risk within tolerances approved by the Board and regulatory agencies. The Board sets the Group’s Liquidity Risk Appetite (LRA), being the level of risk the Group chooses to take in pursuit of its business objectives and in meeting its regulatory obligations. The Treasury Committee is responsible for the management and governance of the mandate defined by the Board and includes the following sub-committees: The Group Funding and Liquidity Management Committee is responsible for the review, challenge and approval of the Liquidity Framework. The Liquidity Framework is reviewed regularly by the Treasury Committee and BRC; The Group Asset and Liability Management Committee oversees the management and governance of asset and liability management including behavioural mismatch, structural risk and transfer pricing; and The Investment Advisory Group supervises the investment of a portion of the Group liquidity pool in longerdated liquid assets. The Investment Advisory Group approves a detailed allocation framework across assets and tenors, and reviews the performance and risks associated with these holdings. The holdings are subject to limits set by the BRC and by the independent Group market and credit risk functions. Liquidity is recognized as a key risk and the Barclays Treasurer is the Group Key Risk owner, supported by Key Risk Owners at regional and country levels. Execution of the Group’s liquidity risk management strategy is carried out at country level, with the country Key Risk Owners providing reports to Barclays Treasury to evidence conformance with the agreed risk profile. Further oversight is provided by country, regional and business level committees. Governance and organization Barclays Treasury Committee Group Funding and Liquidity Management Committee Group Asset and Liability Management Committee Investment Advisory Group Source: Annual Report 2012, Barclays Figure 10.11 Governance and organization Chapter-10.indd 311 11/26/2015 9:43:25 AM 312 Risk Management in Banking: Principles and Framework Quantitative information about the bank’s liquidity position Examples of quantitative disclosures on liquidity risk: mm Size and composition of a bank’s liquidity cushion mm Additional collateral requirements as a result of a credit rating downgrade mm Values of internal ratios and other key metrics that management monitors mm Limits placed on those metrics mm On- and off-balance sheet items broken down into a number of short-term maturity bands and the resultant cumulative liquidity gaps The bank should provide sufficient qualitative discussion of the metrics to enable market participants to understand them, the organizational level to which the metric applies and other assumptions utilized in measuring its liquidity position, liquidity risk and liquidity cushion. A bank should disclose additional qualitative information that provides market participants with further insight into how it manages liquidity risk Examples of these disclosures are: Aspects of liquidity risk to which the bank is exposed and that it monitors Diversification of the bank’s funding sources mm Techniques used to mitigate liquidity risk mm Concepts utilized in measuring its liquidity position and liquidity risk mm Explanation of how asset market liquidity risk is reflected in the bank’s framework for managing funding liquidity mm Explanation of how stress testing is used mm Description of the stress testing scenarios modelled mm Outline of the bank’s contingency funding plans and indication of how the plan relates to stress testing mm Bank’s policy on maintaining liquidity reserves mm Regulatory restrictions on the transfer of liquidity among group entities mm Frequency and type of internal liquidity reporting mm mm CONCLUSION This chapter provided a timely introduction to liquidity risk in the banking context. It started with a brief definition of liquidity risk and then discussed why liquidity risk is pervasive and inherent in the business of banking. After which, two different types of liquidity risks were discussed—asset-based and liability-based liquidity risks. The second section further discussed the different sources of liquidity for a typical banking organization. Asset- and liability-based liquidity sources were discussed in detail. The two types of liquidity risk management strategies, i.e. purchased liquidity and stored liquidity, were then discussed. The chapter ended with a discussion of the best practices in liquidity risk management based on the guidance issued by the Basel Committee on Banking Supervision. Chapter-10.indd 312 11/26/2015 9:43:25 AM BIBLIOGRAPHY Altman, Edward I (2000, July). ‘Predicting Financial Distress of Companies: Revisiting the Z-Score and ZETA Models’, <http://pages.stern.nyu.edu/~ealtman/PredFnclDistr.pdf>. Andrews, Edmund L. (2008, March). ‘Fed Assumes the Role of Lender of Last Resort’, <http:// www.nytimes.com/2008/03/12/business/worldbusiness/12iht-12fed.10964084.html? pagewanted=all>. Bank for International Settlements: Basel Committee on Banking Supervision (1986, March). ‘The Management of Banks’ Off-Balance Sheet Exposures’, <http://www.bis.org/publ/ bcbsc134.pdf>. —(1997, September). ‘Core Principles for Effective Banking Supervision’, <http://www.bis.org/ publ/bcbs30a.pdf>. —(2000, September). ‘Principles for the Management of Credit Risk’, <http://www.bis.org/ publ/bcbs75.pdf>. —(2005, July). ‘An Explanatory Note on the Basel II IRB Risk Weight Functions’, <http://www. bis.org/bcbs/irbriskweight.pdf>. —(2006, June). ‘International Convergence of Capital Measurement and Capital Standards (A Revised Framework Comprehensive Version)’, <http://www.bis.org/publ/bcbs128.pdf>. —(2008, September). ‘Principles for Sound Liquidity Risk Management and Supervision’, <http://www.bis.org/publ/bcbs144.pdf>. —(2011, June). ‘Principles for the Sound Management of Operational Risk’, <http://www.bis. org/publ/bcbs195.pdf>. —(2013, October). ‘Consultative Document: Fundamental Review of the Trading Book: A Revised Market Risk Framework’, <http://www.bis.org/publ/bcbs265.pdf>. —(2014a, October). ‘Consultative Document: Operational RiskRevisions to the Simpler Approaches’, <http://www.bis.org/publ/bcbs291.pdf>. —(2014b, October). ‘A Brief History of the Basel Committee’, <http://www.bis.org/bcbs/ history.pdf>. Bank for International Settlements: The Joint Forum (n.d.). <http://www.bis.org/bcbs/ jointforum.htm>. —(2003, August). ‘Operational Risk Transfer Across Financial Sectors’, <http://www.bis.org/ publ/joint06.pdf>. —(2005, February). ‘Outsourcing in Financial Services’, <http://www.bis.org/publ/joint12. pdf>. Bank Negara Malaysia (2001, September). ‘Best Practices for the Management of Credit Risk’, <http://www.bnm.gov.my/guidelines/01_banking/04_prudential_stds/10_best_ practices_credit_risk.pdf>. —(2013a). ‘Single Counterparty Exposure Limit’, <http://www.bnm.gov.my/guidelines/01_ banking/04_prudential_stds/08_SCEL_28022013.pdf>, published on 28 February 2013. —(2013b). ‘Risk Governance’, <http://www.bnm.gov.my/guidelines/01_banking/04_ prudential_stds/gl_013_5.pdf>, published on 1 March 2013. Bibliography.indd 313 10/21/2015 9:58:36 AM 314 Bibliography —(2013c). ‘Risk-informed Pricing’, <http://www.bnm.gov.my/guidelines/01_banking/04_ prudential_stds/std_028_3.pdf >, published on 16 December 2013. Barclays (2011). ‘Barclays Annual Report 2011’, <http://reports.barclays.com/ar11/ riskmanagement/fundingriskliquidity/liquidityriskframework.html>. —(n.d.). ‘Global Finance and Risk Solutions’, <http://investmentbank.barclays.com/banking/ global-finance>. Barclays Capital (2012). ‘Barclays Capital Annual Report 2012’, <http://reports.barclays.com/ ar12/servicepages/welcome.html>. Bases, Daniel (2012). ‘Update 1-Kuwait’s AA Rating Threatened by Political Protests-Fitch’, <http:// www.reuters.com/article/2012/10/29/kuwait-rating-fitch-idUSL1E8LT82220121029>, published on 29 October 2012. BBC News (2004). ‘Banker Says “Parmalat Tricked Me”’, <http://news.bbc.co.uk/2/hi/ business/3386811.stm>, published on 11 January 2004. Binham, Caroline (2010). ‘Ex-Merrill Trader is Banned for Mismarking Positions (Update2)’, <http://www.bloomberg.com/apps/news?pid=newsarchive&sid=asTDIsdVr3fg>, published on 16 March 2010. British Bankers’ Association GOLD (2014). ‘bbaGOLD (Global Operational Loss Database): External Information for Better Operational Risk Management’, <http://www.bbagold. org/documents/bbaGOLD_Brochure.pdf>. Business Wire (2009). ‘Fitch Affirms Conseco Inc.’s Ratings; Assigns Debt Rating; Outlook Negative’, <http://www.reuters.com/article/2009/10/16/idUS143851+16-Oct-2009+ BW20091016>, published on 16 October 2009. Ceccheti, Stephen G. and Schoenholtz, Kermit L. (2010). Money, Banking and Financial Markets, New York: McGraw-Hill Irwin. Choudhury, Ambereen (2014). ‘Goldman Sachs Stands Firm as Banks Exit Commodity Trading’, <http://www.bloomberg.com/news/articles/2014-04-22/goldman-sachsstands-firm-as-banks-exit-commodity-trading>, published on 23 April 2014. Citi Group (2014, August). ‘Citi Environmental Policy Framework’, <http://www.citigroup. com/citi/environment/data/Environmental_Policy_Framework.pdf>. Comfort, Nicholas (2013). ‘European Banks Legal Tab Tops $77 Billion as Probes Widen’, <http://www.bloomberg.com/news/articles/2013-11-21/european-banks-legal-tabexceeds-77-billion-amid-probes>, published on 22 November 2013. Committee of European Banking Supervisors (2010). ‘CEBS Guidelines on the Management of Concentration Risk under the Supervisory Review Process (GL31)’, <https://www.eba. europa.eu/documents/10180/16094/Concentration.pdf>, published on 2 September 2010. Credit Suisse (n.d.). ‘Summary of Credit Suisse’s Sector Policies and Guidelines’, <https:// www.credit-suisse.com/media/cc/docs/responsibility/policy-summaries-en.pdf>. Daniel, Adam O’ (2011). ‘Wells Fargo Settles Discrimination Suit’, <http://www. bizjournals.com/charlotte/print-edition/2011/02/25/wells-settles-discrimination-suit. html?page=all>, published on 25 February 2011. Davis Polk & Wardwell LLP (2014). ‘Risk Governance: Visual Memorandum on Guidelines Adopted by the OCC’, <http://www.davispolk.com/sites/default/files/11.07.14.Risk_ Governance_Visual_Memorandum_on_Final_Guidelines_Issued_by_the_OCC.pdf>, published on 7 November 2014. DeJuana, Carlos (2001). ‘Ecuado Accepts Dollar as Its New Currency’, <http://abcnews. go.com/International/story?id=82666>, published on 9 September 2001. Bibliography.indd 314 10/21/2015 9:58:36 AM 315 Bibliography Deutsche Bank (2008). ‘Deutsche Bank Elects Not to Exercise Call Option on 3.875% 2004/2014 Subordinated Bond’, <https://www.db.com/medien/en/content/press_ releases_2008_4260.htm>, published on 17 December 2008. —(2012). ‘Deutsche Bank Annual Report 2012’, <https://www.db.com/ir/en/download/ Deutsche_Bank_Annual_Report_2012_entire.pdf>. Dewan, Shaila (2013). ‘Monitor Finds Mortgage Lenders Still Falling Short of Settlement’s Terms’, <http://www.nytimes.com/2013/06/20/business/economy/monitor-findslenders-failing-terms-of-settlement.html?pagewanted=all&_r=0&pagewanted=print>, published on 19 June 2013. Dimri, Neha, Kirti Pandey and Maju Samuel (2014). ‘Update 2-GoPro’s IPO to Value Wearable Camera Maker at up to $3 bln’, <http://www.reuters.com/article/2014/06/11/goproipo-idUSL4N0OS2NC20140611>, published on 11 June 2014. ‘Donald Rumsfeld Unknown Unknowns!’, <https://www.youtube.com/watch?v= GiPe1OiKQuk>, uploaded on 7 August 2009. DZ Bank Group (2012). ‘DZ Bank Annual Report 2012’, <http://www.geschaeftsbericht. dzbank.de/2012/gb/en/>. Energy Information Agency (US Energy Information Administration) (2014). ‘How Much Oil is Used to Make Plastic?’, <http://www.eia.gov/tools/faqs/faq.cfm?id=34&t=6>, published on 18 June 2014. —(n.d.). ‘Short-term Energy Outlook’, <www.eia.gov/forecasts/steo>. Faiola, Anthony (2008). ‘Calling Foreign Debt “Immoral,” Leader Allows Ecuador to Default’, <http://www.washingtonpost.com/wp-dyn/content/article/2008/12/12/ AR2008121204105.html>, published on 13 December 2008. Fair Isaac Corporation (n.d.). ‘About Us (FICO)’, <http://www.fico.com/en/>. Fairless, Tom (2014). ‘EU Unveils Plan on Proprietary Trading’, <http://www.wsj.com/articles/ SB10001424052702303973704579350234073576464>, published on 29 January 2014. Federal Reserve Bank of St. Louis (2012). ‘The Sovereign Debt Crisis: A Modern Greek Tragedy’, <https://www.stlouisfed.org/publications/central-banker/summer-2012/the-sovereigndebt-crisis-a-modern-greek-tragedy>. Financial Action Task Force (n.d.). ‘About Us (FATF)’, <http://www.fatf-gafi.org/>. —(2009, October). ‘Money Laundering and Terrorist Financing in the Securities Sector’, <http://www.fatf-gafi.org/media/fatf/documents/reports/ML%20and%20TF%20in%20 the%20Securities%20Sector.pdf>. Financial Stability Board (2008). ‘Report of the Financial Stability Forum on Enhancing Market and Institutional Resilience’, <http://www.financialstabilityboard.org/wpcontent/uploads/r_0804.pdf?page_moved=1>, published on 7 April 2008. —(2013a). ‘Thematic Review on Risk Governance: Peer Review Report’, <http://www. financialstabilityboard.org/wp-content/uploads/r_130212.pdf>, published on 13 February 2013. —(2013b). ‘Principles for an Effective Risk Appetite Framework’, <http://www. financialstabilityboard.org/wp-content/uploads/r_131118.pdf?page_moved=1>, published on 18 November 2013. —(2014). ‘Guidance on Supervisory Interaction with Financial Institutions on Risk Culture: A Framework for Assessing Risk Culture’, <http://www.financialstabilityboard.org/wpcontent/uploads/140407.pdf>, published on 7 April 2014. Fitzpatrick, Jim (2013). ‘Irish Government Bank Guarantee Scheme to End’, <http://www.bbc. com/news/world-europe-21595468>, published on 26 February 2013. Bibliography.indd 315 10/21/2015 9:58:36 AM 316 Bibliography Goldenberg, Suzanne (2011). ‘Biofuel Demand in US Driving Higher Food Prices, Says Report’, <http://www.theguardian.com/environment/2011/jul/19/biofuel-demand-usfuel-prices>, published on 19 July 2011. Grant, Joel (2011, December). ‘Liquidity Transfer Pricing: A Guide to Better Practice (Occasional Paper No. 10)’, <http://www.bis.org/fsi/fsipapers10.pdf>. Griffin, Donal and Dakin Campbell (2013). ‘US Bank Legal Bills Exceed $100 Billion’, <http:// www.bloomberg.com/news/articles/2013-08-28/u-s-bank-legal-bills-exceed-100billion>, published on 29 August 2013. Groenfeldt, Tom (2013). ‘Solutions to Spreadsheet Risk Post JPM’s London Whale’, <http:// www.forbes.com/sites/tomgroenfeldt/2013/02/19/solutions-to-spreadsheet-risk-postjpms-london-whale/>, published on 19 February 2013. Hong Kong and Shanghai Banking Corporation (2012). ‘HSBC Annual Report 2012’, <www. hsbc.com/~/media/HSBC-com/.../annual-results/.../hsbc2012ara0.pdf>. Hong Kong Monetary Authority (n.d.). ‘The Linked Exchange Rate System’, <http://www. hkma.gov.hk/moneyhk/eng/monetary/linkede.htm>. Humphrey, Thomas M. (1989). ‘Lender of Last Resort: The Concept in History’, Economic Review, March/April 1989, <https://www.richmondfed.org/publications/research/ economic_review/1989/pdf/er750202.pdf>. Hutton, Robert (2013). ‘UK Names UBS and Goldman Sachs to Lead Royal Mail Sale’, <http:// www.bloomberg.com/news/articles/2013-05-29/u-k-names-ubs-and-goldman-sachs-tolead-royal-mail-sale>, published on 29 May 2013. The Institute of International Finance (2013). ‘Promoting Sound Risk Culture: Lessons Learned, Challenges Remaining and Area for Further Consideration’, <https://www.iif. com/file/4322/download?token=uATWoT6p>, published in 2013. Institute of Nuclear Power Operations (2004, November). ‘Principles for a Strong Nuclear Safety Culture’, <http://www.nrc.gov/about-nrc/regulatory/enforcement/INPO_ PrinciplesSafetyCulture.pdf>. The Institute of Risk Management (2012). ‘Risk Culture: Under the Microscope (Guidance for Boards)’, <https://www.theirm.org/media/885907/Risk_Culture_A5_WEB15_ Oct_2012.pdf>. International Finance Corporation (2012). Standards on Risk Governance in Financial Institutions’, <http://www.ifc.org/wps/wcm/connect/ ce387e804c9ef58697c4d7f81ee631cc/ECACR-RiskGovernanceStandards. pdf?MOD=AJPERES>. International Financial Reporting Standards (IFRS) Foundation (n.d.). ‘About Us (IASB)’, <http://www.ifrs.org/About-us/IASB/Pages/Home.aspx>. International Monetary Fund (2013a). ‘Malaysia: Financial Sector Stability Assessment’, <http://www.imf.org/external/pubs/ft/scr/2013/cr1352.pdf>, published on 28 January 2013. —(2013b). ‘Annual Report on Exchange Arrangements and Exchange Restrictions 2013’, <https://www.imf.org/external/pubs/nft/2013/areaers/ar2013.pdf>. International Organization of Securities Commissions (n.d.). ‘About IOSCO’, <https://www. iosco.org/>. International Swaps and Derivatives Association (n.d.). ‘About ISDA’, <http://www2.isda.org/>. ISO Technical Management Board Working Group (2009). ‘ISO 31000:2009(en)’, <https:// www.iso.org/obp/ui/#iso:std:43170:en>. Bibliography.indd 316 10/21/2015 9:58:36 AM 317 Bibliography Knight, Frank H. and John McClure (2009). Risk, Uncertainty and Profit, Florida: Signalman Publishing. MacDonald, Alistair and Lukas I. Alpert (2013). ‘Russian Potash Producer Signals End to Global Cartel’, <http://www.wsj.com/articles/SB1000142412788732435470457863761 3345900562>, published on 30 July 2013. Maybank (2013). ‘Maybank Annual Report 2013’, <http://www.maybank.com/iwov-resources/ corporate/document/my/en/pdf/annual-report/2014/Maybank_AR2013-Corporate. pdf>. McCracken, Jeffrey (2014). ‘Morgan Stanley Lands WhatsApp Deal with Grimes to Cap Busy Week’, <http://www.bloomberg.com/news/articles/2014-02-20/morgan-stanley-landswhatsapp-deal-with-grimes-to-cap-busy-week>, published on 20 February 2014. McKinsey & Company (2013, July). ‘Navigating the Era of Asian Retail Banking’, <http://www. mckinsey.com/insights/financial_services/navigating_the_new_era_of_asian_retail_ banking>. Monetary Authority of Singapore (n.d.). ‘Singapore’s Exchange Rate-Based Monetary Policy’, <http://www.mas.gov.sg/~/media/MAS/Monetary%20Policy%20and%20Economics/ Monetary%20Policy/MP%20Framework/Singapores%20Exchange%20Ratebased%20 Monetary%20Policy.pdf>. Moody’s Investors Services (2014). ‘Moody’s: Southeast, NY’s Delinquent Debt Service Payment Due to Administrative Error; No Impact on Rating’, <https://www.moodys. com/research/Moodys-Southeast-NYs-delinquent-debt-service-payment-due-toadministrative--PR_296296>, published on 1 April 2014. Nagy, Pancras J. (1984). ‘Country Risk’, Euromoney Publications London, pp 195. Office of the Comptroller of the Currency; Federal Deposit Insurance Corporation; Board of Governors of the Federal Reserve System; Office of Thrift Supervision (2011, June). ‘Interagency Supervisory Guidance on Counterparty Credit Risk Management’, <https:// www.fdic.gov/news/news/press/2011/pr11113a.pdf>. Onaran, Yalman and Scinta, Christopher (2008). ‘Lehman Files Biggest Bankruptcy Case as Suitors Balk (Update4)’, <http://www.bloomberg.com/apps/news?pid= newsarchive&sid=awh5hRyXkvs4>, published on 15 September 2008. Operational Risk Consortium (n.d.). ‘About ORIC’, <https://www.oricinternational.com/>. Operational Riskdata eXchange Association (n.d.). ‘About ORX’, <https://www.orx.org/Pages/ AboutORX.aspx>. Peston, Robert (2012). ‘Is Outsourcing the Cause of RBS Debacle?’, <http://www.bbc.co.uk/ news/business-18577109>, published on 25 June 2012. PricewaterhouseCoopers’ Financial Services Institute (2009, August). ‘Lehman Brothers’ Bankruptcy: Lessons Learned for the Survivors’, <http://www.pwc.com/en_JG/jg/events/ Lessons-learned-for-the-survivors.pdf>. Protiviti Independent Risk Consulting (2006, January). ‘Operational Risk Management Takes Hold’, <http://www.protiviti.com/en-US/Documents/Surveys/Global_Operational_ Risk_Survey_Monograph.pdf>. Reckard, E. Scott (2013). ‘BofA online and phone service disrupted’, <http://articles.latimes. com/2013/feb/01/business/la-fi-0202-bofa-outages-20130202>, published on 1 February 2013. Reinhart, Carmen M. and Rogoff, Kenneth S. (2009). ‘The Aftermath of Financial Crises’, American Economic Review, American Economic Association, vol 99 (2), May, pp 466−472. Bibliography.indd 317 10/21/2015 9:58:36 AM 318 Bibliography Reuters (2014). ‘Asian Banks Top Project Finance Deals in 2013’, <http://www.reuters.com/ article/2014/01/17/projectfinance-rankings-idUSL5N0KR1L820140117>, published on 17 January 2014. Risk.net (2012). ‘OpRisk Europe Biggest Operational Risk Posed People Survey’, <http:// www.risk.net/operational-risk-and-regulation/news/2184145/oprisk-europe-biggestoperational-risk-posed-people-survey>. —(2013). ‘Risk USA: Reputational Risk Impossible to Quantify’, <http://www.risk.net/ operational-risk-and-regulation/news/2302950/risk-usa-reputational-risk-impossibleto-quantify>, published on 25 October 2013. Robertson, Jordan (2013). ‘Cheapest Way to Rob Bank Seen in Cyber Attack Like Hustle’, <http://www.bloomberg.com/news/2013-05-06/cheapest-way-to-rob-bank-seen-incyber-attack-like-hustle.html>, published on 6 May 2013. Saunders, Anthony and Cornett, Marcia Millon (2012). Financial Markets and Institutions, 5th international edn, New York: McGraw Hill Higher Education. Securities and Futures Commission (2013). ‘SFC, HKMA and the Royal Bank of Scotland NV Reach Agreement on Lehman Brothers-related Equity-linked Notes’, <http://www.sfc.hk/ edistributionWeb/gateway/EN/news-and-announcements/news/doc?refNo=13PR66>, published on 18 July 2013. Siddiqi, Naeem (2005). Credit Risk Scorecards: Developing and Implementing Intelligent Credit Scoring, New Jersey: John Wiley & Sons, Inc. Standard & Poor’s Ratings Services/McGraw Hill Financial (2014). ‘Default, Transition & Recovery: 2013 Annual Global Corporate Default Study and Rating Transition’, <http:// www.maalot.co.il/publications/FTS20140324161422.pdf>, published on 19 March 2014. Standard Chartered (2009). ‘Sustainable Lending’, <http://www.standardchartered.com/ sustainability/sustainable-finance/sustainable-lending/en/>. Strupczewski, Jan (2013). ‘Does Size Matter? Cypriot Bank Sector Problem Went Overlooked’, <http://uk.reuters.com/article/2013/03/21/uk-eurozone-cyprus-banking-sizeidUKBRE92K0Y520130321>, published on 21 March 2013. Tangel, Andrew and Lifsher, Marc (2013). ‘JPMorgan May Settle California Energy Market Manipulation Case’, <http://www.latimes.com/business/la-fi-jpmorgan-ferc-20130719,0, 3398638.story>, published on 18 July 2013. Team, Trefis (2012). ‘Knight Capital is Just Another Example of Poor Risk Management’, <http://www.forbes.com/sites/greatspeculations/2012/08/03/knight-capital-isanother-example-of-poor-risk-management/>, published on 3 August 2012. Thomson Reuters; World Gold Council (2013, February). ‘Gold Demand Trends Full Year 2012’, <www.gold.org/download/file/3143/GDT_Q4_2012.pdf>. UBS Equities Research (2014). ‘UBS Equities Research Global Breadth, Predictive Insight’, <http://www.ubs.com/global/en/investment-bank/institutions/securities-research/ equities-research.html>, published on 15 December 2014. Walker, David K. (2007, October). ‘Deposit Insurance in Selected Asian Countries: Before and After the Financial Crisis’, <http://www.pdic.gov.ph/files/Occasional_Paper_No2.pdf>. Weisbrot, Mark (2011). ‘Jamaica’s Crippling Debt Crisis Must Serve as a Warning to Greece’, <http://www.theguardian.com/commentisfree/cifamerica/2011/jul/22/jamaica-debtcrisis>, published on 22 July 2011. World Economic Forum (2014). ‘Global Risks 2014 (9th edition)’, <http://www3.weforum. org/docs/WEF_GlobalRisks_Report_2014.pdf>. Bibliography.indd 318 10/21/2015 9:58:36 AM Format 260 x 190 mm / ext 328 / spine 13.3mm / 80 gsm matt art Principles and Framework This book offers a broad-based understanding of the types of risk faced by banks and how these risks may be identified, assessed and managed. It aims to provide general banking practitioners with insights into key risk management concepts and practices, as well as intelligently discuss developments in bank risk management. The contents are organized and presented in an easily readable format to enable learners to understand key qualitative risk factors and how they impact risk management. Each chapter contains numerous illustrative examples and case studies of real life situations to enable students to relate theories to real world events. Key features of the book: • Chapter overview complete with clear learning objectives • Real world illustrations that relate theories to real world events • Illustrative examples that contextualize and elaborate on new and complex concepts The other title in this series: Risk Management in Banking: Risk Models, Capital and Asset Liability Management About the Author Philip Te Philip Te is the Programme Director for the Quantitative Finance and Risk Management Series at the Ateneo Centre for Continuing Education—the largest continuing education institution in the Philippines. He has lectured extensively on financial risk management, Basel II/III, derivatives, IAS 39/IFRS 9, option pricing, corporate treasury management and hedging strategies. He is the author of Bank Risk Management Primer, published by the Bankers’ Association of the Philippines. A Chartered Financial Analyst (CFA), Philip is also a certified Financial Risk Manager (FRM) and Energy Risk Professional (ERP), both awarded by the Global Association of Risk Professionals (GARP). He is also a Certified Public Accountant (CPA). Philip is currently a vice president at the Client Solutions Group of a global commercial bank. Prior to this, he was the head of the Structured Products and Financial Engineering Department of a local commercial bank and a senior associate at the Ernst & Young Financial Services Risk Management (FSRM) and Quantitative Advisory Services (QAS) group. Risk Management in Banking Principles and Framework Risk Management in Banking Risk Management in Banking Principles and Framework Philip Te

Philip Te - Risk Management in Banking Principles and Framework-Oxford Fajar Sdn. Bhd. (2016)

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib