Rizwan Chughtai Risk exposure arising from business activities Need to effectively manage because of Potential business losses Ensure business continuity Wider and/or complex risk requires more prudent management Risk appetite determines risk exposure Optimize risk-reward trade-off rather than minimize/eliminate risk. Risk taking is inherent activity but neither engage in business with unnecessary risk nor absorb risk that can be transferred Regulatory Case vs Business Case Strategic Level Macro Level Within a business area or across business lines Micro Level Encompasses senior management and BOD ‘On-the-line’ risk management Need to have properly structured RM Introduced in 2003 (BSD Circular 7 of 2003) Issued to enable financial institutions to establish their own RM procedures Provide an overview of actions and not intended to detail every control procedure Flexible and adaptable with the size and complexity of business Areas covered Credit Risk Market Risk Liquidity Risk Operational Risk Certain basic principles for risk management applicable to all institutions irrespective of size and complexity Board and senior Management oversight “The overall responsibility of risk management vests in the Board of Directors, which shall formulate policies in various areas of operations of the bank. The senior management is, interalia, responsible for devising risk management strategy and well-defined policies and procedures for mitigating/controlling risks, which should be duly approved by the Board. The senior management is also responsible for the dissemination, implementation, and compliance of approved policies and procedures.” Integration of Risk Management “At operational level, risk assessment may be made on portfolio or business line basis, however, at the top level the management need to adopt a holistic approach in assessing and managing risk profile of the bank.” Business Line Accountability “Irrespective of a separate risk review or management function individuals heading various business lines or units are also accountable for the risk they are taking.” Risk Evaluation/Measurement “Wherever possible risks should be quantitatively measured, reported, and mitigated.” Independent review “The risk review function should be independent of those who approve and take risk. The review should include, interalia, stress tests exposing the portfolio to unanticipated movements in key variables or major systemic shocks.” Contingency planning “Banks should have contingency plans for any unexpected or worst case scenarios.” • • • • • • The individuals who take or manage risks clearly understand it. The organization’s Risk exposure is within the limits established by Board of Directors. Risk taking Decisions are in line with the business strategy and objectives set by BOD. The expected payoffs compensate for the risks taken Risk taking decisions are explicit and clear. Sufficient capital as a buffer is available to take risk. Board and Senior Management Oversight BoD to approve credit risk strategy and other significant policies SM to develop and establish credit risk policies & credit administration procedures and guide staff Setting up appropriate organization structure and specify duties/responsibilities Credit management discipline Credit Origination Assess risk profile before extending credit Cash flows and repayment capacity Appropriate utilization of credit Limit Setting Credit Administration Documentation, Disbursement, Monitoring, Repayment, Credit Files, Collateral Documents Measuring Credit Risk Internal Risk Rating Rating Review Credit Risk monitoring & Control Risk Review Delegation of Authority Managing Problem Credits Board and Senior Management Oversight Organizational Structure Risk Management Committee Asset-Liability Committee Middle Office Risk Measurement Interest Rate, Foreign Exchange, Equity Risk Measurement Repricing Gap Models Measuring Risk to Economic Value Value at Risk Risk Limits Gap Limits Factor Sensitivity Limits Board and Senior Management Oversight Early warning indicators of liquidity risk Liquidity Risk Strategy Composition of Assets & Liabilities Diversification and Stability of Liabilities ALCO/Investment Committee Liquidity Risk Management Process Liquidity Risk Measurement & Monitoring Contingency Funding Plans (CPF) Use of CPF for Routine Liquidity Management Use of CPF for Emergency & Distress Environment Cash Flow Projections Liquidity Ratios and Limits Operational Risk Management Principles Ultimate accountability with BoD BoD to ensure effective & integrated OpRisk Management Framework BoD and SM to identify and define all categories of Operational Risk Document and communicate OpRisk policies and procedures Integrated business and support functions Diligence of business line Risk Assessment and Quantification Risk Management and Mitigation Risk Monitoring Key Risk Indicators (KRIs) Risk Reporting Establish Control Mechanism Contingency Planning Guidelines in 2004 (BSD Circular 7 of 2004) Properly designed and strictly enforced system of internal controls helps: protect the organization’s assets and profitability from operational losses and frauds and forgeries produces reliable financial and management reports helps compliance with laws and regulations creates value for the stakeholders • • • BSD Circular 13 of 2004 Need for comprehensive BCP arrangements Key considerations – – – – – – – – – Responsibility Components of BCP Critical Business Line Geographic Concentration Centralization of Operations Recovery Time Targets Testing Updation and Validation Compliance • • Need to have synchronized and adhesive policies covering different areas Consolidated instructions on policy framework (BSD Circular 3 of 2007) – Minimum Areas • • • • • • • • Risk Management Policy Credit Policy Treasury & Investment Policy Internal Control System and Audit Policy I.T. Security Policy Human Resource Policy Expenditure Policy Accounting & Disclosure Policy • • • BSD Circular 17 of 2008 ICAAP supplements quantitative risk assessment in Pillar-1 of Basel II ICAAP is set of policies, methodologies, techniques, and procedures to assess the capital adequacy requirements in relation to the bank’s risk profile and effectiveness of its risk management, control environment and strategic planning Elements of ICAAP Board and senior management oversight Sound capital assessment Comprehensive assessment of risks Monitoring and reporting Internal control review Core for every angle of Risk Management