OVERVIEW OF RISK

MANAGEMENT
Mr. T. P. Nageswara Rao, GM (ERM)

Presentation Outline
2

Understanding of Risk Management

Role of Audit in Risk Management

Risk Management @ SBI

Risk Governance Structure

Basel II Approaches
Beyond Basel II

Role of Audit in Basel Implementation

March 30, 2012

Risk Management
Understanding

March 30, 2012

What is Risk?
4

Danger?

Restrictions
?

Risk

Uncertaintie
s?

Losses?
March 30, 2012

Introduction
5

Risk Definition
The
quantifiable
expectations

likelihood

Risk is all pervasive

Risk is unavoidable

Risk justifies rewards

of

deviations

from

Risk Management Defined

The process by which organisations identify, assess,
control, monitor and measure their significant risks from
all sources for the purpose of increasing short and long
term value to stakeholders.
March 30, 2012

Risk Management in
Banking

Risk Management is of utmost importance

for Banks on account of following:

High leverage
Changing regulations

Basel II advanced approaches related to

internalising risk management systems
Regulations made more elaborate following the
financial crises

Increased complexity of business

Its no longer plain vanilla banking

March 30, 2012

Types of Risks
7

Credit Risk
Market Risk
Liquidity Risk
Interest Rate
Risk ..

Concentration
Risk
Contagion
Risk
Earnings
Volatility
Risk

Business Risk
Strategic Risk
Reputation
Risk

Financial
Risk

Business
related
Risks

Other
Risks

Operation
al Risk
People Risk
System Risk
Process
Risk..
March 30, 2012

Interdependencies of Risks
8

March 30, 2012

Role of Audit in Risk

Management

March 30, 2012

10

Internal Audit & Risk

Management Interaction

Audit serves twin purposes:

Facilitating Identification and Evaluation of Risks

Assessing Adequacy of Risk Management Processes

Identify Strengths and Gaps in an Established Risk

Management process

Increased Significance of Internal Audit in

Measuring and Managing Corporate Risk

Feedback on effectiveness of existing Internal Controls

In the wake of financial crises, as a measure to

enhance & improve risk management process

Audit Independent of Risk Management:

Different Responsibilities, Complementary
Functions
March 30, 2012

11

Risk Management @ SBI

March 30, 2012

Risk Governance Structure

12
Risk Management Committees

Audit Committee of the Board

(ACB)

Board of Directors
Credit Risk Management Committee
(CRMC) MD(IB), DMD & CCRO,
DMD (CBG, MCG, GM)

Inspection and Management

Audit (I&MA)

Asset Liability Management

Committee (ALCO)

Market Risk Management Committee

(MRMC) MD&CFO, DMD&CCRO,
DMD (GM)
Risk Management Committee of the Board
(RMCB)

DMD & CCRO

Operational Risk Management Committee

(ORMC) MD(IB), MD(NB),
DMD&CCRO, DMD (I&A)
Group Risk Management Committee
(GRMC) MD (IB), MD&CFO,
DMD&CCRO, DMD (GM)

CGM (RM)

GM
(Credit Risk)

GM
(Enterprise
Risk)

GM (CISO)

DGM
(Basel II)

DGM
(Market Risk)

DGM
(Operational
Risk)

DGM
(Group Risk)

Credit Risk
Management
Team

Enterprise Risk
Management
Team

CISO Team

Basel II, Admin

& MIS Team

Market Risk
Management
Team

Operational Risk
Management
Team

Group Risk
Management
Team

March 30, 2012

BASEL II
13

BCBSs Basel
Accord:
streamlining
the
Risk
Practices

Platform for
Management

Basel II

Pillar I
Minimum
Capital
Requirement
Credit Risk
Market Risk
Operational
Risk

Pillar
II
Supervisory
Review Process
Liquidity Risk
Interst Rate
Risk
Concentration
Risk
Strategic Risk
Reputation Risk
and many more

Pillar
III
Market
Discipline
Disclosures

March 30, 2012

14

Pillar I: Minimum Capital

Requirements

March 30, 2012

Credit Risk Management

15

Credit Risk: Possibility of losses associated with

diminution in credit quality of borrowers or
counterparties

Standardised Approach

Risk Weights are assigned to various asset classes based

on Ratings by Eligible External Credit Rating Agencies

Domestic CARE, ICRA, CRISIL, FITCH INDIA

International MOODYS, FITCH, S&P

Risk Weights for Retail dependent factors such as LTV

ratio / category of exposures etc.

Currently Bank follows Standardised Approach for

Capital Calculation for Credit Risk
March 30, 2012

Credit Risk Management

16

Internal Ratings Based (IRB) Approaches

Capital is based upon measures on Expected Loss

(EL) (i.e. Average Loss) and Unexpected Loss (UL)
Risk components and risk weight functions provided
by Basel II to arrive at EL & UL
Banks can arrive at its own estimates for Risk
Components (PD, LGD, EAD, M), subject to approval
from RBI
Foundation (only PD estimates for Corporate) v/s
Advanced (all estimates)
Bank has engaged Consultants for assistance in
filing the application to RBI for IRB Approaches
March 30, 2012

Credit Risk Components

17

Probability of Default (PD) is the likelihood of a

borrower defaulting over a given time horizon,
usually a year
Exposure at Default (EAD) is the amount that the
borrower owes the bank at the time of default
Loss Given Default (LGD) is the loss, expressed as a
percentage of the EAD, on a credit facility, if the
Borrower defaults
Effective Maturity (M) is the longest possible
remaining time before the counterparty is scheduled
to fulfill its obligation, taking into account any
applicable grace period
March 30, 2012

Market Risk Management

18

Market Risk: the risk of losses in on and off-balance

sheet positions arising from movement in market
prices i.e. interest rate, currency exchange rates, and
equity and commodity prices

Standardised Measurement Method (SMM)

Applicable to compute capital charge for interest rate related

instruments in trading book, equities in trading book foreign
exchange risk (including gold and other precious metals) in
both trading and banking book

Bank currently follows SMM and plans to migrate to

Advance Approaches with assistance of Consultants
March 30, 2012

Market Risk Management

19

Internal Models Approach

Use of banks own internal market risk

management
models
for
deriving
risk
measures for determining regulatory capital
requirements for market risk, subject to
supervisory approval
The capital requirement under IMA would be a
function of VaR explained as under:

The maximum amount of money that may be lost on a

portfolio over a given period of time with a given level of
confidence under normal market conditions
To be computed on a daily basis
March 30, 2012

20

Operational Risk
Management
Operational Risk: the risk of loss resulting from inadequate
or failed internal processes, people and systems or from
external events
Basic Indicator Approach (BIA)

Capital for operational risk: average over the previous three years of a fixed
percentage (15% - denoted as alpha) of annual gross income.

Gross income is defined as net interest income plus net non-interest income,
excluding realized profit/losses from the sale of securities in the banking book
and extraordinary and irregular items

The Standardised Approach

Banks activities are divided into 8 business lines and Capital charge for each
business line is calculated by multiplying gross income by a beta factor

Bank currently follows BIA and plans to migrate to advanced

approaches directly with assistance of consultants

March 30, 2012

21

Operational Risk
Management

Advanced Measurement Approach

Capital requirement - sum of Expected Loss

and Unexpected Loss. However, Expected Loss
can be accounted by means of provisions
Requirement
computed
based
on
the
combined use of following factors:

Internal Loss Data

External Loss Data
Scenario Analysis
Business Environment and Internal Control Factors
(BEICF)
March 30, 2012

22

Operational Risk
Approaches

Loss Data Modelling

Internal and External Loss Data captured across 7 loss event

types for each of the 8 business lines

Separate distributions used to model frequency and severity of

losses and modeled into the Operational VaR computation

Business Line
Corporate Finance
Trading and Sales
Payment and
Settlement
Commercial Banking
Agency Services
Retail Banking
Asset Management
Retail Brokerage

Loss Event types

Internal Fraud
External Fraud
Employment practices and workplace
safety
Clients, Products & Business
Practices
Damages To Physical Assets
Business Disruption And System
Failures

23

Operational Risk
Management

BEICF

The Indicators of an institutions operational risk profile that

reflect a current and forward looking assessment of its
underlying business risk factors and internal control
environment

Tools Used to support BEICF Requirement:

Risk & Control Self-Assessment (RCSA) - Enables management

to rate and analyze significant risks based on impact
(severity) and likelihood (frequency) and identify controls for
risk mitigation

Key Risk Indicators - Early warning signals used to monitor Op

Risk, generally derived from key risks identified in the RCSA
exercise to enable the bank track the trajectory of risks
March 30, 2012

Pillar II & Pillar III

24

Pillar II: Supervisory Review & Evaluation Process

(SREP)

It envisages establishment of suitable risk management

systems in banks and their review by the supervisory
authority

Internal Capital Adequacy Assessment Process (ICAAP)

document undertaken for SREP covering material risks faced
by the Bank in addition to Credit, Market, Operational Risks

Pillar III: Market Discipline

It seeks to achieve increased transparency

expanded disclosure requirements for banks

through

March 30, 2012

25

Beyond Basel II

March 30, 2012

Group Risk Management

26

Group Risk Management looks after the Risk to the

State Bank Group as a whole
Applicable to all associate banks / subsidiaries /
joint ventures both domestic and overseas
entities with Equity share of SBI 30% or more,
Common Brand Name and Management Control
GRM policy in place for establishing broad risk
management framework for Group
Monitoring and Reporting of Group Exposures
including Intra Group Exposures, Capital Adequacy
and Liquidity
Preparation of Group ICAAP
March 30, 2012

27

Enterprise Risk
Management

New Initiative Taken by the Bank

ERM is defined as Enterprise Risk Management is

a process,
process effected by an entitys board of
directors, management and other personnel,
personnel
applied in strategy and across the enterprise,
designed to identify potential events that may
affect the entity, and manage risk to be within its
risk appetite,
appetite to provide reasonable assurance
regarding the achievement of entity objectives
objectives
Committee Of Sponsoring Organizations (COSO)

Currently ERM looks after activities encompassing all

risks such as ICAAP, Risk Appetite, etc.
March 30, 2012

28

Audit & Basel II

March 30, 2012

Role of Audit in Basel II

29

Basel II document States An independent review of the

Risk Measurement System should be carried out
regularly in the Banks own internal auditing process. A
review of the overall risk management process should take
place at regular intervals (ideally not less than once a
year) Para 165
Specific mention made to the internal audit for various
minimum requirements for Credit, Market and Operational
Risk
E.g. Internal audit or an equally independent function must
review at least annually the banks rating system and its
operations, including the operations of the credit function
and the estimation of PDs, LGDs and EADs. Areas of review
include adherence to all applicable minimum requirements.
March 30, 2012

To Conclude
30

Audit acts as an important complimentary function to Risk

Management at operational levels as well as governance
levels

Effective Audit contributes to the Risk Management

systems effectiveness

Role of audit is becoming more and more critical with the

onset of new regulations

Recent requirements of risk management related audits

calls for high level of risk information and expertise

Audit moved from post mortem analysis to proactive

feedback mechanism
March 30, 2012

31

Group Work
Identification of Top 3 Risks faced by the
Bank in the present scenario based on
your experience in audit assignments

March 30, 2012

32

THANK YOU

March 30, 2012