Source: E-mail dt. 7 June 2012


Risk Management in Banking


Dr. R. Karuppasamy M.Com., MBA, M.Phil., Ph.D., PLME

 Director, Management Studies, SNS College of Technology, Coimbatore, Tamilnadu, India




Mr. C. Arul Venkadesh MBA, PGDPM (IRLL), (PhD)

Assistant Professor – Department of Management Sciences, CIET College, Coimbatore, Tamilnadu, India




Risk is inherent in any walk of life in general and in financial sectors in particular. Till recently, due to regulate environment, banks could not afford to take risks. But of late, banks are exposed to same competition and hence are compelled to encounter various types of financial and non-financial risks. Risks and uncertainties form an integral part of banking which by nature entails taking risks. There are three main categories of risks; Credit Risk, Market Risk & Operational Risk. Author has discussed in detail. Main features of these risks as well as some other categories of risks such as Regulatory Risk and Environmental Risk. Various tools and techniques to manage Credit Risk, Market Risk and Operational Risk and its various components, are also discussed in detail. Another has also mentioned relevant points of Basel’s New Capital Accord’ and role of capital adequacy, Risk Aggregation & Capital Allocation and Risk Based Supervision (RBS), in managing risks in banking sector. The concept of risk and risk management are core of financial enterprise. The importance of appropriate and effective risk management are always stressed by regulators. Bank of International Settlements (BIS) through Basel Accords has also stipulated risk.


Management practices required for banks. This programme provides an understanding of various types of risks faced by banks and financial institutions and ways to mitigate such risks.  Statistical methods to quantify risks inherent in banking operations for both reporting and management and newer methodologies to quantify risk would also be stressed.




A change of guard at the helm at the country's largest bank has led to a lot of provisioning, with the result that there has been a sharp drop in the bottom line as per its latest accounting statement. The yo-yoing profit figures point at the need for more stability in accounting policy, including on quantifying and managing risk.  A recent working paper on accounting opines that while measurement-based risk management in banking internationally is essentially work-in-progress, the practice of gauging risks seems basically of two types. The risk functions of some organisations have a proclivity for 'quantitative enthusiasm', while others seem geared towards 'quantitative scepticism'. The study finds that in the first group, there is overt reliance on a system of standard formulae to aggregate and keep tab of risk. And in the other group, what is stressed is more qualitative interpretation of data and scenario analysis to traverse the risk environment.  The paper adds that in stable situations, the focus on a formulaic attitude to risk management has its merits in that it can conserve mental effort and keep organisational behaviour consistent.


Risk is 'organised' into three silos: market risk, credit risk and operational risk. And it includes statistical estimates of credit defaults, with market and operational risks also quantified. In sharp contrast, at Goethebank, as also banks D and E, risk management is characterised by much quantitative scepticism.  Market and credit risks are modelled, but the numbers are not seen as reflecting the underlying economic reality. And operational risk is seen as largely unmeasurable. So, Fraser and A, B and C relied on complex quantitative models to measure and control risks, with the risk function excluded from top managerial discussions on strategy and operations.


When we use the term “Risk”, we all mean financial risk or uncertainty of financial loss. If we consider risk in terms of probability of occurrence frequently, we measure risk on a scale, with certainty of occurrence at one end and certainty of non-occurrence at the other end. Risk is the greatest where the probability of occurrence or non-occurrence is equal. As per the Reserve Bank of India guidelines issued in Oct. 1999, there are three major types of risks encountered by the banks and these are Credit Risk, Market Risk & Operational Risk. As we go along the article, we will see what the components of these three major risks are. In August 2001, a discussion paper on move towards Risk Based Supervision was published. Further after eliciting views of banks on the draft guidance note on Credit Risk Management and market risk management, the RBI has issued the final guidelines and advised some of the large PSU banks to implement so as to guage the impact. A discussion paper on Country Risk was also released in May 02. Risk is the potentiality that both the expected and unexpected events may have an adverse impact on the bank’s capital or earnings. The expected loss is to be borne by the borrower and hence is taken care of by adequately pricing the products through risk premium and reserves created out of the earnings. It is the amount expected to be lost due to changes in credit quality resulting in default. Whereas, the unexpected loss on account of the individual exposure and the whole portfolio in entirely is to be borne by the bank itself and hence is to be taken care of by the capital.  Thus, the expected losses are covered by reserves/provisions and the unexpected losses require capital allocation. Hence the need for sufficient Capital Adequacy Ratio is felt. Each type of risks is measured to determine both the expected and unexpected losses using VaR (Value at Risk) or worst-case type analytical model.






Credit Risk is the potential that a bank borrower/counter party fails to meet the obligations on agreed terms. There is always scope for the borrower to default from his commitments for one or  the other reason resulting in crystalisation of credit risk to the bank.  These losses could take the form outright default or alternatively, losses from changes in portfolio value arising from actual or perceived deterioration in credit quality that is short of default. Credit risk is inherent to the business of lending funds to the operations linked closely to market risk variables.  The objective of credit risk management is to minimize the risk and maximize bank’s risk adjusted rate of return by assuming and maintaining credit exposure within the acceptable parameters.


Credit risk consists of primarily two components, viz., Quantity of risk, which is nothing but the outstanding loan balance as on the date of default and the quality of risk, viz., the severity of loss defined by both Probability of Default as reduced by the recoveries that could be made in the event of default. Thus credit risk is a combined outcome of Default Risk and Exposure Risk. The element of Credit Risk is Portfolio risk comprising Concentration Risk as well as Intrinsic Risk and Transaction Risk comprising migration/down gradation risk as well as Default Risk. At the transaction level, credit ratings are useful measures of evaluating credit risk that is prevalent across the entire organization where treasury and credit functions are handled.


Portfolio analysis help in identifying concentration of credit risk, default/migration statistics, recovery data, etc. In general, Default is not an abrupt process to happen suddenly and past experience dictates that, more often than not, borrower’s credit worthiness and asset quality declines gradually, which is otherwise known as migration. Default is an extreme event of credit migration. Off balance sheet exposures such as foreign exchange forward contracts, swaps options etc are classified in to three broad categories such as full Risk, Medium Risk and Low risk and then translated into risk weighted assets through a conversion factor and summed up. The management of credit risk includes a) measurement through credit rating/ scoring, b) quantification through estimate of expected loan losses, c) Pricing on a scientific basis and d) Controlling through effective Loan Review Mechanism and Portfolio Management.




Market Risk may be defined as the possibility of loss to bank caused by the changes in the market variables. It is the risk that the value of on-/off-balance sheet positions will be adversely affected by movements in equity and interest rate markets, currency exchange rates an commodity prices. Market risk is the risk to the bank’s earnings and capital due to changes in the market level of interest rates or prices of securities, foreign exchange and equities, as well as the volatilities, of those prices. Market Risk Management provides a comprehensive and dynamic frame work for measuring, monitoring and managing liquidity, interest rate, foreign exchange and equity as well as commodity price risk of a bank that needs to be closely integrated with the bank’s business strategy


a) Liquidity Risk:


Bank Deposits generally have a much shorter contractual maturity than loans and liquidity management needs to provide a cushion to cover anticipated deposit withdrawals. Liquidity is the ability to efficiently accommodate deposit as also reduction in liabilities and to fund the loan growth and possible funding of the off-balance sheet claims. The cash flows are placed in different time buckets based on future likely behaviour of assets, liabilities and off-balance sheet items. Liquidity risk consists of Funding Risk, Time Risk & Call Risk.


b) Interest Rate Risk


Interest Rate Risk is the potential negative impact on the Net Interest Income and it refers to the vulnerability of an institution’s financial condition to the movement in interest rates. Changes in interest rate affect earnings, value of assets, liability off-balance sheet items and cash flow. Hence, the objective of interest rate risk management is to maintain earnings, improve the capability, ability to absorb potential loss and to ensure the adequacy of the compensation received for the risk taken and effect risk return trade-off. Management of interest rate risk aims at capturing the risks arising from the maturity and re-pricing mismatches and is measured both from the earnings and economic value perspective


c) Forex Risk


Foreign exchange risk is the risk that a bank may suffer loss as a result of adverse exchange rate movement during a period in which it has an open position, either spot or forward or both in same foreign currency. Even in case where spot or forward positions in individual currencies are balanced the maturity pattern of forward transactions may produce mismatches. There is also a

settlement risk arising out of default of the counter party and out of time lag in settlement of one currency in one center and the settlement of another currency in another time zone. Banks are also exposed to interest rate risk, which arises from the maturity mismatch of foreign currency position. The Value at Risk (VaR) indicates the risk that the bank is exposed due to uncovered position of mismatch and these gap positions are to be valued on daily basis at the prevalent forward market rates announced by FEDAI for the remaining maturities.


d) Country Risk


This is the risk that arises due to cross border transactions that are growing dramatically in the recent years owing to economic liberalization and globalization. It is the possibility that a country will be unable to service or repay debts to foreign lenders in time. It comprises of Transfer Risk arising on account of possibility of losses due to restrictions on external remittances; Sovereign Risk associated with lending to government of a sovereign nation or taking government guarantees; Political Risk when political environment or legislative process of country leads to government taking over the assets of the financial entity (like nationalization, etc) and preventing discharge of liabilities in a manner that had been agreed to earlier; Cross border risk arising on account of the borrower being a resident of a country other than the country where the cross border asset is booked; Currency Risk, a possibility that exchange rate change, will alter the expected amount of principal and return on the lending or investment.

In the process there can be a situation in which seller (exporter) may deliver the goods, but may not be paid or the buyer (importer) might have paid the money in advance but was not delivered the goods for one or the other reasons.




Risk Management is a discipline at the core of every financial institution and encompasses all the activities that affect its risk profile. It involves identification, measurement, monitoring and controlling risks to ensure that


a) The individuals who take or manage risks clearly understand it.

b) The organization’s Risk exposure is within the limits established by Board of Directors.

c) Risk taking Decisions are in line with the business strategy and objectives set by BOD.

d) The expected payoffs compensate for the risks taken

e ) Risk taking decisions are explicit and clear.

f) Sufficient capital as a buffer is available to take risk


The acceptance and management of financial risk is inherent to the business of banking and banks’ roles as financial intermediaries. Risk management as commonly perceived does not mean minimizing risk; rather the goal of risk management is to optimize risk-reward trade -off. Notwithstanding the fact that banks are in the business of taking risk, it should be recognized that an institution need not engage in business in a manner that unnecessarily imposes risk upon it: nor it should absorb risk that can be transferred to other In every financial institution, risk management activities broadly take place simultaneously at following different hierarchy levels.


a) Strategic level: It encompasses risk management functions performed by senior management and BOD. For instance definition of risks, ascertaining  institutions risk appetite, formulating strategy and policies for managing  risks and establish adequate systems and controls to ensure that overall risk  remain within acceptable level and the reward compensate for the risk


b) Macro Level: It encompasses risk management within a business area or across business lines. Generally the risk management activities performed by middle management or units devoted to risk reviews fall into this category.


c) Micro Level: It involves ‘On-the-line’ risk management where risks are actually created. This is the risk management activities performed by individuals who take risk on organization’s behalf such as front office and loan origination functions. The risk management in those areas is confined to following operational procedures and guidelines set by management. Expanding business arenas, deregulation and globalization of financial activities emergence of new financial products increased level of competition has necessitated a need for an effective and structured risk management in financial institutions.  A bank’s ability to measure, monitor, and steer risks comprehensively is becoming a decisive parameter for its strategic positioning.  The risk management framework and sophistication of the process, and internal controls, used to manage risks, depends on the nature, size and complexity of institutions activities. Nevertheless, there are some basic principles that apply to all financial institutions irrespective of their size and complexity of business and are reflective of the strength of an individual bank's risk management practices.




Risk management underscores the fact that the survival of an organization depends heavily on its capabilities to anticipate and prepare for the change rather than just waiting for the change and react to it. The objective of risk management is not to prohibit or prevent risk taking activity, but to ensure that the risks are consciously taken with full knowledge, clear purpose and understanding so that it can be measured and mitigated. It also prevents an institution from suffering unacceptable loss causing an institution to fail or materially damage its competitive position. Functions of risk management should actually be bank specific dictated by the size and quality of balance sheet, complexity of functions, technical/ professional manpower and the status of MIS in place in that bank. There may not be one-size-fits-all risk management module for all the banks to be made applicable uniformly. Balancing risk and return is not an easy task as risk is subjective and not quantifiable where as return is objective and measurable. If there exist a way of converting the subjectivity of the risk into a number then the balancing exercise would be meaningful and much easier.




  1. http://economictimes.indiatimes.com/opinion/policy/risk-management-in-banks-simple-steps-for-difficult-situations/articleshow/8478370.cms
  2. http://www.mckinseyquarterly.com/Better_operational-risk_management_for_banks_1835
  3. http://www.fitchtraining.com/en/course/58/risk-management-in-banks-the-capital-implications.aspx
  4. http://en.wikipedia.org/wiki/Risk_management_in_Indian_banks
  5. http://www.crisil.com/risk-solutions/risk-solutions.html
  6. http://www.sas.com/industry/financial-services/banking/credit-risk-management/index.htm
  7. http://www.roseindia.net/services/outsourcing/risk-management-practices-banks-outsource-services.shtml
  8. John Adams, RISK, Routledge 1995
  9. David Hillson and Rurh Murray-Webster, Understanding and Managing Risk Attitude, Gower2007
  10. David Cooper, Leadership Risk,Wiley 2010
  11. Kowert, P.A., & Hermann, M.G. (1997). Who takes risks? Daring and caution in foreign policy making. Journal od Conflict Resolution, 411, 611-37.
  12. Geoff Trickey (2011), Risk Types. OP Matters No 14 February 2012 The British Psychological Society