Rizwan Chughtai

8/14/2019 Rizwan Chughtai

1/30

Rizwan Chughtai


2/30

Risk exposure arising from business activities

Need to effectively manage because of

Potential business losses

Ensure business continuity

Wider and/or complex risk requires moreprudent management

Risk appetite determines risk exposure


3/30

Optimize risk-reward trade-off rather thanminimize/eliminate risk.

Risk taking is inherent activity but

neither engage in business with unnecessary risk norabsorb risk that can be transferred

Regulatory Case vs Business Case


4/30

Strategic Level

Encompasses senior management and BOD

Macro Level

Within a business area or across business lines

Micro Level

On-the-line risk management

Need to have properly structured RM


5/30

Introduced in 2003 (BSD Circular 7 of 2003)

Issued to enable financial institutions toestablish their own RM procedures

Provide an overview of actions and notintended to detail every control procedure

Flexible and adaptable with the size and

complexity of business


6/30

Areas covered

Credit Risk

Market Risk

Liquidity Risk Operational Risk

Certain basic principles for risk managementapplicable to all institutions irrespective of sizeand complexity


7/30


8/30

Board and senior Management oversightTheoverall responsibility of risk management vests in the

Board of Directors, which shall formulate policies invarious areas of operations of the bank. The senior

management is, interalia, responsible for devising riskmanagement strategy and well-defined policies andprocedures for mitigating/controlling risks, which shouldbe duly approved by the Board. The senior managementis also responsible for the dissemination, implementation,and compliance of approved policies and procedures.


9/30

Integration of Risk ManagementAt operational level, risk assessment may be made on

portfolio or business line basis, however, at the top levelthe management need to adopt a holistic approach in

assessing and managing risk profile of the bank.

Business Line AccountabilityIrrespective of a separate risk review or management

function individuals heading various business lines orunits are also accountable for the risk they are taking.


10/30

Risk Evaluation/MeasurementWherever possible risks should be quantitatively

measured, reported, and mitigated.

Independent reviewThe risk review function should be independent of thosewho approve and take risk. The review should include,interalia, stress tests exposing the portfolio tounanticipated movements in key variables or major

systemic shocks. Contingency planning

Banks should have contingency plans for any unexpectedor worst case scenarios.


11/30

The individuals who take or manage risks clearlyunderstand it.

The organizations Risk exposure is within thelimits established by Board of Directors.

Risk taking Decisions are in line with the businessstrategy and objectives set by BOD.

The expected payoffs compensate for the riskstaken

Risk taking decisions are explicit and clear.

Sufficient capital as a buffer is available to takerisk.


12/30


13/30

Board and Senior Management Oversight

BoD to approve credit risk strategy and othersignificant policies

SM to develop and establish credit risk policies &credit administration procedures and guide staff

Setting up appropriate organization structureand specify duties/responsibilities

Credit management discipline


14/30

Credit Origination

Assess risk profile before extending credit

Cash flows and repayment capacity

Appropriate utilization of credit Limit Setting

Credit Administration

Documentation, Disbursement, Monitoring,Repayment, Credit Files, Collateral Documents


15/30

Measuring Credit Risk

Internal Risk Rating

Rating Review

Credit Risk monitoring & Control

Risk Review

Delegation of Authority

Managing Problem Credits


16/30


17/30


Organizational Structure

Risk Management Committee

Asset-Liability Committee

Middle Office

Risk Measurement

Interest Rate, Foreign Exchange, Equity


18/30

Risk Measurement

Repricing Gap Models

Measuring Risk to Economic Value

Value at Risk Risk Limits

Gap Limits

Factor Sensitivity Limits


19/30


20/30


Early warning indicators of liquidity risk

Liquidity Risk Strategy

Composition of Assets & Liabilities

Diversification and Stability of Liabilities

ALCO/Investment Committee

Liquidity Risk Management Process


21/30

Liquidity Risk Measurement & Monitoring

Contingency Funding Plans (CPF)

Use of CPF for Routine Liquidity Management

Use of CPF for Emergency & Distress Environment Cash Flow Projections

Liquidity Ratios and Limits


22/30


23/30

Operational Risk Management Principles

Ultimate accountability with BoD

BoD to ensure effective & integrated OpRisk

Management Framework BoD and SM to identify and define all categories of

Operational Risk

Document and communicate OpRisk policies and

procedures Integrated business and support functions

Diligence of business line


24/30

Risk Assessment and Quantification

Risk Management and Mitigation

Risk Monitoring

Key Risk Indicators (KRIs)

Risk Reporting

Establish Control Mechanism

Contingency Planning


25/30

Guidelines in 2004 (BSD Circular 7 of 2004)

Properly designed and strictly enforcedsystem of internal controls helps:

protect the organizations assets and profitabilityfrom operational losses and frauds and forgeries

produces reliable financial and managementreports

helps compliance with laws and regulations

creates value for the stakeholders


26/30

BSD Circular 13 of 2004

Need for comprehensive BCP arrangements

Key considerations Responsibility Components of BCP

Critical Business Line

Geographic Concentration

Centralization of Operations

Recovery Time Targets

Testing

Updation and Validation

Compliance


27/30

Need to have synchronized and adhesive policiescovering different areas

Consolidated instructions on policy framework(BSD Circular 3 of 2007) Minimum Areas

Risk Management Policy

Credit Policy

Treasury & Investment Policy

Internal Control System and Audit Policy

I.T. Security Policy Human Resource Policy

Expenditure Policy

Accounting & Disclosure Policy


28/30

BSD Circular 17 of 2008

ICAAP supplements quantitative riskassessment in Pillar-1 of Basel II

ICAAP is set of policies, methodologies,techniques, and procedures to assess the capitaladequacy requirements in relation to the banksrisk profile and effectiveness of its riskmanagement, control environment andstrategic planning


29/30

Elements of ICAAP

Board and senior management oversight

Sound capital assessment

Comprehensive assessment of risks Monitoring and reporting

Internal control review

Core for every angle of Risk Management


30/30