Workbook BSMR Level 1 (English)

Part A

Banking risk and regulation

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko A : 3

1 The nature of risk and regulation in banking The purpose of this chapter is to provide the student with an overview of the risks and regulations associated with banking. Many of the concepts and issues introduced have been intentionally simplified; however in certain instances concepts will be discussed in more depth in subsequent sections of this study guide. On completion of this chapter the candidate will have a basic understanding of:

the risks inherent in banking why banks need to be regulated current banking regulations the different risks as defined in Basel II the impact of risk events on banks, their stakeholders and the economy some key concepts involved in banking and financial risk management Indonesian banking regulation.

It is important to remember that candidates beginning their studies for the Indonesia Certificate in Banking Risk and Regulation qualification are not expected to have expertise in financial risk management. However, candidates will be expected to understand the basic concepts of the underlying risks supervisors require banks to manage.

1.1 Banks, risk and the need for regulation

What is a bank? This chapter outlines regulation as it relates to banks. A bank is an institution which holds a banking license, accepts deposits, makes loans, and accepts and issues checks. In contrast a financial services company is an institution that offers its customers a financial product such as a mortgage, pension, insurance or a bond. The above definitions highlight the differences between a bank and a financial services company. While a bank is a financial services company, a financial services company is not necessarily a bank. It is important to understand that the regulation of banks is different from the regulation of the financial services industry. Banking regulation is a subset of the overall regulation of financial services.

Part A: Banking risk and regulation

A : 4 © Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko

What is risk?

The dictionary definition of risk is the chance of disaster or loss. For purposes of the Certificate, risk is defined as the chance of a bad outcome. This implies that risk only relates to situations where a negative outcome could occur and that the likelihood of such an outcome can be estimated. Two other risk-related terms are important for the purposes of the Certificate:

Risk event is defined as the occurrence of an event that creates the potential for loss (a bad outcome)

Risk loss refers to the losses incurred as a direct or indirect consequence of the risk event. Such losses can be either financial or non-financial.

1.1.1 Financial services industry, banks and regulation

Most people are familiar with the regulation of non-financial products. Many governments set out guidelines or rules that a company must follow in order to get its product to market. For example, cars are subject to product regulation, such as the requirement for seatbelts or airbags. The regulation is there to protect customers. The financial services industry is also subject to regulations to protect customers and increase confidence in its products. Banks, however, are subject to further regulation. Indeed in the case of banking regulation it is the institution itself that is strictly regulated, not simply the products and services it offers. While it is common to have regulation covering the products or services an industry offers. It is more unusual to have every institution in the industry regulated. The reason for this high degree of regulation is that the impact of a failure of a bank can have a deep and long-term impact across an entire economy. (These long-term affects are discussed in more detail in Section 1.1.2.) While a car manufacturer is subject to product regulation, it is not governed by a regulatory body that regulates every car producer. The car manufacturer may be subject to corporate law and the disclosure requirements of stock exchanges; however it is free to capitalize itself in whatever way, and to whatever extent its management believes is necessary. The company’s shareholders provide the only restraint on its management.

This is not the case for banks as they are not free to choose their capital structure. Capital structure refers to the way in which a bank finances itself, usually through a combination of equity issues, bonds and loans. The capital structure of a bank is determined by local supervisors who stipulate

Chapter 1: The nature of risk and regulation in banking


the minimum capital requirements, as well as the minimum level of liquidity the bank is required to hold, and the type and structure of its lending. If a bank has sufficient capital it has sufficient financial resources to meet potential losses. If it has sufficient liquidity it has sufficient financial resources to fund its assets and to meet its obligations as they fall due. The capital structure of a bank which is shown below will be explained in detail as you progresses through the chapter. For now simply note that, given its asset structure, the supervisor requires the bank to hold minimum capital of USD 50.4 million. The bank illustrated below is holding USD 80 million, thus surpassing the supervisor’s requirement.

Example Capital structure of a bank Bank A has the following balance sheet RWA = Risk-Weighted Assets (see Section 2.2)

Assets AmountUSD million

Risk weight %

RWAUSD million

Domestic government bonds 100 0 0 Cash 10 0 0 Loans to other banks <1yr 200 20 40 Loans to small and medium

enterprises 390 100 390

Loans to local authorities 200 50 100 Loans to major international

companies 100 100 100

Totals 1000 630

Liabilities Amount

Capital 80 Deposits from customers 820 Loans from other banks 100

Total 1000 Minimum capital required by supervisor = USD 50.4 million Ratio of regulatory capital to RWA = 8% of USD 630m = USD 50.4m Comparison of required capital to capital held = USD 50.4m < USD 80m.

1. 2.

Notes: In this example the ratio for regulatory capital is set at 8%

1. 2. Bank A does not trade in the markets (see Section 1.2) and hence does not

have a trading book.



It is important to understand that Basel II, and the Certificate, are both concerned with the regulation of banks and not the financial services industry. With regard to the European Union (EU), however, Basel II regulation will cover a wide range of credit institutions (roughly 8,800) as well as about 2,200 investment firms.

1.1.2 Why regulate a bank?

The need for banks to be regulated as institutions has its origins in the risk inherent in the system. Unlike the car industry, banks offer a product that is used by every single commercial and personal customer – money. Thus the failure of a bank, both partially or totally, can affect the entire economy and is referred to as ‘systemic risk’.

Systemic risk is the risk that a bank failure could result in damage to the economy out of all proportion to simply the immediate damage to employees, customers and shareholders. While most people may not be familiar with the term systemic risk they do understand what is meant by a ‘run on a bank’. This occurs when a bank cannot cover its liabilities, i.e. it does not hold enough cash to pay the depositors who wish to withdraw their funds. The inability to meet liabilities and repay depositors does not necessarily have to be real; it can simply be the result of a perception on the part of its customers.

Example A ‘run on a bank’ Bank A is rumored (correctly or not) to have made an extraordinary number of bad loans that have led to losses. This rumor causes the bank’s depositors to withdraw their deposits. If Bank A does not hold enough cash, depositors will be unable to withdraw their money, adding to the concern over the bank’s stability. This causes more depositors to attempt to withdraw their deposits. Whether the original problem is real or not, the level of withdrawals means Bank A is unable to continue business. The failure of Bank A causes loans to be foreclosed, as the bank no longer has the deposits to fund them. If Bank A is sufficiently large its closing (or failure) could have a ripple effect through the local economy; however if it operates globally, the impact would be greater.

The solvency of a bank is a concern not only for its shareholders, customers and employees, but also for those who are in charge of managing the economy as a whole. Students should look back at the balance sheet given in the example in Section 1.1.1. The bank in the example has USD 820 million of deposits from customers but only USD 10 million of cash with which to repay the



depositors immediately. To raise more cash it could sell its government bond holdings and potentially raise a further USD 100 million. Any attempt to raise further funds would result in loans being sold or foreclosed.

Example Continental Illinois Bank crisis In May 1984 Continental Illinois Bank in the US suffered a ‘run’ on its deposits. This was caused by poor credit risks, particularly loans taken over from Penn Square Bank which had collapsed in 1982 and from which Continental Illinois never really recovered. Continental Illinois’ non-performing loans had risen to USD 2.3 billion by April 1984, representing 7.7% of its total advances. The bank was particularly vulnerable as it relied heavily on short-term wholesale deposits raised in the market. It suddenly found that these deposits were not being renewed upon maturity. The Federal Deposit Insurance Corporation (FDIC) assumed USD 3.5 billion of Continental Illinois debts in 1984 The global nature of the Continental Illinois funding base had made it imperative for both the Federal Reserve and the FDIC to step in to avoid the risk of a run on other big US banks by foreign depositors.

Prior to the 1930s, ‘runs’ on banks and solvency problems occurred relatively frequently. (The last financial crisis of this nature occurred in the US in 1933 and in the UK in 1957.) These led governments to control banks through regulation, ensuring that they were well capitalized and reasonably liquid. Supervisors (usually central banks) sought to ensure that banks could:

meet the reasonable level of demand for depositors to be repaid without the need to foreclose on loans

sustain a reasonable level of losses as a result of poor lending or cyclical reductions in economic activity, i.e. survive a recession.

The level of capitalization and liquidity were at first fairly arbitrary, with capital often related to some percentage of loans. In setting the amount of capital as a percentage of some types of loans, it became obvious that there was a ‘missing link’ in calculating the appropriate capital level for a bank. This missing link is described using the following example.

Example Bank A only lends to its domestic government, and can always assume that the loans will be repaid. Bank B only lends to new businesses. It cannot make the same assumption as Bank A as some, possibly many, new businesses might fail.

Clearly the economics of lending to the two groups in the example above would be a balance between what could be charged for the loans, commonly referred to as the ‘margin’, and the losses that would be incurred. Any potential investor in Bank A or Bank B is making a risk/reward decision based on how much risk each bank is willing to take verses how much



reward does it wish to gain. In the example above Bank B would seek to earn a higher margin than Bank A as it would incur higher losses. In the case of Bank B, bad debts would unlikely occur at a constant rate as more businesses would default in a recession rather than during periods of economic growth. A bad debt occurs when a bank is unable to recover any of the principal lent to a customer or accrued interest owed. This would cause the bank to suffer variable losses and an erosion of its capital as it is forced to cover each of these losses. To maintain the expectation that it can survive bad debts, a bank will hold a certain level of funds (capital) from which it would deduct such losses. In our example Bank B would need to hold significantly more capital than Bank A. This is because Bank A pursues a lending policy that, although less rewarding in terms of margin, is more conservative and carries less risk. From the above example it can be seen that the ‘missing link’ in calculating the appropriate capital level for a bank is the amount of risk it is carrying.

Economic shocks and systemic risk

Despite the best efforts of banks to ensure diversification of their lending portfolios, many still remain heavily exposed to the economic risks of their home market. The economy of a country can be greatly affected by:

an external shock, be it a natural disaster or a man-made event, and/or economic mismanagement.

Banks exposed to such an economy may suffer a significant increase in the number of customers defaulting. The increase in the default rate can be attributed to such things as:

the credit standing of companies affected by the rapid deterioration of the economy

a significant rise in unemployment levels an increase in interest rates.

Many banks will have difficulty in safeguarding themselves from economic shocks in a specific country. However there are certain actions they can take to mitigate the economic effects, including:

complying with regulation (including Basel II) which increasingly requires banks to create economic shock scenarios and ensure they hold sufficient capital to protect stakeholders from the effects of such shocks

estimating the resulting levels of bad debts and ensuring their businesses are capitalized accordingly.



Risk and capital

The above examples clearly demonstrate the relationship between risk and capital. The more risks a business runs the more capital it requires. Banks are required to hold sufficient capital to cover the risks they run. This is known as capital adequacy. It has also become increasingly clear to supervisors that the level of a bank’s capital and its ability to support losses from its lending and other activities should be related to the risks of the business it undertakes, i.e. the level of capital should be based on the level of risk (risk-based capital). The growth of international banking markets in the 1970s and 1980s led to the first significant move in the direction of risk-based capital. Thanks in part to the huge increase in oil prices, countries with large US dollar surpluses needed to recycle those dollars to countries with significant deficits. The result was a dramatic growth in international banking and increased competition. It had become clear to supervisors that international banks needed to ensure they were capitalized against the risks they were running. At the same time lending increasingly took the form of syndicated loan transactions to multinational companies, developing countries and major development projects, all of which represented new areas of lending for many of the banks involved.

1.1.3 Bank regulation

Basel I

The Basel Committee on Banking Supervision made the first attempt to establish a standardized methodology for calculating the amount of risk-based capital a bank would be required to hold when it published the first Basel Capital Accord in 1988. The first Accord only covered credit risk and the relationship between risk and capital was crude by current standards. A simple set of different multipliers (known as risk weights) for government debt, bank debt and corporate and personal debt was multiplied by an overall 8% target capital ratio. While the exact nature of the risk weights is beyond the scope of this chapter, the Basel I Capital Accord and risk weights are discussed in detail in Chapter 2. Students should also refer back to the example of a bank’s capital requirements that was provided in Section 1.1.1. This shows how the supervisors calculate minimum capital requirements under Basel I.



The Market Risk Amendment

Supervisors in several countries extended the 1988 Accord to make it more risk sensitive. Supervisors then moved quickly to take advantage of the work being undertaken by many banks to manage the risks in their own dealing (trading) operations. For example, to ensure that risks were controlled and priced correctly banks started setting internal capital requirements for their trading desks. The capital requirements were directly related to the risks that the trading desks were running (see Chapter 4). To do this the banks had to establish a view of the relationship between risk and capital. This view was based on the growing use of finance theory, specifically the historic variability of return from different businesses. The work undertaken by the banks themselves to manage risks had been given a great deal of impetus as a result of:

the growth of derivatives markets option pricing models which directly linked the volatility of returns of an

underlying market instrument to its price, i.e. risk-based pricing. The Basel Committee published the Market Risk Amendment to the original Accord in 1996. In addition to creating a simple set of rules for calculating market risk, the Basel Committee encouraged supervisors to focus on appraising the models banks used in risk-based pricing. These are the Value at Risk models (VaR) and are explained in greater depth in Chapters 2 and 4.

Basel II

Following the publication of the Market Risk Amendment the Basel Committee began developing a new Capital Accord which was called Basel II. After much consultation and debate the new Accord was adopted in 2004 and is due for implementation in 2006-07.

Basel II links the capital of banks directly to the risks they carry. The coverage of market risk in Basel II is substantially unchanged from the 1996 Amendment and its subsequent revisions. At the same time the coverage of credit risk mirrors, to some extent, the Market Risk Amendment. Banks are encouraged to adopt a model-based approach to credit risk pricing and supervisors are encouraged to appraise these models.



Operational risk is included for the first time and, as with credit risk, a model approach is encouraged, although recognition is given to the lack of industry consensus over the structure of these models. The Basel II Accord also has provisions for other risks to be taken into account when calculating the risk-based capital of a bank; however these are not covered by a model approach. Local supervisors will be responsible for implementing Basel II in accordance with their own laws and regulations. The consistent implementation of the new Framework across borders, through enhanced supervision and cooperation, is crucial. Consistent implementation will also be important to avoid confusion over dual reporting to ‘home’ (where the bank is legally established) and ‘host’ (where the bank may have branches or subsidiaries) country supervisors. At this stage it is helpful to compare the two Accords. Basel I Accord Basel II Accord

Focuses on a single risk measure Focuses on internal methodologies Has a simple approach to risk sensitivity

Has a higher level of risk sensitivity

Uses a one-size-fits-all approach to risk and capital.

Is flexible to fit the needs of different banks.

Before moving on it is important that students understand each of the major types of risk covered in the new Accord, as well as their consequences for bank stakeholders and the economy. The major types are:

market risk credit risk operational risk ‘other’ risks.

While a brief introduction to each of these risks is provided below, they will be examined in greater detail later in this Level.



1.2 Market risk

1.2.1 What is market risk?

Market risk is defined as the risk of losses in on- and off-balance sheet positions arising from movements in market prices. It is the name given to a group of risks that stem from changes in interest rates, foreign exchange rates and other market determined prices such as those for equities and commodities. A bank’s exposure to market-set rates, such as interest rates, may be a result of either:

traded market risk – where a bank is actively participating in the trading of market instruments, such as bonds, whose value is affected by changes in market rates

interest rate risk in the banking book – where a bank is exposed to the risk of market rates changing because of the underlying structure of its business, such as its lending and deposit taking activities.

The best way to understand the above exposure risks is to consider examples that may occur in a wide variety of banks. However, first students need to understand an important concept in interest rate risk: the yield curve.

1.2.2 The yield curve

The yield curve shows the relationship between the effective interest rate paid and the maturity date of an investment at a given time.



Figure 1.1: A typical yield curve

6.5

7.0

7.5

8.0

Interest

rate

6.0

5.5

4.0

Maturity

1m 2m 3m 6m 12m 2y 3y 5y 10y

5.0

4.5

A typical example of a yield curve is the term structure of interest rates. This shows the cost of borrowing money against the duration of the debt instrument (loan, bond etc.). For many currencies there are government securities, (e.g. bonds) issued for periods of between one day (‘overnight’) and 20 years. The interest rates for each of these securities are all nominally different and in general rates for longer periods can be expected to be higher than those for shorter periods. The yield curve for these bonds is known as the government yield curve. (Yield curves are discussed in greater detail in Section 4.4.2.)

1.2.3 Traded market risk

Traded market risk is the risk of a loss of value of the investments associated with continually buying and selling financial instruments (trading) in the market for profit. Traded market risk is incurred deliberately with a view to profiting from the risk taken. The following example illustrates how traded market risk occurs.

Example Let us suppose that Bank A wishes to engage in trading activities as a potential profit making activity. It decides to trade government bonds which, in this example, have interest rates fixed for a period of five years. The value of the bond will be affected by changes in the interest rate. If interest rates fall right across the yield curve, the value of the bond itself will rise because it still pays the five-year bond-related interest rate at the time of purchase. If in the future the interest rate rises, then the value of the bond will fall because it pays less than Bank A could get with a new bond purchase.



The change in value of the bond above is one example of traded market risk. Another is given below.

Example Traded market risk – funding decisions Bank A can choose to fund the purchase of the bonds described in the above example by raising the required amount for:

five years at a fixed rate any number of periods longer than five years any number of periods shorter than five years.

The bonds are ‘matched’ for interest rate risk if Bank A chooses to fund the purchase of a newly issued fixed rate five-year bond by raising funds for the same duration, five years. Any gain on the bonds resulting from falling interest rates will be offset by a loss on the funds raised, and vice versa. Bank A in this case has no market risk nor does it have a significant capability for profit from this particular activity. If Bank A’s traders believe that interest rates will rise in the future they may decide that the bank should be funded for a longer term than the duration of the fixed rate bonds. For example they may raise funds for ten years. If the traders are correct and interest rates rise, the value of the ten-year fixed rate debt, which was raised at lower interest rates, would rise more than the value of the original bonds. Bank A will therefore profit from the overall transaction. This is known as ‘long funding’. It should be noted that if interest rates fell the bank would make a loss from the transaction (see the Midland example below). If Bank A’s traders believe interest rates will fall in the future they could fund the five-year bonds by raising overnight funds. This is known as ‘short funding’. The bank will have to renew the funding everyday, but if the traders are correct, the funding will be at a lower rate each day as interest rates fall over the period. Getting the funding decision wrong could be costly. Hence the decision carries traded market risk.

It should be noted that the above examples are quite simple and ignore many of the complexities that will be introduced as we consider more sophisticated instruments and trading strategies. Nonetheless they illustrate some important fundamental principles of market trading for profit and students should ensure they fully understand them before continuing.

Example Midland Bank In 1989 Midland Bank, a major UK bank, lost over GBP 116 million on interest rate positions held by its investment bank subsidiary. Instead of closing the position when the interest rates moved against Midland, the bank increased its exposure in an attempt to recover its losses.



1.2.4 Interest rate risk in the banking book

The example above illustrates market risk in the context of trading for profit, but many banks are faced with the problems of managing similar risks that occur as a natural consequence of their underlying businesses. This is called interest rate risk in the banking book, which results from the business the bank conducts with its customers.

Example Bank A is involved in borrowing from depositors and then lending these funds to its customers for mortgages. It pays the interest rate set by its central bank for the deposited funds and lends funds for mortgages at the fixed five-year rate. In practice the bank has the same ‘short funding’ exposure as the traders wanted in the previous example on funding decisions. They have this position regardless of whether they think rates are likely to rise or fall and in our example they are not seeking to be a trading bank and are running ‘involuntary’ trading positions.

To avoid running involuntary trading positions Bank A in the example above will somehow need to match its funding and lending rates (a process known as hedging), protecting the value of both the deposits and loans. There are a number of ways a bank can engage in hedging. They include:

changing its underlying business model to offer the same rate on deposits as is received on loans. In the case of Bank A, it could change either its lending rate base on the central bank’s discount rate, or its funding rate to the five-year fixed rate

lending the bank’s deposits to another bank (known as lending interbank) and raising five-year funding from another bank

if the derivatives markets are available, entering into a swap agreement with another bank, where it pays the bank the one-month interbank rate and receives the five-year rate in exchange.

(The central bank discount rate is the interest rate a central bank charges on a loan to a bank. The one-month interbank rate is used here as a proxy for the central bank discount rate which is not a market rate.)

Example American savings and loan associations The American savings and loan associations (S&Ls) are essentially mortgage lenders, with power in some states to make direct investments to own other businesses and carry out property development. Until the 1980s they were mainly mutual associations owned by their members, but as a result of the interest rate risk in the banking book disasters (described below) that befell the industry they are now owned mainly by the federal government or by stockholders.



Example continued

Initial estimates of the cost of the bailout amounted to USD 500 billion or roughly USD 2,000 for every US resident. While fraud did occur in many instances, the root cause of the disaster was twofold. First, funds were advanced on properties with greatly inflated prices. When these prices collapsed the security on many mortgages was wiped out. Second, although interest rates on many mortgages were fixed, the lack of penalty clauses on early pre-payment enabled borrowers to refinance their mortgages at a lower cost when interest rates started to fall. However lenders were still locked into borrowings at higher interest rates. This mismatched position of lending at the lower rates while being locked into borrowings at a higher rate caused many S&Ls to collapse with losses of billions of dollars.

Market risk is described in greater detail in Chapter 4.

1.3 Credit risk

1.3.1 What is credit risk?

Credit risk is defined as the risk of losses associated with the possibility that a counterparty will fail to meet its obligations; in other words it is the risk that a borrower won’t repay what is owed.

Example Bank A lends mortgages to its personal customers. In doing so it runs the risk that some - or all - of its customers will fail to pay either the interest on the mortgage or the original sum borrowed.

Credit risk arises from the possibility that loans provided by a bank, or bonds purchased by a bank, are not repaid. Credit risk also extends to the non-performance of any other obligations a bank incurs through another party, such as the failure to meet obligations to make payments under a derivatives contract. For many banks credit risk is by far the largest risk they run. Typically the margin charged for accepting the credit risk is only a small proportion of the total sum lent, and therefore credit losses can rapidly destroy a bank’s capital.



Example Barclays Bank In March 1993 Barclays Bank of the UK announced a loss of GBP 244 million for the year ended 1992, having made provisions of GBP 2.5 billion for bad and doubtful debts during that year. These included a record provision of GBP 240 million against a single loan of GBP 422 million to IMRY, a property developer. The bulk of these losses stemmed from the UK property crash in the early 1990s.

1.3.2 Methods of managing credit risk

Banks employ a number of different techniques and policies to manage credit risk in order to minimize the probability or consequences of credit loss (known as credit risk mitigation). These include:

grading models for individual loans loan portfolio management securitization collateral cash flow monitoring recovery management.

To increase students’ understanding of credit risk the various methods are described below.

1.3.3 Grading models

Regular bad lending is possible, but unlikely, if banks pursue sound lending policies. The first step is to create detailed credit grading models which are a way of establishing the odds of default. They therefore calibrate the risk, allowing banks to assign a probability to a bad outcome (known as the probability of default – PD). This should allow banks to ensure that they do not concentrate their lending books (their portfolio) in poor quality loans with a high probability of default (failure to honor the debt). Credit rating agencies such as Moody’s Investors Service and Standard & Poor’s use grading models to produce a wide range of risk sensitive grades (credit grades) to cover the credit risk of bonds.



Example A single factor grading model Bank A lends mortgages to its customers. In order to ensure it minimizes the credit risk it produces a simple grading model. In this case Bank A groups the loans by the percentage of the current property value it lends to the borrower. It then calculates the probability of each group of loans resulting in a loss to the bank and adjusts its pricing policy to ensure the portfolio is balanced between loan types. The bank would expect the potential losses on loans advanced at 50% of the current property value to be far less than those advanced at 100%. It can then adjust the pricing of loans to optimize its return on risk.

It should be noted that in practice grading models consider several additional factors. For example percentage of borrower’s income devoted to paying the interest on the loan, the borrowers employment history, and the number of years of loan repayment compared with the borrower’s age.

Basel II specifically addresses grading models as part of its credit risk framework.

1.3.4 Loan portfolio management

Banks similarly measure their loan portfolios to ensure that their lending is not overly concentrated in a single industry, or in a single geographic area. This allows a bank to ensure that its portfolio is well diversified. A loan portfolio that is well diversified means that the risk of systematic default is also low. This form of analysis is known as cohort analysis and can be applied to both corporate and personal loans.

1.3.5 Securitization

To safeguard against the impact of economic shocks banks are required by Basel II to estimate the effects of such events and ensure that their businesses are capitalized accordingly. In addition to allocating capital, banks take other action to safeguard themselves. One technique banks use to insulate themselves from such shocks is to ‘package’ and then sell, as securities, parts of their lending portfolio to investors. This is known as securitization. Securitization allows banks to reduce potentially high levels of exposure to specific forms of lending which their scenarios show to be most at risk, or where they have high concentration of risk. It then allows banks to take the funds generated from the asset sales and invest them in other assets which are assumed to carry a lower risk.



1.3.6 The role of collateral

Collateral is defined as assets pledged by a borrower to secure a loan or other credit, and which are subject to seizure in the event of default. Collateral plays a major role in the lending policies banks adopt. It can take many forms, the most obvious and most secure being cash, and the most common being residential property.

Example Bank A advances money for a customer to buy a house and takes, as security, the right to take possession of the house if the scheduled loan repayments are not made. In this example the house forms the collateral on the mortgage loan.

It is important that banks ensure that the collateral taken really does mitigate the risks in circumstances where the borrower defaults. Many forms of collateral may be very specific to the business being undertaken. If the business itself proves unprofitable the assets of the borrower may also prove to be of little value. A bank must ensure that the collateral will retain value in the event of default.

Example Bank A lends to an automaker and takes as security the right to take possession of the plant and equipment in the event of default. Due to a lack of sales the automaker collapses and defaults on the loan. Bank A takes possession of the plant and equipment but finds that, due to the general state of the car industry, the equipment has little resale value. The collateral value falls far short of the outstanding loan and Bank A makes a considerable loss.

Basel I was very limited in the type of collateral it recognized. However Basel II recognizes a wider range of collateral, especially in its more advanced Internal Ratings-Based (IRB) approaches to credit risk. (Internal Ratings-Based approaches to credit risk are discussed in greater detail in a subsequent Level.)

1.3.7 Cash flow monitoring

Many banks that have suffered from high levels of default have found that rapid reaction to a deteriorating credit situation can significantly reduce the problem. Banks have lowered their credit risk by:

limiting their level of exposure (known as exposure at default – EAD), and

ensuring that customers react quickly to changed circumstances. Many credit models pay special attention to the cash flow of companies and individuals, as reflected in their bank accounts.



1.3.8 Recovery management

Many banks have found that the efficient management of defaulted loans can lead to a significant recovery of the original loss. They have thus developed departments dedicated to handling recovery situations as an important part of high-quality credit risk management processes. Loss given default (LGD) is the estimated loss that a bank will sustain as a result of a default occurring. The establishment of LGD and its management both play a role in the Internal Rating-Based approaches to calculating credit risk capital. The value of LGD in the Advanced IRB Approach is directly influenced by the bank’s estimate of how much it could recover on a loan default.

1.4 Operational risk

1.4.1 What is operational risk?

Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

The above definition is set forth in the Basel II Framework. Operational risk can be further divided into sub-categories, such as the risk associated with:

internal processes people systems external events legal and regulatory requirements (legal risk).

(These will be covered in greater depth in Chapter 6.) Over the last 15 years there have been many examples of operational risk incidents which generated significant losses for the companies involved. The following two examples highlight different categories of operational risk failures.



Example Failure of controls: Barings In 1995 Baring Brothers and Co. Ltd. (Barings), London, collapsed after incurring losses of GBP 827 million following the failure of its internal control processes and procedures. A Singapore-based trader working on the Singapore Futures Exchange was able to hide losses from his ever increasing trading positions for more than two years until they became unsustainable. Due to the lack of local control measures the trader had been acting as both the back and front office settlement manager, authorizing his own deals. Although perceived as a ‘rogue trader’ incident this was ultimately caused by the failure of internal controls.

Example Technology/globalization

This operational risk example affects virtually every industry not just banking. It is also not a single event but, unfortunately, an on-going series of events. This is the impact of computer viruses that cause billions of dollars of damage to businesses worldwide. The Melissa virus, one of the most infamous, appeared in March 1999 and is estimated to have affected 45 million personal computers in just a few days. It ultimately cost business an estimated USD 500 million. In 1990 there were 200 reported viruses by the end of 2004 there were more than 70,000.

Although the Basel II definition of operational risk excludes business, strategic and reputational risk, it has the provision for other risks to be taken into account when calculating the risk-based capital of a bank. These risks need to be continuously monitored and are discussed in Section 1.5. Operational risk is primarily related to the myriad of problems that can result from the failure of processes within a bank. However operational risk affects all businesses not just banks. For example automakers can suffer an operational loss by not adopting strict quality control measures on new models. Operational risk is the most important risk affecting customers on a day-to-day basis. This is why banks are increasingly focusing on the processes, procedures and controls associated with operational risk. Over the last 20 years the mismanagement of operational risk has been at least as damaging to the value of individual banks as credit and market risk. All banks are familiar with operational failures and will already have plans and processes in place for the management of these risks. The most obvious day-to-day problems that affect every bank include:

failure to reconcile payments made and received from other banks transactions incorrectly entered by traders or back office staff resulting in

incorrect market positions and problems in reconciling the positions held



failure to balance the credits and debits received by the bank a key transaction system failure following the upgrade of a computer

system external events such as a power failure or flood.

Over the last 15 years there has been a general increase in the number of high profile operational risk events that have had a severe impact on banks’ profitability and capital. As a result supervisors have been encouraging banks to look at their processes as broadly as possible and to consider low frequency/high impact events outside the areas of credit and market risk. The Basel II regulations have moved operational risk management forward. They require, for the first time, that a bank quantify this risk, measure it and allocate capital towards operational risk in the same way as for credit risk and market risk.

1.4.2 The changing face of operational risk

Operational risk is not a new risk class; indeed it is a very old one. Operational risk failures are commonplace and have been occurring since the first bank was set up.

Both supervisors and banks are concerned that changes in the banking industry are also causing the nature of operational risk to change. Events that have historically resulted in relatively low-cost errors are being supplemented or even replaced by events that occur less frequently, but which have a much larger impact. There are several reasons why the nature of operational risk is changing. They include:

automation reliance on technology outsourcing terrorism increased globalization incentives and trading – the ‘rogue trader’ increasing transaction volumes and values, and increased litigation.

(These and other causes will be discussed in more detail in Chapter 6.)



1.5 Other risks

The Basel II Framework is very specific regarding what is included under the heading ‘Other risks’. Although not directly covered by the regulation they are important because banks need to take into account many risks when computing their risk-based capital. Three risks, considered other risks, are:

business risk strategic risk reputational risk.

Students should note that while these are not included in the Basel II definition of operational risk, many banks do include them in their own definitions and manage them accordingly.

1.5.1 Business risk

Business risk is the risk associated with the competitive position of the bank, and the prospect of the bank prospering in changing markets. While business risk is not included in the Basel definition of operational risk it is clearly a major concern for a bank’s senior management and board of directors. Business risk encompasses, for example, the short- and long-term prospects for existing products and services.

Example Bank A provides mortgages to its customers. Its senior management decides to increase its market share by aggressively discounting its mortgage rates, while offering 100% (loan-to-value) mortgages. This business decision carries a high degree of risk as it over-exposes Bank A to the property market and any subsequent rise in underlying interest rates. This may cause borrowers’ mortgage costs to rise and could result in additional defaults. Furthermore, a reduction in property prices will cause the security value to fall below the value of the loans. Given that rising interest rates and falling property prices can happen at the same time, this business decision clearly has risk. Although Bank A rapidly expands its market share, the quality of the new mortgages is low. When interest rates rise Bank A finds that many of its customers have over-borrowed and can no longer afford the repayments.



Example BestBank, Boulder, Colorado In July 1998 BestBank of Boulder, Colorado, was closed by the Federal Deposit Insurance Corporation (FDIC) as a result of unsustainable losses of approximately USD 200 million. These losses resulted from its policy of providing credit card finance to low quality borrowers. BestBank’s credit card policy is a classic example of a bank lending money to high risk customers at a high rate of interest to grow its business. As a result of its credit card policy the bank’s balance sheet grew from USD 10 million in 1994 to USD 348 million in 1998. Although the bank was apparently generating high rates of return, BestBank failed to make sufficient provisions for the inevitable bad debts.

1.5.2 Strategic risk

Strategic risk is the risk associated with the long-term business decisions made by a bank’s senior management. It can also be associated with the implementation of those strategies. Strategic and business risks are similar; however they differ in the duration and importance of the decision. Strategic risk deals with decisions such as:

which businesses to invest in which businesses to acquire, and/or where and to what extent businesses will be run down or sold.

Example Bank B accepts deposits from its customers and extends personal loans to

them. Bank C is a mortgage business that only provides mortgages to its customers. The senior management of Bank B decides to extend the bank’s business, entering the mortgage business by acquiring Bank C. This decision carries strategic risk because Bank B is taking a long-term strategic decision and moving into a business in which it has no experience.



Example Midland Bank In July 1980 Midland Bank announced it had acquired California-based Crocker Bank, subject to the approval of the US Federal Reserve Bank. This was given in August 1981 and in October 1981 Midland Bank paid USD 597 million for 51% of Crocker Bank. In February 1986 Midland Bank sold Crocker Bank to Wells Fargo Bank for an estimated USD 1.1 billion. Although it appears that Midland Bank doubled its investment in Crocker Bank this does not take into account:

the USD 760 million of provisions for bad debt made by Midland Bank the USD 700 million Midland invested in Crocker Bank in 1981.

It has been estimated that Midland’s overall losses in Crocker Bank amounted to approximately USD 1.7 billion. Midland Bank’s problems with Crocker Bank were due in part to its acquiring a foreign bank which had different standards and business attitudes. In the end the cultural divide proved unbridgeable.

1.5.3 Reputational risk

Reputational risk is the risk of potential damage to a firm resulting from negative public opinion.

Reputational risk is similar to business risk in that it is excluded from the Basel II definition of operational risk. The example in Section 1.1 illustrates reputational risk as it shows that a ‘perceived lack of funds’ could cause ‘a run on a bank’. The bank’s reputation was damaged because of a risk event. Its customers became concerned; this in turn led to a crisis in confidence. Today the risk to a bank’s reputation has increased both in terms of its severity as well as the speed with which losses can occur. This is because financial markets are global and are trading 24 hours a day. Thus damage to many international banks’ reputations can happen at any time, in any part of the world and be reported in real time across the globe. Reputational risk is not just limited to the reputation of an individual bank. It can encompass whole sectors of the banking industry, for example mortgage banking or internet banking. Even though the risk event might occur in only one bank where there were inadequate risk controls, the reputation of the individual product or sector could be affected throughout the banking industry as a whole. What started as an isolated incident could, based on how it is reported, end up damaging the reputation of the entire industry.



Example Industry-wide reputational risk Bank C is an internet-only bank. Following the upgrade of its online security software, a glitch in the software allowed some customers to read the bank statements of other customers. Although they weren’t able to authorize any transactions on other customers’ accounts, the incident is reported as an internet security breach for online banks. This leads to media reports speculating on “how safe is your money online”? The potential for online fraud gives the perception that internet banks are inherently insecure. Despite no actual loss to any customers, the public’s confidence in online banking collapses and the reputation of internet banks plummets. As a result the number of customers at internet-only banks drops dramatically leading to a catastrophic loss of earnings which forces some online banks to collapse.

As highlighted in the example above, an event that initially has a minor impact could end up producing long-term loss if the impact on the bank’s reputation is not effectively managed. Quantifying the loss resulting from reputational risk can be difficult given the long-term and widespread nature of the effects.

Example NatWest Bank In March 1997 two days after announcing its 1996 profit, National Westminster Bank (NatWest), a large British bank, disclosed a ‘black hole’ in its options portfolio amounting to the equivalent of approximately GBP 50 million. A few days later it was revealed that the actual loss was almost GBP 90 million and resulted from mispricing of the bank’s option portfolio since late 1994. It was thought the mispricing was due to error rather than to fraud. NatWest finally made provisions of roughly GBP 77 million to cover the loss. An article in Euromoney in May 1997 suggested that the traders were allowed to apply their own prices to the system and that the interest rate risk management system the bank had developed was incapable of correctly revaluing positions. The episode was a public relations disaster for NatWest as it highlighted the bank’s inability to manage its trading operations. It is worth noting that National Westminster Bank was subsequently taken over by the then much smaller Royal Bank of Scotland (RBS). It is very unusual for a small bank to mount a successful takeover bid for a larger bank. The success of the RBS bid was attributed in large measure to the excellent reputation of its management.



1.6 The potential consequences of failing to manage risks in banking

1.6.1 The impact of risk

In addition to the direct financial loss a risk event can have on a bank, it can also have an impact on the bank’s different stakeholders – shareholders, employees and customers – as well as the economy. Generally the effect on shareholders and employees is direct; however the consequences for customers can be indirect and therefore less obvious. These indirect risk losses are often the consequence of the risk event having an economic impact. The potential impact on both stakeholders and the economy is explained below.

1.6.2 Effects on shareholders

When an event occurs shareholders can be affected by the:

total loss of their investment – the collapse of the company reduction in the value of their investment – the share price might fall

either due to reputational damage or reduced profits loss of dividends resulting from reduced company profits liability for the loss - shareholders may be liable for the loss incurred.

Example BCCI

In July 1991 the Bank of Credit and Commerce International (BCCI) collapsed as a result of internal frauds of approximately USD 4 billion and liabilities of USD 14 billion. It was alleged that BCCI was engaged in:

covering up trading losses of USD 633 million manipulating accounts to prop up BCCI’s largest borrower, to whom it had

lent USD 725 million – way over the limit laid down by banking regulations acquiring secret control of 56% of its own shares at a cost of USD 500

million the illegal acquisition (through nominees) of control of several banks in the

US non-recording of substantial deposits accepted from customers in order to

hide losses recording substantial fictitious loans to borrowers, both real and

imaginary, to cover up substantial losses.



Example continued

Following the collapse of BCCI it was found that the bank was essentially worthless which affected more than one million investors. After the collapse liquidators were appointed to ‘wind up’ BCCI and recover the maximum amount of assets for its depositors and creditors. In the seven years following BCCI’s collapse it was estimated that liquidators had successfully recovered more than USD 5.5 billion. The liquidators are still continuing (August 2005) to act and are currently suing the Bank of England for USD 1 billion for allegedly failing to carry out its regulatory responsibilities.

1.6.3 Effects on employees

The employees of a company can be affected by a risk event, irrespective of their involvement. Possible effects include:

internal disciplinary proceedings due to negligence or deliberate action by the employee

loss of earnings, for example a reduction in bonuses or pay rises due to the impact on company earnings

loss of employment.

Example Orange County, California In December 1994 Orange County, in the US state of California, stunned the markets by announcing that its investment pool had suffered a USD 1.6 billion loss, the largest loss ever recorded by a local government authority. The loss was the result of unsupervised investment activity by the county treasurer who managed a portfolio of USD 7.5 billion belonging to county schools, cities and the county itself. By investing in derivatives the treasurer effectively placed a very big bet that interest rates would either fall or remain low. The investment strategy worked well until 1994 when the Federal Reserve Board instigated a series of interest rate increases that resulted in severe losses in the pool. The investment pool was liquidated in December 1994 realizing losses of USD 1.6 billion. As a direct consequence of this loss Orange County declared bankruptcy and laid off many employees.

1.6.4 Effects on customers

The effects of a risk event on customers can be either direct or indirect and may not be immediately identifiable. The effects could also continue over an extended period and have an additional impact on the bank. Therefore it is very difficult to quantify the total loss associated with a risk event where customers are concerned.



It is important that students understand the consequences of risk for a bank’s customers because they highlight the need to regulate banks specifically, rather than regulating the financial services industry as a whole. The consequences for a bank’s customers include:

a reduction in the level of customer service a reduction in product availability a liquidity crisis changes in regulation.

1.6.5 Operational risk and customer service

It has already been stated that the risk which most affects customers on a day-to-day basis is operational risk. When an operational event occurs customers can be directly affected through:

the wrong or poor quality service a partial interruption of service a real or perceived lack of security a total lack of service.

The interruption of normal customer service can have an impact on the bank’s reputation which will, in turn, impact the bank’s profitability as customers take their business elsewhere. This is particularly important if the operational risk event has been caused by a technical problem which has affected thousands of customers. The impact of an operational risk event on customers can subsequently result in other types of financial loss for a bank. These include:

payments to individuals as compensation for indirect losses litigation costs regulatory penalties.



Example Cahoot Cahoot, the online bank set up by Abbey National Bank of the UK, ran into technical problems shortly after it was launched in June 2000, as reported in the Financial Times1. Early on the system collapsed and was unavailable for almost two days; it was then plagued by additional problems for a further three days. Cahoot's strategy was to offer the first 25,000 customers interest-free overdrafts and credit cards. A rival of the online bank questioned whether Cahoot had invested enough in the system’s capacity to cope with the level of demand it subsequently received. It was taking between 10 to 14 days to approve customers because the bank was conducting money laundering checks on potential clients. In addition to rejecting applicants with a history of excessive credit, anyone living in an apartment was also likely to have been turned down as the website could not cope with addresses such as 35a, ‘garden flat’ or ‘top flat’ (all common address designations in the UK).

1.6.6 Economic impact of a risk event

Over lending – a cyclical phenomenon

There have been several banking crises that can be attributed to classic problems such as ‘over lending’ during booming economic conditions. A problem that was unseen at the time could in the future prove to be disastrous for individual banks, and produce damaging side effects for their customers and for the economy as a whole.

Banks that have ‘over lent’ in a boom will inevitably ‘under lend’ in any subsequent recession. This is because the impact of a recession reduces a bank’s capital as it is forced to write-off bad loans. This in turn reduces the ability of a bank to lend in the future without recourse to new capital. This so-called ‘procyclicality’ effect can be clearly seen in the prevalence of lending into ‘asset bubbles’. Excessive lending during a booming market leads to unrealistic expectations of returns and unrealistic valuations of assets, as has occurred in commercial and residential real estate and equities markets, at various times, throughout the world.

1 See Financial Times, June 17, 2000.



Example The ‘dotcom’ bubble In the late 1990s investors were desperate to invest in internet companies as this was seen as the ‘get rich quick’ sector of the market. This led to vastly over valued companies with artificially high equity prices. The market proved unsustainable as companies failed to make the predicted returns with many sliding deeper and deeper into debt. Eventually in 2000 and through 2001 the market collapsed with investors losing billions. In November 2000 it was estimated that in the previous eight months more than GBP 40 billion had been wiped off the value of dotcom companies in the FTSE TechMark index in London. For the next few years it was virtually impossible for internet companies to raise investment irrespective of the quality of their business plans.

The area of ‘procyclicality’ is one where future research on credit risk modeling and management is likely to be concentrated. Basel II has been criticized for potentially increasing the ‘procyclicality’ of bank lending as it links the results of credit grading models (see Section 1.3.3) to a bank’s regulatory capital requirements. Thus any general deterioration in the credit grading of loans will lead to an increase in regulatory capital requirements regardless of whether loan defaults have increased.

Market risk and liquidity

The consequences of a market risk event are growing as markets continue to trade more and more assets. This asset growth in traded-markets has not been trouble-free. Mathematical models which are used to assist in identifying and understanding risk and pricing have come a long way, but there is still a distance to go before they can be considered completely reliable indicators of market risk trends. The problems that Long-Term Capital Management (LTCM) encountered illustrate this.



Example Long-Term Capital Management In September 1998 Long-Term Capital Management, an American hedge fund was rescued from collapse by 16 major counterparties. The counterparties agreed to invest around USD 4 billion so that LTCM could reduce its roughly USD 200 billion market exposure in an orderly fashion and thus avoid unnecessary turbulence in the market. Long-Term Capital Management:

did not hedge against risk; rather it accepted risk did not make long-term investments, and mainly provided capital by bank borrowing, permitting investors to make

massive returns from comparatively small movement in prices. Unlike investment trusts, which have limited borrowing capabilities, LTCM was able to borrow many times the amount of its own capital. This played a major part in its collapse. One of LTCM’s problems was that two of its partners brought an academic approach to the business. The weakness of this approach was their view of the world, namely that it worked as smoothly as a model. Unfortunately this was incorrect. LTCM’s problems began when the Russian government defaulted on its debt. Liquidity, on which LTCM relied, started to dry up across world financial markets and LTCM found itself paying out cash to meet its commitments.

Liquidity crises may be rare today in retail banking (see Section 2.1.1); however they are more common in wholesale markets. Wholesale banks, which don’t have deposits from retail customers, depend on assets to collateralize their market borrowing. These include assets such as government bonds and corporate bonds. If these assets become illiquid, (i.e. investors are either not prepared to purchase them or would only do so at greatly reduced valuations), a liquidity crisis could ensue. Liquidity crises can and do appear in wholesale markets. To lessen the impact of a liquidity crisis there needs to be:

increasing vigilance on the part of supervisors rapid reaction from central banks, and close monitoring by bank management.

It is partly because of these changing market conditions that the Basel II Accord, with its greater risk sensitivity, has been created. It is important that Certificate candidates understand the significance of issues discussed in this section.

Sarbanes-Oxley (SOX)

Regulating bodies often introduce new rules in response to a particular problem to minimize the chance of it recurring. The introduction of such



regulations can have an indirect effect on a bank’s customers, either through the cost of implementation or through a change in perceived values. An example of increased regulation following a risk event was the passage in the US of the Sarbanes-Oxley Act of 2002 which set out statutory requirements for corporate accountability. The legislation was introduced following accounting scandals associated with the collapse of companies such as Enron and WorldCom.

International Accounting Standards (IAS)

In 2005-06 international accounting standards will be widely introduced, particularly across the EU. These are likely to affect the way in which a number of banks account for, amongst other things, the hedging of their underlying interest rate risk in the banking book. There is the possibility that some hedges may be disallowed for accounting purposes, subsequently affecting the level and volatility of a bank’s profitability. Some in the banking industry feel that there is a potential for conflict between the best practices of risk management under Basel II and the hedging rules under IAS. The introduction of IAS is also likely to affect banks’ disclosures in their Reports and Accounts, which take on greater importance under Basel II Pillar 3 disclosure requirements. It is unusual to consider a new set of accounting regulations as a risk event. However, if the introduction of international accounting standards alters the perception of the future profitability of some banks it is clearly a risk event. Therefore, it will need to be carefully managed and any adverse effects explained to stakeholders.

1.7 The Indonesian banking system and regulation

1.7.1 The Indonesian banking system

Banking legislation enacted in 1992 and 1998 created two types of banks within Indonesia. Commercial banks offer a full range of financial services including foreign exchange services. They have access to the payment system and provide general banking services. People’s Credit Banks, known as BPRs, are much smaller than commercial banks and are usually based locally. They can accept deposits but do not have access to the payment system. In addition to banks there are small non-bank institutions such as village credit institutions (BKD) and rural credit unions (LDKP).



1.7.2 Banking regulation

The regulation of the banking system has developed rapidly since 1998 in response to the many challenges presented by the domestic financial marketplace. Many areas of the financial markets have been covered by new regulations thus creating a comprehensive regulatory framework. Table 1.1 below gives an outline of the structural acts and regulations that have come into force since 1998. Table 1.1

Act/Regulation Purpose

Banking Act 1998 amending the Banking Act 1992

This amendment to the 1992 act defines each type of bank together with the requirements and restrictions applicable to each

Bank Indonesia Act 1999 This act established Bank Indonesia as the independent central bank for Indonesia. It also set out the objective and tasks of the bank

Audit and Compliance 1999 This regulation defines the requirements for audit and compliance functions within banks

Commercial Banks 2000 This regulation sets out the licensing and operating requirements of a commercial bank

Know Your Customer Principles 2001

This regulation defines the procedures and practices banks must use to identify customers and monitor the activity on their accounts

Fit and Proper Test 2003 This regulation sets out the fit and proper tests carried out by Bank Indonesia on controlling shareholders and senior management of banks

Market Risk 2003 This regulation defines the minimum capital requirements for commercial banks with respect to their market risk positions

Risk Management 2003 This regulation defines the risk management infrastructure required of banks

Commercial Bank Business Plan 2004

This regulation sets out the requirement for commercial banks to develop and submit a short- and medium-term business plan

Legal Lending Limit 2005 This regulation sets the concentration of risk within a bank’s lending portfolio

Debtor Information System 2005

This regulation requires banks to submit information on all debtors to a central credit bureau

Asset Securitization 2005 This regulation defines the principles to be followed by banks in the use and execution of asset securitization.



In addition Bank Indonesia has published the Indonesian Banking Architecture which sets outs the direction, outline and working structures for the banking industry over the next five to ten years. The changes will be implemented in stages covering the following objectives:

to reinforce the structure of the national banking system to improve the quality of banking regulation to improve the supervisory function to improve the quality of bank management and operations to develop banking infrastructure to improve customer protection.



Sample questions

1. Banks are constrained in their capital structure by regulation aimed at

protecting:

a) Shareholders c) Customers b) The economy d) Management

2. Banks usually suffer from economic shocks because:

a) They are heavily exposed to their domestic economy

c) They are heavily exposed to corporate customers

b) They are heavily exposed to personal customers

d) They are heavily exposed to the international economy

3. Basel II requires banks to measure their capital requirements because:

a) The less liquidity a bank has the more capital it needs to hold

c) The more deposits a bank has the more capital it needs to hold

b) The more loans a bank has the more capital it needs to hold

d) The more risk a bank has the more capital it needs to hold

4. Securitization allows a bank to manage directly:

a) The size of its capital base c) The size of its deposit base b) The size of its lending book d) The size of its liability base

5. Interest rate risk in the banking book results from:

a) The value of a bank’s derivatives book

c) The structure of a bank’s business

b) The value of a bank’s bond book

d) The value of a bank’s lending portfolio



6. Which one of the following is an example of traded market risk?

a) The American savings and loans crisis in the 1980s

c) The Continental Illinois crisis of 1984

b) The Midland Bank crisis of 1989

d) The Barings crisis of 1995

7. In which years did banking legislation create two types of banks in

Indonesia: Commercial banks and People’s Credit Banks?

a) 1992 and 1996 c) 1992 and 1998 b) 1996 and 1998 d) 1994 and 1996

Answers can be found in the Appendix.



Summary

This chapter has introduced a number of key concepts and issues involved in the nature of risk and regulation in banking. Students should review this summary before proceeding.

Banks, risk and the need for regulation

Risk is defined as the chance of a bad outcome. Risk event is defined as the occurrence of an event that creates the

potential for a bad outcome. Risk loss refers to the losses incurred as a direct or indirect

consequence of the risk event. Such losses can be either financial or non-financial.

Banks are regulated to protect the customer and the economy from process and procedure failure.

Bank regulation differs from industry regulation in that it is the bank itself, and not just its products, that is regulated.

The solvency of a bank is a concern not only for its shareholders, customers and employees, but also for those who are in charge of managing the economy as a whole.

Capital structure refers to the way a bank finances itself, usually through a combination of equity, issues, options, bonds and loans.

Basel II is concerned with the regulation of banks and not the financial services industry as a whole.

To maintain the expectation that a bank can survive its bad debts, it will hold a certain amount of capital.

There is an important relationship between risk and capital: the more risks a business runs the more capital it requires.

Banks are required to hold sufficient capital to cover the risks they run. This is known as capital adequacy.

The Basel Committee on Banking Supervision made the first attempt to establish a standardized methodology for calculating the amount of risk-based capital a bank would be required to hold when it published the original Basel Capital Accord in 1988.

The effect of economic shocks on banks can be minimized through regulation.

The impact of risk events can be minimized through regulation. The first Capital Accord (Basel I) only covered credit risk. Market risk was added through the Market Risk Amendment of 1996. Basel II is about regulating banks and how they manage the risks in their

portfolios. Basel II links the capital of banks directly to the risks they are running. Local supervisors will be responsible for implementing the Basel II

Capital Accord in accordance with their own laws and regulations.



Basel II contains a risk category for operational risk in addition to credit risk and market risk. It also has provision for ‘other risks’ to be taken into account when calculating the risk-based capital of a bank.

Basel II is to be available for implementation in 2006-07.

Market risk

Market risk is defined as the risk of losses in on- and off-balance sheet positions arising from movements in market prices. Market risk is the name given to the group of risks that stem from changes in interest rates and foreign exchange rates.

The yield curve shows the relationship between the effective interest rate paid and the maturity date of an investment at a given time. Changes in market rates can significantly affect the value of a market instrument, such as a bond.

Traded market risk is the risk of a loss of value of the investments associated with continually buying and selling financial instruments (trading) in the market for profit.

Interest rate risk in the banking book is the risk of a loss of value of the limited investments that occur as a natural consequence of the bank’s underlying business.

Credit risk

Credit risk is defined as the risk of losses associated with the possibility that a counterparty will fail to meet its obligations; in other words it is the risk that a borrower won’t repay what is owed.

Collateral is defined as the assets pledged by a borrower to secure a loan or other credit, and which is subject to seizure in the event of default.

Basel I was very limited in the type of collateral it recognized. Basel II recognizes a wider range of collateral, especially in its Internal

Ratings-Based approaches to credit risk. Consistently bad lending is possible but unlikely if banks pursue sound

lending policies. Models to achieve the grading of loans are specifically required as part

of the Basel II credit risk framework.

Operational risk

Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

Although the Basel II definition excludes business, strategic and reputational risk, it has the provision for these ‘other risks’ to be taken into account when calculating the risk-based capital of a bank.



Over the last 20 years the mismanagement of operational risk has been at least as damaging to the value of individual banks as credit risk and market risk.

Basel II has moved the management of operational risk forward in that for the first time banks are required to quantify this risk, measure it, and allocate capital in the same way as required for credit and market risk.

Events that have historically been relatively low-cost are being supplemented or even replaced by events that occur less frequently, but which have a much larger impact.

Other risks

Basel II is very specific regarding what is included in ‘other risks’. It encompasses strategic risk, business risk and reputational risk.

Business risk relates to the competitive position of a bank and to the likelihood of it prospering in changing markets.

Strategic risk is the risk associated with the long-term business decisions made by a bank’s senior management.

Reputational risk is the risk of potential damage to a firm resulting from negative public opinion.

Reputational risk is not just limited to the reputation of an individual bank; it can encompass whole sectors of the banking industry.

Quantifying the loss resulting from reputational risk can be difficult given the long-term and widespread nature of the effects.

The potential consequences of failing to manage risks in banking

In addition to the direct financial loss a risk event can have on a bank, it can also have an impact on the bank’s different stakeholders – shareholders, employees and customers – and the economy as well.

Generally the effect on shareholders and employees is direct; however the consequences for customers can be indirect and therefore less obvious.

Understanding the consequences of risk for a bank’s customers is important as it highlights the need for specifically regulating banks rather than the financial services industry as a whole.

The risk that most affects customers on a day-to-day basis is operational risk.

Banks that have ‘over lent’ in a boom will inevitably ‘under lend’ in any subsequent recession.

Liquidity crises may be rare today in retail banking; however they are more common in wholesale markets.

One direct consequence of risk incidents is that regulating bodies may introduce new rules to prevent or minimize the chance of a recurrence.



The Indonesian banking system and regulation

Commercial banks offer a full range of financial services including foreign exchange services. They have access to the payment system and provide general banking services.

People’s Credit Banks, known as BPRs, are much smaller than commercial banks and are usually based locally.

In addition to Commercial and People’s Credit Banks there are small non-bank institutions such as village credit institutions (BKD) and rural credit unions (LDKP).

The regulation of the banking system has developed rapidly since 1998 in response to the many challenges presented by the domestic financial marketplace.

Bank Indonesia has published the Indonesian Banking Architecture which sets outs the direction, outline and working structures for the banking industry over the next five to ten years.


2 The evolution of risk management and regulation in banking In Chapter 1 we introduced the concept of regulation and explained why banks need to be regulated. The banking industry is different from other industries in that the failure of a bank, either partial or total, will have an impact on the entire economy; hence bank failure carries ‘systemic risk’. This chapter broadens the discussion. It first reviews the reasons for banking regulations and then explains the Basel 1 Capital Adequacy regulation in greater detail. The chapter focuses on the technical aspects of the Basel I Capital Accord, its objectives and how regulatory capital was calculated. Finally it describes how the Basel I Accord further evolved, highlighting its limitations and outlining how it will shortly be replaced by Basel II. On completion of this chapter the candidate will have a basic understanding of:

the effects of solvency crises the effects of liquidity crises the role of the central banks the impact of financial liberalization, globalization and how regulation

evolved to cope with the changes the objectives of the Basel I Accord, its application to credit risk and how

to calculate ‘eligible’ capital the structure of capital under Basel I how Basel I evolved to accommodate new methods of modeling market

risk - The Market Risk Amendment Value at Risk the limitations of the Basel I Capital Accord and Basel II.

This chapter introduces some important concepts and issues and the student should fully understand these before continuing. They are:

risk-weighted assets the target capital ratio credit risk equivalence and conversion factors how to calculate eligible capital for on- and off-balance sheet assets the structure of bank capital – Tier 1 and Tier 2 Value at Risk.



2.1 Why banks are ‘special’ and need to be regulated

2.1.1 Capital, liquidity and competition

It has long been recognized that banks are special in that problems in the banking sector can have a serious impact on the economy as a whole. Banks as financial intermediaries are a powerful force for allocating loan capital to enterprises and thus ‘employing’ the savings of their depositors. If, however, a bank made loans that borrowers could not repay, the insolvency of the bank could lead not only to the destruction of shareholders’ equity but to the destruction of depositors’ funds as well. This is because a bank is, by its very nature, highly geared.

Gearing

Gearing is defined as the ratio of a company’s debt (how much it has borrowed) to the amount of capital it holds. Thus a bank that has large amounts of debt when compared to its capital is said to be ‘highly geared’. In the US the bank would be considered ‘highly leveraged’.

Example In the example of the capital structure of a typical bank given in Chapter 1 Bank A was shown to have the following balance sheet: RWA = Risk-Weighted Assets

Assets AmountUSD million

Risk weight %

RWAUSD million

Domestic government bonds 100 0 0 Cash 10 0 0 Loans to other banks <1yr 200 20 40 Loans to small and medium

enterprises 390 100 390

Loans to local authorities 200 50 100 Loans to major international

companies 100 100 100

Totals 1000 630

Chapter 2: The evolution of risk management and regulation in banking


Example continued Liabilities Amount

Capital 80 Deposits from customers 820 Loans from other banks 100

Total 1000

Bank A uses (borrows) the deposits from its customers to fund the loans to its

customers. Bank A is highly geared. It should be noted that this is not an unusual situation as nearly all banks (the exceptions being very specialist banks) are highly geared because they raise loans from depositors to fund loans to borrowing customers.

Capital

The most important resource a bank has in ensuring its solvency is sufficient capital. A bank’s capital is the one financial resource that is available to absorb losses because it does not require repayment. Capital is the amount of the shareholders’ investment in the bank as measured at its balance sheet value.

Insolvency

Insolvency is defined as the inability of a company to repay any type of claim when it becomes due. A bank in this position is said to be suffering a solvency crisis.

Example Bank X has funded its customer loans by borrowing from depositors and the market at a fixed rate for five years. It has done this on the assumption that the majority of its customers will repay their loans within this period. Unfortunately a far larger proportion of Bank X’s customers than expected fail to pay back the loans. Bank X still owes its depositors and the bond market the fixed rate five-year funds, but does not have the capital to cover the shortfall caused by the defaulters. The losses more than absorb the capital of the bank with the result that the value of the shareholders’ investment in the bank falls below zero. The losses above the level of the capital will have to be absorbed by other providers of funds, such as bondholders and debtors. Bank X now has a solvency crisis.

A solvency crisis in a bank can cause a minor, often local, fall in economic activity. However, if such a crisis were to affect the entire banking sector, then the whole economy could be affected (see Section 1.1.2.).



Of equal concern, is that even the rumor of such a problem could cause depositors to rush to withdraw their funds. Since banks are not able recall all their loans immediately, i.e. liquidate good loans, any bank could suffer the same fate as a bank that made bad loans. In this case the bank would have suffered a liquidity crisis. Students should note that in the absence of some liquidity management mechanism illiquidity might cause insolvency. If the liquidity crisis became more widespread, the effects for the economy could be the same as a solvency crisis affecting the entire banking industry. History has shown that the failure of confidence in one bank can lead to the failure of confidence in banks in general.

Central banks as lenders of last resort

The issues of liquidity and solvency are as relevant today as they were in the 18th century when the current banking system in industrialized countries came into existence. The role of central banks as guardians (and soon supervisors) of the banking system also began in the 18th century. It was rapidly realized that it was in the interests of society as a whole that banks, because of their special status, could occasionally require the support of their central bank. Central banks provide such support through their role of ‘lender of last resort’ to maintain the stability of the financial system. As the lender of last resort a central bank stands ready to provide funds to commercial banks in order to ensure that neither a solvency nor a liquidity crisis in the commercial banking sector could turn into a general economic crisis.

Financial stability

The setting of standards for financial institutions has its origins in the need to improve the efficiency and resilience of the financial system. Financial stability is defined as the maintenance of a situation in which the capacity of financial institutions and markets to mobilize savings efficiently, provide liquidity, and allocate investment is unimpaired. Financial stability can thus be consistent with the periodic failure of individual financial institutions. Such periodic failures are only of concern if they lead to the general impairment of the banking system.



Monetary stability

Monetary stability is defined as stability in the value of money, (i.e. low and stable inflation).

Monetary stability is not the same as financial stability. Though they can often exist together, they are not necessarily ‘fellow travelers’ as can be seen from the three distinct historical periods outlined below:

a period of low inflation in the late 18th through to the early 20th century when governments were primarily concerned with financial stability

a period from the end of World War One to the 1980s when monetary stability took center stage due to the threat of high and volatile inflation rates in many countries

a period from the early 1980s onwards when newly implemented central bank policies managed to control inflation. However this did not, as many expected, lead to greater financial stability. Indeed financial stability has once again become the key focus of policy makers.

Financial liberalization

A major reason why successful monetary policy didn’t lead to financial stability was the ‘wave’ of liberalization that began sweeping through the major financial markets in the 1970s and 1980s. The role of the state in the direct functioning of economies was reduced through a number of actions including:

the removal of barriers to competition between financial institutions, including the liberalization of banking license requirements that had been a major part of regulation up to the 1970s

the removal of restrictions on the pricing of financial transactions, such as maximum rates of interest on loans and deposits

the removal of restrictions on international capital movements which accompanied the introduction of convertible currencies.



Example Latin American debt crisis in the 1980s In the 1970s the major oil exporting countries placed the profits they had gained from the increases in oil prices in international banks, which then lent a large portion of these deposits to Latin American governments. With the start of recession in many industrialized countries in the early 1980s, Latin American countries faced an economic and financial crisis as commodity prices collapsed, and exports fell dramatically. In August 1982 Mexico informed the International Monetary Fund (IMF) that it would not be able to meet its obligation on a USD 80 billion debt. The IMF, World Bank and the US put together a rescue package to prevent Mexico from defaulting. However the situation in Latin America deteriorated as banks and investors lost confidence in the ability of many developing countries to repay their debts. Some 16 Latin American countries, who together owed $176 billion, were left struggling to meet their obligations. Many of the largest international banks faced the prospect of major loans defaulting and potential insolvency. A significant banking collapse was averted by debt rescheduling, but the pressure to meet interest payments pushed the Latin American economies further into recession. By 1989 the emphasis changed from debt restructuring to debt reduction. In return for commitments to introduce economic reforms the IMF and World Bank provided Latin American countries with funds to pay back outstanding commercial bank debt.

Competition and banking

The liberalization of financial markets greatly increased competitive pressures on banks by:

reducing the capabilities of existing institutions to extract wide margins from their businesses – products had to be more competitively priced

creating an influx of new entrants, thus increasing competition. The difficulty of earning the same return in these circumstances meant that many institutions were forced to increase the risks they ran in order to maintain returns.



Example Security First National Bank In 1995 the world’s first internet only bank was set up in the US in Atlanta, Georgia. Security First National Bank (SFNB) had only one office, no branches, very few staff and minimal overheads. It was based on the premise that banking customers want to conduct their business quickly, efficiently, at a time of their choosing and within a secure environment. It was also set up to test Security First banking software products. Although now part of the Royal Bank of Canada, SFNB, proved how relatively easy it had become to set up a bank. It also proved that internet banks were a viable proposition. Internet banking now accounts for a substantial amount of the total turnover of the banking sector.

Financial product innovation

The liberalization of the financial sector also led to a period of rapid innovation, most notably in the growth of products such as futures, swaps and options (the derivative markets) and the securitization of assets. These products have the capability to greatly increase the ability of banks to transfer risks between themselves and investors in other markets.

International developments

The controls on cross-border competition were also liberalized partly as a result of the growth of free trade globally. But perhaps even more significant it was the result of the increasing economic and political strength of the European Union. The liberalization of cross-border controls tightened financial links between institutions, markets and countries.

2.1.2 Effects on supervisors and regulation

Developments in the financial markets and liberalization of cross-border controls led supervisors, and especially central banks, to consider that although the value of the safety net provided by their lender of last resort function had grown substantially the basis of much of their financial regulation had been weakened. Prior to the period of financial liberalization in the 1970s and 1980s financial regulation had focused on:

the authorization of financial institutions tightly defining the spheres of permitted activity of different financial

institutions the definition of balance sheet ratios and requirements such as keeping

a certain level of cash deposits with the central bank, or keeping a certain level of assets in domestic government securities.



2.1.3 New approaches to regulation

In this ‘new’ world prudential supervisors began to look at potential new approaches to regulation, drawing the following conclusions:

significant market participants measured their own performance by looking at the return on the risks they took. If the supervisors could create regulatory processes that worked with the markets, they could make regulation both more effective and more relevant to the regulated institutions

the increase in the globalization of capital markets greatly increased the need to ensure prudential norms were accepted internationally and implemented consistently

regulation was only one part of the solution. The risks of financial intermediation, internationally, depended on such issues as ensuring minimum standards in contract and bankruptcy law, accounting and audit standards and disclosure requirements.

2.2 The original Basel Accord and capital adequacy for credit risk

2.2.1 Objectives of Basel I

The Basel Committee on Banking Supervision was established in 1974 by the central bank governors of the Group of Ten (G10), to focus on banking regulations and supervisory practices. The Basel Committee is comprised of representatives of the central banks and banking supervisors from the 11 members of the G10 plus Spain and Luxembourg. Consequently it draws members from the following countries: Belgium Canada France Germany Italy Japan Netherlands Sweden Switzerland United Kingdom United States Spain Luxembourg The Basel Committee had three main objectives in developing the Basel I Accord:

to strengthen the soundness and stability of the international banking system

to create a fair framework for measuring the capital adequacy of internationally active banks

to have the framework applied consistently with a view to diminishing competitive inequalities between internationally active banks.



2.2.2 Risk-weighted assets and risk weights

In order to understand how the Basel I Accord meets its main objectives the student must first understand the concept of risk-weighted assets (RWA). A risk-weighted asset is a balance sheet asset class that has been multiplied by its risk weight. These are used to derive a balance sheet expressed in terms of risk-weighted assets, which in turn is used to derive the capital requirement (see Section 2.2.3). The Basel Committee devised a system to help banks establish their level of risk-weighted assets. The system was based on the concept of risk weights as a series of factors. These risk weights were in turn based on the perceived relative credit risk associated with each asset class. Thus a mortgage has a risk weight of 50% and, under the Basel I Accord, can be said to be half the risk of a corporate loan which has a risk weight of 100%. In order to derive a balance sheet weighted by risk factors each contract instrument (such as a loan) was grouped into five broad categories according to the perceived credit standing of the counterparty for the term of the contract. The weights used were 0%, 10%, 20%, 50% and 100%. An abbreviated version of the full list, as it appears in Basel I, is given in Table 2.1 below. Table 2.1

Asset class Risk weight %

Cash 0Domestic and OECD* central government 0Government lending OECD 0Domestic and OECD public sector and local government 0 to 50Interbank (OECD) and international development banks 20Non-OECD bank <1 year 20Mortgage lending (first charge on residential property) 50Corporate and unsecured personal debt 100Non-OECD bank >1 year 100Non-OECD government debt 100 * The Organisation for Economic Co-operation and Development (OECD) is a group of 30 countries sharing a commitment to democratic government and the market economy.

In practice, banks have a multitude of different assets, each of which has to be weighted in accordance with the principles laid down in Basel I and reflected in Table 2.1 above.



It should be noted that under Basel I some of the risk weights are left to the discretion of the local supervisor, for example local government lending may be 0%, 10%, 20%, or 50%.

Example Calculating risk-weighted assets Bank A is a Basel I regulated bank and decides to lend USD 100 million to a non-OECD bank for six months. The risk-weighted asset of this loan is:

Loan advanced USD 100 million Risk weight 20% RWA USD 20 million (100m x 20%)

Bank B lends USD 100 million to a large corporation. The risk-weighted asset (RWA) of this loan is:

Loan advanced USD 100 million Risk weight 100% RWA USD 100 million (100m x 100%)

2.2.3 The target capital ratio

The Basel I Accord established the relationship between risk and capital. It used a simple set of different multipliers for government debt, bank debt and corporate and personal debt and multiplied them by an overall target capital ratio. This target capital ratio is the ratio for eligible capital to risk-weighted assets (RWA) for international banks. The Basel Committee laid down a minimum target capital ratio of 8%. National supervisors had the discretion to impose a higher ratio as they saw fit, which a number, notably the US and UK have taken up. However, some supervisors, such as Germany, are precluded from doing so for legal reasons. There is no presumption that the 8% should be applied universally to all banks within a national supervisor’s jurisdiction. The Committee specifically allows for this on the grounds that the actual minimum regulatory capital ratio for a bank needs to reflect risks other than credit risk. (Students should remember that credit risk is the only risk specifically covered in the Basel I Accord.) The formula for computing the ratio is:

Eligible capitalRisk - weighted assets

× 100 = Ratio (min 8%)



Thus we can compute the capital required given a known amount of RWAs, or the RWAs permitted for a given amount of capital by reversing the above equation.

Example Calculating capital requirements Bank A is a Basel I regulated bank and decides to lend USD 100 million to a non-OECD bank for six months. The capital Bank A is required to hold against this loan is:

Loan advanced USD 100 million Risk weight 20% RWA USD 20 million Capital required USD 1.6 million (20m x 8%)

Bank B lends USD 100 million to a large corporation. The capital Bank B is required to hold against this loan is:

Loan advanced USD 100 million Risk weight 100% RWA USD 100 million Capital required USD 8 million (100m x 8%)

Bank C holds USD 2 million of unallocated capital and wishes to lend to an OECD bank. For its given level of capital Bank C can lend up to USD 125 million.

Amount of capital USD 2 million RWA USD 100 million (2m/20%) Loan equivalent USD 125 million (25m/20%)

Students should take note of this example and contrast it to likely outcomes for capital requirements for similar lending under Basel II. While there are a number of potential differences in the principles laid down in the Standardised Approach of Basel II there are also many similarities and in practice many results will be very close or identical to those in Basel 1. The above examples for banks A, B and C use on-balance sheet items only. Off-balance sheet items, e.g. warranties will be introduced later in this chapter.

The target capital ratio was a simple equation for a highly complex set of products. The Basel Committee continued to revise the Basel I Accord to cover the increasing diversification of banking activities.

2.2.4 Credit risk equivalence

With banks diversifying their activities, there was a growing need for the capital adequacy accord to include off-balance sheet exposures. Usually off-balance items are contingent liabilities such as guarantees, options, acceptances or warranties. There is no cash or physical asset to represent the value in a balance sheet. Balance sheets do not record contracts, only the proceeds. A



good example is an insurance contract where the accounts will show the premium paid but the insurance contract itself will not be in the accounts. To deal with off-balance sheet items the Basel Committee put forward the concept of credit risk equivalence. This was first proposed in the Basel Committee paper on the treatment of off-balance sheet exposures in March 1986 entitled “The Management of Banks’ Off-Balance-Sheet Exposures: A Supervisory Perspective”.

The concept behind credit risk equivalence is that any off-balance-sheet transaction can be converted to a loan equivalent and thus brought on-balance-sheet for purposes of computing risk-weighted assets. This ensures that the definition of RWA covered a wide range of a bank’s obligations, not just those represented by loans and similar asset classes.

2.2.5 Standard credit substitute instruments

Some off-balance sheet transactions have very simple conversion factors. For example direct credit substitutes, (e.g. Guarantees), have a conversion factor of 100%. A list of the main off-balance sheet instruments with simple Conversion Factors (CF) is given in Table 2.2 below. Table 2.2

Off-balance sheet item CF %

Direct credit substitutes, (e.g. Guarantees) 100

Certain transaction-related contingent items 50

Short-term self-liquidating trade-related contingencies 20

Sale and repurchase agreements and asset sales with recourse, where the credit risk remains with the bank

100

Forward asset purchases, forward-forward deposits and partly-paid shares and securities which represent commitments with certain draw downs

100

Note issuance facilities and revolving underwriting facilities 50

Other commitments with an original maturity of over one year 50

Similar commitments with an original maturity of up to one year, or which can be unconditionally cancelled at any time.

0

It should be noted that the instruments listed here represent general categories and supervisors have some degree of national discretion to allocate specific instruments to categories.



2.2.6 Derivative instruments

Other off-balance sheet transactions such as derivatives are treated differently. A derivative is a financial instrument where the principal amounts of the transaction are not usually exchanged. The price is derived from the value of one or more of the following items:

financial instruments indices commodities, or another derivative instrument.

Example Bank V enters into a forward rate agreement with Bank X. This gives Bank V the

right to deposit USD 10 million for three months beginning in one-month’s time at a rate of 2%. The following month the two banks compare the rate of 2% against the current interest rate which is now 1.5%. Bank X pays Bank V 0.5% as rates have fallen. Bank V can now enter into a deposit at 1.5% with any bank. The settlement of 0.5% from Bank X allows Bank V to receive 2% in total. This shows how a derivative can ‘lock in’ interest payments without any exchange of principal amounts.

Banks are not exposed to the full face value of a swap contract if the counterparty defaults, but only to the potential cost of replacing the cash flow equivalent of the contract (the credit equivalent). Any mark-to-market exposure (see Section 4.4) is reduced to 50% of the direct lending weight as shown in Table 2.2 above. For example a 100% counterparty is weighted at 50% for mark-to-market exposures. Depending on the movement of a number of factors relevant to the contract since its inception, this may or may not result in a credit risk equivalent exposure. There will always be an ‘add on’ to cover the potential for the contract value to change, and for the bank therefore to become exposed to its counterparty. A full list of contracts covered is beyond the scope of the Certificate; however descriptions of the types of derivatives are provided in Chapter 4. In general these contracts are:

interest rate swaps and options, forward rate agreements, interest rate futures

exchange rate swaps and options, forward foreign exchange contracts, currency futures (excluding contracts with an original maturity of less than 14 days)

precious and non-precious metals swaps and options, forward contracts and futures

equity swaps and options and equity futures contracts.



Two methods of calculating the credit equivalent of these contracts have been allowed under Basel I. These are:

the Current Exposure Method the Original Exposure Method.

Neither of these methods reflected Value at Risk models (which did not appear in Basel-based regulation until the Committee published the Market Risk Amendment in 1996).

2.2.7 The Current Exposure Method

This was the method preferred by the Basel Committee under Basel I. The method calculates the current replacement cost of the contract by marking the contracts to market. This is usually a simple process given that derivative markets are overwhelmingly traded instruments. It is also accurate and gives a clear comparison of the derivative contract to a loan equivalent, at a point in time. The mark-to-market value of a contract changes continuously because the value of a contract is driven by various risk factors depending on the type of contract it is. For example, changes in the value of an interest rate swap will largely depend on the relative movements of the interest rates to which it is linked. If the current mark-to-market value of a transaction is positive, this represents the value the bank would lose if its counterparty defaulted on the transaction. However, as the mark-to-market value of the transaction will continue to fluctuate until the maturity date, there is a risk that the credit exposure may rise higher than the current mark-to-market value. A capital charge was created for this additional exposure by adding a percentage of the notional principal to the current mark-to-market value. Table 2.3 shows the percentages to be applied to the notional amount of each transaction. The percentages are categorized by instrument and residual maturity to reflect the relative risk of each instrument over time.



Table 2.3

Residual maturity

Interest rate

%

Exchange rate and

gold %

Equity

%

Precious metals (not

gold) %

Other commodities

%

<1 year 0.0 1.0 6.0 7.0 10.0 >1 and <5 years 0.5 5.0 8.0 7.0 12.0 >5 years 1.5 7.5 10.0 8.0 15.0

Example Three years ago Bank A traded a seven-year interest rate swap for USD 10 million to pay 6% fixed rate against six-month LIBOR (London Interbank Offered Rate). Rates have risen and the current mark-to-market value of the swap to the bank is USD 1millon. The Credit Equivalent (CE) calculation under the current exposure method is: CE = Mark-to-market value + (notional amount x add-on) CE = USD 1,000,000 + (USD 10,000,000 x 0.5%) = USD 1,050,000 The add-on is 0.5% because the swap has four years to run and is an interest rate swap (see Table 2.3 above). The Credit Exposure is to an OECD bank and therefore would normally be rated 20% (see Table 2.1), but this is reduced to 10% (see Section 2.2.6). The capital consumption of the transaction is thus: Capital = USD 1,050,000 x 10% (risk weight) x 8 % (target capital ratio)

= USD 8,400 Eighteen months ago Bank B entered into a foreign exchange deal to buy USD 10 million worth of yen at a rate of 104 for delivery in two-years’ time. The exchange rate has now risen to 106 for the same delivery date. This means the current mark-to-market value shows a loss of approximately USD 189,000 for Bank B since the amount of yen purchased is now only worth approximately USD 9,811,000. CE = 0 + (USD 10,000,000 x 1%) = USD 100,000 The add-on is 1% because the contract matures in six months’ time and is an exchange rate transaction (see Table 2.3 above). The current mark-to-market value is set to zero because it is negative for Bank B.



2.2.8 The Original Exposure Method

The Original Exposure Method allowed a bank to calculate a percentage of the notional principal as the exposure without having to calculate the current value of a contract. The conversion factors for this method are given in Table 2.4. Table 2.4

Maturity Interest rate contracts

%

Exchange rate contracts and gold

%

One year or less 0.5 2.0 Over one year to two years 1.0 5.0 For each additional year 1.0 3.0

Under Basel I national regulatory authorities had discretion to allow banks to use this method as an interim measure pending implementation of the Current Exposure Model. This generally applied to banks that had a small matched position in an instrument. Banks that were engaged in forwards, swaps, purchased options or similar derivative contracts based on equities, precious metals (except gold), or other commodities had to use the Current Exposure Model.

2.2.9 Calculating eligible capital consumption

A bank can establish the minimum level of regulatory capital it is required to hold by first determining its risk-weighted assets and then multiplying this figure by the target capital ratio set by its supervisor.

Example Calculating regulatory capital Bank A has a target capital ratio of 8% and has the following positions in its books:

1. Six-month loan to a French bank for USD 100 million 2. Four-year interest rate swap to a UK chemical company for USD 10million

with a value of USD 500,000 3. A residential property mortgage book of USD 500 million.



Example continued

1. This is an on-balance sheet item with an OECD bank with a maturity of less than one year. RWA = USD 100m x 20% = USD 20 million

2. This an off-balance sheet item with the private sector with a maturity of less than five years and using the Current Exposure Method.

Credit equivalent = (USD 10m x 0.5%) + USD 500,000 = USD 550,000 RWA = USD 550,000 x 50% = USD 275,000

3. This is an on-balance sheet item that is a loan book secured on residential

properties.

RWA = USD 500m x 50% = USD 250 million Total RWA = USD 20,000,000 + USD 275,000 +

USD 250,000,000 = USD 270,275,000 Regulatory capital

requirement = USD 270,275,000 x 8% = USD 21,622,000

2.3 The ‘grid’ and ‘look up’ table approach to capital adequacy and credit risk in Basel I

In practice every bank operating under Basel I produces a grid as shown in Tables 2.3 and 2.4 to calculate the level of credit risk equivalent of its transactions. It will also have a ‘look up’ table, as shown in Tables 2.1 and 2.2, to calculate the level of risk-weighted assets on which to determine its eligible capital requirement.

2.3.1 Adequacy of the return on regulatory capital

Under both Basel I and II a bank calculates its regulatory capital requirements for a given amount of risk-weighted assets. A bank’s business is not static and the level of RWAs will change as new contracts are written and old ones expire. Under these circumstances a bank has two choices. It can either:

set a limit to its level of regulatory capital; hence fixing the total amount of RWAs available. However, this limits its capacity to raise new business, or

raise new regulatory capital as the RWAs increase.



It should be noted that ‘fixing’ a level of regulatory capital can be difficult as the RWAs of traded instruments can increase without new business being undertaken.

Return on regulatory capital is a performance measure used to ensure that a transaction creates a return sufficient to allow the bank to raise new capital. It is important to note that risk costs are not specifically taken into account except through the margin return incorporated in ‘net earnings’. Determining if these returns are sufficient needs a separate set of performance metrics. A simple example for calculating the return on regulatory capital is given below. It assumes that:

the given capital structure is appropriate for capitalizing the given transaction

the bank has actual capital equal to regulatory capital – which is very unlikely in the real world.



Example Calculating return on regulatory capital Bank T is considering offering a new fixed price loan to its customers, but will need to extend its regulatory capital if it does so. To make this decision it must first calculate the return on its required regulatory capital. It establishes a loan limit that is available throughout the term of the loan (the stand-by loan limit). Transaction details

Stand-by loan limit (available for >365 days) USD 20 million Estimated utilization of limit 50% Margin on utilized portion 1% Risk weight 100% RWAs on utilized portion (20m x 50% x 100%) USD 10 million Estimate of non-utilization 50% Margin on non-utilized portion 0.5% Credit conversion factor 50% Risk weight 100% RWAs on non-utilized portion (20m x 50% x 50% x 100%) USD 5 million Total RWAs (10m + 5m) USD 15 million Risk asset ratio 8% Notional capital (15m x 8%) USD 1.2 million Net earnings (15m x 1%) 0.15 million Return on regulatory capital = Net earnings/Notional capital x 100 Return on regulatory capital (0.15m/1.2m x 100) 12.5 million

In the above example, only the margin is used to calculate the net income. In practice an adjustment is made to give a gross return to account for the base interest rate that the loan margin is added to. Most banks will have one agreed transfer price for their funds. In the above example, if we assume the transfer price for the funds is 3%; this gives a total return on regulatory capital of 15.5% (the calculated return plus the transfer price). In the example above Bank T would need to judge if a return of 15.5% were sufficient for it to extend its regulatory capital and launch the new product.



2.4 The bank capital requirements in Basel I

2.4.1 Capital structure

The calculation of the minimum level of regulatory capital a bank is required to hold does not, however, determine the structure of capital that the bank should hold. In Basel I the Committee not only created a framework for measuring capital adequacy; it also created a framework for the structure of bank capital, often called ‘eligible capital’. The Basel Committee considers that the key element of eligible capital for a bank is equity capital.

However for regulatory capital purposes most banks can hold capital in two tiers. They are

Tier 1 – issued and fully paid ordinary shares/common stock and non-cumulative perpetual preferred stock and disclosed reserves.

Tier 2 – undisclosed reserves, asset revaluation reserves, general provisions and general loan loss reserves, hybrid capital instruments and subordinated debt.

Not more than 50% of the total capital can be held in Tier 2 capital. The capital base should exclude:

goodwill investments in unconsolidated banking and finance companies, and investments in the capital of other banks and finance companies

(subject to national supervisor discretion) minority investments in unconsolidated entities, (e.g. associate banks).

Students should be aware that there is a third tier of capital (Tier 3), which is available to support banks’ trading portfolios only.

2.5 Basel I and the 1996 Market Risk Amendment

2.5.1 The Market Risk Amendment

Basel I is often incorrectly criticized for its lack of risk sensitivity. Risk sensitivity was fundamental to the thinking of the Committee as it developed the first Capital Accord.



The degree of risk sensitivity was greatly increased when the Basel Committee released the “Amendment to the Capital Accord to Incorporate Market Risks” in January 1996. This became known as the Market Risk Amendment. The Market Risk Amendment was the culmination of a process that had begun when the Committee issued a paper entitled “The Supervisory Treatment of Market Risks” and asked banks and market participants for their comments. This led to an investigation by the Committee during 1994 of banks’ use of internal models to measure market risk. The use of individual models was causing banks’ own views of the risks they were running to differ, in many cases significantly, from the simple RWA- based approach of Basel I. In moving towards the acceptance of internal models of market risk the Committee was actually following the lead of banks. The Basel Committee developed the Market Risk Amendment on a ‘twin- track’ approach. This twin-track approach appraised banks’ internal quantitative models based on a set of published standards and similarly set qualitative standards. In particular this approach looked at the appropriateness of applying such quantitative models and the quality of processes supporting their implementation.

2.5.2 Value at Risk (VaR)

The quantitative models banks were using - those accepted by the Committee - are called Value at Risk (VaR) models. VaR models represent an estimate of the likely maximum amount that could be lost on a bank’s portfolio of market risks:

within a given time period, and with a certain degree of statistical confidence, (i.e. with a certain

probability). The Basel I techniques for off-market assets (‘add-ons’) and the VaR technique are both attempting to achieve a broadly similar objective. This objective is to show the value of a transaction (or more accurately the value of the portfolio of all of the bank’s transactions, some of which may offset one another) over a period relevant to the bank’s holding of the transaction.

The holding period of the transaction is known as the VaR Horizon. For many traded market transactions the appropriate VaR Horizon will be one trading day. Hence the commonly used Daily Value at Risk or DVaR measure.



A bank’s risk report may contain the following statement: “The trading portfolio has DVaR of USD 5 million at the 95% level.” Within this statement the level (the confidence level) relates to a level of probability that some event will occur. In the case of market risk this will be a loss of portfolio value above some level. Typically, probability is often calculated at the 95% or 99% level. In simple terms the DVaR expressed above is: “Within the period of one trading day there is a 5% (100% minus 95%) chance that losses on the portfolio could exceed USD 5 million.” This may seem a low probability; however, looked at another way, it says that in one year there would be approximately 12 days when portfolio losses exceeded USD 5 million (assuming approximately 240 days a year when the appropriate markets are open for trading).

It should be noted that VaR models numbers do not give any estimate of how big the actual losses could be, i.e. in the above example the model gives no indication of how much larger than USD 5 million the losses could be.

2.5.3 Risk-based regulation

The 1988 Basel I Accord did recognize that capital held by banks should relate in part to the credit standing of the:

borrowers issuers of securities, and other counterparties who had financial obligations to banks (such as

guarantors). The broad categories of counterparties the Basel Committee had used, and the relatively crude risk sensitivity of the ‘add-on’ process for counterparty credit risk, limited the scope of risk-based regulation.

The Market Risk Amendment, in its conditional acceptance of banks’ Value at Risk models, produced for the first time an element of true risk-based regulation.



2.6 Weaknesses in the Basel I Accord

2.6.1 Basel I and corporate credit risk

The creation and subsequent success of the Market Risk Amendment was a major milestone in the development of risk-based regulation. At the same time many banks were shifting their internal credit processes toward the use of quantitative risk models with direct similarities to their market VaR techniques. This was due to:

the success of many banks’ VaR models, and the increase of credit risk trading.

Credit risk trading had already existed to a limited extent in commercial paper markets but increased significantly as the syndicated loan market became more sophisticated and the securitization of bank loans became more widespread. The transparency of corporate credit risk increased significantly when even relatively unsophisticated models showed the huge disparities in quality (credit grade) and the resulting pricing of different corporate credits. The Basel I approach to capital adequacy gave the same RWA weighting, and thus the same capital requirement, to all corporate loans irrespective of the credit grade of the borrower. The problem with the Basel I approach was obvious: banks which lent to companies with a very good credit standing were obliged to hold exactly the same amount of capital for regulatory purposes as banks lending to companies with poor credit standing. This would not have mattered as much if banks could charge all borrowers the same. However, banks were increasingly in competition with rapidly growing corporate bond markets where credit margins related quite closely to the credit gradings awarded to bonds issues by such rating agencies as Standard & Poor’s and Moody’s Investors Service. The same problem occurred in relation to unsecured personal lending (such as credit card lending) and to lending to governments (sovereign loans).



2.7 The development of a new Capital Accord – Basel II

In 1999 the Basel Committee started working closely with the major banks of member countries to develop a new Capital Accord. The general aim was to encompass all banking risk within a new comprehensive capital adequacy framework. The new accord soon became known as Basel II. The work on developing the Basel II Accord coincided with moves in the European Union to harmonize the financial markets. This was known as the Financial Markets Program. The need to harmonize banking and financial services regulation across the EU was considered an integral part of the Program. There was the potential for the EU to adopt, in a harmonized fashion, the Basel II Accord as the basis for the ‘domestic’ capital regulation of banks and financial services companies. The wide application of Basel II in the EU beyond simply banks was made necessary partly by the lack of any common definition of a bank across member states. The Basel II Accord, with minor alterations, will thus become the basis for a new EU directive on capital adequacy – the Capital Requirements Directive (CRD).



Sample questions

1. Gearing (leveraging) of a bank is defined as:

a) The ratio of its debt to its assets

c) The ratio of its deposits to its capital

b) The ratio of its debt to its capital

d) The ratio of its deposits to its assets

2. The insolvency of a bank is defined as:

a) The inability to pay any type of claim when due

c) The inability to fund loans when required

b) The inability to pay depositors on demand

d) The inability to sell assets when necessary

3. Financial stability is consistent with:

a) Stability in the value of money c) The maintenance of the ‘lender of last resort role’ of the central bank

b) The periodic failure of individual financial institutions

d) The insolvency of the banking system

4. The pressure on banks to take increased risks is due to:

a) The need to recycle petro-dollars

c) The liberalization of financial markets

b) The need to fund inflation affected balance sheets

d) The need to fund increased capital

5. One of the objectives of the Basel Committee in creating the first Accord

was:

a) To create risk-based regulation

c) To strengthen the soundness and stability of the international banking system

b) To create a minimum capital ratio

d) To create a minimum standard for bank regulation



6. The Basel Committee minimum capital ratio is set at:

a) 4% c) 6% b) 8% d) 10%

7. Off-balance sheet items may be measured under Basel I through:

a) Their capital equivalence c) Their asset value equivalence b) The credit risk equivalence d) Their nominal value

equivalence Answers can be found in the Appendix.



Summary

This chapter has introduced a number of key concepts and issues involved in the evolution of risk management and regulation in banking. Students should review this summary before proceeding.

Why banks are ‘special’ and need to be regulated

A bank is, by its very nature, highly geared (leveraged). Gearing is defined as the ratio of a company’s debt (how much it has

borrowed) to the amount of capital it holds. A bank’s capital is the one financial resource that is available to absorb

losses because it does not require repayment. Insolvency is defined as the inability of a company to repay any type of

claim when it becomes due. Central banks act as the ‘lender of last resort’ providing funds to

commercial banks in order to prevent a solvency or liquidity crisis from becoming a general economic crisis.

With increased competition in the 1980s banks found it more difficult to maintain returns. This put pressure on many institutions to increase the risks they ran.

The liberalization of cross-border controls tightened the financial links between institutions, markets and countries.

Following liberalization prudential supervisors began to look at potential new approaches to regulation.

The original Basel Accord and capital adequacy for credit risk

The Basel Committee had three main objectives in developing the Basel I Accord: - to strengthen the soundness and stability of the international banking

system - to create a fair framework for measuring the capital adequacy of

internationally active banks - to have the framework applied consistently with a view to diminishing

competitive inequalities between internationally active banks. The target capital ratio is the ratio for eligible capital to risk-weighted

assets (RWA) for international banks. Credit risk is the only risk specifically covered in the Basel I Accord. To deal with off-balance sheet items the Basel Committee put forward

the concept of credit risk equivalence. Credit risk equivalence states that any off-balance sheet transaction can

be converted to a loan equivalent and thus brought on-balance sheet for purposes of computing risk-weighted assets.



The Current Exposure Method calculates the current replacement cost of the contracts by marking the contracts to market and an ‘add-on’ factor.

The bank capital requirements in Basel I

In Basel I the Committee not only created a framework for measuring capital adequacy; it also created a framework for the structure of bank capital, often called ‘eligible capital’.

For regulatory capital purposes most banks hold capital in two tiers: - Tier 1 – issued and fully paid ordinary shares/common stock and

non-cumulative perpetual preferred stock and disclosed reserves. - Tier 2 – undisclosed reserves, asset revaluation reserves, general

provisions and general loan loss reserves, hybrid capital instruments and subordinated debt.

Basel I and the 1996 Market Risk Amendment

The Market Risk Amendment used a ‘twin-track’ approach: appraising banks’ internal quantitative models based on a set of published standards and similarly setting qualitative standards.

It should be noted that VaR model numbers do not give any estimate of how big the actual losses could be.

The Market Risk Amendment, in its conditional acceptance of bank’s Value at Risk models, produced for the first time an element of true risk- based regulation.

The creation and subsequent success of the Market Risk Amendment was a major milestone in the development of risk-based regulation

Weaknesses in the Basel I Accord

The Basel I approach to capital adequacy gave the same RWA weighting requirement to all corporate loans irrespective of the credit grade of the borrower.

The problem with the Basel I approach was obvious: banks which lent to companies with a very good credit standing were obliged to hold exactly the same amount of capital for regulatory purposes as banks lending to companies with poor credit standing.

The development of a new Capital Accord – Basel II

In 1999 the Basel Committee started working closely with the major banks of member countries to develop a new Capital Accord. The general aim was to encompass all banking risk within a new comprehensive capital adequacy framework.



The new accord became known as Basel II. The Basel II Accord, with minor alterations, will become the basis for a

new EU directive on capital adequacy – the Capital Requirements Directive (CRD).


3 The development of risk-based supervision of banks This chapter focuses on key aspects of the Basel II Accord and examines its objectives, structure, coverage, risk sensitivity and relationship to capital adequacy. It leads the student through the evolution of the Basel II Accord and explains why banks appear to hold more capital than they are required to under regulation. On completion of this chapter the candidate will have a basic understanding of:

why the Basel Committee decided to extend the Basel I Capital Accord the structure of the Basel II Accord, its three pillars and the risks covered how the Basel Committee refined the Basel II Accord the breadth and depth of Basel II coverage why banks hold more capital than they need based on regulatory

requirements.

3.1 The three Pillars of regulation

The Basel II Capital Accord is far more complex than the previous Accord. Not only does it address additional areas of risk, it also has a three-tier approach and uses more sophisticated methodologies for estimating the risk. Basel I Accord Basel II Accord

Focuses on a single risk measure Focuses on internal methodologies Has a simple approach to risk sensitivity

Has a higher level of risk sensitivity

Uses a one-size-fits-all approach to risk and capital.

Is flexible to fit the needs of different banks.

The Basel I Capital Accord has a risk category for credit and market risk. Basel II extends this to operational risk and has provision for other risks to be taken into account when computing the risk-based capital of a bank. Basel II also links the capital of banks directly to the risks they run.



The new Basel II Framework is structured around three concepts of regulation. These are known as the three pillars and are:

Pillar 1 – Minimum capital requirements which seek to develop and expand on the standardized rules set forth in the 1988 Accord

Pillar 2 – Regulatory review of an institution's capital adequacy and internal assessment processes

Pillar 3 – Effective use of market discipline as a lever to strengthen disclosure and encourage safe and sound banking practices.

3.1.1 Pillar 1 – Minimum capital requirements

Within Pillar 1, banks are required to calculate the minimum capital for credit risk, market risk and operational risks. For traded market risk there is no change from the current process, as laid out in the Basel Committee’s 1996 Market Risk Amendment to the Basel I Capital Accord. Interest rate risk in the banking book is not covered under Pillar 1.

3.1.2 Pillar 2 – Supervisory review

The Pillar 2 supervisory review process is intended to formalize the existing practices of many regulators. The concept of supervisory review was already implicit in Basel I, and was intended to set out minimum standards only which supervisors could adapt on a bank-by-bank basis. Pillar 2 constitutes a supervisory review which at present closely resembles the current risk-based supervision approaches of the Federal Reserve Board in the US and the Financial Services Authority in the UK. The supervisory reviews are designed to focus attention on:

any capital requirements above the minimum level calculated under Pillar 1, and

early actions that may be required to address emerging risks. Pillar 2 also covers the review of a specific type interest rate risk in the banking book. The Basel Committee paper “Principles for the Management and Supervision of Interest Rate Risk” published in July 2004 provided details on how to manage interest rate risk within a banking book.

3.1.3 Pillar 3 – disclosure

Pillar 3 is the market discipline Pillar. The Bank for International Settlements (BIS) defines market discipline as the internal and external governance mechanism in a free-market economy in the absence of direct government intervention.

Chapter 3: The development of risk-based supervision of banks


Pillar 3 covers what will be required in terms of public disclosure by banks. It is designed to help banks’ shareholders and market analysts, and leads to improved transparency on issues such as:

a bank’s asset portfolio, and its risk profile.

It should be noted that Basel I contained only a Pillar 1 approach. In practice Pillar II and Pillar III will exist in all jurisdictions, although the approaches to these Pillars and their applications are likely to differ greatly.

3.1.4 Risk coverage – credit, market, operational and other risks

Within the three-pillar approach the Basel Committee proposed to extend the scope of risk coverage beyond credit and traded market risks toward a much wider range of risks facing banks.

The Basel Committee focused Pillar 1 on credit risk and operational risk while incorporating the 1996 Market Risk Amendment unchanged. The Pillar I approach marks the first time that operational risk will be covered by a quantitative approach. In addition, there was a large subset of risks the Basel Committee wished to cover in Pillars 2 and 3. These are termed ‘other risks’.



Figure 3.1: The Basel II structure of regulation

PILLAR 1

Minimum

Capital

PILLAR 2

Supervisory

Review

PILLAR 3

Market

Discipline

Credit riskOperational

riskMarket risk

See 1996

Market Risk

Amendment

Simplified

Standardised

Approach

Standardised

Approach

IRB

approaches

Basic

Indicator

Approach

Advanced

Measurement

Approach

Standardised

Approach

Foundation

Collateral and

Securitization

Advanced

Residual

risks

Banking book

interest rate

risk

Disclosure

3.2 Reasons for the development of Basel II

3.2.1 Credit models – grading or options-based

The increasing use by banks of quantitative methods to measure and report the credit risk on their portfolios of assets was one of the developments that culminated in the publication of the Market Risk Amendment in 1996. This amendment permitted banks to use internal models for measuring credit risk.



The development of these quantitative methods provided a solid foundation for the new Basel II Accord. However, two issues needed to be resolved before the Committee could proceed with Basel II. The first issue was to decide on the types of credit models to be allowed under the proposed Pillar 1 regime. The Committee considered the use of either:

full portfolio models characterized by the application of option pricing techniques, or

more restricted so called ‘grading models’ where the calculation of risk is done on an individual obligor basis and where the portfolio risk is simply the total of the individual risks.

Full portfolio models were the result of work done by Robert Merton on pricing and measuring risks in option portfolios. (A detailed discussion of these techniques is beyond the scope of the Certificate.) Grading models are used widely by credit rating agencies such as Standard & Poor’s and Moody’s Investors Service. While the terms credit grade and credit rating are interchangeable, it should be noted that the Basel II Accord uses ‘grades’ within its definitions. In the late 1990s the Committee decided to limit the use of credit models to credit grading models. However in the years since the Committee’s decision there has been a trend toward the coming together of these two techniques.

3.2.2 Operational and other risks

The second issue that required resolution was to what extent quantitative techniques could be extended to cover ‘other risks’ most notably operational risk. There were strong arguments for considering all such risks under Pillar 2 as very few banks had taken a quantitative approach to calibrating and managing these risks. However, in many other industries such approaches were common. Amongst supervisors there was considerable concern that such risks were actually quite significant and that relying solely on a Pillar II approach would lead to under capitalization or, at the very least, inconsistent capitalization against such risks. As a result the Basel Committee decided:

to incorporate operational risk as a quantitative measure within the Pillar 1 approach

to define operational risk more widely to cover a range of risks although excluding reputational, business and strategic risks, and

to focus Pillar 1 credit risk models on credit grading techniques.



3.3 Development of the Basel II Accord

The Basel Committee used a consultative approach to ensure that the new regulation had a positive impact. It first issued consultative papers and followed these with a period of consultation and revision.

The consultation period included a series of Quantitative Impact Studies, where a number of banks estimated the impact of implementing the Accord based on the latest consultative paper.

To date, the following consultative papers and Quantitative Impact Studies have been issued:

Consultative Paper No.1 – June 1999 Quantitative Impact Study No.1 – Quarter 3 2000 Consultative Paper No. 2 – January 2001 Quantitative Impact Study No. 2 – Quarter 2 2001 Quantitative Impact Study No. 2.5 – Quarter 4 2001 Quantitative Impact Study No. 3 – Quarter 4 2002 Consultative Paper No. 3 – April 2003.

Consultative Paper No. 3 culminated in the publication of the Basel II Accord in June 2004. Some of the analysis of QIS 3 was based on approximation owing to a lack of necessary data. To address this several Basel Committee member states have, during late 2004 and 2005, issued a national impact study. In Q4 of 2004 the Basel committee issued supporting material and guidelines for each of the local supervisors to use as a basis for their national impact study. This study is referred to as QIS 4 and has been carried out by supervisors in such countries as the US and Germany. The consultative approach adopted by the Basel Committee has been to a large extent dictated by the Committee’s stated intent of not changing the overall amount of capital supporting the banking industry. For their part, banks have felt this to be broadly the ‘correct’ approach. The Committee placed the emphasis on creating an approach that would initially measure the impact of its proposals on the banking industry. It would then use this information to make informed changes to the proposals. The consultative approach has had a very positive effect on developing the Accord. It has also proved helpful in making banks and the Committee aware of any significant implementation problems.



3.4 Basel II and risk sensitivity

3.4.1 Breadth of coverage

As stated earlier Basel II is more comprehensive in its coverage of risk than Basel 1. Within Pillar 1 it covers all credit and market risk (through the Market Risk Amendment) and introduces operational risk. Basel I had, until the 1996 Market Risk Amendment, covered only credit risk. The biggest change to the breadth of risk coverage in Basel II is the addition of operational risk. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. A wide variety of risks are included within this definition. These include:

transaction, execution, business interruption, settlement and fiduciary risks

people, poor management and inadequate supervision risks criminal, fraud, theft and rogue trader risks relationship and customer risks fixed cost structures, lack of resources, technology and physical asset

risks compliance and legal/regulatory risks information risk.

Basel II also brings in Pillar 2, and Pillar 3, as an integral part of the process for determining an individual bank’s capital ratio. Within Pillar 2 the responsible regulatory body, through its supervisory department, is expected to enquire into a broad range of other risks to which an individual bank may be subject. The Basel II definition of operational risk is not comprehensive; in fact there are a number of important risks that aren’t included, such as:

business risk strategic risk reputational risk.

3.4.2 Depth of coverage

In addition to increasing the breadth of coverage, Basel II has also greatly increased the depth of risk coverage. This is most notable in its treatment of credit risk.



The Basel I Accord made very simple risk-weight differences depending on the type of asset and, to a very limited extent, the borrower in relation to country risk and type of institution (OECD or Non-OECD).

Basel II creates a far greater number of distinctions based primarily on the quality of the borrower, supplemented by the term of the borrowing and the quality of security. Basel II allows the use of two approaches with regard to determining the risk weights of assets: the Standardised Approach and the Internal Ratings-Based Approach. The Standardised Approach is in effect a significantly amended version of the Basel I ‘grid’ approach. In the Internal Ratings-Based Approach banks develop their own grading models to reflect the creditworthiness of borrowers. Both approaches have many parallels with the way credit rating agencies grade issues of bonds. The Basel I Accord had been criticized because of the relatively simple approach it took to the relationship between the risk profile of an asset and the capital required by the bank to support the holding of the asset on its balance sheet. For example the very few ‘grades’ of credit risk contained in Basel I. This is in sharp contrast to the rating agencies which produce a wide range of risk sensitive grades to cover the credit risk of bonds. Table 3.1 below shows the different grades used by Moody’s Investors Service and Standard & Poor’s.



Table 3.1 Bond ratings

Moody’s S&P Description

Aaa AAA Bonds have the highest rating. Ability to pay interest and principal are very strong.

Aa AA Bonds have a very strong capacity to pay interest and repay principal. Together with the highest ratings, this group comprises the high-grade bond class.

A A Bonds have a strong capacity to pay interest and repay principal, although they are somewhat susceptible to the adverse effects of changes in economic conditions.

Baa BBB Bonds are regarded as having an adequate capacity to pay interest and principal. Adverse economic conditions or changing circumstances are more likely to lead to a weakened capacity to pay interest and repay principal for debt in this category than in higher-rated categories. These bonds are medium-grade obligations.

Ba B Caa Ca

BB B CCC CC

Bonds are regarded as predominantly speculative with respect to the capacity to pay interest and repay principal in accordance with the terms of the obligation. Ba and BB indicate the lowest degree of speculation, and Ca and CC the highest degree of speculation.

C C This rating is reserved for income bonds on which no interest is being paid.

D D Bonds rated D are in default, and payment of interest and/or repayment of principal is in arrears.

Both Moody’s and Standard & Poor’s make further adjustments to their ratings, greatly increasing the number of grades available.

S&P uses plus and minus signs: A+ is the strongest A rating and A- is the weakest

Moody’s uses a 1, 2 or 3 designation with 1 indicating the strongest: A 1 is the strongest A rating and A3 is the weakest.

If a bank chooses to use the Internal Ratings-Based Approach the number of grades it can use is determined by the bank itself, although supervisors expect to see at least eight grades. If the Standardised Approach is used, the Basel II ‘grid’ of risk weights is based on a Basel I measure allowing for the incorporation of credit ratings where available. The approach allows for some grouping of risk weights across gradings, but with differences across different asset classes, similar to the Basel I approach.



3.5 Basel II and capital adequacy

The capital adequacy requirement of the Basel I Accord, as expressed in the minimum 8% target capital ratio, is not expected to change significantly under Basel II. The Basel Committee believes an 8% target capital ratio for international banks remains valid. It is of course likely that as different banks calculate their individual regulatory capital requirements differently, the actual amount will differ, possible significantly, from the amount of regulatory capital they were required to hold under Basel I.

Example Bank U has significant operational risk. Under Basel II its regulatory capital requirements rise in the absence of any off-setting reductions in the capital required to support its lending operations. Bank X has low operational risk and a lending portfolio primarily comprised of very high quality (AA) corporate lending. Under Basel II Bank X will see its regulatory capital requirement fall significantly.

The purpose of the Basel II Accord is to make regulatory requirements match more closely the risk profiles of individual banks. The Basel Committee has adopted two main ‘transitional arrangements’ to ensure that the new Accord does not reduce the capital requirements, either of the system as a whole, or of individual banks, too quickly. In the first transitional arrangement there is a multiplier that supervisors will apply to the capital requirements to ensure that the 8% minimum target capital ratio is maintained. This ‘scaling’ factor will be applied uniformly to all banks using the Internal Ratings-Based approach for credit risk or the Advanced Measurement Approach for operational risk. Following QIS 3 this factor will initially be set at 106%. The Committee believes that this will be sufficient to ensure that in the early stages of Basel II implementation the 8% target ratio will be maintained. In the second transitional arrangement that supervisors can apply, individual banks will not be permitted to realize the benefits of any reduced regulatory requirements right away. They must phase in any reduction agreed with their supervisors over a period from year-end 2005 to year-end 2008, in accordance with Table 3.2. Such arrangements will be subject to a capital ‘floor’ that will be reduced over time.



Table 3.2

From year-end 2005

From year-end 2006

From year-end 2007

From year-end 2008

Foundation IRB Approach

Parallel calculation

95% 90% 80%

Advanced approaches for credit risk and/or operational risk

Parallel calculation or impact studies

Parallel calculation

90% 80%

3.6 Minimum and actual capital

The relationship between a bank’s actual capital holding and its regulatory minimum holding is often complex. In practice many major banks currently have capital to risk-weighted asset ratios, as disclosed in their Report and Accounts, at levels of 10% to 12%, far in excess of any regulatory ratio.

3.6.1 Reasons for ‘excess’ capital

Banks do not usually reveal how their actual capital holding was determined. However a number of factors clearly influence their decision-making.

The regulatory ratio is a minimum ratio below which the capital of the bank should not fall. To allow this to happen could endanger its banking license, i.e. its license to trade. It is not surprising therefore that a bank’s management may elect to keep an actual ratio of capital to risk-weighted assets above the minimum set by the supervisor.

In some jurisdictions, for example the US and UK, the supervisors set required ratios of capital to risk-weighted assets (RWAs) on a bank specific basis. In practice the ratios required are usually in excess of the Basel minimum. Thus the ‘surplus’ of capital a bank may appear to have in excess of the Basel minimum of 8%, may in fact be far less when measured against the actual ratio set by the supervisor. Since individual ratios are not disclosed the actual surplus will be a matter of conjecture.

Many of the world’s largest banks have their own internal risk models. These internal models relate the level of capital required to the level of risk the bank runs in its portfolio of business. Banks then adjust their capital accordingly. These ‘economic capital’ models may produce higher capital requirements than those based on Basel II. Under Basel II the supervisors acknowledge the existence of these ‘economic capital’ models. Banks using such models are required to disclose them and explain the results in the Basel II, Pillar 2 supervisory process.



Both Basel II and a bank’s own economic capital model relate the capital of the bank to its existing level and structure of business. Banks are commercial enterprises and management’s plans for future levels of business, achieved either ‘organically’ or by acquisition, may require a higher level of capital to support the planned business growth.

Access to capital markets cannot always be assured and especially not at a guaranteed cost. In light of this uncertainty it is common for banks planning to grow to assure themselves that they will not be constrained by a lack of capital. They also need to assure themselves that the profitability of their plans will not be affected by higher capital costs as a result of short-term market factors, for example competing with a major government bond issue.



Sample questions

1. The primary improvement that the Basel II Accord made to the Basel I

Accord was:

a) Increased risk sensitivity of the minimum capital requirement

c) Coverage of all banks not just internationally active banks

b) Increased amount of capital held by banks

d) Its coverage of a wider range of financial institutions than just banks

2. Pillar 1 of Basel II covers:

a) Market discipline c) Regulatory review b) Minimum capital requirements d) Economic capital

requirements 3. Credit models allowed under Basel II are known as:

a) Economic capital models c) Credit grading models b) Credit scoring models d) Portfolio credit models

4. The Basel Committee worked with banks to assess the likely outcome of

the proposed regulation through:

a) Qualitative Impact Studies c) Quantitative Impact Studies b) Consultative Impact Studies d) Consultative Desk Top

Studies 5. An important risk not covered in the Basel II definition of operational risk

is:

a) Information risk c) Legal risk b) Reputational risk d) Business interruption risk




Summary

This chapter has introduced a number of key concepts and issues involved in the development of risk-based supervision of banks. Students should review this summary before proceeding.

The three pillars of regulation

Basel II links the capital of a bank directly to the risks being run by it. The new Basel Capital Accord is far more complex than the previous

Accord. It addresses additional areas of risk, has a framework that is structured around three concepts of regulation, and uses more sophisticated methodologies for estimating the risks.

Pillar 1 - Minimum capital requirements that seek to develop and expand on the standardized rules set forth in the 1988 Accord.

Pillar 2 - Regulatory review of an institution's capital adequacy and internal assessment processes.

Pillar 3 - Effective use of market discipline as a lever to strengthen disclosure and encourage safe and sound banking practices.

The Committee focused Pillar 1 on credit risk and operational risk while incorporating unchanged the Market Risk Amendment of 1996. For the first time operational risk, a new and controversial risk area is to be covered by a quantitative approach.

Reasons for the development of Basel II

The Basel Committee decided to limit the use of credit models to credit grading models.

The Committee also had to decide to what extent quantitative techniques could be extended to cover other risks, most notably operational risk.

Development of the Basel II Accord

The Basel Committee’s stated intent is not to change the overall amount of capital supporting the banking industry.

The consultation period included a series of Quantitative Impact Studies, where a number of banks estimated the impact of implementing the Accord based on the latest consultative paper.

Basel II and risk sensitivity

Basel II is more comprehensive in its coverage of risk than Basel I. Pillar 1 covers all credit and market risk (through the 1996 Market Risk Amendment) and introduces operational risk.



Basel II allows the use of two approaches to the risk weights of assets: the Standardised Approach and Internal Ratings-Based Approach.

The Standardised Approach is in effect a significantly amended version of the Basel I ‘grid’ approach.

In the Internal Ratings-Based Approach banks develop their own grading models to reflect the creditworthiness of borrowers.

Basel II and capital adequacy

The capital adequacy requirement of the Basel I Accord, as expressed in the minimum 8% target capital ratio, is not expected to change significantly under Basel II.

The Basel Committee has adopted two main ‘transitional arrangements’ to ensure that the new Accord does not reduce the capital requirements. - First, there is a multiplier that supervisors will apply to the capital

requirements to ensure that the 8% minimum target capital ratio is maintained.

- Second, individual banks will not be permitted to realize the benefits of any reduction in regulatory requirements straight away.

Minimum and actual capital

The relationship between a bank’s actual capital holding and its regulatory minimum holding is often complex. In practice many major banks currently have capital to risk-weighted asset ratios as disclosed in their Report and Accounts, at levels of 10% to 12%, far in excess of any regulatory ratio.

The regulatory ratio is a minimum ratio below which the capital of the bank should not fall.

In some jurisdictions, for example the US and UK, the supervisors set actual required ratios of capital to risk weighted assets (RWAs) on a bank specific basis.

Many of the world’s largest banks have their own internal risk models. These internal models relate the level of capital required to the level of risk the bank runs in its portfolio of businesses. Banks then adjust their capital accordingly.

Both Basel II and a bank’s own economic capital model relate the capital of the bank to its existing level and structure of business.

Part B

An introduction to market, credit and operational risk

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko B : 3

4 The nature of market risk and treasury risk This chapter provides an introduction to the nature of market and treasury risk. These risks will affect almost all banks and failure to manage them can have disastrous effects on a bank’s profitability and reputation. This chapter will help students gain an understanding of the underlying concepts involved in managing market risk. These concepts will then be used to explain how market risk is regulated under Basel I and II. Students will also gain an understanding of the concepts involved in managing treasury risk. On completion of this chapter the candidate will have a basic understanding of:

the nature of market risk the different types of trading instruments and their financial features the types of trading activities carried out by banks the pricing and mark-to-market procedures for trading instruments treasury risk and asset and liability management.

4.1 The nature of market risk

Market risk is defined as the risk of losses from on- and off-balance sheet positions arising from movements in market prices. Banks that hold positions in financial instruments on their balance sheet will be subject to market risk to a greater or lesser extent. However, banks that act as intermediaries in a transaction that is not booked on the bank’s balance sheet will not be subject to market risk on that transaction. Market risk is comprised of:

Specific risk which is the risk of an adverse movement in the price of an individual security due to factors that only apply to that security or issuer. An example would be the fall in the price of a bond because the credit rating of the issuer had deteriorated (see Section 4.3.2). This information would specifically affect the bonds of this issuer and would not affect bond prices in general.

Part B: An introduction to market, credit and operational risk

B : 4 © Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko

General market risk is the risk of an adverse movement in market prices that are applied across a range of instruments. For example, a reduction in official interest rates usually causes a fall in market interest rates, which would affect the value of all interest rate-related instruments.

General market risk is split into four main categories for purposes of analysis. These categories are:

interest rate risk equity position risk foreign exchange risk commodity position risk.

It should be noted, however, that each risk category is not mutually exclusive because changes in the value of one risk could affect other types of market risk.

Interest rate risk

Interest rate risk is the potential loss due to an adverse change in interest rates. This is calculated for all instruments that use one or more yield curves to calculate a market value (see Section 4.4.2).

Example Orange County, California In December 1994 Orange County, a local authority in the US state of California, stunned the markets by announcing that its investment pool had suffered a USD 1.6 billion loss, the largest loss ever recorded by a local government authority. The loss was the result of unsupervised investment activity by the county treasurer who managed a portfolio of USD 7.5 billion belonging to county schools, cities and the county itself. By investing in derivative positions the treasurer effectively placed a very big bet that interest rates would either fall or remain low. The investment strategy worked well until 1994 when the Federal Reserve Board instigated a series of interest rate increases that caused severe losses in the pool. The investment pool was liquidated in December 1994 realizing losses of USD 1.6 billion. Soon after the liquidation interest rates fell by 2.5 percentage points which, had the portfolio been maintained, would have reduced the loss to USD 200 million. Few market experts expected interest rates to decline so fast in 1995.

Equity position risk

Equity position risk is the potential loss due to an adverse change in the price of stocks and shares. This is applied to all instruments that use equity prices as part of their valuation.

Chapter 4: The nature of market risk and treasury risk


Example Morgan Grenfell Private Equity In February 2001 it was reported in the Financial Times that Morgan Grenfell Private Equity (MGPE) had made a loss of GBP 150 million on its holding of shares in EM.TV, a stricken German media group1. MGPE had acquired the share originally as part of a transaction to sell its stake in Formula One in return for shares in EM.TV. The shares in EM.TV subsequently fell by 90%.

Foreign exchange risk

Foreign exchange risk is the potential loss due to an adverse change in foreign exchange rates. This risk applies to all exchange rate-related products and positions valued in a different currency to the bank’s reporting currency.

Example Telekomunikasi Indonesia In August 1998 it was reported that Telekomunikasi Indonesia had incurred a net loss of USD 101 million as a result of foreign exchange losses equivalent to approximately USD 150 million. The losses resulted from foreign exchange borrowings of USD 306 million, JPY 11 billion and FRF 130 million, which had been converted into local currency, the rupiah. The devaluation of the rupiah against the USD, JPY and FRF meant that the net cost of repayment was approximately USD 150 million more than the proceeds of the loans originally received.

Commodity position risk

Commodity position risk is the potential loss from an adverse change in commodity prices. This applies to all commodity positions and any derivative commodity positions.

Example Sumitomo Corporation In June 1996 Sumitomo Corporation reported it had lost USD 1.8 billion over a ten-year period as a result of unauthorized copper trading by it senior trader. It was estimated at the time that investment banks dealing in commodity derivatives had collectively lost as much as USD 100 million because of the volatility in the copper price.

There are other types of market prices that relate to derivatives trading, such as volatility rates, which will have the same risk profile as the categories above.

1 See Financial Times, February 12, 2001.



Market prices are driven by a number of factors including:

supply and demand for a product will influence the short-term level of its price as market makers adjust their prices to take account of market activity. The time it takes for the changes to take effect will vary between markets and with the volume of business seen by the market makers

liquidity can have a substantial effect on market prices. A liquid market has a large number of market makers and supports a high volume of business. Dealing spreads are small which means dealing costs are lower for traders. Illiquid markets have wider spreads and are not actively traded. Liquid markets could become illiquid before public holidays or economic announcements

official intervention by the financial authorities may have an immediate short-term effect on the level of prices in the market. There may be longer term changes if, for instance, the intervention signals a change in economic policy

arbitrage, whereby the level of one market price is set or constrained by the level of one or more other market prices, will affect day-to-day movements in prices. For instance, if a share is traded on the London and New York stock markets and the price in London is higher than the price in New York, traders would sell the share in the London market and instantly buy the share in New York for an immediate profit. This factor ensures that market prices are consistent between markets such that, in general, it is not possible to profit from trading one market against another. However, such opportunities can arise for short periods of time

economic and political events together with natural disasters can have dramatic short-term effects on market prices. Some effects may be localized in certain markets while major events may affect world markets as a whole

underlying economic factors are the strongest drivers of the long-term level of market prices. For example, over the long term, the level of the exchange rate between two countries will reflect the relative inflation rates and the relative real economic performance of each country. However many other short-term factors may make it difficult to discern this relationship in any given period.

4.2 Trading activities

4.2.1 Development of trading activities

A bank’s trading operations buy and sell financial instruments in the bank’s name. The aim is to make a short-term profit from a favorable move in the market prices that determine the value of the instrument. This activity also means the bank is at risk to losses should the value of the financial instruments fall.



Banks may adopt one of three broad trading strategies for each product that they trade. The strategy with the least market risk is when a bank runs a ‘matched book’. A matched book strategy means the trading desk matches all customer positions immediately with an equal and opposite position by trading internally or with another bank. The only market risk taken is the chance that market prices will move in the time between executing the deal with the customer and executing the offsetting transaction, which is known as a ‘covering’ or ‘hedging’ transaction.

The second strategy is to manage positions in the product by executing covering deals or hedging deals at the discretion of the trading desk. In this strategy the trading desk would have a market risk limit in order to limit control the risk the bank would have at any one time. The positions could be taken because of customer transactions or by the traders creating positions by dealing in the market. This strategy allows the traders to time their position-taking activities to take advantage of favorable moves in market prices.

The third strategy is to be a ‘market maker’ for a product. This means that the traders will quote a buy and sell price to customers and other banks and trade at the relevant price on whichever side of the market (buy or sell) the counterparty chooses. This strategy relies both on the market being liquid and there being a number of other market makers with whom the traders can cover their risk. A market maker that attracts buy and sell orders can make a profit from the spread quoted between the buy and sell price. Market makers can also benefit from the market information they get from the trades they are asked to execute. This helps them predict future movements in market prices. The risk in this strategy is that traders have to take positions that may quickly incur a loss. It is important, both that traders are disciplined in the management of the risk, and that the bank sets and monitors appropriate limits. Banks have tended to change strategy as their business grows, and there will be more than one strategy in use across the products in a bank’s trading book. Historically, many banks’ trading activities grew from their desire to service their customers’ commercial activities. This can be seen in the development of banks’ trading activities in the foreign exchange markets. This market has become one of the most freely traded markets in the world, but its origins can be traced back to the introduction of floating exchange rates in the 1970s. For customers engaged in international business, this created new risks, which they managed through the services offered by their bank.



Retail exchange rates are those given by banks to their customers (primarily corporate customers) that include a margin over the wholesale rate that is available in the interbank market. The margin was large in the early stages of the market’s development. This meant that the banks’ income grew quickly with the increased market activity even though their own positions were relatively small. As volumes increased further and banks became more confident in their ability to manage foreign exchange positions, the activity changed from a customer driven service to a wholesale trading operation. Those banks with a large customer base and a large volume of foreign exchange transactions were able to use these ‘retail’ positions to influence short-term movements in the wholesale foreign exchange market. This presented profit-making opportunities over and above the margin available from customer business. To exploit this opportunity banks began to hold larger positions in their books. This process continued to develop and as competition increased, margins on customer business decreased. As a result market volume in the world’s major traded currencies such as USD/EUR, USD/JPY and USD/GBP, is now dominated by interbank trading with customer volume accounting for a relatively small part of the market. The development of the foreign exchange market is a good illustration of how trading in any instrument tends to develop within a bank. The first stage is where a bank will maintain a matched position in an instrument. This means the bank deals with a customer and immediately hedges its risk by entering into a transaction with another bank that perfectly matches the customer transaction. The profit for the bank would come from the difference in the price given to the customer and the interbank price. An example is given below.

Example Foreign exchange matched position trading Bank A is asked by a customer to buy US dollars and sell Japanese yen as it wishes to pay its Japanese supplier JPY 100 million. Bank A does not hold yen so it asks for a quote to buy yen in the market. The market rate is 100. The bank quotes a selling rate of 99 to its customer, sells the yen, and receives USD 1,010,101. It immediately buys the yen in the market at 100 and pays USD 1,000,000. This leaves the bank with no market risk and a profit of USD 10,101.

The second stage in the development of a bank’s trading activity occurs when the bank ‘holds’ the position created by the customer transaction in anticipation of a favorable move (for the bank) in market prices over a short-



term period. The trader’s permitted holding period would lengthen as the bank became more experienced in trading the instrument. Ultimately, this development process will lead to the bank initiating a trading position in anticipation of a move in market prices. At this point, the trading activity is no longer dependent on customer activity.

4.2.2 Position management and hedging

Market risk occurs in the banking book as well as the trading book (see Section 1.2.4). Positions held as part of the banking book, although not held for trading purposes, will create market risk because they are valued using current exchange and commodity rates. Management of interest rate risk in the banking book is usually carried out by the bank’s Treasury function.

Management of market risk in the trading book is carried out continuously in bank dealing rooms by traders who are authorized to take market risk positions up to the limits set by the bank. The traders are authorized to execute deals in the bank’s name and commit the bank to a financial liability. This activity must have rigorous controls independent of the traders to ensure the bank has full knowledge of the risks in its books. Traders manage their risk by trading in instruments closely matching their current risk position. However, this is not usually the most profitable method of covering their risk; thus hedging techniques are often used. Traders can ‘hedge’ their risks by taking an appropriate position in the underlying instrument. However, they could also hedge the portfolio risks by taking a position in a different instrument. The instrument may have different characteristics but changes in its market value will mirror those of the original transaction. Therefore, for a fully hedged portfolio any changes in market prices will produce little or no change in the market value of the portfolio. Often, a number of hedge positions will be required to match the underlying transaction completely.

Example Commodity hedge A bank buys 25 tonnes of copper for delivery in four-months’ time. After a month it becomes concerned that the price of copper could fall. To hedge against this risk it sells a copper futures contract. This offsets the risk from the bank’s future purchase of copper as it sets the price for selling the copper in three-months’ time. The bank has now hedged against a movement in the copper price by using a liquid futures contract.

Traders will regularly hedge with a more liquid instrument than the underlying transaction so that they are able to execute their hedging strategy quickly. In addition, dealing costs are generally lower in more liquid markets, which helps reduce costs. Traders can hedge all or part of their



risk which allows them to create the risk position they feel will be profitable without trading in the underlying instrument. While customers often ask banks to provide underlying cash transactions such as loans, hedging is usually carried out by using derivative instruments. This is because in general derivatives have the following advantages over cash instruments:

lower credit risk lower funding requirement lower capital charge greater liquidity lower dealing costs.

Hedging has many advantages but it does require careful management, as the instruments used are not identical to the original transaction. There will usually be some residual risk that is left uncovered and this must be measured and controlled. In some cases, the interaction of the hedge and the original risk position can create new risks for large trading positions.

Basis risk is one of the most significant residual risks usually found in a portfolio of similar deals. Basis risk is the risk of a change in the relationship between the price of a risk position and the price of the instrument used to hedge the risk position. Basis risk arises in situations where the underlying market prices are different for each type of instrument, but which are still very closely related. Where the divergence in the daily movement of the different rates is generally small, a bank will tend to hedge the general market movements and manage the basis risk separately.

Example A US company has a loan from Bank A on which it is paying the Prime lending rate. The Prime lending rate is a floating rate charged on loans to customers with a high credit rating. Bank A wishes to fix the rate on the loan as it feels rates are going to fall. Bank A enters into an interest rate swap with Bank B to receive a fixed rate and pay six-month LIBOR. It proposes to offset the Prime rate interest received from the loan against the six-month LIBOR interest paid on the swap. It believes the difference in the floating rates is compensated by the favorable level of the fixed rate received from the swap. This creates a basis risk because the difference between the Prime rate and the six-month LIBOR rate will fluctuate over the life of the swap. Any changes in the difference between the rates will have an impact on the revenue of Bank A. The figure below shows the relationship of the rates over a three-year period.



Example continued

Figure 4.1 Difference between Prime rate and six-month LIBOR

3.50%

3.00

2.50

2.00

2002 2003 2004 2005

4.2.3 New product development

Trading activities have become more complex as markets have become more ‘liquid’ and sophisticated. In addition, some banks have felt the need to trade a portfolio of instruments more widely than the demand generated by its customer base. This has led to banks buying in trading expertise to expand their trading portfolio. It is important in these circumstances that banks also invest in their control structures to ensure that they have the expertise to manage the risks created by the new trading activity. It can be tempting for a bank to move into a new market without waiting for the development of an adequate control structure. A key element in the inspection of a bank’s trading activities by its supervisors will be the independence of its approval procedure for the introduction of new trading products. It is important that there is a rigorous approval procedure that involves all relevant departments within the bank. The approval procedure should address the following issues where applicable:

regulatory approval – does the bank have approval for this product? regulatory capital impact – how will the product affect the regulatory

capital requirement of the bank? tax issues – will the product create new tax issues? accounting procedures – can the bank account for the product within its

existing procedures? legal and documentation procedures – have all the legal requirements

been satisfied and the documentation approved? IT system requirements – will the current trading and settlement systems

need enhancing?



operational support – can the bank accurately book and manage the settlement of the transactions?

risk management reporting – can the bank’s risk systems capture and report the risk position created by the product?

pricing and valuation – has the pricing and mark-to-market procedure been approved?

funding requirements – will the product make a significant impact on the bank’s funding requirements?

credit risk implications – does the bank have sufficient credit lines to support the product?

compliance procedures – will the product require the development of new compliance procedures?

The questions raised above highlight the kinds of issues that a bank’s management must consider when introducing a new product. Following approval of a product it is important that the volume of trading is monitored. This is to ensure that if the product is a business success, it does not become a management problem. Moving into new markets or products is often a sign that a bank’s trading operation is successful and that it is looking to expand its portfolio to increase its revenue. However, it is also a testing time for a bank’s management as it may be necessary to curtail profitable business to ensure that it maintains prudential control over the risks and the capital required to support the new trading activity.

4.3 Trading instruments

4.3.1 Introduction

Trading instruments come in many types and ‘flavors’. For purposes of the Certificate the common products are, in terms of volume, the main instruments traded globally. These are usually termed ‘vanilla’ products because they are plain with nothing complex added. However, for every standard product there is also likely to be a complex version. What is more, new products are continually being developed to meet customer demand. For all the instruments discussed below, the main currencies traded are the US dollar, euro, Japanese yen and the British pound. It is important for the student to recognize that the number of trading instruments is constantly expanding or contracting to meet the demands of the market. All products, no matter what their level of complexity, can be broken down into their component risk factors. This may be achieved by analyzing the pricing model or, alternatively, by observing the change in value over a number of market price scenarios.



The definitions of the various instruments provided below describe the risks generated by each instrument regardless of the underlying currency. However all instruments valued in a currency other than a bank’s reporting currency will generate foreign exchange risk.

4.3.2 Cash instruments

Foreign exchange transactions are a commitment to exchange one currency for another at an agreed date in the future. The date of the exchange will determine the type of deal and the market for it.

Spot foreign exchange transactions

Spot foreign exchange transactions are for exchange two business days in the future, which is known as the spot date. The two-day timeframe came into practice when settlement instructions between banks were effected by telegraph and banks needed two days to ensure that instructions could be issued and acted upon. Although settlement is now carried out electronically, the two-day basis remains. The market for spot transactions is perhaps the most liquid market in the world. Spot transaction deals generate foreign exchange risk.

Forward foreign exchange transactions

Forward foreign exchange transactions are for exchange at an agreed date later than the spot date. For example, a US company needs to pay for a shipment of Japanese goods that is due in three-months’ time. It must pay its supplier JPY 100 million. To ensure the US dollar cost of the shipment, it agrees with its bank to buy JPY 100 million at the current forward rate for three months, which is 100. This fixes the cost of the shipment at USD 1 million. In three-months’ time the company pays USD 1 million to the bank and receives JPY 100 million which it pays to its supplier. The forward market trades for maturities up to one year although some banks quote prices for longer periods. Forward exchange transactions create both exchange rate and interest rate risk. This is because the forward exchange rate is determined by the relative level of the interest rates between the two currencies, combined with the current spot exchange rate.

Foreign exchange rate swap

A foreign exchange rate swap is a combination of a spot deal and a forward deal. The two parties execute a spot deal at the spot rate and a forward deal at the forward rate simultaneously for the same principal amount of base currency. The difference in the two rates represents the differential between the interest rates of the two currencies for the period of



the deal. Foreign exchange rate swaps generate interest rate risk. The following example will illustrate why a foreign exchange transaction with a value date in the future will generate interest rate risk.

Example Bank A could buy US dollars and sell Japanese yen for 90 days ahead at a rate of 99.5 yen to the US dollar. Alternatively it could buy the dollars on the spot date at a rate of 100. If Bank A bought USD 10 million and sold JPY 1,000 million for delivery on the spot date, and held the currency position for 90 days, the bank would need to borrow JPY 1,000 million and lend USD 10 million for 90 days. If the rate for the US dollar is 3% and for yen is 1% the interest flows would be:

JPY 2,500,000 paid (1,000,000,000 x .01 x 90/360) USD 75,000 received (10,000,000 x .03 x 90/360)

After 90 days the bank’s position would be: ‘Long’ USD 10,075,000 and ‘Short’ JPY 1,002,500,000 By dividing the yen position by the US dollar position an effective exchange rate of 99.5 is obtained. This is the forward rate the bank could have dealt at rather than entering into a spot foreign exchange transaction together with a loan and a deposit. The forward price is calculated from the interest rate differential to ensure that there are no arbitrage (see Section 4.1) opportunities in the market. Therefore the forward price is sensitive to any changes in either interest rate.

Loans and deposits

Loans and deposits are traded between banks at fixed interest rates for an agreed period. Maturities range from overnight to five years. However there are few trades that have a maturity of more than one year. Interest is paid on the maturity date with the repayment of the principal, unless the maturity is over one year when an interest payment is made on each anniversary of the transaction. The interbank money market is where banks trade loans and deposits with each other. It is used by banks to take positions in anticipation of a favorable movement in interest rates. However much of the volume in the market is driven by banks needing to match their funding requirements to maintain their liquidity positions. (Liquidity positions will be explained in a later Level of the Certificate.) Loans and deposits generate interest rate risk.



Bonds

A bond is a transferable long-term debt instrument issued by a borrower (issuer) on receipt of the principal amount from an investor (holder). The bond issuer is obligated to pay the holder a specified amount of interest, usually at regular intervals, during the life of the bond and repay the principal, usually at maturity. Bonds are issued by a variety of organizations and each bond represents a financial claim on that organization. A ‘vanilla’ bond will normally pay fixed interest, known as a ‘coupon’, on set dates during the life of the bond with the principal repaid on maturity. The term ‘vanilla’ is used to indicate a bond that has standard market features. However, bonds may also incorporate many other financial incentives to encourage investors. The price of the bond will be affected by the general level of interest rates and the financial standing of the issuer. Ratings agencies, such as Moody’s Investors Service and Standard & Poor’s produce a wide range of risk sensitive grades which cover the credit risk of bonds (the financial standing of the issuer). These range from AAA (bonds where the issuer’s ability to pay interest and principal is very strong) to D (bonds are in default). This is sometimes referred to as the credit rating of a bond. Bonds generate general interest rate risk and specific risk. Non-vanilla bonds may expose the holder to other types of risk such as liquidity risk.

Equity trading

Equity trading is the buying and selling of the shares of companies quoted on recognized stock exchanges around the world. Ordinary shares represent a stake in the ownership of a company. The holder will expect to receive a regular dividend, which is paid from the profits made by the company. The holder will also gain from an appreciation in the value of the shares. Therefore the more successful the company, the better the return earned by the holder. The price of a share represents the market perception of a company’s current value and the value of its projected earnings. The price will fluctuate as the market adjusts its valuation of the company in response to new information about the company. Share positions generate general equity risk and specific risk.



Commodity trading

Commodity trading is the buying and selling of physical products that are traded on secondary markets. This includes agricultural products, oil, and precious metals. Products are bought and sold for physical delivery at a specified location on an agreed date. There is a spot and forward market for many products and each product will have additional features that relate directly to its physical properties.

An example of product specific features can be seen in the oil market. In addition to crude oil, a number of products are traded in the oil market. These made by refining crude oil and each product has its own market and price. In addition, location is very important to the buyer. For instance a tanker of crude oil in the US will have a different value to a US buyer than a tanker of oil in Malaysia due to the different demand/supply balance in each region and the cost of transporting the oil between regions. Commodity positions generate commodity risk and forward positions have additional interest rate risk in the same way as the forward foreign exchange contracts above.

4.3.3 Derivative instruments

Derivatives have grown to become a major constituent of market risk over the last 20 years as banks have sought to create innovative products for their customers. The products described so far are often termed ‘cash’ instruments, as they are the underlying instruments for derivative products.

The key feature of most derivatives is that the principal amounts of the transaction are not exchanged. This substantially reduces credit and settlement risk. They are often called ‘contracts for difference’ as the only exchange that takes place is the result of changes in the relative prices of the underlying cash instruments. By reducing credit risk banks are able to trade derivatives with many more counterparties than would be possible with cash instruments. This in turn has made the market more liquid, which has led to a growth in trading volume and the amount of risk taken. Some derivatives are traded on futures exchanges and others are traded on the so-called over-the-counter (OTC) market. The OTC market is where banks trade directly with each other rather than through an exchange. There are many types of ‘exotic’ derivatives that have a combination of risk and payment profiles. However almost all of them can be broken down into the vanilla products described below.



One of the most important types of derivative is a futures contract. Such contracts are traded through an exchange, which acts as a clearing house for all the counterparties. All trades are legally traded with the exchange. This means banks are not exposed to credit risk with numerous counterparties, but only to the credit risk of the exchange itself. A futures contract delivers a position in an underlying instrument at a date in the future. There are futures contracts for most cash instruments from bonds to commodities. In general, futures contracts have the following features:

exchange traded fixed amount per contract fixed dates for delivery precise delivery conditions daily margin calls.

Futures contracts are subject to the same risks as the underlying instrument and there will be additional interest rate risk due to the future delivery date.

Example A bond future, trading for delivery in December 2005 will be based on the forward price of the underlying bond for the delivery date in December. If the buyer holds the position until the delivery date, the seller will be obliged to deliver the bond specified in the contract to the buyer. In practice physical delivery rarely takes place. This is because a cash settlement is made for the difference between the price of the original futures contract and the price on the delivery date.

Interest rate swaps

Interest rate swaps are an OTC derivative that allows banks and customers to access long-term interest rates without having to use long- term funding. Credit risk and liquidity requirements are a major constraint on a bank providing long-term funds to customers. Conversely, many customers have long-term projects that need long-term funding at a fixed rate. Interest rate swaps provide a solution by allowing two counterparties to swap interest flows without swapping principal amounts. Interest rate swaps are traded for maturities of up to 30 years although there is only a small volume of trades above 10 years. The maximum maturity varies between currencies and depends on the underlying bond market in the currency concerned. This is because bonds are used to hedge swaps.



Vanilla swaps have a fixed interest rate that is ‘swapped’ against a floating rate index such as one-month, three-month or six-month LIBOR. This means that the parties agree to exchange the difference between these two interest rates. Given that the LIBOR rate will change regularly the net exchange will differ over time. The interbank market mainly trades vanilla swaps but there are many variations traded with end-users to match their requirements. One side of the swap will be designed to match customers’ interest flows with the other side set to match their funding requirements. Banks use a mixture of hedging instruments to manage the interest rate risk created by a swap. Interest rate swaps generate interest rate risk.

Example XYZ company obtains a loan from Bank A for two years paying a floating interest rate set every six months at LIBOR. The company feels interest rates will rise over the two-year period and wants to ‘lock in’ a fixed rate. However Bank A does not wish to give the company a fixed rate loan. Therefore, the company goes to Bank B and enters into an interest rate swap where the company will pay to Bank B a fixed rate of 5% every six months calculated on the same principal amount as the loan. In return, the bank will pay a floating interest rate set every six months at LIBOR to the company. The company is now paying LIBOR every six months on the loan and receiving the same interest flow from the swap. This leaves the company with net interest flows equal to the fixed rate of 5% being paid via the swap. There is also the flow of principal on the loan but no principal flows on the swap as only interest is exchanged. Figure 4.2 below shows the interest flows from these transactions for XYZ company. Figure 4.2

Bank A

Loan interest paid

to Bank A set at

six-month LIBOR

rate

XYZ

CompanyFloating interest

received from Bank

B set at six-month

LIBOR rate

Fixed interest paid

to Bank B at 5%

Bank B



Currency swaps

A currency swap has the same features as an interest rate swap except that the interest flows are expressed in different currencies. This product is used to swap, say, US dollar interest flows for euro flows. A key difference between interest rate and currency swaps is that principal amounts are exchanged for a currency swap at the spot rate. Currency swaps generate interest rate risk in two currencies and foreign exchange risk.

Forward rate agreements

Forward rate agreements (FRAs) are OTC derivative contracts that allow banks to take positions in forward interest rates. The contract gives the right to lend/borrow funds at a fixed rate for a specified period starting in the future. There is no exchange of principal, and on maturity a cash settlement is made for the difference between the rate of the contract and the current LIBOR rate for the period. FRAs are the OTC version of interest rate futures contracts and provide more flexibility than futures. FRAs generate interest rate risk.

Option contracts

An option contract gives the buyer the right, but not the obligation, to enter into an underlying contract at an agreed price. This means that the underlying transaction will only be executed if the rate is favorable to the buyer. The seller has an open-ended risk on the contract and receives a premium in compensation. Option contracts introduce new risks over and above the risk inherent in the underlying instruments. Options can be created on almost any cash or derivative instrument and there are even options on options. The key terms used to describe options are:

Call – a call option gives the buyer the right to buy the underlying instrument

Put – a put option gives the buyer the right to sell the underlying instrument

Premium – sum paid to the seller by the buyer Strike Price – price at which the underlying transaction will be executed Exercise – the buyer ‘exercises’ the option to enter into the underlying

contract Expiry Date – the last date by which the option must be exercised American – an option that can be exercised on any date up to the

expiry date European – an option that can only be exercised on the expiry date.



Option pricing is based on the probability of the option being exercised. To calculate the option value a volatility measure is used. The volatility of the price is a market rate that reflects the market’s expectation of how much the price will move in either direction over the life of the option. The volatility used for pricing options is determined by the market and is a risk in its own right. Option pricing is explained further in Section 4.4.

Options generate the risks inherent in the underlying instrument which is due to be delivered if the option is exercised. In addition, options have volatility risk and interest rate risk due to the future delivery date of the underlying instrument. For instance an option on a bond has the same risks as the underlying bond as well as a risk to changes in the volatility of the bond.

Example A Japanese company may need to buy USD 10 million in three months’ time if it buys a US factory. It does not want to commit to buying USD 10 million but it does need to protect itself from a rise in the US dollar so it decides to buy an option. Figure 4.3 illustrates how the cost of the factory in Japanese yen would vary without the option contract. The figure shows that the company would lose JPY 100 million if the spot rate moved up to 110. Figure 4.3 Change in cost in yen without option

150

100

50

90

JP

Y (

m)

92 94 96 98 100 102 104 106 108 1100

-50

-100

-150

Spot rate The company buys a European style US dollar call option to expire in three months’ time at a strike price of 100 against JPY. The current USD/JPY spot price is 100. The premium for the option is JPY 30 million. At the expiry date, the company has agreed to buy the factory and needs to buy the US dollars and sell yen. The spot rate has moved to 108 and so the company exercises the option and buys dollars from the seller at the strike price of 100. If the spot rate had fallen below 100 the company would let the option expire unexercised and purchase the dollars at the lower rate in the market. The possible outcomes can be seen in Figure 4.4. This shows that if the spot rate fell to 90 the company would save JPY 70 million.



Example continued

Figure 4.4 Possible outcomes if factory purchased

80

60

40

20

90

JP

Y (

m)

92 94 96 98 100 102 104 106 108 1100

-20

-40

Spot rate If the purchase of the factory did not take place the company would be left with the option. Figure 4.5 shows the possible values of the option for different spot rates at expiry. If the rate had fallen at expiry the company would lose the premium. If the rate had risen above 103 the company would make a profit. Figure 4.5 Option values if factory not purchased

80

60

40

20

90

JP

Y (

m)

92 94 96 98 100 102 104 106 108 1100

-20

-40

Spot rate

4.4 Pricing and mark-to-market requirements

4.4.1 Pricing

One of the most important controls that a bank has at its disposal in managing a trading operation is to ensure that its open trading positions are valued daily using current market prices. The process of revaluing positions using current market prices is called marking-to-market. To understand what is required to mark positions to market we must first look at how instruments are valued.



The pricing of financial instruments ranges from a simple single price comparison to complex financial models with multiple inputs. Students should note that for the purposes of the Certificate, the general principles of pricing for the main trading instruments are discussed below. However, we have not gone into the mathematical details of the various models.

4.4.2 Yield curves

All financial instruments with future cash flows are valued by calculating the present value of the future cash flows due under the instrument. The present value of any future cash flow is calculated by discounting its future value using current interest rates. Therefore, a market interest rate is required for any date on which there is a cash flow. To calculate the required market rate banks create a yield curve using a yield curve model. The description below is simplified to illustrate the construction of a yield curve. The yield curves used by traders are more complex and are derived from a number of instruments to ensure the curve is consistent. The inputs for our simplified model will be the market interest rates for discrete periods. The periods will be 1, 2, 3, 6 and 12 months and 2, 3, 5 and 10 years. The graph below shows the shape of the curve. Figure 4.6 Yield curve

4

4.5

5

5.5

6

6.5

7

7.5

8

Rates

2m1m 3m 6m 12m 2y 3y 5y 10y

Maturity

It can be seen that rates for the standard maturity dates can be observed from the curve but any rates for other dates must be calculated from the input rates. This process is called ‘interpolation’.



The value of interest rate-related products, as well as all products with cash flows at a future date, will be sensitive to changes in the yield curve. A product’s value may be sensitive to changes in one or more of the yield curve rates depending on the maturity and financial properties of the instrument.

In practice, each major currency will have a number of yield curves in use at the same time. The difference between the curves will primarily be the difference in the underlying instruments used to create the discrete points. The main types of interest-rate related yield curves are:

Cash – these are used to revalue loan and deposit positions. The points on the curve are defined by the standard maturity dates traded in the interbank market

Derivative – these curves are used to value all types of derivatives including options. The points on the curve are determined by a mixture of instruments beginning with cash rates at the short maturities followed by futures contracts. Finally, long-term rates are determined by swap rates for the standard traded periods. The mixture of instruments is closely related to the underlying hedge instruments used by banks to hedge derivative risk

Bond – bonds are valued on a price basis by taking the closing price for the day. However, some bonds are not actively traded and may not trade each day. Banks may use a bond curve to derive a notional closing price from the closing price of actively traded bonds. The curve is usually defined by the standard maturities traded in the government bond market. Bonds may then be valued as a spread over the corresponding government benchmark bond when a market price cannot be obtained. This reflects differences in the liquidity of the bond and the credit standing of the issuer

Basis – not all interest rates are traded actively in the interbank market and primarily exist for historical reasons or to service customer demands. The rate set by the central bank for discounting bills (known as the Base Rate in the UK) is a good example. Basis curves are created to price instruments in these non-interbank based rates. A curve is usually expressed as a spread over or under a standard curve. Each point on the curve will have a unique interest rate differential to its corresponding maturity on the standard curve.

4.4.3 Bonds, equities, commodities and foreign exchange

Bond, equity, spot foreign exchange and spot commodity transactions are valued by taking the difference between the original traded price and the current market price.



Forward foreign exchange rates are created by adjusting the current spot rate by the appropriate forward margin. An approximate margin can be calculated using the formula below: Forward margin = Spot x Interest differential x Time / (Days in year x100)

Interest differential is the absolute difference between the base currency and the foreign currency

Time is time to maturity in days Days in year is usually taken as 360 by convention but 365 is used for

some currencies.

Example USD/JPY is quoted as the number of yen per one US dollar. This means yen is the foreign currency and US dollars the base currency. Let us assume: Spot rate = 105 JPY one-month rate = 1% USD one-month rate = 4% Time to maturity = 30 days Number of days in the year = 360 Forward margin = 0.2625 (105.00 x (4 – 1) x 30 / 36000) This can be proved by looking at the equivalent interest flows: At spot USD 1,000,000 JPY 105,000,000 = 105 Interest due USD 3,333.33 JPY 87,500 At maturity USD 1,003,333.33 JPY 105,087,500 = 104.74 Forward margin = - 0.26 (104.74 – 105)

Forward margins are actively traded in the interbank market. There are quoted margins for standard periods much the same as for a yield curve. Margins for dates in between the standard dates are found by interpolation. Forward transactions are valued by comparing the original margin to the current margin.

4.4.4 Options

Option pricing is a complex subject that is outside the scope of the Certificate. The following description is simplified to give an outline of the steps involved in pricing an option.



In simple terms, option pricing is based on the probability that the option will have some value at maturity. The key determinants of the value of the option are:

the level of the strike price relative to the current market price. If the

strike price is equal to the current market price the option is expected to have a 50% chance of having value at maturity, as it is considered that there is an even chance of the exchange rate rising or falling

the time to maturity. The longer the time to maturity the higher the premium as the option has more time to become valuable

how volatile the market price is. The more volatile the price the higher the premium.

The figure below shows the range of possible exchange rates for a JPY/USD foreign exchange rate option to buy US dollars at a strike price of 105 against Japanese yen. The current exchange rate is 100. Various maturities up to 12 months and three different volatilities are shown for comparison. Figure 4.7 Call option strike 105

085

90

95

100

105

110

115

2 4 6 8 10 12

Exchangerate

Months

Figure 4.7 shows that higher volatilities and/or a longer maturity give the option a greater chance of having some value at expiry. This higher probability will be reflected in the cost of the option. The strike price and the time to maturity are chosen by the buyer of the option. Volatility is a statistical measure that can be obtained from historical price movements. However, as is so often the case, history is not always a good prediction of the future, and so the market uses expected volatility rates. Volatilities vary by maturity and are expressed as a curve using the same periods as a yield curve.



Figure 4.8 shows historical market volatilities for USD/JPY foreign exchange options. Figure 4.8 US dollar/yen foreign exchange option volatilities

9.00

9.40

9.80

10.20

10.60

Annualvolatility

1 week 1 month 3 months 6 months 1 year 2 years

Option maturity

Market volatility rates are entered into the option pricing formula along with the current market prices for the underlying instrument to calculate the current market value of the option.

4.4.5 Mark-to-market process

In large trading operations positions will change minute to minute as traders manage their risk positions. Therefore it is important that the senior management of a bank have a robust mark-to-market procedure in place to monitor traders’ performances. This is usually a daily process where a department, independent of the traders, will obtain and verify market prices for all the instruments held in the trading book. For any market where trades are made direct with counterparties, closing prices will be obtained from brokers who are active in the relevant markets. Brokers are independent of the banks and, by the nature of their business, know the current market price. Some prices may be obtained from official fixing rates which are set daily. An important example of this is the daily fixing of LIBOR interest rates by the British Bankers’ Association in London. These rates are used to settle many derivatives contracts as well as for historical analysis. Official ‘fixings’ occur in many centers around the world for different types of rates.



In addition to brokers and official fixings, closing rates for some instruments are obtained from official exchanges. For example, equity closing prices are officially set by the stock exchange on which the share is quoted. These are used to mark-to-market equity positions. Futures contracts and options on futures are traded on futures exchanges around the world. Each exchange sets an official closing price each day which is used to revalue all positions. Futures contracts are traded for interest rates, foreign exchange, bonds, commodities, energy and stock market indices. Futures exchanges are constantly developing new contracts to meet changing market demand.

The mark-to-market procedure will consist of collecting and verifying the prices and entering them into the bank’s revaluation system. The system will then calculate a value for each instrument, which will be recorded in the bank’s books. The current value is also called the replacement value because it represents what the bank would have to pay if it needed to replace the transaction at current market prices. Often the system will also calculate the current risk positions generated by the instruments revalued, although this is sometimes carried out by a separate risk system. The current value of a transaction is used for a number of purposes:

profit and loss calculations are made by comparing the current values to the original values

counterparty credit risk calculations are made by analyzing the current values of all deals with the same counterparty (See Chapter 2)

collateral calculations for OTC transactions use the current values of instruments held as collateral to ensure they are sufficient when compared to the exposure to a counterparty

margin calls by futures exchanges are based on the current market value. ‘Margin’ is similar to collateral payments on OTC transactions

for cash settled instruments the final market value is used to settle the transaction with the counterparty.

4.5 The nature of treasury risk

In practice the functions of a bank’s Treasury can often include the bank’s own trading activities. They are therefore excluded from the definition of treasury risk given above which reflects the treasury structure of banks with

Treasury risk is defined as the risk of loss in the activities of a bank’s Treasury and therefore depends on the risk management function of the Treasury itself. While the role of a Treasury varies from bank to bank, it normally includes the management of risks such as interest rate risk in the banking book and liquidity risk.



diverse businesses. Such banks often have their trading business separate from their capital and liquidity management activities, which tend to be carried out by the Treasury. This type of treasury model is generally described as a ‘Corporate Treasury’. The exact role of a Treasury, even when it does not include the bank’s trading activities, depends on the business model adopted. For example, in addition to the functions listed above a Treasury may also manage other risks, such as the currency risk of overseas subsidiaries, both from the profit and loss perspective as well as the capital management perspective. A Treasury may thus manage a large variety of risks in its treasury risk management function; however the Certificate will only cover:

interest rate risk in the banking book, the most common form of market risk in the banking book

liquidity risk, and capital management.

All the above risks and a number of other related issues (such as asset and liability funding concentrations, access to central bank liquidity, payment systems collateral requirements, etc.) are likely to be encompassed by what is called asset and liability management (ALM).

4.6 Asset and liability management (ALM)

In most banks asset and liability management has the primary objective of managing interest rate risk in the bank's balance sheet and ensuring that the interest rate risk inherent in the bank’s underlying business does not disrupt the production of a stable income stream over time. This income stream is often largely represented by the Net Interest Income (NII) of the bank. NII is the difference between the interest cost of raising deposits (and other liabilities) and the interest charged on loans (and other assets). The current value (net present value) of the stream of NII over time is the major contributor to the value of the bank, Thus the NII stabilization objective may also be expressed as the stabilization of business value over time, a description most commonly used in the US. The emphasis a bank places on either of the two (very closely related) objectives – managing risk or stabilizing business value – often depends on the management accounting practices that it follows, i.e. the reports primarily reflect either the management of income or value.



Management accounting constitutes a reporting structure based on financial information that reflects the way the management of a bank sees the business. In contrast, statutory financial accounts, (e.g. profit and loss accounts and the balance sheet) must be prepared in accordance with statutory reporting standards and must comply with national accounting standards. Management accounting practices, however, are often heavily influenced by the financial accounting standards followed by the country where the bank is incorporated. A detailed discussion of international accounting methods and standards is beyond the scope of the Certificate. Prior to discussing the activities within asset and liability management (i.e. treasury risk management) it is important for the student to understand the main risks it covers: interest rate risk in the banking book and liquidity risk.

4.6.1 Interest rate risk in the banking book

Banking book market risk is the risk of loss where a bank is exposed to the risk of market rates changing because of the underlying structure of its business, such as its lending and deposit taking activities. Interest rate risk in the banking book is the risk of loss due to adverse changes in interest rates. Interest rate risk in the banking book primarily results from the type of business a bank undertakes with its commercial and retail customers.

Example Bank H offers its personal (retail) customers mortgages at interest rates fixed every five years. This gives customers a mortgage at a fixed repayment rate for a significant period and proves to be popular. Bank H does not take customer deposits on a similar basis as most of its deposits only have a very short contractual maturity. For example, deposits that may be withdrawn on demand or after 30 days’ notice are the bank’s most common deposit product. As a result the bank pays a one-month market rate for these deposits. Bank H is therefore running a business that has a significant amount of interest rate risk. It is receiving the fixed five-year rate from its mortgage customers and paying the one-month rate to its depositors. Unless Bank H’s Treasury manages this risk in the wholesale financial markets, if interest rates rise across the yield curve, the bank will have to pay more for its deposits within a period of at most 30 days, but will not be able to increase all its mortgage rates for up to five years. The actual cost to Bank H will depend greatly on the average time to the repricing of the mortgages. For example, the bank might have made some of these loans four years and 364 days ago and will only have to wait one day to raise the interest rate. However, it might also have made some of the loans yesterday and therefore would have to wait four years and 364 days before it could raise the interest rate on these loans.



The dangers of not managing interest rate risk in the banking book were highlighted in Chapter 1 in the example of the US savings and loan crisis. Below is a more detailed version of the events showing some of the worst examples of individual savings and loan association losses.

Example Banking book market risk – American savings and loan associations The American savings and loan associations (S&Ls) are essentially mortgage lenders, with power in some states to make direct investments in order to own other businesses and carry out property development. Until the 1980s they were mainly mutual associations owned by their members, but as a result of the banking book market risk disasters (described below) that befell the industry, they are now owned mainly by the federal government or by stockholders. According to Alan Peachey, initial estimates of the cost of the bailout amounted to USD 500 billion or roughly USD 2,000 for every US resident.2 While fraud did occur in many instances, the root cause of the disaster was twofold. First, funds were advanced on properties with greatly inflated prices. When these collapsed the security on many mortgages was wiped out. Second, although interest rates on many mortgages were fixed, the lack of a cost recovery clause on early pre-payment enabled borrowers to refinance their mortgages at a lower cost when interest rates started to fall. However many S&Ls were still locked into borrowings at higher interest rates and couldn’t repay their borrowings from the wholesale markets without compensating lenders. This mismatched position of lending at the lower rates while being locked into borrowings at a higher rate caused many S&Ls to collapse with losses of billions of dollars. Some of the worst examples are provided below:

In June 1988 American Diversified, a California S&L, was finally declared insolvent with losses of USD 800 million. Total assets had grown from USD 11.7 million in June 1983 to USD 1.1 billion in December 1985 when things started to go wrong.

In September 1988 Silverado Savings and Loan Association in Denver, Colorado collapsed with losses of USD 1 billion. Its balance sheet had expanded from USD 250 million in 1982 to USD 2.7 billion at the time of its collapse.

In April 1989 another California savings and loan association collapsed with losses of USD 2.5 billion, which had to be funded by the US taxpayer. It had lost USD 14 million in the first eight months of 1988 and a further USD 11 million in January 1989 as a result of speculating in the foreign exchange markets. The association’s deposits had risen from USD 1 billion in 1983 to USD 6 billion in April 1989 when it was finally taken over by the Federal Savings and Loan Insurance Corporation.

2 Peachey, Alan. Great Financial Disasters of Our Time. Berlin: BERLIN VERLAG Arno Spitz GmbH, 2002.



Interest rate risk in the banking book is not covered in any detail in the Basel II Accord. However in July 2004, the month after the Basel Committee published “International Convergence of Capital Measurement and Capital Standards: a Revised Framework”, it published "Principles for the Management and Supervision of Interest Rate Risk”. As its name suggests the paper primarily focuses on the management of interest rate risk including that held in the banking book.

4.6.2 Asset and liability management activities

Asset and liability management is not just concerned with managing risk and stabilizing business value. It is also concerned with:

maintaining the desired liquidity structure of the business other issues which may affect a bank’s balance sheet shape and

structure, and issues that may impact the stability of income over time.

There are numerous issues that can result in a need to balance the shape and structure of a bank’s balance sheet. Many of these are related to the problems generated by international banks that have capital structures dominated by their home currency, but whose earnings and many of their assets and liabilities are in other currencies. This can introduce foreign exchange risk (see Section 4.1) into the bank’s earnings. For example:

the present and future profits from overseas operations may be volatile when translated into the bank’s domestic currency due to changes in the exchange rate

the domestic currency capital allocated to overseas operations supports the foreign currency asset structure. This can produce a volatile capital to assets ratio as exchange rates change.

Asset and liability management is often described as using risk management techniques employed by bond portfolio managers and applying them to the refixing of interest rates on retail assets and liabilities. While in many ways this is true, the asset and liability manager has to recognize that:

a commercial bank's balance sheet is not a stable collection of assets and liabilities (new loans and deposits are continuously being made and others mature)

repricing of the assets and liabilities in a commercial bank's balance sheet is not all contractual (there are often significant timing differences between changes in market rates and changes in the interest rates charged/rewarded on retail products)



there is frequently little or no correlation between retail products and wholesale rates for pricing assets and liabilities (many marketing issues impinge on the repricing of retail products that do not affect wholesale products)

retail products often include embedded options which are often not rationally exercised (retail customers often have rights to terminate contracts on very different terms than are common in wholesale markets).

There are several reasons why a commercial bank with a significant number of retail customers may find its balance sheet shape and structure difficult to manage, such as:

commercial banks are often driven by relationship considerations not simply contractual obligations, i.e. they are customer focused

attracting and retaining customers often involves offering retail products whose features are different from wholesale market products. Thus they are difficult to sell on into the wholesale markets or difficult to risk manage using wholesale products.

pricing of retail products often has more to do with marketing considerations than market price

the way retail customers behave in relation to the retail banking products they hold often results in the apparent contractual obligations of the parties providing a poor description of the actual nature of the obligations. For example it may be contractually possible to withdraw funds from a savings account on 30 days’ notice, but the customer has a right to leave the money on account indefinitely. The balance on such accounts may behave more like a three-year deposit account than either a 30-day deposit account or a perpetual account.

It is often these inter-related customer and product behavior features that give rise to the need to monitor and manage the stability of Net Interest Income (or present value of the business) and the liquidity of these balances.



Sample questions

1. A forward foreign exchange transaction generates:

a) Foreign exchange risk only c) Foreign exchange risk and interest rate risk

b) Interest rate risk only d) No risk 2. Banks make a profit from matched positions by:

a) Holding risk positions until market prices move favorably

c) Charging fees to the customer

b) Earning interest on regulatory capital

d) Charging a less favorable price to the customer than the current market price

3. The value of a future cash flow is sensitive to changes in:

a) Interest rates c) Equity prices b) Volatility rates d) Commodity prices

4. A bank’s equity positions are officially valued against the:

a) Last price traded by the bank c) Stock exchange closing price b) Brokers real-time prices d) Trader’s price

5. Banking book market risk is primarily concerned with the management of:

a) Foreign exchange c) Liquidity b) Capital structure d) Interest rate risk




Summary

This chapter has introduced a number of key concepts and issues involved in the nature of market risk and treasury risk. Students should review this summary before proceeding.

The nature of market risk

Market risk is defined as the risk of losses from on- and off-balance sheet positions arising from movements in market prices.

Specific risk is the risk of an adverse movement in the price of an individual security due to factors that only apply to that security or issuer.

General market risk is the risk of an adverse movement in market prices that is applied across a range of instruments.

General risk is split into four risk categories: - interest rate - foreign exchange - equity - commodity.

Trading activities

The trading strategy with the least market risk is when a bank runs a matched book.

Another strategy is to manage positions in the product by executing ‘covering’ deals or ‘hedging’ deals at the discretion of the trading desk.

A market maker will quote a buy and sell price to customers and other banks and trade on whichever price the counterparty chooses.

To hedge their risk position traders will take a position in a different instrument. The instrument may have different characteristics, but changes in its market value will mirror those of the original transaction.

Hedging has many advantages but it does require careful management, as the instruments used are not identical to the original transaction. This means there will usually be some residual risk that is left uncovered and this must be measured and controlled.

It is important that there is a rigorous approval procedure for the introduction of new products that involves all the relevant departments in a bank.

Trading instruments

Spot foreign exchange transactions generate foreign exchange risk. Forward foreign exchange transactions generate foreign exchange and interest rate risk. Foreign exchange swaps generate interest rate risk.

Loans and deposits generate interest rate risk.



‘Vanilla’ bonds generate interest rate risk. Share positions generate general equity risk and specific risk. Physical commodity positions generate commodity risk and forward

positions have additional interest rate risk. Interest rate swaps generate interest rate risk. Currency swaps generate foreign exchange and interest rate risk. Forward rate agreements generate interest rate risk. Options generate the risks inherent in the underlying instrument which is

due to be delivered if the option is exercised. In addition, options have volatility risk and interest rate risk due to the future delivery date of the underlying instrument.

Pricing and mark-to-market requirements

All financial instruments with future cash flows are valued by calculating the present value of the future cash flows due under the instrument.

The value of interest rate related products and all products with cash flows at a future date will be sensitive to changes in the yield curve.

There are four main types of yield curve in the major currencies: Cash, Derivative, Bond and Basis.

Option pricing is based on the probability that the option will have some value at maturity.

The key determinants of the value of an option are its strike price, maturity and volatility.

It is important that the senior management of a bank have a robust mark-to-market procedure in place to monitor traders’ performances.

The current value of a transaction is also called the replacement value because it represents what the bank would have to pay if it needed to replace the transaction at current market prices.

The nature of treasury risk

Treasury risk is defined as the risk of loss in the activities of a bank’s Treasury, and therefore depends on the risk management function of the Treasury itself.

While treasury functions can vary from bank to bank, they normally include the management of risks such as banking book market risk and liquidity risk.

Asset and liability management (ALM)

Asset and liability management in most banks has the primary objective of managing interest rate risk in the bank's balance sheet and ensuring that the interest rate risk inherent in the bank’s underlying business does not disrupt the production of a stable income stream over time.



The emphasis a bank places on either of the two (very closely related) objectives - managing risk or stabilizing business value - often depends on the management accounting practices that it follows.

Management accounting practices are often heavily influenced by the financial accounting standards followed by the country where the bank is incorporated.

Interest rate risk in the banking book is the risk of loss due to adverse changes in interest rates.

Asset and liability management is concerned with managing risk, stabilizing business value and maintaining the desired liquidity structure of the business. Together with other issues which may affect a bank’s balance sheet shape and structure and issues that may impact the stability of income over time are

There are several reasons why a commercial bank with a significant number of retail customers may find its balance sheet shape and structure difficult to manage.


5 The nature of credit risk Chapter 1 provided an overview of credit risk and introduced a number of methods used to mitigate it. It also discussed the Basel I Capital Adequacy Framework, outlined Basel II and introduced credit risk management. This chapter provides a more detailed discussion of the nature of credit risk. It looks at important credit risk portfolios and discusses in general terms the types of models banks commonly use to identify the different risks in each portfolio. This chapter also seeks to illustrate that the treatment of credit risk in Basel II is ‘evolutionary’ and that it builds on existing ‘good practices’ for credit risk management. This will enable the student to put the more sophisticated approaches for calculating credit risk capital into context. On completion of this chapter the candidate will have a basic understanding of:

the nature of credit risk the basic techniques used to assess sovereign credit risk, corporate

credit risk and retail credit risk how to establish counterparty credit risk exposure the origin and use of credit analysis the fundamental concepts behind options-based models of credit risk the fundamental concepts behind portfolio measurement and

management of credit risk credit risk and Basel II.

5.1 The nature of credit risk

Credit risk is defined as the risk of losses associated with the possibility that a counterparty will fail to meet its obligations when they fall due; in other words the risk that a borrower won’t repay what is owed. All investors and companies will be familiar with credit risk. For example, personal investors risk their savings in pursuit of profits when they invest in something other than ‘cash’ products, (e.g. a bank deposit, a bond, or shares). For their part, companies will incur credit risk in the form of receivables due from their customers. They will be owed money in return for providing goods or services.



Banks are particularly subject to credit risk because of the very nature of their lending-based business. Banks are highly geared institutions and any rise in default rates by borrowers has the potential to erode their capital very rapidly.

Example Peregrine Investment Holdings In January 1998 Hong Kong’s Peregrine Investment Holdings, one of Asia’s biggest independent investment houses, went into liquidation with outstanding debts of approximately USD 400 million. It collapsed in part because of the financial turmoil throughout the Asian markets but more specifically because it had lent some USD 200 million, 20% of its capital base, to Steady Safe, an Indonesian taxi and bus operator that became insolvent.

Historically banks have built their credit appraisal techniques for corporate borrowers largely from methodologies commonly used by investors to appraise the investment potential of non-government borrowers. Investors looking for higher returns played an important part in the evolution of these appraisal techniques. The growth of institutional investors such as insurance companies and pension funds contributed significantly to the growth of the professional investment management industry. This in turn led to increased investment in equities and bonds issued by non-government entities such as major companies. Growth was particularly strong in the US where institutional investors could invest in ‘securitized’ bond issues based on mortgages, car loans and credit card receivables. Consequently professional investment managers needed to improve not only their understanding of credit risk, but how to measure it as well.

5.1.1 Sovereign credit risk

Until recently international bond markets were dominated by bonds issued by the central governments of countries. Sovereign risk is the risk of losses associated with the possibility that a country fails to pay either interest or principal on its borrowings. While the outright default on such debt is rare (Russia in 1917 and1998), the rescheduling of such debt is not uncommon. The International Monetary Fund (IMF) plays a major role in assisting countries with debt payment problems. When faced with creating inflation or defaulting on its debts denominated in its domestic currency, the Russian government chose in 1998 to default on both domestic and foreign currency debt.

Chapter 5: The nature of credit risk


Example Russian government bonds In 1998 foreign investors in Russian government domestic bonds were left facing losses estimated at USD 33 billion because of the government’s effective default. All of the major financial institutions that suffered losses appeared to have ignored the fact that the greater the return, the greater the risk. Russian government securities offered a very high yield. Banks then hedged their foreign exchange exposure partially, if not completely by means of forward contracts. Many of these contracts were with Russian banks which only increased their Russian exposure. The major financial institutions also took the view that governments did not default on their debts, forgetting or overlooking Russian default early in the 20th century and the African and South American defaults in the late 1960s and 1970s.

Domestic currency and foreign currency debt

A useful distinction in sovereign debt bond issues is usually drawn between:

the debt countries owe which is denominated in their domestic currency, and where a default is rare largely because countries have the power to print their domestic currency, and

debt denominated in foreign currency where the currency must be earned by the debtor country.

It is worth noting that many of the world's largest economies rarely borrow in anything but their domestic currency, although their bonds are held internationally. For example the role of the US dollar as a reserve currency means that many countries with surplus foreign currency earnings hold significant amounts of US sovereign debt as foreign currency reserves.

Financial ratio analysis

Sovereign risk is usually assessed much in the same way as corporate debt with models designed to determine the ability of a country’s government to service its debts. The debt service ratio comprises the critical ratio of such models and is defined as the future interest and principal repayments due on foreign currency borrowing divided by the income from exports and capital inflows. As with corporate debt appraisal there are a number of other ratios that can help assess the debt service capability of a country. However it should be noted that ratio analysis does not tell the whole story because the future prospect of individual economies may differ significantly despite having similar financial ratios at any point in time.



Inward investment

Inward investment has become a growing area of analysis for investors and banks particularly when it is combined with domestic economic policies to create so-called ‘bubbles’ (high valuations of specific assets that cannot be sustained in the long-term). Examples of recent bubbles include Tokyo’s soaring commercial property prices in the early 1990s, and the high technology company valuations in the US and Europe from the late 1990s until 2002. Such bubbles also played a role in the Asian debt crisis of the mid-1990s as both commercial property prices and equity values in many Southeast Asian countries reached levels that could not be sustained in the long term.

Other factors

There are also other factors to consider when assessing sovereign risk, although the poor quality of government data has often made the process difficult. Furthermore, not all currency borrowing is carried out by governments. Private sector borrowing in foreign currency can also affect the total size of a country’s debt service requirements/obligations and data on this type of borrowing is often very poor.

Qualitative factors

There are also a number of qualitative factors to consider when assessing sovereign risk, such as:

the efficiency of the banking system in allocating capital to productive enterprises

the efficiency of the tax system in raising government revenue the ability of the central bank to affect exchange rates the role of high domestic interest rates which not only encourages

private foreign currency borrowing, but which can also contribute significantly to inflationary pressures within an economy

the transparency of the economy and the clear separation of roles and powers between the government, central bank, supervisors, the legal system and business.

The interplay of a number of these qualitative factors can be seen in the Asian economic crisis of 1996-1997 which affected Thailand, Indonesia, Malaysia, the Philippines and South Korea.



Sovereign risk and country risk

While sovereign risk and country risk are often considered synonymous it is better to view sovereign risk as a subset of country risk. Country risk covers the domestic legal, political and economic environment and how these all affect the private sector economy. Country risk analysis is particularly important when looking at inward investment which involves cross-border lending to companies, individuals or projects. Other factors to consider when assessing country risk include:

the legal system especially laws on property ownership and bankruptcy the stability of the political system; although this does not refer to the

stability of any one government the rules surrounding access to foreign currency especially if exchange

controls are prevalent.

Basel II and sovereign risk

The above factors highlight the need to ensure that sovereign risk is carefully appraised. In the Basel I Accord sovereign risk was measured using a simple risk weight based primarily on the nature of the borrower, (e.g. government) and the type of instrument, (e.g. guarantee, loan, etc.). Under Basel II, the Standardised Approach uses publicly available credit ratings to appraise and control sovereign risk. This change impacts on the regulatory credit risk capital required for sovereign risk. Many governments are publicly rated as are nearly all issuers of public debt in one form or another. In contrast, very few corporate borrowers are rated.

5.1.2 Corporate credit risk

Corporate credit makes up a large part of what is referred to as ‘risky debt’ in contrast to sovereign debt which is supposedly ‘risk-free’ debt. Corporate credit risk comprises the default risk in the debt obligations issued by companies. The most common form of such debt obligations is common stock, which bears the highest risk of loss. Stockholders are the last stakeholders to be paid out when a company is liquidated. For example in all jurisdictions corporate bonds and bank loans are paid out prior to equity holders, but still after preferred creditors such as employees (for unpaid wages) and the government (for unpaid taxes). Many banks claim that they understand corporate credit risk far better than many of the other risks they take, and in many economies it is the most important category of credit risk for banks. Where deep and liquid markets for capital do not exist, in practice virtually everywhere outside the US, the role of banks in recycling savings from private individuals to productive



enterprises (a process known as financial intermediation) is vital for economic growth. The credit appraisal techniques many banks use when lending to companies stem from methods used to evaluate investments. Indeed, the use of financial ratio analysis as the basis for the models used to make corporate lending decisions is widespread. Such techniques have become highly sophisticated since the 1930s, although they’ve been used since joint stock companies were first created nearly 400 years ago.

Basel II includes incentives for banks to add greater discipline to these credit appraisal techniques through the extensive use of statistical methods for calibration and ‘backtesting’ of credit grading models. Basel II also encourages banks to add information through the use of options-based models where the availability of data makes their use appropriate. Options models can be substituted for more conventional models when the relevant corporate credit is widely traded through such instruments as bonds, commercial paper and common stock, and when information on the debt structure and trading performance of the company is readily available and up to date. However, such models can produce volatile credit grades. Most commercial banks are likely to use them to supplement financial ratio based models. (Section 5.2 highlights the importance of their role.)

5.1.3 Retail customer credit risk

Many commercial banks consider that the credit standing of individual retail customers is just as important as corporate credit risk. In many countries the techniques for personal credit appraisal have changed significantly as banks have moved away from branch-based lending to centralized lending. In branch-based lending branch managers were primarily responsible for lending decisions which were based on personal knowledge of their customers. Centralized lending decisions are made by inputting ‘standardized’ customer information into credit ‘scoring’ models. Product development has changed the market for personal finance, which is now increasingly split between credit secured against real estate (houses) and credit that is unsecured consumer finance (increasingly credit card-based). Housing finance has traditionally been equated with mortgage finance. The sale and purchase of mortgages by professional investors, including pension funds and investment management companies through the issues of securitized bonds (see Section 1.3), has led to the development of highly sophisticated models to calculate the value of different mortgage securitization bonds. These calculations include the credit standing of the



bonds. While details of the models will be covered in the Diploma, the importance of such factors as affordability and loan-to-value will be covered later in this chapter. Outside of the US there has been increasing development of customer accounts where a broad range of borrowings can be secured against property on a continuing basis. This can include a mortgage, car loan, home improvement loan, other consumer finance and even credit card borrowings. Although such loans cannot qualify as a mortgage in some countries, the development of these accounts represents an important innovation in personal finance. They have the potential not only to reduce borrowing costs for customers, but to reduce risk for banks as well. With its extensive recognition of collateral Basel II seems to permit and even encourage innovations such as this. Unsecured consumer finance has been greatly influenced by developments in models that measure the credit standing of individuals, so-called ‘credit scoring’ models. Such models have in turn been greatly influenced by the credit card industry. In this fiercely competitive business the specific features of individual models are carefully guarded commercial secrets. However, the fundamental features of these models include cash flow assessment, employment history and asset cover. These are discussed later in this chapter along with the importance of credit agencies and credit history.

5.1.4 Probability of default

All the models discussed in Sections 5.1.1, 5.1.2, and 5.1.3 are used by banks to support a lending decision. Lending decisions may be characterized as ‘bimodal’ (lend or don’t lend). Unfortunately this is too simplistic because in practice banks are interested in the risks, the reward, (e.g. the margin and fees on the loan) and, under Basel II, the capital being held against the loan. Lending/investing decisions are made by balancing risk and reward, because at some price any risk may be worth taking - the greater the risk the greater the reward. A simplistic bimodal approach does not help banks in making commercial decisions. However, grading models are one way of creating a risk/reward framework for supporting lending/investing decisions. Basel II, through the use of public credit grades in the Standardised Approach and bank specific grading models in the Internal Rating-Based approaches, encourages banks to use credit appraisal models to establish risk/reward decision frameworks. All the models discussed so far in this chapter can be used as a basis for Basel II compliant credit grading models.



5.1.5 Systemic credit risk

Credit risk and liquidity risk are considered the most fundamental risks in banking. In Basel I the focus was solely on credit risk. While liquidity crises in commercial banks are rare today, credit risk can still prove very problematic, not simply for banks themselves but for central banks, supervisors and governments as well. The Japanese credit boom of the 1990s and the ‘bubble’ it created in commercial property prices, resulted in a level of bad debts estimated at in excess of 10% of the assets of many Japanese domestic banks.

Example The Japanese domestic lending crisis Throughout the 1990s the Japanese banking system suffered catastrophic losses due to its domestic lending policies, which led to the collapse or near collapse of several high profile banks. The crisis resulted in Japan’s 17 largest banks writing off JPY 51 trillion over eight years, equivalent to about 10% of Japan’s gross domestic product during that period. In the mid-1980s the Japanese economy had been booming, with high economic growth and very low inflation. During a period of aggressive competition Japanese banks lent large amounts to higher risk customers in order to increase market share. These loans were mainly collateralized by real estate, the value of which had increased to a point where it was vastly overvalued. At the end of 1989 the Japanese stock market collapsed and an economic slump ensued. The real estate ‘bubble’ also burst and values fell dramatically. As a result of the economic downturn Japanese banks were left with non-performing loans backed by collateral that was relatively worthless.

In China supervisors are concerned that a similar percentage of bad debts prevails in some banks. Such high bad debt levels can lead to systemic risk, the great fear of central banks and governments. Any bank suffering a high level of defaults in its lending portfolio is a problem for supervisors and central banks. However, if all banks are suffering at the same time the economy will suffer. This could potentially result in a severe economic downturn because the banking system will not have sufficient capital (bad debts must be deducted from bank capital). Consequently banks will be unable to extend the credit needed to facilitate economic expansion.

5.1.6 Traded markets counterparty credit risk

Market risk results from the mark-to-market value of a traded market contract such as a foreign exchange contract or an interest rate related contract. A bank that undertakes market transactions will either make a profit, or the counterparty with whom they contract will profit depending on the mark-to-market value of the contract. It is the classic ‘zero sum game’, only one party can gain from the individual contract.



Traded markets counterparty credit risk is generated when the counterparty does not immediately pay the amount owed in a transaction. For example in many businesses ‘cash on delivery’ arrangements avoid credit risk. However in many banking transactions the amount due, (e.g. the loan) will only be paid when the contract matures. With many market related products the amount owed to the counterparty may change during the life of the contract. It is not unknown for the flow of payments to reverse as a result of movements in the market price of the contract. In practice the level of counterparty credit risk can be reduced by:

the making of regular payments between the parties to the contract the debtor pledging security to back what is owed (collateral), and ‘netting’.

Netting is the process of offsetting gains and losses across a number of the same type of contract or even across different contract types.

In market risk, marking-to-market is the process of using current market prices to revalue a trading position. However, mark-to-market valuations are also the basis of calculating counterparty credit risk. The extent of counterparty credit risk is a function of market movements and is not directly related to changes in the credit standing of the counterparty. In all other respects a traded markets counterparty is considered the same as any other counterparty, and will be evaluated using the same credit appraisal techniques.

5.2 The origin and use of credit analysis

5.2.1 Analysis of creditworthiness – sovereign risk

The analysis of sovereign risk has increased greatly as a new international financial market has become established – the so-called ‘emerging market’ issuers of debt. A major area of work undertaken by public rating agencies is the existing credit analysis of sovereign risk, the most well known being Standard & Poors, Moodys Investors Service and FitchRatings. Many governments also have agencies, called Export Credit Agencies (ECAs), which guarantee sovereign risk for exporting companies. There are agreed principles and practices for credit appraisal under which such agencies must work.



In addition to the above agencies banks also undertake their own analysis of sovereign risk. Such analysis usually looks at a series of quantitative and qualitative factors. These typically cover:

the country itself the economic environment (savings, investment and growth statistics) natural resources and raw materials labor market efficiency and the quality of skills and education efficiency of capital and banking markets the government macro economic policy (exchange rate and interest rate policies) external trade and payments balances inflation history and outlook foreign direct investment flows government funding and spending policies the political environment stability and adaptability of the political process degree of consensus on social and economic aims legal environment (property rights, creditors’ rights) the banking system policy and control of the banking sector the independence of bank supervisors the role of the central bank and support mechanisms for the banking

system. It should be noted that legal risk is pervasive in that it does not only affect sovereign lending. It is just as important when lending to companies or persons domiciled in the country concerned. When considering sovereign risk an analytical framework can be created either from reliable quantitative figures, or from ranking the more qualitative criteria in the above list. The BIS publishes reliable quantitative figures; however the lack of such figures could be indicative of the level of risk in a particular country. A grading model can be created by comparing the average (mean) data of a cohort (group) of similar countries, or by more sophisticated so-called ‘multivariate analysis’ which creates a single ‘score’ by combining a number of such ratios.

5.2.2 Analysis of creditworthiness – corporate risk

When offering borrowing facilities to corporate customers, all banks need to determine the ability of the company to repay the debt. Traditional approaches have centered on analyzing the financial performance of the company that wants to borrow. This is termed credit analysis. The



techniques used in credit analysis have their origin in the individual stock analysis techniques found in the investment management industry. ‘Stock picking’ and ‘credit appraisal’ have much in common. They both seek to establish whether a company can provide a good return on the money invested in it, be that equity in the case of the investor or debt for the bank lender. Both investors and banks are seeking stability and soundness in a company measured by:

its ability to pay dividends regularly and over a sustained period of time a ratio of debt to equity that is not very high so that if it suffered a shock

from an unforeseen event (such as the collapse of a major customer), it would be able to cut its costs, (e.g. dividends) and still be able to pay its creditors (lenders) thus avoiding potential liquidation

other criteria such as the ratio of current assets to current liabilities, which shows the company's ability to generate net cash flow.

Corporate credit analysis

Corporate credit analysis in commercial banks is still predominantly undertaken using financial ratio analysis and models built on its principles. Such analysis examines the following elements of a company’s financial statements:

balance sheet profit and loss account (income statement) cash flow statement tax statement.

The analysis will typically focus on three years’ historical performance. To add a predictive capability to the credit appraisals the results are analyzed to identify any trends.

Key ratios

The ratios typically used during corporate credit analysis cover a company’s:

operating performance debt service capability financial gearing (leverage) liquidity.



Examples of typical ratios are:

for operating performance: net income divided by net worth and sales divided by fixed assets

for debt service capability: cash flow divided by interest on debt for financial gearing: long-term debt divided by capital for liquidity: current assets divided by current liabilities.

Ratios can be used to develop grading models. For example, ratios can simply be compared to some defined industry average, which is known as univariate analysis, or built into a scoring system referred to earlier as multivariate analysis.

Company valuations

The focus on corporate credit analysis has changed in recent years as worries about the ability of companies to manipulate earnings figures have increased. Today company valuations are often based on such tangible factors as dividends plus net assets per share, rather than earnings. Assessing a company’s financial performance through financial ratio analysis is still very important as this form of analysis can help in avoiding ‘bubble’ valuations and thus inappropriate lending.

Example The South Sea Company Perhaps one of the best early examples of correctly valuing a company is provided by Archibald Hutcheson, a British Member of Parliament, who in the 1720s attempted to warn investors of the danger of investing in the South Sea Company (the notorious South Sea Bubble). Hutcheson produced a series of stock valuation techniques that are still relevant today. (Students wishing to learn more about the South Sea Bubble and Hutcheson’s techniques should read "The First Crash" by Richard Dale, Princeton University Press, 2004.)

5.2.3 New options-based techniques

In recent years the limitations of stock valuation techniques have become apparent. Today, sophisticated credit rating models form the basis of much credit analysis. This is especially the case for markets which are highly ‘liquid’ and where information on companies is widely available and up to date. The most obvious proponents of credit rating models are the bond rating agencies though they do not disclose, in detail, the workings of their models. These models incorporate investment appraisal analysis as well as more sophisticated techniques such as those relating to the work of Robert



Merton the Nobel prize-winning economist. Merton is credited with the development of an options-based approach to modeling credit. The Merton approach is remarkably simple yet very incisive. Merton characterizes a loan to a company as the purchase by the company of a right (an option) to transfer (‘put’) the firm's assets to the bank when the value of the firm becomes negative. This is assumed to happen when the ‘present value’ of the equity of the firm, less the present value of its debt becomes negative. In other words when this occurs the owner of company has no incentive to retain ownership of the company and ‘walks away’ and leaves the company in the hands of the bank, lenders and bondholders. The difference between the valuation of equity and debt can be used to calculate the probability of default. The nearer to zero this net valuation is the more likely the owner is to ‘walk away’. At this point the equity has no value because the firm owes the debt holders more than the company is worth. The Merton approach has greatly influenced the latest grading models used to predict the probability of a credit default. Along with such additional metrics as loss given default, exposure at default and backtesting methods focusing on expected and unexpected loss, it forms the basis for Basel II compliance under the Internal Rating-Based approaches. (Loss given default and exposure at default are discussed later in the Certificate program. Expected and unexpected losses are explained in Chapter 6.) An in depth explanation of Merton-based options models is beyond the scope of the Certificate. However it is important that students understand the basic concepts behind such models.

5.2.4 Analysis of credit risk – personal credit risk

Personal credit risk covers two major areas of personal finance: finance secured against real estate (primarily mortgage lending) and unsecured lending (mainly consumer finance).

Personal budgets

Lending to an individual, whether secured against housing or unsecured, requires an understanding of personal budgets. Since such budgets are based on the amount of cash coming into a household and cash spent by a household, a bank account is an excellent source for the required historical information.



Credit scoring models

The financial information that a bank has available from a customer’s account gives it an advantage over other banks wishing to extend credit to the customer. This advantage restricted competition in the consumer credit market and led to the development of so-called credit scoring models. A credit scoring model enables a bank to extend credit to individuals even though the bank does not already provide all their banking arrangements. Banks ‘feed’ the details of a person’s credit history, along with other details provided by the potential customer, into scoring models that estimate creditworthiness.

Credit reference agencies

Credit reference agencies have played an essential role in the growth of consumer lending. These agencies maintain a record of a person’s credit history and ideally require all potential lenders to be parties to their arrangements. The growth of such agencies has significantly increased unsecured lending competition in a number of markets where they have become established. The importance of such agencies to the retail banking industry has been increasingly recognized and such agencies now exist in a number of emerging markets including China.

Lifetime consumption

Confidence in the debt service capability of an individual over time requires a forward looking approach. This in turn requires an assessment of what the lifetime income and expenditure profile of the borrower is. A simple illustration of this is the difference between granting a mortgage to someone who is 30 years old and someone who is 60. The sources of repayment may differ significantly.

Net assets

Income and expenditure is only one dimension of a person’s financial viability; the other is a person’s assets and liabilities. Clearly a high level of net personal assets, such as shares or bonds, could have been a potential source of repayment for the older person in the example above.

The role of insurance

In addition to net income and net assets the ability to sustain payments over time will also depend on the level and type of insurance coverage the borrower has. For example health insurance could be used to sustain



payments should either person in the above example become sick and unable to work.

Affordability assessment

In assessing the affordability of a mortgage banks typically consider the following:

free disposable income, on an individual or joint income basis income after mortgage payments are deducted income multiples and ability to sustain payments in the future the certainty of the interest rate charged on the mortgage threats to income and insurance cover (health, unemployment) asset insurance (house, home contents) loan to house value mortgage indemnity insurance.

In assessing the affordability of consumer finance, credit analysis will look closely at the individual’s free disposable income, as is the case with mortgage lending. The value of assets is less relevant, although they are considered in the case of auto loans. Such assets often have a high and reliable value in relation to the outstanding loan amount and thus will significantly reduce or even eliminate the outstanding debt in the event of borrower default.

5.2.5 Portfolio management

The development of portfolio management theory has led to a far better understanding of the benefits of considering not only the risk associated with any single loan, but also the importance of the change in the risk of a whole portfolio of loans as a result of making an additional loan. The main effect of taking loan correlations into account has been to dissuade banks from concentrating lending in any one area of business either by geographic, industry or credit grades. This is known as credit concentration risk. Concentration risk is covered in Basel II where it states “risk concentrations are arguably the single most important cause of major problems in banks”. Such concentrations are not covered in the Pillar 1 capital charge, but rather in Pillar 2. Under Pillar 2 banks are required to have effective internal policies, systems and controls to identify measure, monitor and control their credit risk concentrations. Banks are also required to consider the extent of their credit risk concentrations in their assessment of capital adequacy under Pillar 2 and to conduct stress testing accordingly. (Pillar 2 is discussed in more detail in Chapter 7.) Such concentrations include significant exposures to:



an individual counterparty or group of related counterparties economic sector or geographical region reliance on an activity or commodity collateral type or single counterparty.

The text in Basel II notes that many national supervisors impose limits on large exposures in relation to the amount of lending to any one counterparty as a percentage of a bank’s capital.

Concentration risk can be analyzed by looking at the cohorts of the portfolio. A cohort is a grouping of the assets by different criteria. For example a portfolio can be grouped by industrial classification, by geographical area and/or by credit grade. All represent different ways of grouping a portfolio and will give distinct information when analyzing the concentration risk contained in the overall portfolio.

5.3 Credit risk and Basel II

Pillar 1 of Basel II requires banks to calculate their capital requirements for credit risk, market risk and operational risk. The requirement for credit risk regulatory capital was intrinsic in the original Basel I Accord. Under Basel II banks can adopt three different approaches for calculating their credit risk capital requirements. In addition to describing the mechanics of each approach Basel II also defines the minimum criteria a bank must meet to use the more advanced approaches. The more sophisticated Internal Ratings-Based (IRB) approaches require the approval of the national supervisor before it can be used. A fundamental regulatory requirement is that the Internal Ratings-Based Approach is used to make credit decisions internally, as well as to measure credit risk. It is this feature of the IRB Approach that differentiates Basel II from Basel I. It also differentiates the three approaches for calculating credit risk capital permitted in Basel II. Under the IRB approaches banks are not simply using credit risk measurement methodologies, they are installing a credit risk management process. Measurement and management must, under the IRB approaches, come together. Adapting current processes to the minimum criteria required by the IRB approaches is fundamental to achieving compliance. Therefore banks seeking to use any of these approaches need to undertake a thorough review of existing processes including a review of their strengths and weaknesses against IRB requirements.



Sample questions

1. Under Basel II the credit risk of most government debt will be recognized

as:

a) Risk-free c) Related to its PD b) Related to its public credit

grade d) Related to its risk weight

2. Most corporate credit risk is established through:

a) Financial ratio analysis c) Public credit grades b) Options models d) Distance to default models

3. Retail customer credit standing is established through:

a) Personal knowledge c) Financial ratio models b) Credit scoring models d) Cash flow modeling

4. Portfolio management looks at the total portfolio risk by:

a) Adding the risk of the individual assets

c) Offsetting risks between cohorts

b) Adding the assets across cohorts

d) Looking at the total risk change from adding an additional asset to the portfolio




Summary

This chapter has introduced a number of key concepts and issues involved in the nature of credit risk. Students should review this summary before proceeding.

The nature of credit risk

Credit risk is defined as the risk of losses associated with the possibility that a counterparty will fail to meet its obligations when they fall due; in other words the risk that a borrower won’t repay what is owed.

Personal investors risk their savings in pursuit of profits when they invest.

In the course of business companies will incur credit risk in the form of receivables due from their customers – they will be owed money for providing goods or services.

Banks are highly geared (leveraged) institutions and any rise in default rates by borrowers can potentially erode their capital very rapidly.

Historically banks have largely built their credit appraisal techniques for corporate borrowers from methodologies commonly used for investment appraisal of non-government borrowers.

Sovereign risk is the risk of losses associated with the probability that a country fails to pay either interest or principal on its borrowings.

Many of the world's largest economies rarely borrow in anything but their domestic currency, although their bonds are held internationally.

Country risk covers the domestic legal, political and economic environment and how they affect the private sector within the economy.

Country risk analysis is particularly important when looking at inward investment, which involves cross-border lending to companies, individuals or projects.

The appraisal and control of sovereign risk is significantly affected through the Basel II Standardised Approach’s use of publicly available credit grades.

Corporate credit risk comprises the risk in the debt issued by companies.

Many banks claim that they understand corporate credit risk far better than many of the other risks they take.

Basel II includes incentives for banks to add greater discipline to credit appraisal techniques through the extensive use of statistical methods for calibration and ‘backtesting’ of credit grading models.

Many banks consider that the credit standing of individual retail customers is just as important as corporate credit risk.

Unsecured consumer finance has been greatly influenced by developments in credit scoring models.



Lending decisions may be characterized as ‘bimodal’ (lend or don’t lend).

Bimodal decisions are too simplistic because in practice banks are interested in the risk, the reward, (e.g. the margin and fees on the loan) and, under Basel II, the capital being held against the loan.

Through the use of public credit grades Basel II moves banks towards the widespread use of credit appraisal models to establish risk/reward decision frameworks.

Credit risk and liquidity risk are considered the most fundamental risks in banking.

Traded market counterparty credit risk is generated when the counterparty does not immediately pay the sum owed in a transaction.

The level of traded market counterparty credit risk can be reduced either by the making of regular payments between the parties to the contract, by the debtor pledging security to back what is owed (collateral), or by ‘netting’.

The origin and use of credit analysis

Many governments have agencies, referred to as Export Credit Agencies (ECAs), that guarantee sovereign risk for exporting companies.

When considering sovereign risk an analytical framework can be created, either from reliable quantitative figures or from ranking the more qualitative criteria

Reliable quantitative figures are published by the BIS; however the lack of such figures could be indicative of the level of risk in a particular country.

When offering borrowing facilities to corporate customers, all banks are faced with the need to determine the ability of the company to repay the debt. This is termed credit analysis.

The analysis of financial performance through financial ratio analysis is still very important as this form of analysis can help in avoiding ‘bubble’ valuations and thus inappropriate lending.

The use of options valuation concepts has greatly influenced the creation of the latest grading models used to predict the probability of a credit default.

Personal credit risk covers two major areas of personal finance: finance secured against housing (primarily mortgage lending), and unsecured lending (mainly consumer finance).

Lending to individuals, whether secured against housing or unsecured, requires an understanding of personal budgets.

Income and expenditure is only one dimension of a person’s financial viability; the other is a person’s assets and liabilities.

When assessing the affordability of consumer finance the credit analysis will look closely at the free disposable income, as is the case with



mortgage lending. The value of the assets is of less relevance, although they are considered in the case of auto loans.

The main effect of taking loan correlations into account has been to dissuade banks from concentrating lending in any one area of business, thus avoiding concentration risk.

Credit risk and Basel II

Pillar 1 of Basel II requires banks to calculate their capital requirements for credit risk.

Under Basel II banks can adopt three different approaches for calculating their credit risk capital requirements.

As with market and operational risk, Basel II advanced credit risk measurement approaches also require implementation of credit risk management approaches.


B : 37


6 The nature of operational risk

Chapter 1 introduced the student to operational risk and its measurement/ management under the Basel II Accord. This chapter revisits operational risk and explains the Basel II definition in more depth. While operational risk is not new, it hasn’t been subject to banking industry regulation – until the Basel II Accord. This chapter is intended to provide the student with a firm understanding of the scope of operational risk. It breaks operational risk down into ‘risk categories’ giving actual examples of risk events, and outlines why operational risk is becoming important to supervisors. Finally, the chapter outlines the Basel II Accord requirements for quantifying and mitigating operational risk. On completion of this chapter the candidate will have a basic understanding of:

the Basel II definition of operational risk, its scope and key concepts risk of loss expected loss unexpected loss the risk categories of operational risk how operational risk is changing and why it has been included in Basel II an overview of the Basel II Capital Accord operational risk framework.

6.1 The nature of operational risk

6.1.1 What is operational risk?

The Basel II Capital Accord specifically defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. As a general concept, operational risk can be viewed as being related to the myriad of problems that can result from the failure of processes or procedures. Consequently operational risk is neither a new risk nor is it unique to banks, although all banks will be familiar with these failures and should have processes to deal with them. It is a risk that affects all businesses because operational risk is inherent in carrying out a process/operational activity.



The scope of operational risk

Despite operational risk being one of the oldest types of risk it is the least well defined, with many different definitions covering a broad range of risk categories (see Section 6.3.1). Indeed the Basel II definition has excluded business, strategic and reputational risk, but includes legal risk. Students may find it surprising that the scope of operational risk is still not rigorously defined. As part of good business practice many banks have managed some of their operational risks without recognizing them as a ‘risk’ in the same manner as credit or market risk. For example, banks have realized for many years that staff training is a good way of increasing customer service and decreasing the number of processing errors. Thus effective staff training has increased customer retention and decreased compensation costs. However, banks may not have considered losses due to staff errors as operational risk losses and staff training as a technique for mitigating operational risks. Many types of operational risks, such as fraud and process failure, can occur relatively frequently. Such events usually result in losses, which at an individual incident level are minor, (so-called high frequency/low impact losses) and can be managed by banks through their day-to day-procedures and policies, (e.g. technology controls and security). In contrast, major events such as a terrorist attack or fire are infrequent but can result in very large individual event losses (low frequency/high severity losses). The primary approach banks have taken to ensure that they can continue operating after such an extreme event has been to implement business continuity plans and policies. Prior to the publication of the Basel II Capital Accord it was unusual to find a bank that allocated capital against operational risk losses.

Barings

Over the last 20 years there have been many examples of severe events that have resulted in catastrophic losses for a bank, far in excess of its capital reserves. In Chapter 1 there was a brief discussion of the collapse of Barings which illustrated such a catastrophic event. Below is a more detailed version of the events showing how one incident, which could have been avoided but for operational errors, destroyed Barings’ capital and ultimately resulted in its collapse.

Chapter 6: The nature of operational risk


Example Control failure and trading incentives – Barings In February 1995, Baring Brothers and Co. Ltd. (Barings), London, collapsed after losses of GBP 827 million following unauthorized trading in derivatives by a trader in its Singapore subsidiary. This completely wiped out the bank's capital leaving it unable to meet its obligations. In Alan Peachey’s view this disaster could have been greatly mitigated, if not entirely avoided, had earlier internal audit reports drawing attention to the potential risks been given the importance they deserved and acted upon immediately1. Nick Lesson, who was the trader, was also responsible for managing the back office and accounts were not being properly reconciled. Furthermore, no one in London was asking to see evidence of the ‘customers’ for whom the positions were purportedly (supposedly – easier when English is a second language) taken. In Peachey’s view the failure of Barings illustrates a number of issues in risk control: 1. The senior management in London appeared to have little understanding of

the business Nick Leeson was conducting, despite the fact that it was carried out on a well-regulated exchange and was not particularly complicated.

2. The Singapore office was apparently producing profits out of all proportion to

its size, and management seems to have failed to restrain the trader who appeared to generate almost 25% of total group profits.

3. Moreover, senior management considered Leeson’s business to be very low

risk, despite the fact that it was generating very high returns. 4. The remuneration structure of one of Barings’ star traders appears to have

encouraged excessive risk-taking. Leeson's salary in 1994 was reportedly GBP 50,000, but his bonus was GBP 450,000 - roughly nine times his salary.

5. Barings in London sent some GBP 550 million to Singapore in little over a

month to fund ‘margin calls’ on what was supposedly customer business. Nobody appears to have adequately questioned why these significant cash sums were required.

6. A number of internal auditor’s reports that had raised questions about the

business appear to have been ignored. 7. There seems to have been a lack of due separation of the accounting for the

client and proprietary trading businesses. In March 1995 Barings, including all of its liabilities, was acquired for a nominal GBP 1 by the Dutch bank, Internationale Nederlanden Group (ING).

1 Peachey, Alan. Great Financial Disasters of Our Time. Berlin: BERLIN VERLAG Arno Spitz GmbH, 2002.



The nature of banking – and the global economy – is changing which is leading to an increase in the frequency of events that have the potential for generating severe losses. (The reasons behind this change are discussed in Section 6.4.) It is against this background that supervisors have recognized the need to introduce standardized approaches to manage operational risk and to measure the impact of such events. Discussions on standards for operational risk management have revolved around three major topics:

what is operational risk? what is included in the scope of operational risk? how do banks manage it - qualitatively or quantitatively?

The Basel II Accord has defined operational risk as well as the scope of the risk. In addition, it requires banks to both quantify potential losses and implement management procedures to mitigate the risks.

For the first time banks will be required, under Pillar 1, to quantify and allocate regulatory risk capital against potential operational risk losses in a similar way as they do for credit and market risk. The Basel II Accord criteria and definitions for operational risk are open to interpretation. Consequently banks are looking at operational risk management frameworks used in other industries to help them ensure compliance with the Basel II regulations.

6.1.2 Frequency versus impact

Before moving on to discuss the scope of operational risk it is necessary for the student to understand an important concept used in operational risk which will be referred to many times during this course. This concept is how operational risk events are classified. Operational risk events are classified according to two factors:

frequency - how often the event occurs impact - the amount of the losses resulting from the event.

It is possible to categorize operational risk events depending on how often they occur and the severity of their impact. The four main types of events are:

low frequency/low impact low frequency/high Impact high frequency/low impact high frequency/high impact.



In general operational risk management focuses on only two of these event types:

low frequency/high impact (LFHI) high frequency/low impact (HFLI)

Banks ignore low frequency/low impact events because they would cost more to manage and monitor than the losses they incur. High frequency/high impact events are not considered relevant because if a bank is incurring this type of event it will quickly be out of business. The losses will either be unsustainable, or the supervisor will act to resolve the bank’s bad business practices. The high frequency/low impact events are managed to improve business efficiency. These events tend to be readily understood and are viewed as ‘the cost of doing business’. Many financial products, particularly those in retail banking, will include a factor for these kinds of losses within their pricing structure. For example many banks that offer credit card products adjust their pricing structure to account for fraud. It is the low frequency/high impact events that are by far the most challenging for banks. By their very nature they are the least understood and the most difficult to predict. Furthermore, they have the potential to do severe damage and may even result in the collapse of the bank, e.g. Barings.

6.2 Risk loss, risk events, expected and unexpected loss

6.2.1 Risk of loss

As noted earlier, the Basel II Accord defines operational risk as the “risk of loss resulting from inadequate or failed internal processes …”. By defining operational risk in terms of “risk of loss” the Basel II approach could actually miss key operational risk events. The Basel II definition implies that only those operational failures or events that result in a loss should be viewed as operational risks. This is slightly misleading as not all operational risk events lead to banks incurring losses (see mismatched position example given below). Even though such events result in a profit, they cannot be ignored because they have the potential to result in a loss if they occur again. Operational risk management is a learning process. When an event occurs, or nearly occurs (a near miss), irrespective of the financial consequences, it is important that the event is recorded and steps are taken to prevent it recurring. The Basel II Accord requires a bank to calculate regulatory capital that can be allocated against potential losses from operational risk events. If



a bank uses historical data based only on actual losses, it will be underestimating potential future losses.

Example Mismatched positions Bank G has a dealing desk that undertakes foreign exchange transactions. After one deal one of the traders mistakenly books that he purchased yen instead of US dollars. This makes it appear to the trader that he is ‘long’ in yen. To resolve the mismatch position he decides to sell the yen he thinks he has and purchase dollars. As a result of the original mistake the trader has actually doubled his dollar mismatch instead of ‘squaring off’, (i.e. he does not hold either dollars or yen) the position. Later in the day the error is realized and the trader sells his large dollar position. Luckily for the trader the dollar exchange rate has risen and so he actually makes a profit. In this example the operational risk event - incorrectly recording a deal - resulted in Bank G making a profit not a loss. It should be recorded as a near miss to help the bank improve its processes because it may not be so lucky next time. In this particular instance it is important that the profit is recorded as a sundry profit not as a trading profit.

6.2.2 Expected loss versus unexpected loss

When computing operational risk capital, a bank is required to base its calculation on both expected loss and unexpected loss. As with many areas of risk management there are different definitions of expected and unexpected loss. This section defines these losses in operational risk terms.

Expected loss is the loss incurred as a bank carries out its normal business. It can be simply defined as the cost of doing business. During a bank’s day-to-day operation it is reasonable to assume that operational losses will be incurred. For example staff make mistakes, credit card fraud occurs and banks are robbed. The only way that a bank can totally prevent operational risk losses is to cease doing business. A bank therefore assumes that it will incur losses while operating. In fact some expected losses might already be included within the pricing structures of its products. If a bank can demonstrate to the supervisor that it has already accounted for expected losses these can be omitted from the regulatory capital calculations, since risk capital is supposed to cover the bank’s estimate of unexpected losses. A bank uses statistical methods to predict its expected losses. In short it uses past data and experience to predict the future. A simple method of



calculating expected loss is to compute the mean (average) of the actual losses over a given time and accept this as the likely future level.

Unexpected loss is the loss that occurs significantly above the level accepted as expected loss. They are the losses resulting from the unexpected or extreme events that a bank assumes – although unlikely – could occur. Rather than losses experienced as part of everyday business, they are losses from events that have a very low probability of occurring. Unexpected losses typically result from low frequency/high impact events. A bank may attempt to ‘predict’ its unexpected losses using statistics, in a similar way to expected losses. Expected losses tend to be calculated using a bank’s own data and experiences. However a bank may not have previous experience of some events that could result in unexpected losses, for example terrorism. Thus, to calculate unexpected loss a bank uses:

available internal data external data from other banks, and data from operational risk scenarios.

A simple method of calculating unexpected loss is to use the standard deviation. Standard deviation is a measure of the distance of a value from the average (mean). In this case the standard deviation will measure the distance of a loss from a particular operational risk, from the average (mean) loss of all operational risk events. Unexpected losses are usually assumed to be losses with a standard deviation that includes 0.1% of all losses furthest from the mean. To calculate expected and unexpected losses under Basel II, banks are required to hold internal and external historical operational risk loss data. As previously stated, there are many different definitions of operational risk and its various categories. To help ensure a consistent approach across banks, the Basel II Accord has defined a standard set of definitions for operational risk loss types. All banks are required to ‘map’ their data to these definitions.

6.3 Operational risk events

6.3.1 Operational risk event categories

Under the Basel II Framework operational risk mitigation is not only about recording actual and predicting future losses. It is also about managing the events themselves. Reducing the possibility of an event occurring and reducing its potential impact can lower the operational risk capital a bank is required to hold. In order to do this, it is more important to understand the event itself, rather than simply recording the loss resulting from it.



A simple way of understanding operational risk in banks is to categorize it as anything not covered by credit risk or market risk. However, this is a very broad definition and does not actually help to manage operational risk. Therefore it is useful to consider the different types of operational events that can lead to loss. This can be achieved by subdividing operational risk into a number of risk event categories that indicate the underlying cause of the risk event. Although the Basel II Accord does not formally do this, operational risk events can be subdivided into the following categories:

internal process risk people risk systems risk external risk legal risk.

The categories listed above exclude those risks defined under Basel II as ‘other risks’. Thus business risk, strategic risk and reputational risk are not included as operational risk event categories.

6.3.2 Internal process risk

Internal process risk is defined as the risk associated with the failure of a bank’s processes or procedures. During a bank’s day-to-day operations, staff follow preset working practices. These procedures and policies will include all the checks and controls required to ensure that customers are correctly served and that the bank remains within the laws and regulations by which it is governed. Internal process risk events include:

documentation – inadequate, insufficient or wrong lack of controls marketing errors misselling money laundering incorrect or insufficient reporting, (e.g. regulatory) transaction error.

Reviewing and improving a bank’s internal processes as part of operational risk management can improve its efficiency. Errors often occur when a process is complicated, disorganized or easily circumvented, all of which are also inefficient business practices.



Example Daiwa Bank, New York In April 1995 a bond trader at Daiwa Bank, New York, admitted losses of USD 1.1 billion, which he had concealed over an 11-year period. During this time he put through at least 30,000 unauthorized deals without anybody realizing what he was doing. In Alan Peachey’s view this is a case of a lack of controls: a simple audit of outstanding securities would have uncovered the illicit trades, but during the entire period no such audit had taken place.

6.3.3 People risk

People risk is defined as the risk associated with an employee of a bank. Banks often state that their most valuable asset is their staff. However it is the bank’s employees who are also a common source of operational risk events. These events can occur, either through intentional or unintentional action, and are not limited to any one part of the organization. People risk events can even occur in the risk management functions, where it is important to ensure that staff have the required qualifications and skills. Common areas which result in people risk are:

health and safety issues high staff turnover internal fraud labor disputes poor management practices poor staff training over reliance on key staff activities of a rogue trader.

Example UBS Warburg, Tokyo

At the end of November 2001 UBS Warburg, a Swiss bank, lost an estimated 50 million US dollars on it trading book following mistake by one of its employees2. A UBS Warburg trader in Tokyo incorrectly sold 610,000 Dentsu shares at 16 yen each, rather than 16 shares at 610,000 yen each, despite the order being questioned by the computer system3.

6.3.4 Systems risk

Systems risk is the risk associated with the use of technology and systems. Today all banks rely heavily on technology and systems to support their day-to-day activities. In fact banks couldn’t operate without computer systems. However, using these technologies introduces operational risk. Systems risk events can be caused by:

2 See Financial Times, December 8 2001. 3 See Financial Times, December 10 2001.



data corruption data entry errors inadequate change control inadequate project control programming errors reliance on ‘black box’ technology – belief that the systems’ internal

mathematical models are correct service interruption - either partial or complete failure system security issues, for example computer viruses and hacking system suitability use of new untried technology.

In theory, the catastrophic failure of a bank’s technology is an event that would very likely cause the bank to collapse. Today the reliance on technology is such that if a bank’s computers fail it would not be able to continue operating for any length of time. So far, however, computer failures have yet to cause the collapse of a bank. The fear of technology failure is a continuing focus of attention for the senior management of most banks. Indeed many have invested heavily in the development of new computer technologies. However, there have also been instances where major systems projects have been abandoned when the expected benefits were not realized or where costs had spiraled out of control. To control the risks of failure many banks have implemented risk management techniques centered on project management ‘best practice’. Best practice project management often begins with a ‘risk assessment phase’. It is interesting to note that many UK banks still use 30-year old systems to support the core parts of their customer transaction processing. However the risk of failure in replacing these old systems deters any action from being taking. The contribution that best practice project management processes (such as Prince II) can make to mitigating risk is outside the scope of this course.

Example Bank of Scotland In October 2000 a near-total computer failure at Bank of Scotland closed down all its cash machines and internet banking facilities. It also prevented ‘Switch’ debit cardholders from making large purchases. The failure occurred at lunch time and lasted for three hours. The knock-on effects meant that processing usually carried out overnight was unfinished, with the result that some customers’ pay checks were not cleared on time.



6.3.5 External risk

External risk is the risk associated with events occurring that are beyond the direct control of the bank. External risk events are usually low frequency/high impact events and consequently generate unexpected losses. They are also the events that the majority of students will be familiar with as they are the most ‘dramatic’ generating considerable press coverage. Examples of such events are large-scale robberies and major terrorist attacks. Such events can be caused by:

events at other banks which have an industry-wide impact external fraud and theft fire natural disasters failure of outsourcing arrangements the implementation of new regulations riots and civil protests terrorism transport system interruption, preventing staff from reaching their

workplace utility service failure, e.g. an electrical power cut.

Historically banks have actively focused on external risk in order to protect themselves from its adverse impacts, for example protecting the bank against theft. Many external events are severe enough to interrupt a bank’s ability to do business. Consequently a great deal of effort has been made on the part of banks to ensure that they can continue to operate after such an event. This is known as business continuity planning or business resumption planning. Prior to Basel II the main focus of operational risk managers in many banks was on business continuity planning.

Example National Westminster Bank In April 1993 the NatWest Tower, the high-rise headquarters of National Westminster Bank suffered extensive damage when a terrorist bomb exploded a bomb in the City of London. Major refurbishment of both the interior and exterior of the building cost GBP 75 million. Following the rebuilding, National Westminster Bank decided against reoccupying the Tower and sold it to a property company.



6.3.6 Legal risk

Legal risk is the risk from uncertainty due to legal actions or uncertainty in the application or interpretation of contracts, laws or regulations. Legal risk varies greatly from country to country and has generally been increasing as a result of:

know-your-customer (KYC) legislation introduced primarily as a result of terrorism, and

data protection legislation introduced largely as a reaction to the increasing use of customer information for marketing purposes.

In some countries legal risk results from an unclear legal position, for example on property ownership or bankruptcy issues. In others the extraterritorial reach of laws passed in the EU or the US can be a constraint on their banks’ participating in international markets.

Example Bear Sterns In June 1999 it was reported that Bear Sterns, an American investment bank, had agreed to pay the SEC (Securities and Exchange Commission) USD 25 million to settle a dispute over its back office operations. The firm had acted as clearing agent for A.R. Baron, a small securities house that had gone bankrupt in 1996. The firm had since become the subject of criminal enquires over allegations that it had defrauded investors of approximately USD 75 million. The authorities named Bear Sterns in the case because, according to allegations at the time, Bear Sterns should have alerted supervisors over Baron’s trading since it had a clear view of all the firm’s trades and should have identified the fraud.

6.3.7 Boundary events

One of the challenges when measuring and managing operational risk is to know which events to classify as operational, credit, market or other risk events. When a risk event occurs establishing the exact cause is often open to interpretation. Events where this occurs are known as boundary events because they potentially cross the ‘boundaries’ between different types of risk. A common problem is that risk losses often occur from a combination of events rather than a single factor. A classic example of a risk event with multiple possible causes is the failure of Barings (see Section 6.1.1). The Barings failure could be classified as an operational, market, business or strategic risk event. The lack of suitable controls, non-separation of duties, and a rogue trader indicate an operational risk event as the cause (internal process risk and people risk). The financial losses were incurred because of derivative trades on the Singapore Futures Exchange. Thus the



Barings failure could be classified as a market risk event. Finally, the board of Barings appears to have made questionable business and strategic decisions about its Singapore dealing operations, including sending an additional GBP 550 million to fund payments due on the deals. So the collapse could also be classified as a strategic or business risk event. The general solution to a boundary risk event is to classify the event by its underlying or root cause. In the case of Barings it is clearly an operational risk failure because with effective controls, Barings:

would have identified that the rogue trader was trading way beyond his limit and stopped his actions at an early stage

would not have allowed the catastrophic trades to be made would not have made the strategic decisions to support the trading since

they would have known the reasons for the requested funds and had a better understanding of the risks being taken.

Unfortunately it is not always quite so easy to identify the underlying cause. It is, however, important to establish where a boundary event lies to avoid the possibility of double accounting in the capital calculations or missing the event altogether. The methods a bank uses to calculate its regulatory risk for credit, market and operational risk differ and so it is important to allocate the event to the correct category. This is particularly true when banks use methodologies that rely on internal historical data, (e.g. OpVaR and the Internal Ratings-Based approaches for credit risk). Hence it is important for banks to establish clear policies on how boundary events are classified.

6.4 How operational risk is changing

6.4.1 The changing nature of operational risk

Since the first banks began trading they have been taking steps to minimize their operational risks, for example preventing theft. However, it is the nature of operational risk that is changing, due in large part to the technological advances and globalization. Not only are major, high profile events occurring more frequently, the impact of such events is also increasing. Consequently the approach to operational risk management has been changing due in part to a change in corporate governance and management responsibilities. In addition, banks are beginning to realize that good operational risk management provides a number of benefits. Over the past 15 years there has been an increase in the number of operational risk events that have had extreme impacts. This increase is



partially due to the greater coverage such events are now receiving around the world. Instant global communication means that these events are reported, in real time in some cases, for example:

the collapse of BCCI and Barings Bank the extensive damage to the NatWest Tower in London, from a bomb in

1993, and the terrorist attack on the World Trade Center in New York on

September 11th 2001.

Example ‘Y2K’ Bug A classic example of a potential operational risk event becoming high profile issue was the ‘Y2K bug’. It has been estimated that some USD 400 billion had been spent on making computer programs worldwide recognize the year 2000. To minimize the size of computer programs in the 1970s and 1980s programmers stored dates using only the last two digits, i.e. 1978 was stored as 78. In the mid-1990s banks started to become concerned that on January 1, 2000 their computer systems would stop working correctly as the date would change from 99 to 00 (1999 to 1900). One implication would be that accounting programs could add 100 years of interest to bank accounts. Between 1997 and 1999 there were many ‘wild’ media assertions of the potential impacts of the Y2K bug. Banks adjusted their credit risk systems to account for countries and customers who had not dealt with their Y2K problems. For the first time banks realized that an operational risk event could affect their customer’s credit rating. In reality the 1st of January 2000 came and went without any major Y2K disasters, even in countries where the issue had been widely ignored.

The work on resolving the Y2K bug provided unexpected benefits for banks. The method many adopted to identify and resolve the problem involved understanding the major processes of a bank and how they interacted (known as process mapping). The business processes of many banks had evolved as their business had developed and changed. During the Y2K changes many banks were thus able to identify inefficiencies in their operations by analyzing their business process ‘maps’. Implementing operational risk management policies and procedures can result in a bank improving its internal processes. Many operational risk techniques for mitigating risk start with process mapping and involve minimizing opportunities for failure, confusion and waste. Resolving such problems not only can reduce the risk of losses, it can also reduce the operating costs of a business. For critical processes, process mapping is part of the discipline of good process control, seen in such methodologies as Six Sigma. Six Sigma is a statistics-based methodology for measuring and improving the quality and efficiency of a business and its underlying processes.



6.4.2 Why the severity of operational risk events is increasing

There has been a gradual increase in the impact of operational risk events. As a result banks are becoming increasingly concerned that events involving mainly relatively low-cost errors (high frequency/low severity events) are becoming supplemented by a lower frequency of higher severity loss events. The growing impact of operational risk events has been caused by an increase in:

automation reliance on technology outsourcing terrorism globalization incentives and trading – ‘rogue trader’ transaction volumes and values litigation.

Automation

Many banks are becoming less reliant on clerical processes and more reliant on automated processes. People may make errors relatively frequently but they are usually discovered relatively easily as well. It is unusual for a group of people to repeat the same mistakes multiple times. However, a computer program, if incorrectly programmed or operated, can replicate the same mistake many times. Such mistakes are often less easily detected than those of an individual whose mistake would normally stand out. Another concern is that the automation of processes can lead to an accumulation of errors that can result in significant losses when discovered.

Reliance on technology

It is not just the impact of increasing automation that is of concern to banks. The reliance on technology in all areas of banking is increasing, from mass automation to highly specialized products. For example, product funding and risk management techniques are becoming ever more sophisticated, with an increasing reliance on complex mathematical models and technology. Incorrect implementation, a lack of understanding, or reliance on the ‘accuracy’ of the technology used is leading banks to suffer increased losses. For instance many risk managers are concerned about the over reliance on Excel spreadsheets, which are frequently used to price complex transactions, often with poor documentation or control.



New technology has also changed the way customers interact with a bank. As a result, the line between a bank’s internal system and its external customer system is becoming increasingly blurred. Many customers deal/transact themselves via the internet, without using bank staff as intermediaries. In fact there are an increasing number of customers who bank only through technology-based products. The interruption of technology-based services is having a greater impact on a bank’s customers and hence on the bank itself.

Outsourcing

Many banks outsource elements of their operations, often to businesses in other countries. Such outsourcing arrangements are undertaken because of cost and process efficiency benefits. However, outsourcing introduces operational risks beyond a bank’s control because:

the bank hands over important elements of its customer service to the outsourcer

the outsourcer may be subject to quite different economic pressures which might not be entirely transparent to either the bank or its supervisor

the outsourcer may be subject to completely different regulations than the bank.

The incentives for the outsourcer depend on its contract with the bank rather than on the performance of the bank in relation to its customers. Incentives and contract structures are very important, as are the financial strength and capabilities of the outsourcer. If the outsourcer fails the bank’s customers, it is the bank that suffers the long-term consequences and losses. This increasing reliance on other organizations to undertake crucial banking operations is leading to potentially higher operational risk losses.

Terrorism

Unfortunately acts of terrorism are increasing in frequency and severity and are becoming a global risk. Banks no longer have to be the specific target of a terrorist attack in order to suffer loss. Recent terrorist atrocities have had an impact, not only on specific companies and markets but on the global economy as well, increasing the volatility of world equity and commodities markets. With the confidence of the market and the general public both directly affected, terrorist events are thus having both an immediate and long-term impact on banks.



Increased globalization

The move towards a truly global economy has also had an impact on operational risk. Events that were once isolated within a local market are increasingly having global effects. It is often said that the world is becoming smaller and is moving towards a ‘24/7’ society. Banks are increasingly operating 24 hours per day, 365 days per year, in a global market place rather than a domestic one. The internet provides a bank’s customers the ability to transact with it at any time from anywhere in the world. This is having a growing impact on the severity and frequency of operational risk events. This is because:

events can affect many markets and a wider range of institutions there is less time to resolve problems so the effect can intensify very

quickly there has been an increase in transactions (see below) events are given more publicity.

Incentives and trading

Incentives are at the center of a problem that can result in catastrophic losses for some banks. A bank’s traders can profit personally by taking high risks that result in large profits and, in turn, large bonuses. If the risks result in large losses the worst the trader is likely to suffer is the loss of his or her job. Thus a trader could, to a certain degree, be encouraged to take on positions with high risk/reward ratios. This disparity in incentives has, at least in part, been responsible for a depressingly large number of ‘rogue trader’ incidents over the last decade, the worst of which, students will recall, led to the collapse of the Barings Bank (see Section 6.1.1).

Increasing transaction volumes and values

The liberalization of financial markets, improved automation and technology, and globalization has each contributed to the dramatic growth in both the volume and value of trades. Thus maximum potential losses from an operational risk event, particularly those related to traded markets, are also increasing. Potential losses can be linked to both the volume and value of the trades affected by the operational failure.

Increased litigation

The threat and/or use of litigation following an operational risk event have increased banks’ losses. Events that may have been considered minor in the past can now involve a bank incurring substantial costs and losses as a



direct result of litigation. It is not just the compensation paid to the customer, but also the cost of the litigation itself. For some banks it was the fear of litigation that made them spend such vast sums on the Y2K problem. The trend of moving from high frequency/low severity events to low frequency/high severity ones has concerned supervisors. They have responded by encouraging banks to take a broader look at their processes and to consider the possibility of low frequency/high impact events outside the areas of credit risk and market risk.

6.5 Basel II and operational risk

The Basel II Capital Accord has moved the management of operational risk in a new direction for banks. Under Pillar 1 banks are required to quantify operational risk, measure it and allocate capital in the same way as for credit risk and market risk. In addition, banks are also expected to manage operational risk in order to reduce the possibility of events occurring. Operational risk has been one of the most controversial aspects of Basel II. The intention is that banks should hold capital against what are perceived to be operational risks. It is expected that on average approximately 12% of capital will be held against this risk. Basel II has recognized that for many banks the move to regulatory capital may be onerous because operational risk measurement is not an exact science. Asking banks to value their operational risk and calculate risk capital (for the first time) may present challenges particularly for smaller banks. Many operational risk events occur as a result of a person’s actions and can be due to a series of errors or mistakes over a long period. In fact many of the catastrophic events that led to bank collapses have been the result either of unpredictable events, or the long-term build up of problems in central or reporting procedures. Alan Peachy argues that the Barings collapse was actually triggered by the Kobe earthquake in Japan in January 1995. “This earthquake triggered a massive fall in the Japanese stock market which in turn triggered margin calls on Nick Lesson’s position, setting the bank on the road to destruction.”4 In keeping with the collaborative approach adopted by the Basel Committee, the Basel II Accord allows a bank to use one of three different approaches for calculating operational risk capital. A bank has the ability to 4 Peachey, Alan. Great Financial Disasters of Our Time. Berlin: BERLIN VERLAG Arno Spitz GmbH, 2002.



move from a simple system, similar to the credit risk calculations in Basel I, through to an approach that uses highly complex statistics (OpVaR). The three approaches are the Basic Indicator Approach, the Standardised Approach and the Advanced Measurement Approach. (They will each be discussed in greater detail in later levels.)



Sample questions

1. Business continuity planning is a technique to mitigate the impact of:

a) People risk c) Legal risk b) External risk d) Internal process risk

2. Unexpected losses are usually associated with events that are:

a) Low impact /low frequency c) Low impact/high frequency b) High impact/high frequency d) High impact/low frequency

3. High impact/low frequency events tend to:

a) Result in the collapse of a bank

c) Be caused by external events

b) Be readily understood d) Be ignored by banks 4. Unexpected losses are losses that:

a) Result from regularly occurring events that have limited impact

c) Result from rarely occurring events that have a severe impact

b) Can be ignored by banks d) Do not have to be included in operational risk capital calculations

5. Historically the main reason banks have actively managed systems risk

is to:

a) Minimize the chance of catastrophic failure

c) Prevent project overspend

b) Deliver systems that were ‘fit for purpose’

d) Implement industry ‘best practice’




Summary

This chapter has introduced a number of key concepts and issues involved in the nature of operational risk. Students should review this summary before proceeding.

The nature of operational risk

The Basel II Capital Accord defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

Operational risk affects every business as it is inherent in carrying out a process/operational activity.

The Basel II definition of operational risk has excluded business, strategic and reputational risk, but includes legal risk.

Many types of operational risks, such as fraud, have been actively managed by banks through their technology, controls and security systems.

Prior to the release of the Basel II Capital Accord it was rare to find a bank that allocated capital against operational risk losses.

Under Pillar 1 of the Basel II Capital Accord banks will be required to quantify and allocate regulatory risk capital against potential operational risk losses in a similar way to credit risk and market risk.

Operational risk events are classified according to their frequency and impact.

Operational risk management focuses on only two event types: low frequency/high impact (LFHI) and high frequency/low impact (HFLI).

The high frequency/low impact events are managed to improve business efficiency. They tend to be readily understood and can be termed ‘the cost of doing business’.

The low frequency/high impact events are the least understood, most difficult to predict, and have the potential to do the greatest damage.

Risk loss, risk events, expected and unexpected loss

Under the Basel II Accord operational risk is defined in terms of “risk of loss”.

The Basel II definition implies that only those operational failures or events resulting in a loss should be viewed as operational risks. However, not all operational risk events lead to a bank incurring losses.

When an operational risk event occurs, or nearly occurs (a near miss), irrespective of the financial consequences, it is important that the event is recorded and steps are taken to prevent it reoccurring.

When computing operational risk capital a bank is required to base its calculation on both expected loss and unexpected loss.



Expected losses are those incurred as a bank carries out its normal business. They can be defined simply as the cost of doing business.

Unexpected losses are those losses that occur significantly above the level accepted as expected losses. They are the losses resulting from the unexpected or extreme events a bank assumes, although unlikely, may occur.

Expected losses are calculated using a bank’s own data and experiences, while unexpected losses are calculated using available internal data, external data from other banks and data from operational risk scenarios.

To calculate expected and unexpected losses under Basel II banks are required to hold internal and external historical operational risk loss data.

To help ensure a consistent approach across banks the Basel II Accord has defined a standard set of definitions for its loss types.

Operational risk events

Internal process risk is defined as the risk associated with the failure of a bank’s processes or procedures.

People risk is defined as the risk associated with an employee of a bank. Systems risk is the risk associated with the use of technology and

systems. External risk is the risk associated with events that are beyond the direct

control of a bank. Legal risk is the risk from uncertainty due to legal actions, or uncertainty

in the application or interpretation of contracts, laws or regulations.

How operational risk is changing

Operational risk and its management are changing with the increased reliance on technology and globalization.

Operational risk management is becoming increasingly important in response to the changes in corporate governance and management.

The ‘Y2K bug’ showed banks for the first that an operational risk event could affect a customer’s credit rating.

Implementing operational risk management policies and procedures can result in the improvement of a bank’s internal processes.

Banks are becoming increasingly concerned that events that have been mainly relatively low cost errors (high frequency/low severity events) are becoming supplemented by a lower frequency of higher severity loss events.

The liberalization of financial markets, improved automation and technology, and globalization has each contributed to the increase in the volume and value of trades.

In response to the change in operational risk supervisors have encouraged banks to take a broader look at their processes and to be



careful to look at the possibility of low-frequency/high impact events outside the areas of credit risk and market risk.

The liberalization of financial markets, improved automation and technology, and globalization has each contributed to the increase in the volumes and values of trades.

In response to the change in operational risk supervisors have encouraged banks to take a broader look at their processes and to be careful to look at the possibility of low-frequency/high impact events outside of the areas of credit and market risk.

Basel II and operational risk

Under Pillar 1 banks are required to quantify operational risk, measure it and allocate capital in the same way as for credit and market risk.

Banks are expected to manage operational risk to reduce the possibility of events occurring.

Banks are expected to calculate their operational risk capital for expected and unexpected losses.

The Basel II Accord allows a bank to use one of three different approaches for calculating operational risk capital.

The three approaches are the Basic Indicator Approach, the Standardised Approach and the Advanced Measurement Approach.

Part C

Supervision, disclosure and governance

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko C : 3

7 An introduction to supervisory review and bank disclosure requirements This chapter discusses the supervisory review process as set out in Pillar 2 of the Basel II Accord. It explains the relationship between Pillar 1 and Pillar 2 and how the review process complements the capital requirements set out in Pillar 1. Pillar 2 is an integral part of the Capital Adequacy Framework as it lays out the criteria for managing and reporting risks that are not addressed in Pillar 1. In addition, it establishes a framework for supervisors to use in carrying out their duties. The chapter also introduces the student to disclosure and considers the background to company disclosures, highlighting recent changes brought about by high profile failures. On completion of this chapter the candidate will have a basic understanding of:

why supervisory review is important the responsibilities of bank management why disclosures are required the agencies that require disclosures, and why.

7.1 The importance of supervisory review

It is important that banks are subject to supervisory review, not only to ensure compliance with minimum capital requirements but also to encourage them to develop and use the best risk management techniques. Pillar 1 defines the calculations to be used in determining the minimum regulatory capital required with respect to market, credit and operational risk. Pillar 2 sets out the principles of the supervisory review process that national authorities should use (in addition to the Pillar 1 capital calculations) to evaluate a bank’s capital adequacy.

Part C: Supervision, disclosure and governance

C : 4 © Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko

Pillar 2 addresses three main areas either not covered, or outside the scope of Pillar 1. These are:

risks not fully considered by Pillar 1, such as credit concentration risk (See Section 5.2.5)

risks not considered at all by Pillar 1, such as interest rate risk in the banking book

factors external to the bank, (e.g. business cycle effects). A further important aspect of Pillar 2 is the assessment of compliance with the minimum standards set for the use of the more advanced methods of capital calculation in Pillar 1.

7.1.1 Internal capital assessment process

Supervisory review is not a substitute for good management. The board of directors and the senior management of a bank have the responsibility to ensure that they maintain adequate capital to support the bank’s business activities including those beyond the scope of Pillar 1. Bank management is responsible for developing an internal capital assessment process that evaluates the risk and control environment across all the bank’s operations. Capital assessment is an ongoing process that is an integral part of managing a bank’s business activities. The process will not only evaluate current requirements, but will also estimate future capital requirements. Bank management will use the estimates for each of its businesses to set capital targets that will be aggregated to determine the bank’s overall capital requirement. Bank management will monitor the actual capital requirement against the targets as part of its oversight of the bank’s operations.

7.1.2 Supervisory review and actions

The quality of the internal capital assessment process will be evaluated by the supervisory authorities. This evaluation, combined with other factors discussed later in this chapter, will determine the level of the target capital ratio set for the bank. Any deficiencies in the process will be reflected in the target capital ratio set for the bank. A higher capital ratio will reduce the level of business activity that the bank’s capital can support. This in turn is likely to lead to a reduction in the bank’s profits as a result not only of reduced business activity, but also of the higher costs of maintaining increased capital relative to its activities. Banks therefore have a commercial as well as a prudential incentive to develop and maintain a high quality capital assessment process. This is a key factor in the supervisory review process because it ensures that the

Chapter 7: An introduction to supervisory review and bank disclosure requirements


regulatory process is an integral part of the management of banks. However it is recognized that increased capital is not a substitute for improving an inadequate or failing control environment. Although supervisors can raise the capital ratio in response to deficiencies identified during a review, they may also use other measures to address perceived deficiencies. These include:

setting targets for improvements in the risk management structure introducing tighter internal procedures improving the quality of staff through training or recruitment.

In extreme cases supervisors may curtail the level of risk or business activity until the problem is resolved or under control. For example, supervisors could force a bank to withdraw from certain markets until its control environment has improved. The Basel Committee sees the supervisory review process as an active dialogue between a bank and its supervisor. Thus any problems that arise can be identified and action quickly taken to restore the bank’s capital position to a satisfactory level.

7.2 An overview of the four key principles

The Basel Committee set out 25 core principles of supervision in its “Core Principles for Effective Banking Supervision”, issued in September 1997. They cover the following areas:

pre-conditions for effective banking supervision licensing and structure prudential regulations methods of ongoing banking supervision information requirements formal powers cross-border banking.

A detailed discussion of the core principles is outside the scope of the Certificate course. Pillar 2 identifies four key principles of supervisory review to complement the 25 core principles. An introduction to each of the four principles is given below. Each principle will be in reviewed in greater detail in a subsequent level.



7.2.1 Principle 1

Banks should have a process for assessing their overall capital adequacy in relation to their risk profile, as well as a strategy for maintaining their capital levels. Bank management bears primary responsibility for ensuring that the bank has adequate capital to meet its current and future requirements. Its capital targets must be set with integrity and be consistent with its risk profile and control environment. The targets must be integral to the bank’s strategic planning and should incorporate extensive stress testing. Basel II describes five features of a rigorous capital assessment process:

board and senior management oversight sound capital assessment comprehensive assessment of risk monitoring and reporting internal control review.

7.2.2 Principle 2

Supervisors should review and evaluate banks’ internal capital adequacy assessments and strategies, as well as their ability to monitor and ensure compliance with regulatory capital ratios. Supervisors should take appropriate supervisory action if they are not satisfied with the result of this process. The regular supervisory review process should:

examine the calculation of risk exposures and the translation of risk into a capital requirement

focus on the quality of the process and on the quality of internal controls around the process

examine the existing capital assessment framework to identify any deficiencies

not include recommendations on the structure of the framework as this is a matter for the management of the bank.

The review process may involve any combination of the following information gathering methods:

on-site visits off-site reviews meetings with bank management reviewing relevant work carried out by external auditors monitoring of periodic reports.



7.2.3 Principle 3

Supervisors should expect banks to operate above the minimum regulatory capital ratios and should have the ability to require banks to hold capital in excess of the minimum. The minimum capital requirements set in Pillar 1 include a ‘buffer’ to take account of uncertainties that affect the banking community as a whole. The Pillar 1 regime is designed to set a minimum capital standard for a bank:

that has a sound control environment that has a diversified risk portfolio whose business activities include risks that are covered by the Pillar 1

regime.

7.2.4 Principle 4

Supervisors should seek to intervene at an early stage to prevent capital from falling below the minimum levels required to support the risk characteristics of a particular bank and should require rapid remedial action if capital is not maintained or restored. If a bank is failing to maintain its capital requirement supervisors may use their discretion in taking action to correct the situation. Supervisors can increase a bank’s capital requirement as a short-term measure while underlying problems are resolved. The increase in capital would be withdrawn when the supervisor is satisfied that the bank had overcome its operating difficulties.

7.3 The nature of disclosure

Disclosure is the public dissemination of information that is material to the evaluation of a company’s business.

Traditionally disclosure has been considered important because it provides current and potential investors in a company with information relevant to that company’s current and as well as future performance. Therefore companies whose shares are traded on a stock exchange have had to meet more onerous disclosure requirements than privately-held companies. However in recent years disclosure has increasingly been seen as an important mechanism for pursuing public policy issues such as:

the imposition of improved corporate governance standards (largely in reaction to recent corporate governance scandals, such as Enron and WorldCom in the US and Parmalat in Italy)



improved transparency of company policies which affect public policy issues, such as financial inclusion, ethnic diversity and environmental and conservation issues.

Example Enron

In December 2001 Houston-based energy company Enron, the seventh largest company in the US, filed for bankruptcy protection after its shares fell below 1 US dollar each. In mid-2000 its shares had been valued at a record high of $90. Senior company executives initially blamed Enron’s demise on a collapse of confidence in financial and energy markets. However public documents filed before the collapse, and others that have since emerged, revealed that the problems originated among a network of affiliates established by the energy trader1. These affiliates, among 3,500 created by Enron, were used to hold assets moved from the parent's balance sheet. Under US accounting rules such entities could be treated as off-balance sheet, provided at least three percent of the capital was owned by company outsiders. Many of the assets were performing poorly, and shifting them helped preserve Enron's image as a dynamic and growing company for a while. By the end of 1999, according to (now questionable) company estimates, Enron had moved $27 billion of its total $60 billion in assets off-balance sheet. The complex structure of affiliates enabled Enron to misreport profits and hide debts in its consolidated accounts. Enron capitalized some of these vehicles, not with cash, but with its own shares or arrangements that provided a so-called ‘economic interest’ in the value of these shares. While Enron's share price was rising, this meant that such vehicles were well or even over-capitalized. But once the shares started falling it triggered alarm bells within Enron, forcing the company to inject more shares into some of the vehicles to meet its debts.

Examples of the types of disclosures that supervisors may require companies to make are provided below.

Financial statements

In general companies (both privately owned and publicly quoted) are required to produce financial statements, (e.g. profit and loss account, balance sheet, tax accounts). These financial statements must be signed by an external auditor and be produced in accordance with the relevant national accounting standards (which may be International Accounting Standards).

1 See Financial Times, March 15, 2002.



Listing authority requirements

In the case of companies that are listed on a recognized stock exchange, the company must make those disclosures required by the exchanges rules. Listing rules may require the publication of a wide range of reports (often known as filings). A listing authority is most concerned with shareholders’ needs and in general these filings contain very detailed financial information. Listing authorities not only set their own rules; they may also be responsible for enforcing disclosures required by other regulating bodies (see below).

Legislation

An excellent recent example of legislation is the US Sarbanes–Oxley Act 2002 which introduced statutory requirements for corporate accountability. One of its requirements is that the chief executive and chief financial officer of a company listed on a US stock exchange must certify by public disclosure the correctness of the financial reports of the company. Section 404 of the Act also has extensive requirements for the disclosure of documentation, testing and external auditor verification of the quality of the company’s internal controls over its financial reporting. The provisions of the Act are implemented through the Securities and Exchange Commission, the listing authority for US stock exchanges.

Company management

While often overlooked because regulatory authorities are imposing more and more disclosure requirements on companies, the importance of the way a company’s own board of directors and senior management choose to report on its activities gives all stakeholders significant insight into the way the company is run. In particular these reports highlight the priorities, policies and the way the company’s performance is viewed by its board of directors. In this respect many of the world’s largest banks set very high standards for reporting how the company is managed. Stakeholder is defined as shareholders, employees, customers and society as a whole.

Other issues

In some countries, for example the UK, statutory requirements for corporate disclosure are relatively light. Outside of those covering financial accounts, statutory requirements focus on codes of practice, (e.g. The Combined Code, and principles of disclosure). For example the Principle D2 of the UK Combined Code states: “The board should maintain a sound system of internal control to safeguard shareholders’ investment and company assets”.



UK companies must either comply with the principles set out in the Combined Code, and make declarations to that effect in their Operating and Financial Review (OFR), or explain why not. Though less uniform than a detailed disclosure regime, the Combined Code is more flexible and easier to change. There are various other agencies, not only in the UK that may require and enforce disclosures covering issues as diverse as the environment, equal rights and political affiliations. Disclosure is a broad issue. The aspects of disclosure covered in Basel II are only a sub-set of the disclosures any bank has to make as part of its general legal and regulatory obligations. Disclosure of the operating performance of a company covers a whole range of policies and procedures designed to inform investors and analysts, allowing them to draw conclusions concerning the current and future prospects for the company. In recent times disclosure has been pursued to further other social policies as governments and companies have moved towards a stakeholder view rather than just a shareholder view of corporate performance.



Sample questions

1. Pillar 2 sets out:

a) 25 core principles of supervision

c) Principles for the management and supervision of interest rate risk

b) Four key principles of supervisory review

d) Principles for the management of credit risk

2. The level of risk taken by a bank is set by the:

a) Traders c) Risk managers b) Supervisors d) Board of directors

3. Public companies reporting requirements are supervised by:

a) Listing authorities c) Government b) Auditors d) The Board of Directors




Summary

This chapter has introduced a number of key concepts and issues in supervisory review and bank disclosure requirements. Students should review this summary before proceeding.

The importance of supervisory review

It is important that banks are subject to supervisory review, not only to ensure compliance with minimum capital requirements but also to encourage them to develop and use the best risk management techniques.

Supervisory review is not a substitute for good management. The board of directors and senior management of a bank have the responsibility to ensure that they maintain adequate capital to support the bank’s business activities.

The quality of a bank’s internal capital assessment process will be evaluated by the supervisory authorities. Any deficiencies in the process will be reflected in the target capital ratio set for the bank.

Although supervisors can raise the capital ratio in response to deficiencies identified during a review, they may also use other measures to address the situation.

An overview of the four key principles

Banks should have a process for assessing their overall capital adequacy in relation to their risk profile as well as a strategy for maintaining their capital levels.

Supervisors should review and evaluate banks’ internal capital adequacy assessments and strategies, as well as their ability to monitor and ensure their compliance with regulatory capital ratios. Supervisors should take appropriate supervisory action if they are not satisfied with the result of this process.

Supervisors should expect banks to operate above the minimum regulatory capital ratios and should also have the ability to require banks to hold capital in excess of the minimum.

Supervisors should seek to intervene at an early stage to prevent capital from falling below the minimum levels required to support the risk characteristics of a particular bank, and should require rapid remedial action if capital is not maintained or restored.



The nature of disclosure

Disclosure is the public dissemination of information that is material to the evaluation of a company’s business.

Disclosure has been considered important because it provides current and potential investors in a company with information relevant to that company’s current and as well as future performance.

In general companies (both privately owned and publicly quoted) are required to produce financial statements, (e.g. profit and loss account, balance sheet, tax accounts).

A listing authority is most concerned with shareholders’ needs and in general these filings contain very detailed financial information. Stakeholder is defined as shareholders, employees, customers and society as a whole.

The aspects of disclosure covered in Basel II are only a sub-set of the disclosures any bank has to make as part of its general legal and regulatory obligations.


8 Corporate governance for banks This chapter provides the student with an overview of corporate governance in banks. The principles of corporate governance outlined in this chapter provide banks with a framework for developing their own corporate governance structure. This is important because the establishment of strong corporate governance is a key factor in a bank’s development as a strong financial institution. On completion of this chapter the candidate will have a basic understanding of:

the principles of corporate governance for banks sound practices for good corporate governance.

8.1 Principles of corporate governance for banks

8.1.1 The nature of corporate governance

Corporate governance is described as a set of relationships between the board of commissioners, board of executive directors, stakeholders and shareholders of a company. Corporate governance creates a structure which helps a bank in:

setting objectives running daily operations considering the interests of the bank’s stakeholders ensuring the bank operates in a safe and sound manner complying with relevant laws and regulations protecting the interests of its depositors.

At this point students should review the Enron example in Section 7.3.This is a classic example of what can happen in the absence of good corporate governance.


C © Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko C : 16

There are a number of techniques and strategies that are required to create sound corporate governance. These are:

corporate values, codes of conduct and other standards of appropriate behavior and the system used to ensure compliance with them

a well-articulated corporate strategy against which the success of the overall enterprise and the contribution of individuals can be measured

the clear assignment of responsibilities and decision-making authorities, incorporating a hierarchy of required approvals from individuals to the board of directors

establishment of a mechanism for the interaction and cooperation among the board of commissioners, board of executive directors, senior management and the auditors

strong control systems, including internal and external audit functions, risk management functions independent of business lines, and other checks and balances

special monitoring of risk exposures where conflicts of interest are likely to be particularly strong including business relationships with borrowers affiliated with the bank, large shareholders, senior management, or key decision-makers within the bank

financial and managerial incentives to act in an appropriate manner. These should be offered to senior management, business line management and employees in the form of compensation, promotion or other forms of recognition

appropriate information flows internally and to the public.

8.1.2 Corporate governance structures

The structure of corporate governance in banks has many variations depending on local customs, legal restraints and the historical development of each bank. Although there is no single structure that can be prescribed as ideal, there are important governance issues that must be addressed in order to ensure adequate checks and balances are built into the structure. These are:

oversight by the board of commissioners, board of executive directors or supervisory board

oversight by individuals not involved in the day-to-day running of the various business areas

direct line supervision of different business areas independent risk management and audit functions key personnel are ‘fit and proper’ for their jobs regular reporting.

Chapter 8: Corporate governance for banks


8.2 Implementation of sound corporate governance

8.2.1 Establishing strategic objectives and a set of corporate values

It is important for a bank to set clear strategic objectives and a corporate ‘ethos’. Equally important is the communication of such policies to all areas of the bank. A bank that does not have strategic objectives will find it difficult to manage its activities because there will be a lack of focus in the use of its resources. By establishing a corporate ethos, the bank will be able to conduct its business according to clearly defined values. The company’s set of values should be applied to all areas of the bank including the board of directors. They should encourage the reporting of problems in a timely fashion and prohibit corruption and bribery both internally and externally. These values should be supported by policies to prevent situations that can challenge the operation of good corporate governance. An example would be a clear policy setting a procedure for employees to follow if their work creates a conflict of interest with their outside interests. A clear policy reinforces a bank’s values in dealing with such situations. The board of directors should ensure that systems and processes are in place to monitor and report compliance with its policies.

8.2.2 Clear lines of responsibility and accountability

To be effective in monitoring and controlling the activities of a bank the board of directors must set clear lines of authority and responsibility. This process should include the directors themselves. All areas of business activity should have a clear and unequivocal line of accountability to ensure that any problems will be subject to a focused response from management. Personnel should also be clear as to their level of authority and the level of authority of those with whom they interact. Clear lines of accountability provide a stable environment for the daily management of a bank’s operations and allows for an efficient decision-making process.

8.2.3 Responsibilities of the board of directors

The board of directors (or its equivalent) has the ultimate responsibility for the management and performance of a bank. Therefore, it is important that directors:



are qualified for the posts they hold understand their role within the corporate governance framework are not subject to undue influence from internal or external sources.

The directors should ensure they receive sufficient information to judge the performance of the management of the bank independently of the view of management, shareholders or government. A strong board of directors will:

understand their oversight role and their ‘duty of loyalty’ to the bank and its shareholders

serve as a ‘checks and balances’ function in relation to the day-to-day management of the bank

feel empowered to question bank management and are comfortable insisting on straightforward explanations from bank management

recommend sound practices learnt from other situations provide dispassionate advice not be overextended avoid conflicts of interest in their activities with, and commitments to,

other organizations meet regularly with senior management and internal auditors to

establish and approve policies, establish communication lines and monitor progress toward corporate objectives

absent themselves from decisions when they are incapable of providing objective advice

not participate in day-to-day management of the bank.

Specialized committees

In addition specialized committees may be created to allow appropriate board members to have oversight of specific areas. Committees may cover areas such as:

risk management - providing oversight of the senior management’s activities in managing credit, market, liquidity, operational, legal and other risks of the bank

audit - providing oversight of the bank’s internal and external auditors and ensuring that management is taking appropriate corrective actions in a timely manner to address control weaknesses, and non-compliance with policies, laws and regulations

remuneration – providing oversight of compensation of senior management and other key personnel and ensuring that compensation is consistent with the bank’s culture, objectives, strategy and control environment.



8.2.4 Senior management oversight

A key element in good corporate governance is the group of officers responsible for running the bank: the senior management. The senior management must have comprehensive oversight of their line managers similar to the board of directors’ oversight function. Key/strategic management decisions should be made by more than one manager. In addition, the following management situations should be avoided:

senior managers who are overly involved in business line decision-making senior managers who are assigned to manage an area without the

necessary prerequisite skills or knowledge senior managers who are unwilling to exercise control over successful,

key employees (such as traders) for fear of losing them.

8.2.5 The role of internal and external auditors

Internal and external auditors play a key role within the corporate governance framework. The board should recognize that they are critically important agents of the board. The work of the auditors should be used to validate the information provided by senior management. This process can be enhanced by the board:

recognizing the importance of the audit process and communicating this importance throughout the bank

taking measures that enhance the independence and stature of auditors utilizing, in a timely and effective manner, the findings of auditors ensuring the independence of the head auditor through his or her

reporting to the board or the board's audit committee engaging external auditors to judge the effectiveness of internal controls requiring timely correction by management of problems identified by

auditors.

8.2.6 Compensation policy

It is important that the board of directors develop a compensation policy that reflects the bank’s culture, objectives, strategy and control environment. The board should set the compensation for senior management and other key personnel. The compensation scheme should be designed to motivate senior management to act in the best interests of the bank. It should discourage short-term performance measures that may leave the bank exposed to long-term



risks. Salary scales should be set so that personnel are not overly dependent on short-term performance in relation to their total remuneration package.

8.2.7 Transparency

It is difficult for stakeholders, market participants and the general public to judge the effectiveness of the board of directors and senior management if there is a lack of transparency with regard to the bank’s structure and objectives. Sound corporate governance can be enforced by a high level of transparency. Therefore public disclosure should include:

board structure (size, membership, qualifications and committees) senior management structure (responsibilities, reporting lines,

qualifications and experience) basic organizational structure (line of business structure, legal entity

structure) information regarding the incentive structure of the bank (remuneration

policies, executive compensation, bonuses, stock options) nature and extent of transactions with affiliates and related parties.

Example Following the financial and accounting scandals involving US corporations the

US Congress passed the Sarbanes-Oxley Act in 2002. This Act requires public companies to evaluate their internal controls and to publish these findings annually. The evaluation of internal controls for the purposes of the Act is likely to be based on the COSO framework. COSO stands for “Committee Of Sponsoring Organizations of the Treadway Commission," which has established a common definition of internal control and a framework for evaluating the effectiveness of internal controls. The framework consists of eight interrelated components:

internal environment objective setting risk assessment risk response control activities information and communication monitoring.

These components are evaluated individually and as a whole to create an analysis of the effectiveness of internal control within an organization.



Sample questions

1. A bank’s corporate governance structure is the responsibility of:

a) Bank Indonesia c) Its board of commissioners b) Its internal auditors d) Its external auditors

2. Transparency in corporate governance refers to:

a) Internal disclosure of information

c) Regulatory reporting only

b) The external disclosure of information

d) The auditing of accounts

3. Key/strategic management decisions should be made by:

a) A senior manager, involved in the business line, with the correct skills or knowledge

c) More than one manager

b) A specifically nominated manager for clarity of decision making

d) A senior manager irrespective of his/her skills or knowledge




Summary

This chapter has introduced a number of key concepts and issues involved in corporate governance for banks. Students should review this summary before proceeding.

Principles of corporate governance for banks

Corporate governance is described as a set of relationships between the board of commissioners, board of executive directors, stakeholders and shareholders of a company.

The structure of corporate governance in banks has many variations depending on local customs, legal restraints and the historical development of each bank.

Although there is no single structure that can be prescribed as ideal, there are important governance issues that must be addressed in order to ensure adequate checks and balances are built into the structure.

Implementation of sound corporate governance

It is important for a bank to set clear strategic objectives and a corporate ‘ethos’. Equally important is the communication of such policies to all areas of the bank.

The company’s set of values should be applied to all areas of the bank including the board of directors. They should encourage the reporting of problems in a timely fashion and prohibit corruption and bribery both internally and externally.

The board of directors should ensure that systems and processes are in place to monitor and report compliance with its policies.

To be effective in monitoring and controlling the activities of a bank, the board of directors must set clear lines of authority and responsibility.

The board of directors (or its equivalent) has the ultimate responsibility for the management and performance of a bank.

In addition, specialized committees may be created to allow appropriate board members to have oversight of specific areas such as risk management, audit and remuneration.

The senior management must have comprehensive oversight of their line managers similar to the board of directors’ oversight function.

Key management decisions should be made by more than one manager Internal and external auditors play a key role within the corporate

governance framework. The board should recognize that they are critically important agents of the board.



The work of the auditors should be used to validate the information provided by senior management.

It is important that the board of directors develop a compensation policy which reflects the bank’s culture, objectives, strategy and control environment.

Sound corporate governance can be enforced by a high level of transparency.


9 Indonesian regulatory framework and risk management regulation This chapter, the final in Level 1 of the Indonesia Certificate in Banking Risk and Regulation, examines the Indonesian regulatory framework and the risk management regulation covering Indonesian banks. The chapter also looks at the regulations Bank Indonesia has introduced to enable it to meet the objectives published in the Indonesian Banking Architecture outlined in Section 1.7. The chapter describes the objectives and main functions of Bank Indonesia and then examines the risk management regulation applicable to Indonesian banks. The regulation covers all aspects of risk management responsibility from the board of commissioners through to the risk management unit. On completion of this chapter the candidate will have a basic understanding of:

the role of Bank Indonesia Indonesian bank regulation risk management regulation.

9.1 The role of Bank Indonesia

9.1.1 Primary objective and strategic tasks

Bank Indonesia (BI) acts as central bank to the banking system. It is a state entity that is independent of government control. BI’s objective is to maintain the stability of the rupiah value, and in meeting this objective it is responsible for:

formulating and implementing monetary policy maintaining and safeguarding a smooth payment system regulating and supervising banks.



9.1.2 Monetary policy

Bank Indonesia implements monetary policy by targeting its official interest rate, known as the BI Rate. The rate is the equivalent of a one-month market rate and is set as part of Bank Indonesia’s Inflation Targeting Framework. The BI Rate is set at the quarterly meeting of the Board of Governors although it may be set at a monthly meeting if necessary. The setting of the BI Rate is the primary tool in managing monetary policy along with Bank Indonesia’s other market operations, which include:

open market operations to influence liquidity setting minimum reserve requirements to tighten or loosen monetary

policy acting as lender of last resort to ease short-term funding difficulties implementation of an exchange rate policy to maintain stability of the

rupiah management of exchange rate reserves to facilitate international trade.

9.1.3 Payment system

Bank Indonesia is the sole institution authorized to issue and distribute rupiah. The bank is also responsible for the clearing system for payments in rupiah and foreign currency. Bank Indonesia has developed the national payment system. This system offers different methods of payment, such as electronic-based methods, cards, papers, notes and a DVP (delivery versus payment) facility, which is used in inter-currency settlement. The national payment system includes a number of distinct sub-systems. These are:

the National Electronic Clearing System T+0 Clearing Scheduling the Inter-bank Electronic Transaction and Information Service System

(BI-LINE) the Real Time Gross Settlement System (RTGS) the US Dollar Fund Transfer System.

9.1.4 Regulation and supervision

Bank Indonesia issues banking regulations and grants licenses for banks. In addition to licensing banks it:

approves the opening or closing of bank offices approves the suitability of a bank’s owners and management grants permission for certain banking activities.

Chapter 9: Indonesian regulatory framework and risk management regulation


It carries out its supervisory role using a mixture of direct monitoring based on on-site examinations and on-site presence (OSP). It also carries out off-site supervision based on the reporting requirements it sets for banks (see Section 9.4.4 and 9.8).

9.2 Risk management – structure and scope

9.2.1 Applicable regulation

The general requirement for the application of risk management within Indonesian banks is contained in Bank Indonesia regulation 5/8/PBI/2003: “The application of risk management within commercial banks".

This regulation places great emphasis on the risks banks run in undertaking their business and the control structure needed to manage these risks, including risk:

identification measurement monitoring control.

9.2.2 Integrated risk management

Integrated risk management requires banks under Bank Indonesia supervision to manage their risks in an integrated management structure, and to establish the systems and management structure necessary to achieve this.

9.2.3 The application of regulation 5/8/PBI/2003

This regulation applies to commercial banks which are defined as:

banks established with a limited liability banks established under provincial company law banks established under the law relating to cooperatives branches of foreign banks.



9.2.4 The scope of risk management

The board of directors of each bank has the duty to establish that the risks the bank runs in pursuing its business are managed in an effective manner. This requires:

active supervision by the board of commissioners, board of directors and by the relevant risk management personnel of the risks taken by the bank

the establishment of policies and procedures for setting limits for the risks being run by the bank

the establishment of procedures to identify, measure, monitor and control these risks

the establishment of a sound management information structure to support the management of such risks

the establishment of an internal control structure to manage such risks.

9.2.5 Fitting the risk management structure to the bank

The directors and management of the bank, who are formally responsible for implementing an effective risk management policy, must take into account:

the objectives and policies of the bank the complexity of its business model the capability of the bank to manage its business.

Bank Indonesia expects a bank that has highly complex business operations, including bond and currency trading, foreign currency lending and securitization to have a more complex risk management structure than a bank that has a relatively simple savings and lending business. The structure must be designed to ensure that any risk-taking unit is independent of the internal audit unit and also independent of the risk management department. Figure 9.1 below is an example of the risk management structure of a large banking organization.



Figure 9.1

Board of

Commissioners

Board of

Directors

Compliance

DirectorLine Management Risk Director

Compliance

UnitBusiness Units

Risk Management

Unit

Risk Management

Committee

Management Line

Reporting Line

Membership Line

9.2.6 Bank risks requiring management

Bank Indonesia requires the risk management structure of all banks to cover the following risks:

market risk credit risk operational risk liquidity risk.

The definitions of each risk given below are those set out in the Bank Indonesia regulation and may differ from definitions given earlier.

Market risk arises from movement in market variables in portfolios held by a bank that could incur losses for a bank (adverse movement). Market variables are interest rates and exchange rates, including derivatives of these two types of market risk, i.e. changes in options prices (see Section 1.2 and Chapter 4).



Credit risk is the risk of default by a counterparty. Credit risk may arise from various business lines, such as credit (provision of funds), treasury and investment, and trade financing. It is recorded both in the banking book and the trading book (see Section 1.3 and Chapter 5). Operational risk is the risk caused by inadequacy and/or dysfunction of internal processes, human error, system failure, or external problems affecting the operations of a bank. (see Section 1.4 and Chapter 6). Liquidity risk is caused by the inability of a bank to settle liabilities on their due date. If a bank has a more complex business model Bank Indonesia would also expect it to manage:

legal risk reputational risk strategic risk compliance risk.

Legal risk is the risk arising from legal weaknesses, resulting from legal actions, absence of supporting provisions in laws and regulations, or weakness of legally binding provisions, such as the failure to comply with legal requirements for contracts and loopholes in the binding of collateral. Reputation risk is brought about by negative publicity concerning the operations of a bank or negative perceptions of a bank. Strategic risk is brought about by poor setting and implementation of bank strategy, poor business decision-making, or a lack of responsiveness to external changes. Compliance risk is the risk arising from the failure of a bank to comply with or implement laws, regulations, and other applicable legal provisions. Where a bank has suffered losses relating to any of this latter group of risks, it will be required to monitor that specific risk or risks going forward.

9.2.7 Active supervision by the board of commissioners, board of directors and management

The primary responsibility of the bank’s board of commissioners and board of directors is to determine which risk types they are required to manage within their risk management unit given the complexity of their business. They then need to determine how to allocate the authority and responsibility for risk management within the board of directors and management.



The authority and responsibility of the board of commissioners and board of executive directors covers:

approval and evaluation of risk management policies allocation of responsibility to management for the execution of risk

management policies deciding what transactions will require specific board approval.

An example of a transaction that might require board approval could be the granting of loans or the taking of deposits involving a single counterparty in a sum equivalent to, or above, some percentage, say 5%, of the bank’s capital. In the case of either loans or deposits, the acceptance of transactions above some limit would represent a concentration of risk because the bank could be severely affected should the counterparty fail to pay back the loans or withdraw the deposits. While not limited to decisions involving risk concentrations (see Section 5.2.5), most banks will be very concerned by such concentrations, as will their supervisors, and will therefore have a procedure for bringing such concentrations to the board’s attention. The authority and responsibility of management must include the following:

the production of documentation describing the bank’s risk management strategies and policies

the implementation of risk management policy and managing this within the bank’s agreed ‘risk appetite’

determining what transactions require referral to senior risk management personnel

developing the risk culture of the bank developing the risk management skills of all relevant personnel ensuring there is operational independence of risk management and

business management periodically reviewing:

- the accuracy of risk assessment with respect to the risk of dealing with certain transactions or customers compared to the actual results (losses)

- the accuracy and completeness of risk management information and the quality of the systems delivering such information

- the appropriateness of risk limits and the quality of the procedures supporting the allocation of these limits, (i.e. does the appropriate personnel have the appropriate limits to manage the risks for which they are responsible



calculating and reporting: - the bank's overall risk appetite, (i.e. the total amount of risk the bank

wishes to take) - the bank's overall risk profile, (i.e. the distribution of the total risk

across the business) - the bank's ability to manage its risks within the agreed profile and

limits.

9.3 Risk management – limit setting

9.3.1 Policy procedures and limit setting

Risk management policy should contain an assessment of the risks related to each product and transaction. The assessment should include:

a suitable method for measuring the risk the relevant information necessary to assess the risk (to be taken from

the bank's management information systems) the setting of a limit for the total amount of risk, which shall constitute

the bank’s appetite for risk an assessment process for risks within a ranking system, such as a

credit grading process an assessment of a ‘worst case scenario’ for such risks ensuring all risk is subject to a suitable control process (such as regular

review).

9.3.2 Procedure and risk limit assessment

The board of executive directors and senior management must create a process for establishing the risk appetite of the bank that should itself include an appropriate limit setting process. The setting of risk limits should include:

the clear, written delegation of authority to ensure individual accountability (such authorities would normally be documented in each individual job description and would be cross-referenced to the authorities in the manual listing all individual authorities of the board members and of management throughout the bank)

both overall limits and limits by time period (where relevant), in which case the limits should be documented by reference to ‘ladders’ setting say interest rate limits for forward contracts

full documentation (as described above) which must also be produced to reinforce the limit assessment process (this will normally be evidenced by such documents as Role Profiles, Annual Performance Assessments, Authorities and Controls Manuals, etc.).



Risk limits must be set:

by overall amount, i.e. risk appetite individually by risk type, (e.g. credit risk, market risk, operational risk,

liquidity risk, etc.) by function, (e.g. Treasury, branch management, risk management,

board members).

9.4 Risk management – information and analysis

9.4.1 Identification process

The board of directors of a bank has a general duty to ensure that:

all risks (interest rate risk, currency risk, liquidity risk, etc.) are identified all material risks are measured, monitored and controlled such risk measurement is supported by information which is up to date,

accurate and complete. The identification of risk factors is usually carried out by the risk management unit following consultation with the trading departments. In addition to identifying the risk factors, the risk management unit (RMU) will seek to source independent daily closing prices for each of the factors. This is to ensure that revaluation of the bank’s positions is determined independently of the traders. This process should be supplemented by daily analysis of the financial performance of the trading activities to ensure that the reported profit and loss figures are consistent with the risk profile of the bank.

9.4.2 Implementation and monitoring

The process of risk analysis must identify all the risk characteristics of the bank (usually starting with a breakdown of the type of business undertaken), as well as the risks associated with each product and business activity of the bank. This will involve a breakdown by risk factors but will also consider such risks as performance risk and confidentiality risk. Within this product and business based risk analysis the measurement of risks must be:

produced by time period (where relevant) state the source of the data used



state the procedures used for measuring the risk have the ability to show when any changes in the bank’s risk profile

have occurred. The risk monitoring process must evaluate all risk exposures and create a reporting process that reflects any changes in the bank’s risk profile.

9.4.3 Management and control

The risk management process must create a structure that can manage any risks that are considered a potential threat to the continuation of the bank’s business. To this end the risk control process should include an asset and liability management (ALM) process (see Chapter 4) for the management of:

currency risk interest rate risk liquidity risk.

Such a process may, for banks with a limited trading business, be sufficient to manage all of the above risks.

9.4.4 Information systems

Risk management information systems must be capable of reporting:

all risk exposures actual exposures compared to agreed limits the actual outcomes associated with holding these risks, (e.g. losses)

versus the target loss level, (i.e. the risk appetite). The Chief Risk Officer must regularly review risk reports from the risk management system.

9.5 Risk management – internal controls

9.5.1 Internal control systems

The board of directors of a bank has a general obligation to ensure that the bank has implemented internal control systems by business activity across all of the bank’s operations. The internal control systems should be capable of identifying any failures in control and any deviation from the bank’s documented policies, procedures and processes.



The internal control system should:

comply with the appropriate Bank Indonesia regulation comply with the bank's internal requirements as set by the board of

directors and the management make use in the reporting process of financial information that is

comprehensive, accurate and up-to-date be appropriate to support management in making decisions to accept or

decline risks create a culture of risk-based reporting throughout the bank.

9.5.2 Internal control systems and risk management implementation – the role of Internal Audit

Internal Audit is an independent function within a bank. Its main role is to carry out continuing assessment through the production of reports that analyze the methodologies, procedures and processes within the risk management organization of the bank. In this ‘policing’ role it is common for the internal audit department to report to the President Director of the bank; it should not report to the Chief Risk Officer. Such written reports would normally cover:

the suitability of the bank's internal control systems to the type of risk the bank is running

compliance assessment against the policies, procedures and limits as laid down by the bank itself and as agreed with Bank Indonesia as the bank's supervisor

the independence of the bank’s risk management control function from its business management

the structure of the bank showing its organization and clearly evidencing the separation of powers and reporting lines for risk management, the business management and Internal Audit. This will normally involve the certification of a structure chart clearly showing appropriate reporting lines with attached job descriptions and the limits and authorities of all personnel

the accuracy and timeliness of all financial reporting and management information reporting

the compliance of the bank to Bank Indonesia regulatory requirements and any other requirements of Bank Indonesia as supervisor of the bank, (e.g. supervisor’s queries resulting from the supervisory control process)

the independence and objectivity of the risk management function the adequacy of information to support business decision-making by

management



the adequacy of documentation to support operational processes (usually through the production of end-to-end process maps)

the quality of management response, and timeliness of such response, to external and internal audit queries

any perceived weakness in the bank’s operations and the management response to such weakness.

9.6 Risk management – the risk management unit

9.6.1 The organization of the risk management function

The board of directors of a bank has a general obligation to create an organizational structure for managing the bank’s risk that includes a risk management committee and a risk management unit. The membership of the risk management committee shall consist of the majority of the board of directors together with appropriate executive officers. The risk management committee must provide recommendations to the President Director on the following issues:

risk policy, strategy and application any change process which results from internal audit recommendations

or other evaluation of the risk management process explaining to Bank Indonesia and to the bank’s board of directors any

decisions made by the bank which contradict the bank’s stated risk management policy.

9.6.2 The structure of the risk management unit

The overriding requirements for the structure of the risk management unit are that:

it should be appropriate to control the size and complexity of the risks the bank plans to take

it has operational and reporting independence from the business units, (e.g. the branch and management, the group's central lending teams, the Treasury)

it reports to a member of the bank’s board of directors (typically the Chief Risk Officer).



The risk management unit should be responsible for:

monitoring the implementation of the risk management strategy as agreed by the board of directors of the bank and the supervisory authorities (BI)

monitoring the overall level of risk being run by the bank and comparing this to the bank's overall risk appetite (as agreed by the board of directors and the supervisory authority (BI)

monitoring the level of risk being run by the bank against the risk limits set for each type of risk, (e.g. credit, market, operational risk)

performing stress tests conducting regular reviews of the bank’s risk management procedures

and processes, (e.g. loan sanctioning processes, bad debt management processes, etc.)

examining proposals for implementing new products and services conducting regular examination of the predictive capabilities of the

bank’s risk models versus the actual outcomes of the risk-taking process, (e.g. monitoring of actual bad loan levels versus the bad loan levels predicted by the bank's loan and grading models)

making recommendations to the bank’s risk management committee regarding all aspects of the bank’s risk management process

reporting on a regular basis the bank’s risk profile to the head of risk management and the bank's risk committee.

9.6.3 The bank’s risk-taking businesses and the risk management unit

The risk-taking businesses of the bank, (e.g. trading teams, lending teams, corporate finance) must provide comprehensive reports of their risk exposures to the risk management department on a regular basis.

9.7 Risk management – new products and services

9.7.1 Introduction of new products and services

Banks must document their new product and service introduction processes and procedures including the relevant authorizations of the management concerned. Documentation should include:

systems introduction/change processes and procedures for the implementation of new products and services

the relevant authorizations of product management for introducing such new products and services

a comprehensive report on the risks associated with any proposed new product or service



the method for measuring and for monitoring, on a continuing basis, risks associated with the new product or service

an assessment of the legal risks associated with the introduction of any new product or service

a disclosure statement for customers regarding any inherent risks associated with the new product or service.

9.8 Risk management – reporting requirements

9.8.1 Risk profile reports

Banks must report their risk profile to Bank Indonesia and such reports must contain the same information as that produced by the risk management department for the head of that department (Chief Risk Officer) and for the risk management committee. The risk profile report must be provided on a quarterly basis in March, June, September and December and these reports must be provided to Bank Indonesia within seven days of the relevant quarter-end.

9.8.2 New product and service activity report

Banks must report new products and services for customers to Bank Indonesia. The report must cover all new products and services and be provided to Bank Indonesia on a quarterly basis within seven days of the quarter-end.

9.8.3 Significant financial loss reports

Any bank making a significant financial loss must report this immediately to Bank Indonesia.

9.8.4 Published report and accounts

In the interests of transparency banks must publish adequate information covering their risk management policies and strategies, and their adherence to relevant limits for risk, in addition to information regarding the financial condition of the bank. All published reports must be agreed with Bank Indonesia.

9.9 Risk management – supervisory sanctions

9.9.1 Sanctions for non-compliance

Bank Indonesia has wide ranging powers to apply sanctions to banks that fail to comply with banking regulations. Such sanctions range from the imposition of fines, ultimately to the revocation of the offending bank’s license.



Sample questions

1. Bank Indonesia’s primary objective is to:

a) Keep interest rates low c) Lend development funds to local government

b) Maintain the stability of the rupiah value

d) Boost international trade

2. Every bank’s risk management unit must:

a) Have the same number of staff

c) Be managed externally

b) Report to the trading manager d) Have appropriate resources for the size and level of risk of the bank

3. Whose responsibility is it to ensure that a bank has implemented internal

control systems by business activity across all of its operations?

a) Bank Indonesia c) External auditors b) Board of directors d) Risk Management Unit




Summary

This chapter has introduced a number of key concepts and issues involved in the Indonesian regulatory framework. Students should review this summary before proceeding.

The role of Bank Indonesia

Bank Indonesia (BI) acts as central bank to the banking system. It is a state entity that is independent of government control. BI’s objective is to maintain the stability of the rupiah value.

Bank Indonesia implements monetary policy by targeting its official interest rate, known as the BI Rate. The rate is the equivalent of a one-month market rate and is set as part of Bank Indonesia’s Inflation Targeting Framework.

Bank Indonesia is the sole institution authorized to issue and distribute rupiah. The bank is also responsible for the clearing system for payments in rupiah and foreign currency.

Bank Indonesia issues banking regulations and grants licenses for banks. It carries out its supervisory role using a mixture of direct monitoring based on on-site examinations and on-site presence (OSP). It also carries out off-site supervision based on the reporting requirements it sets for banks.

Risk management – structure and scope

The general requirement for the application of risk management within Indonesian banks is contained in Bank Indonesia regulation 5/8/PBI/2003.

Integrated risk management requires banks under Bank Indonesia supervision to manage their risks in an integrated management structure, and to establish the systems and management structure necessary to achieve this.

The board of directors of each bank has the duty to establish that the risks the bank runs in pursuing its business are managed in an effective manner.

Bank Indonesia expects a bank that has highly complex business operations, including bond and currency trading, foreign currency lending and securitization to have a more complex risk management structure than a bank that has a relatively simple savings and lending business.

Bank Indonesia requires the risk management structure of all banks to cover the following risks: market risk, credit risk, operational risk and liquidity risk.



If a bank has a more complex business model, Bank Indonesia would also expect it to manage legal risk, reputational risk, strategic risk and compliance risk.

The primary responsibility of the bank’s board of commissioners and board of executive directors is to determine which risk types they are required to manage within their risk management unit given the complexity of their business.

Risk management – limit setting

Risk management policy should contain an assessment of the risks related to each product and transaction.

The board of executive directors and senior management must create a process for establishing the ‘risk appetite’ of the bank that should itself include an appropriate limit setting process.

Risk management – information and analysis

The board of directors of a bank has a general duty to ensure that all risk are identified, measured, monitored and controlled.

The process of risk analysis must identify all the risk characteristics of the bank (usually starting with a breakdown of the type of business undertaken), as well as the risks associated with each product and business activity of the bank.

The risk monitoring process must evaluate all risk exposures and create a reporting process that reflects any changes in the bank’s risk profile.

The risk management process must create a structure that can manage any risks that are considered a potential threat to the continuation of the bank’s business.

Risk management – internal controls

The board of directors of a bank has a general obligation to ensure that the bank has implemented internal control systems by business activity, across all of the bank’s operations.

The internal control systems should be capable of identifying any failures in control and any deviation from the bank’s documented policies, procedures and processes.

Internal Audit is an independent function within a bank. Its main role is to carry out continuing assessment through the production of reports that analyze the methodologies, procedures and processes within the risk management organization of the bank.



Risk management – the risk management unit

The board of executive directors of a bank has a general obligation to create an organizational structure for managing the bank’s risk that includes a risk management committee and a risk management unit.

The membership of the risk management committee shall consist of the majority of the board of directors together with appropriate executive officers.

The risk-taking businesses of the bank, (e.g. trading teams, lending teams, corporate finance) must provide comprehensive reports of their risk exposures to the risk management department on a regular basis.

Risk management – new products and services

Banks must document their new product and service introduction processes and procedures including the relevant authorizations of the management concerned.

Risk management – reporting requirements

Banks must report their risk profile to Bank Indonesia and such reports must contain the same information as that produced by the risk management department for the head of that department (Chief Risk Officer) and for the risk management committee.

Banks must report new products and services for customers to Bank Indonesia.

Any bank making a significant financial loss must report this immediately to Bank Indonesia.

Banks must publish adequate information covering their risk management policies and strategies and their adherence to relevant limits for risk, in addition to information regarding the financial condition of the bank.

Risk management – supervisory sanctions

Bank Indonesia has wide ranging powers to apply sanctions to banks that fail to comply with banking regulations. Such sanctions range from the imposition of fines, ultimately to the revocation of the offending bank’s license.

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko Appendix : 1

Appendix: Answers to sample questions Listed below are the answers to the sample questions that can be found throughout this module.

Chapter 1

Q1 b Q5 c Q2 a Q6 b Q3 d Q7 c Q4 b

Chapter 2

Q1 b Q5 c Q2 a Q6 b Q3 b Q7 b Q4 c

Chapter 3

Q1 a Q4 c Q2 b Q5 b Q3 c

Chapter 4

Q1 c Q4 c Q2 d Q5 d Q3 a

Chapter 5

Q1 b Q3 b Q2 a Q4 d

Appendix: Answers to sample questions

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko Appendix : 2

Chapter 6

Q1 b Q4 c Q2 d Q5 a Q3 c

Chapter 7

Q1 b Q2 d Q3 a

Chapter 8

Q1 c Q2 b Q3 c

Chapter 9

Q1 b Q2 d Q3 b

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko Glossary : 1

Glossary

A Amortization The process of repaying the principal amount of a financial liability in installments over the life of the transaction, rather than as one payment at the end of the transaction.

B Benchmark bond A bond whose price is used as a benchmark for other bonds with a similar maturity date within the same market. For example, benchmark bonds are used in government bond markets.

Broker A broker acts as an intermediary between two institutions that are party to a transaction. A broker will seek to match the requirements of its clients to enable the transaction to be completed, and receives commission for each deal completed.

C Call provisions A bond that can be issued with provisions allowing issuer to repay or ‘call’ the bond at a date or dates earlier than the maturity date.

Capital The intrinsic value of a company. It is the value of the company’s assets minus the value of its liabilities. Capital represents the financial resources available to absorb unexpected losses.

Capital ratio The ratio of a firm's capital to its assets.

Central Bank Discount Rate

The interest rate at which a central bank will lend funds to the banking market for short-term liquidity purposes.

Certificate of Deposit A certificate issued by a bank as evidence of a deposit with that bank which states the maturity date and the principal plus interest due at maturity.

Clearing house A company that acts as the legal counterparty for all transactions traded between its members. The clearing house is responsible for confirming, matching and settling all trades between its members.

Collateralized bond A bond whose credit quality has been enhanced by the provision of collateral by the issuer to mitigate the risk of default.

Commercial paper Short-term bonds, usually with a maturity of less than one year, used mainly to meet short-term financing needs.

Glossary

Glossary : 2 © Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko

Corporate bond A bond issued by a non-financial company.

Corporate credit risk The risk of a non-financial company being unable to meet its financial obligations.

Correlation A statistical measure referring to the relationship between two or more prices or events.

Correspondent bank A bank that performs services for another bank.

Credit derivative A contract that transfers the risk of a credit event from one party to another. The credit event may be bankruptcy, a credit rating downgrade or any other definable credit event.

D Default The failure of a counterparty to meet a financial obligation.

Discounting The process of finding the present value of a future cash flow.

Disclosed reserves Reserves held by a bank and published in its audited accounts.

E Embedded option An option contract that is part of a financial transaction that includes other financial obligations in addition to the option contract.

F Financial intermediation The role carried out by banks acting as intermediaries between borrowers and savers.

Finance theory The academic study of financial markets.

Fixing date The date on which a variable interest rate is fixed for a specified period of time.

Fixed rate An interest rate that does not vary for a set period of time.

Floating rate A variable interest rate that will ‘float’ up and down during the life of a transaction.

Foreign currency reserves

Funds held by governments as part of their exchange rate management process. Such reserves are used to stabilize day-to-day exchange rate movements.

Fully paid up shares Shares where the total amount payable has been paid to the company.

G General loan loss reserves

Funds held by a bank as a ‘buffer’ against expected losses from a loan portfolio.

General provisions Funds held by a bank as a buffer against future liabilities that cannot be fully quantified.

Governance structure The process, systems and controls that are used to safeguard and manage a bank’s business activities.

Glossary


Government securities Bonds issued by sovereign authorities.

Group of Seven (G7) The seven leading industrial countries of the world which are Canada, France, Germany, Italy, Japan, the United Kingdom and the United States.

H Hybrid capital instruments

Capital instruments that combine certain characteristics of both equity instruments and debt instruments.

I Investment grade Bonds with a credit rating of BBB or above.

Investment Services Directive

A European Union Directive that allows firms established in any EU member state to conduct investment business in any other EU state.

Issuer An entity that issues shares or bonds in its own name to the public.

L Lamfalussy report The report of the Committee of Wise Men on the Regulation of European Securities Markets under the chairmanship of Alexandre Lamfalussy.

Loan equivalent A ‘synthetic’ loan position created from another type of financial contract.

M Margin calls Funds paid or received in respect of changes in the value of exchange traded contracts.

Marking-to-model The process whereby the value of a transaction is obtained by creating a value using a financial model. This technique is used if it is not possible to obtain a market value for the transaction.

Mismatch position The residual risk position created by two or more transactions that do not have the same maturity date.

Money market The financial market place where loans, deposits and other related instruments are traded.

Monte Carlo simulation A mathematical process used to create a random series of price changes for use in VaR models.

Multilateral development banks

Institutions that provide financial support and professional advice for economic and social development activities in developing countries, for example the World Bank and the European Bank for Reconstruction and Development.

N Net earnings The income received after the deduction of costs.

Netting A legal procedure that allows banks to offset the money due to a counterparty against the money due from a counterparty. This significantly reduces credit risk losses in the event of a default.

Glossary

Glossary : 4 © Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko

Non-cumulative perpetual preferred stock

A debt instrument that has no maturity date. The issuer has the option to pay a dividend and dividends do not accumulate if they are not paid. This type of stock is preferred in that the issuer must pay the dividend before it can pay a dividend to ordinary shareholders.

Notional amount The principal amount on which the value of a financial instrument is based.

O OECD Organisation for Economic Co-operation and Development. A group of 30 countries sharing a commitment to democratic government and the market economy.

P Parallel running A process where a new system or process is operated concurrently with an existing system or process.

Provisions Funds held to cover future liabilities.

Public sector entities Organizations owned by a local, state or federal government.

R Regulatory capital The capital requirement set by banking regulators.

Reporting currency The currency in which a company’s accounts are denominated.

Return The profit made expressed as a percentage of the amount invested.

Residual maturity The amount of time remaining to the maturity of a transaction.

S Secondary trading market

A market where financial instruments are traded after they have been issued.

Spread The difference between two market prices, for example the difference between the buying and selling price for foreign currency.

Subordinated debt Debt instruments whose right to repayment in the event of the liquidation of the company is ranked lower than the general creditors of the company. Therefore holders of such debt are less likely to be repaid if the company fails.

Syndicated lending A type of lending where loans are made jointly by a number of banks. This is mainly used for very large loans where one bank does not wish to take all the risk.

T Thrift institutions US financial institutions that include savings and loan associations, savings banks and credit unions.

U Undertakings for Collective Investment of Transferable Securities (UCITS)

This is legislation governing the marketing of mutual funds within the European Union. Mutual funds that operate under this legislation are also referred to by this name.

Glossary


V Volatility A statistical measure of how much a market price will fluctuate over a given period of time.

Y Yield The return received from an investment usually expressed as the annual percentage return on the amount invested.

Z Zero sum game A phrase describing the overall impact of speculative trading in the financial markets. It refers to the fact that for every participant that makes a profit, there must be another making an equivalent loss. Overall the amount of money in the market does not change.

Indonesia Certificate in Banking Risk and Regulation

LEVEL 1

2005

First edition published in Great Britain by Global Association of Risk Professionals

4th Floor, 150–152 Fenchurch Street, London EC3M 6BB England Tel: +44 (0)20 7626 9300 Fax: +44 (0)20 7626 9900

Website: www.garp.com

© Global Association of Risk Professionals, 2005

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,

photocopying, recording, scanning or otherwise, without the prior permission in writing of Global Association of Risk Professionals, or as expressly permitted by law, or under

the terms agreed with the appropriate reprographics rights organization. Enquiries concerning reproduction outside the scope of the above should be sent to the Global Association of Risk Professionals, at the address above.

You must not circulate this book in any other binding or cover

and you must impose the same condition on any acquirer.

The Global Association of Risk Professionals has made every effort to ensure that at the time of writing the contents of this study text are accurate, but neither GARP nor its directors or employees shall be under any liability whatsoever for any inaccurate or misleading information this work could contain.

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko iii

Contents Introduction iv Program specification vi Level specification vii Syllabus and learning outcomes viii User guide ix

Section A Banking risk and regulation

Chapter 1 The nature of risk and regulation in banking 3 Chapter 2 The evolution of risk management and regulation in banking 43 Chapter 3 The development of risk-based supervision of banks 73

Section B An introduction to market, credit and operational risk

Chapter 4 The nature of market risk and treasury risk 3 Chapter 5 The nature of credit risk 37 Chapter 6 The nature of operational risk 57

Section C Supervision, disclosure and governance

Chapter 7 An introduction to supervisory review and bank disclosure requirements 3 Chapter 8 Corporate governance for banks 15 Chapter 9 The Indonesian regulatory framework 25

Glossary Appendix: Answers to sample questions

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko iv

Introduction

Why a new qualification?

The role of risk management is becoming more important as both banks and supervisors around the world increasingly recognize that good risk management practices are vital, not only for the success of individual banks, but for the banking system as a whole. As a result, the world’s most influential banking supervisors have developed a new set of regulations based on a number of ‘good practice’ methodologies used in risk management. Under this new regime banks are required to measure and manage their risks to certain standards using methodologies set out in the new risk-based regulations. In developing the good practice methodologies regulators have drawn heavily on the risk management practices of many highly regarded banks.

International banking standards for risk management and regulation

The importance of these risk management methodologies as a basis for regulation is hard to overstate. It means that they are likely to gain worldwide acceptance as the standards for risk management in banks. Such acceptance is perhaps surprising because these standards (known as the Basel II standards) were originally developed as the basis for regulating the relatively small number of large international banks. However their adoption across the 25-member states of the European Union, as a basis for all bank regulation, is also likely to lead to their adoption (often with modifications) in a number of other countries.

Implementation of risk-based regulation

The good practice risk management methodologies as defined in Basel II cover market, credit and operational risk. Within each risk category there are three good practice methodologies that banks can use to manage the level of each risk:

a simple technique an intermediate technique an advanced technique.

Banks are required to obtain the approval of their supervisor before using any of the methodologies. Choosing the appropriate methodology depends on the types of risk a bank is exposed to, as well as its capabilities

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko v

(including staff competencies). Banks able to use the advanced methodologies are likely to have lower capital requirements. Regardless of which methodology they choose, banks are required to submit reports to their supervisors covering their risk profile which is based on the agreed risk management methodology.

The Indonesian perspective

Bank Indonesia has indicated that it intends to move the regulation of banks under its jurisdiction towards a Basel II compliant framework.

Implications for staff education and training

The implementation of risk-based regulation means that bank staff, as well as bank supervisors, will need to be educated and trained in Basel II compliant risk management approaches. Consequently this new qualification, the Indonesia Certificate in Banking Risk and Regulation, is designed to provide bank staff affected by the introduction of risk-based regulation with a basic understanding of the methodologies and the role they will play in managing the risk profiles of banks.

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko vi

Program specification

Indonesia Certificate in Banking Risk and Regulation

The Indonesia Certificate in Banking Risk and Regulation is designed to allow students to develop their knowledge and understanding of the regulations that apply to the risk management and supervision of risk in banks, and the maintenance of adequate capital to cover those risks. The Certificate consists of five levels. Level 1 will provide an introduction to all the subjects covered in the Certificate program. Levels 2 to 5 will cover each subject in greater depth. On completion of the relevant levels students will be expected to show relevant knowledge and understanding of banking regulations issued by Bank Indonesia and the regulatory framework set out by the Bank for International Settlements (BIS). At the end of each level there will be an examination consisting primarily of multiple-choice questions. A certificate will be awarded upon completion of each level. Students will also be required to develop some understanding of other aspects of risk-based management, notably statistical analysis, treasury risk management and governance structures for the management of risk in banks.

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko vii

Level specification

1 Title Level 1 3 Program of study to which module contributes Indonesia Certificate in Banking Risk and Regulation 4 Intended subject-specific learning outcomes On completion of this module, students will be able (at an introductory

level) to:

(a) Demonstrate an understanding of the need for banking regulation, the relationship between risk and minimum capital requirements, and the risk-based regulatory framework

(b) Demonstrate a basic understanding of the main types of risks inherent in banking

(c) Demonstrate a basic understanding of the supervision of banks, the disclosure of market information and Indonesian banking regulations.

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko viii

Syllabus and learning outcomes

Banking risk and regulation

On completion of this part of the module, candidates will be expected to:

Demonstrate an understanding of: Level

Chapter 1 The nature of risk and regulation in banking Comprehension

Chapter 2 The evolution of risk management and regulation in banking

Comprehension

Chapter 3 The development of risk-based supervision of banks

Comprehension

An introduction to market, credit and operational risk



Chapter 4 The nature of market risk and treasury risk Comprehension

Chapter 5 The nature of credit risk Comprehension

Chapter 6 The nature of operational risk Comprehension

Supervision, disclosure and governance



Chapter 7 An introduction to supervisory review and bank disclosure requirements

Comprehension

Chapter 8 Corporate governance for banks Comprehension

Chapter 9 The Indonesian regulatory framework Comprehension

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko ix

User guide

This study text has been designed to assist students in preparing for Level 1 of the Indonesia Certificate in Banking Risk and Regulation examination. It covers all the topics in the Level 1 Syllabus and is presented in a user-friendly format to enable candidates to understand the key terms and concepts of risk-based regulation. This study text contains many technical terms used in risk management. Where appropriate these terms are defined. However, candidates are required to have both a reasonable understanding and some experience of banking. Therefore they are expected to know terms commonly used in the finance industry. In each chapter you will find a number of examples of actual financial events as well as case study scenarios, diagrams and tables aimed at explaining the regulations and methodologies contained in the Basel I and II Capital Accords. At the end of each chapter we have provided a series of exam-type questions that have been developed to help you prepare for the examination. The questions will test your understanding of what has been covered in each chapter. It is important that you take the time to answer the questions and then compare your answers with those provided in the Appendix. It is also important that you feel comfortable with the material covered in each chapter before proceeding to the next. To help highlight important information, we have developed a series of icons that will appear in the left margin:

Definitions of important terms Important points to understand

It should also be noted that this study text has adopted the standard codes used by banks throughout the world to identify currencies for the purposes of trading, settlement and the displaying of market prices. The codes, set by the International Organization for Standardization (ISO), avoid the confusion that could result as many currencies have similar names. For example, the text uses USD for the US dollar, GBP for the British pound, EUR for the euro and JPY for the Japanese yen.

© Global Association of Risk Professionals & Badan Sertifikasi Manajemen Risiko x

This study text also contains a detailed Glossary and we recommend that you refer to it to help you understand the key terms and concepts used throughout the module.

GARP would like to take this opportunity to thank Alan Peachey, author of Great Financial Disasters of Our Time for providing many of the ideas for the real world examples that appear throughout this study text.

Documents

Workbook BSMR Level 1 (English)