97 INSTITUTE OF BANKERS OF SRI LANKA Diploma in Banking & Finance Examination March 2008 Risk Financing and Management (98) INSTRUCTIONS TO CANDIDATES 1. Do NOT open this question paper until instructed to do so. 2. Read the instructions on the cover of the answer book. 3. Time allowed 3 hours + 15 minutes reading time. 4. This paper consists of 7 questions from Sections A and B. 5. Section A consists of one compulsory question carrying 20 marks. 6. Section B consists of six questions carrying 20 marks each. 7. Answer Question No. 01 and four questions from Section B. A qualification examined by Institute of Bankers of Sri Lanka and jointly awarded with ifs School of Finance, UK
Section A All candidates must answer Question 1 1. "All risks faced by business are essentially similar in nature, and all have similar possibilities for reduction by application of the tools of risk management, and of insurance in particular." Demonstrating your knowledge of the range of business risks, evaluate the accuracy of the above statement in relation to decisions to bear or to transfer risks. (20 Marks) Section B Answer four questions from this section. 2. Summarise the main sources of market risk with respect to a commercial bank. Discuss the importance of identifying and assessing this risk in the context of trading and investing activities of a bank. (9 marks) (c) Explain the different techniques of market risk assessment. 3. Identify the main committees that are responsible for the effective maintenance of the risk management process of a bank and explain their main activities. (8 marks) Explain the tasks of one such committee in relation to managing risks in the organization. (12 marks) 4. Describe the causes of operational risk in a banking organization. Discuss the challenges faced by banks in assessing and quantifying operational risk. (9 marks) (c) Identify and explain the approaches, as given in the Basel II regulations, on quantifying operational risks in banks. 2
5. Summarise the main features of risk mitigation process followed in a banking organization. Summarise the specific financial instruments and techniques used in risk mitigation / transfer. (c) Discuss the effectiveness of each of these financial instruments / techniques in risk mitigation / transfer. (8 marks) 6. Explain the key features of four of the following (c) (d) (e) Enterprise wide risk management Maturity mismatch Value at risk Systematic risk Statutory liquid asset ratio. (5 marks each) 7. Identify and discuss the implications of credit risk on the day-to-day business of a Commercial bank. Summarise the methods used in financing credit risk. (7 marks) (c) Explain the role of rating agencies in identifying and assessing credit risk. (7 marks) 3
1. INSTITUTE OF BANKERS OF SRI LANKA Diploma in Banking and Finance Examination March 2008 Risk Financing and Management (98) Suggested Answers Section A Broadly, candidates are expected to refute the strength of the assertion. The range of risks faced by business and the possibilities for risk management may be explored by pointing to different classifications and explanations of risk, and by highlighting the limitations ofinsurability. At a macro level, corporate risk is already diversified through widespread share ownership and particularly through institutional investors. How similar are risks? Distinction between hazard and peril. Natural perils and human perils. There is a range ofsources ofrisk or risk exposures. ~ Financial risks ~ Natural risks ~ Human capital risks ~ Operational risks ~ Technological risks ~ Political risks ~ Legal risks Pure risk and speculative risk Financial risk and non-financial risk
Core risk and non-core ~ Corporates are in the business oftaking risks and in return they earn profit e.g. an oil company takes risks exploring for oil. It relies on exploration technology and geological knowledge to increase odds in its favour. This is a core competency or core risk. Incidental or non-core risks are those where there is no extra profit for bearing such risks e.g. accidental risk of engineers killed in an air crash, or of an adverse change in currency exchange rate between the Country of Exploration and the domicile country. Upside risk and downside risk. What is important to one corporate or other type oforganisation may not be important to another. Consider the place of risk and reward in decisions to bear risks. Understanding the cost of risk. }.> Range ofdisruptive effects of risk on business. }.> Need to understand disruptive effects of risk in order to devise appropriate risk management strategies. }.> Fluctuating cash flows - desirability ofsmoothing. }.> Losses may absorb internal funds. }.> Restrict funds for new investments. }.> Costly access to fresh capital. }.>. Affect reward for managers and employees. }.> Costs to externals e.g. creditors. Possibil ities for reduction of risk. }.> Risk management process. }.> Tools ofrisk management. ~ Two generic risk management strategies - either remove the risk or live with it but reduce its cost. Other risk management techniques applicable only for spreading risks. }.> Mix oftechniques. )0> Decision to insure, hedge or manage particular risks by other means cannot be taken in isolation - risks are often inter-dependant. Risk management tools are part of a risk management process. used in the context ofapplying that process. They need to be 2
Although insurance is still the prime method used by most companies to finance the range ofrisks that face their businesses, there are limits to 'insurability'. Insurable risks have the following characteristics:» Fortuitous event - must be entirely accidental and unexpected from the perspective ofthe insured. A large number of policies must be written to create a risk pool where the losses ofthe few can be oaid for bv the contributions or premiums ofthe many.» The insured risk must be homogenous (or similar).» Individual claims are uncorrelated - meaning that if there is one claim there will be many. Also called 'contagion' risk. Financial cost - the consequence of the loss event must be measurable in financial terms i.e. a payment to repair or replace any damaged property or to reimburse any legal or other costs involved. Insurable Interest - the insured must suffer the financial consequences of the loss event for themselves. Thus ownership of a specific property usually satisfies the requirement of insurable interest for that owner to insure that property. This is in contrast to the purchase of, for example, financial hedging instruments which are available to individual or company to purchase and the only obligation is to meet any margin payments when they are due. Indemnity settlement - The insured should not be able to profit in any way from the occurrence of an insured event and the subsequent insurance loss settlement. With derivatives. on the other hand, no distinction is made between buying for risk hedging or for speculative purposes.» Insurers must be able to charge an economic premium. The level of premium must be sufficiently low in relation to the value at risk to make insurance an attractive alternative to self-insurance. Section B (20 Marks) 2. Since the banks have several activities and undertake transactions that result in market exposure, they are exposed to market risks. When,the banks' trading portfolios and proprietary positions are exposed to interest rate, exchange rate, equity price and commodity price variations banks wi II have to bear the downside of it. Due to the interest rate volatility banks face two types oflosses. In one way interest rate volatility affects the earning potential of the bank, This is called the earning perspective of the interest rate risk. At the same time, market value of a portfolio of securities also fluctuates with interest rate volatility. Downside of this variation is known as the market value perspective. All the above scenarios can be considered as sources of market risk in relation to a commercial bank. 3
In order to take prudent decisions on business transactions banks should identify and assess the risks pertaining to the transactions. Specially when the banks deal with transactions in their trading and investment portfolios they should get a proper idea about the potential risk of relevant transactions. They are in a position to provide adequate mitigatory inputs when they already know the magnitude ofpotentiaj risk. Risk levels can be categorized into low, medium and high levels. If the risk level comes under low or medium level, day to day income ofthe business can compensate any losses arising from that type of risks. However if the risk level is high for a certain transaction it has to be borne by the capital itself. Therefore it is advisable to gz....ge the potentia' risk of any business transaction before hand. (9 marks) (c) (i) (ii) Following a modified duration methodology. Value at risk - variance - covariance method historical simulation and Monte Carlo simulation. (iii) Sensitivity measures. 3. (i) Risk management committee - formulating the policy on Risk Management (ii) (iii) Asset and liability management committee- Dealing with matters pertaining to Maturity and profitability ofassets & liabilities Audit committee- assuming responsibility on matters pertaining to audit functions (iv) Credit policy committee- Formulate policies on Credit Administration, Disbursement, & Portfolio Management, Evaluation, (8 marks) (i) Risk Management Committee Setting guidelines for risk management and reporting Ensure that the risk management processes conform to the policy Setting up prudential limits and its periodic review Ensure robustness ofmeasurement ofrisk models. Ensure proper manning for the process. 4
(ii) Asset and Liability Management Committee (ALCO) Implementation ofrisk and business policies simultaneously. Decides on the business strategy to achieve the above objectives. The following tasks also are handled by the ALCO. ~ Pricing advance and deposit products. ~ Observing the maturity profiles and mix of incremental assets and liabilities ~ Articulating interest rate view ofthe bank. ~ Implementing funding policy. ~ Implementing transfer pricing mechanism. ~ Managing the balance sheet. ~ Setting up operating prudential limits and reviewing authority for the line management. (iii) Audit committee Responsible to maintain a comprehensive internal audit system. See that a climate of integrity is built and well established. Ensuring the adequacy ofinternal control policies, systems and practices in order to promote efficiency and effectiveness ofoperations, financial reporting and compliance. Reviewing financial statements and give comments and suggestions to rectify any issues. Ensuring that the business risks are identified and that appropriate action is taken to monitor them and minimize exposure to them. (iv) Credit Policy committee Deals with issues relating to credit policy and procedures. The committee takes responsibility to analyse, manage and control credit risk on a bank wide basis. It formulates policies on standards for presentation of credit proposals, financial covenants, rating standards and bench marks, delegation of credit approving powers, prudential limits on large credit exposures. Ensure to avoid high concentrations. Set standards for loan collateral, portfolio management loan review mechanisms, risk monitoring and evaluation, pricing of loans, provisioning and compliance. (12 marks) 5
4. zeople oriented causes negligence, incompetence, inadequate training integrity key people. Transaction based causes business volume fluctuations organizational complexity product complexity and major changes. Process oriented causes inadequate segregation of duties, lack of management supervision, inadequate procedures. Technology oriented causes Poor technology and communication systems. Outdated applications lack of automation information system complexity, poor design development and testing. External causes Natural disasters, operational failures of a third party deteriorated social or political context. 5. (c) Usually behaviour pattern of operational risk does not follow a normal curve. This makes it difficult to estimate the probability of an event resulting in losses. If it is done on a historical basis, all the operating losses require a data set with statistically acceptable numbers of losses. Recognition of loss events and attributing a probability to each of these events will be a great challenge. In this endeavour operational risk has to be categorized under low medium and high intensity and the frequency of occurrence should also be taken into consideration. Initially the organization has to identify the risk events and establish the key risk indicators. This exercise should be carried out on an enterprise wide basis in order to asses the operational risk comprehensively. This is a challenging process which requires the commitment and guidance ofthe corporate management. (i) (ii) (iii) Basic indicator approach Standardized approach. Advanced measurement approach. (9 marks) Risk mitigation is the process of eliminating or reducing the uncertainties associated with the risk elements. Banks can cite many examples in risk mitigation which follows the aforesaid concept. One may like to enter into a sales contract with the bank. Since this contract would specify volume and the price the uncertainty associated with them would be contained. Even though risk mitigation mechanisms help in reducing adverse impact on profits, it limits upside potential as well. However, through these mechanisms organization achieves stability in its net cash flow and risks stand reduced. For mitigating credit risk banks have been using traditional techniques such as collateralization or they may buy other types of credit derivatives of insurance devices. 6
(c) forward rate agreements Interest rate swaps Forward contracts Option contracts Claims on lands, cash or securities Third party guarantees Credit default swaps mitigate interest rate risk (only the downside) mitigate interest rate risk (only the downside) mitigate price risk (only the downside) mitigate price risk mitigate credit default risk (sometimes, higher administrative cost is involved.) Sometimes difficult to enforce. mitigate credit risk If there is no default bank only spends on the instrument. 6. (8 marks) Enterprise wide risk management. It centralizes the process of supervising risk exposure in order to identify, measure and manage risk across all business units. Aligns the strategic aspects of risks with day to day operational activities. Enhances transparency. Enhances revenue and earning growth. Risk management systems must be developed to provide information and analytical tools to support the function. Maturity mismatch This arises from holding assets and liabilities with different principal amounts, maturity dates or repricing dates thereby creating exposures to changes in the level ofinterest rate. Difference between the amount of assets and the amount of liabilities maturing during a certain period is called the maturity gap. Inherently banks grant advances for a longer period from their short term deposits. This creates a maturity mismatch for banks. Such a mismatch or gap may lead to gain or loss depending upon how interest rate in the market tend to move. 7
(c) Value at risk It is the worst case loss at a specific confidence level over a certain period of time assuming normal trading conditions. In calculating VAR the volatility of prices and correlation of prices with respect to other assets in the portfolio are being considered frequently VAR is used to measure market risk. There are three main approaches in calculating VAR. Variance - covariance approach Historical simulation approach Monte Carlosimulation approach. Good tool for all banks, financial institutions Aggregates and report risk on various portfolios as one figure. Valuable as a probabilistic measure. (d) Systematic risk If a normal asset is taken into consideration total risk related to that asset can be divided into systematic risk and unsystematic risk. This systematic risk cannot be eliminated through diversification and it is inherent in the market. If the number of assets in a portfolio is increased the risk level will come down. That can be attributable to the reduction in unsystematic risk with diversification. 20 12 --'-- -- 10 05 -,;-,----------- Systematic risks 8 16 24 32 40 Number ofassets in the portfolio 8
(e) Statutory liquid asset ratio (SLR) Regulation imposed by the Central Bank in order to control liquidity of a banking organization. SLR liquid assets Liquid assets Total liabilities - Equity Cash in hand x 100 Cash with other banks Treasury Bills and Bonds - Repo Funds in transit Import bills Balance in Nostro Accounts (At present banks have to maintain a minimum SLR of 20%) 7. Credit risk basically originated from default of loan instalments and interest. In addition to that borrowers rating migration in the adverse direction also can be considered as a credit risk. When banks face credit risks they experience reduction in their repayment cash flows. This would lead to liquidity constraints. When the total of non performing assets is increasing it will create higher charges on the P & L and it leads to low profits or net losses. In the same manner capital adequacy ratio also will come down. Banks have to maintain a minimum capital adequacy ratio in order to comply with new Basel regulations. Obtaining credit guarantees by paying a premium. Insuring mortgage bonds and other types of bonds in order to get insurance claims in the case ofdeath ofthe borrower. Using credit derivatives. Realizing assets which have been taken as security. Insuring title to the property which has been mortgaged to the bank. (7 marks) 9
(c) Rating agencies give independent rating on credit worthiness of different business entities. They prepare schedules in order to assign a certain probability ofdefault with an appropriate credit rating. If a bank granted Rs.100 million worth of advances and in a period of time Rs.1 0 million of these advances have become non performing, we can say that probability of default is 10%. Rating agencies normally put their ratings in a schedule together with respective probability ofdefaults. If you know the rating you will be able to find out the default probability and by that we are able to quantify the loss. (7marks)