Calculated Risk
As Basel regime institutionalizes Risk Management practices in Indian banks, can IT help in getting that extra bit out of it?
By Anoop K Menon
Twelve years ago, a man took his bank for a roller-coaster ride. The man survived, the bank didn’t. It was in February 1995 that the 223-year-old Barings Bank suffered a $ 1.3 billion trading loss precipitated by a series of unauthorized trades conducted by its Singapore-based trader Nick Leeson. The loss was larger than the bank’s entire capital base and reserves, and Barings was forced to declare bankruptcy. The bank was later bought by Netherlands-headquartered ING for the token amount of one pound.
Was the Barings disaster a case of credit risk, which is the failure of the counter-party to a transaction to honor the obligation, or a case of market risk, which is the outcome of adverse market movements, or a case of operational risk, which arises out of breaches in internal controls, fraud or unforeseen catastrophes?
According to Mohan Bhatia, managing principal, risk and compliance practice, i-flex Consulting, the Barings case is a classic example of the inter-linkages between risks. “The Barings collapse is a case of market risk which got converted into credit risk and turned into an operational risk. Leeson failed to meet his counter-party obligations which made it a credit risk. He failed because the markets moved in an unfavorable direction, hence the market risk. The failure of the bank’s internal audit to spot the anomalies in trades and the abuse of authority by Leeson, and the fact that trading, clearing and settlement were all headed by one person—Leeson—made it an operational risk,” Bhatia comments.
Lessons Learned
The Barings collapse drove home the serious consequences of improper risk management in the financial sector and the banking industry in particular. It also provided a major push to global and national regulatory initiatives that sought to discipline banks to develop a more holistic view of risk and manage the same within the organization. Most important, it raised the red flag on the issue of operational risk.
The Basel I Accord, which came into existence in 1988, represented the first concerted initiative by the global banking industry to develop and standardize a risk management framework. It acknowledged the growing inter-connectedness of banks, the sharing of risk, and the consequences thereof. However, Basel I was limited in its effectiveness because it largely dealt with credit risk, ignored operational risk, and paid lip-service to market risk. The Barings collapse provided an additional impetus to come up with a new regulation that resolved the limitations of Basel I, and provided a common and stronger framework for risk management in Basel II.
Explains Mark Taylor, financial services consultants, enterprise risk management, Teradata, “Till this point of time, different banks addressed their own risk. Consider the issue of credit risk; retail banking managed the credit risk of their customers while corporate banking managed the credit risk of their corporates. There may often have been common customers across both banks, yet the credit risk of those customers was being managed separately. Basel II is changing that. It is pushing banks to abandon the business-unit-silo approach and develop an enterprise view of risk and the customer’s exposure across the entire bank. If a customer starts defaulting in the retail side, there is a good chance he may default in other parts of the organization too.”
Adds Bhatia, “Traditionally, Indian banks were not sensitized toward risk because they were over-regulated. This changed in the late nineties as the sector got liberalized. An example is the recent rise in interest rates which has led to a spate of repayment issues in the housing loan market. Pre-1998, this market was not there as the interest rate was regulated. It was only post-1998 that banks started developing risk management practices.”
Reserve Bank of India’s (RBI) directive about implementation of the revised capital adequacy framework under Basel II with effect from March 31, 2008 has brought the risk management capabilities of Indian banks under greater focus.
Basel I provides a framework of computation of capital required by the banks as shareholder or investor funds so that any loss or risk in business can be taken care of. While Basel I had a single measure of risk to maintain capital-to-risk-weighted assets, Basel II requires banks to develop their own internal ratings of different assets and risk-weight them based on those ratings. This gives banks greater freedom to assess their own economic capital after taking account of risks. The difference between Basel I and Basel II is the calibration of risk at a more granular level in the latter.
According to Bhatia, it’s not that banks have never practised risk management. “Basel didn’t invent risk management. What it did was document the risk management practices of banks in the developed countries and link them to the bank’s capital.” Risk management wasn’t an alien practice for Indian banks, except that the highly regulated environment they operated in encouraged traditional approaches to risk management. Adds Bhatia, “In India, credit risk was managed in traditional terms based on collaterals instead of cash-flow. However, with Indian banks coming out with new products similar to those in the developed world, Basel II is becoming a catalyst for adopting risk management in a bigger and modern way.”
Connected risks
Further, as stated earlier, risks are increasingly getting intertwined. Bhatia explains: “For example, housing loans are subject to credit risk emerging from the borrower’s default. However, if the existing borrower has borrowed at 10 percent and a few months down the line the interest rate falls to 8 percent, he will repay the existing loan and will borrow at a lower rate. However, the pre-payment subjects the bank to market risk because it has committed or borrowed resources from elsewhere under the returns assured by the loan at the 10 percent rate. Due to the pre-payment, they can only give the next loan at 8 percent. They therefore directly lose 2 percent. The housing loan segment is like a mass market with a huge number of borrowers. It has become highly decentralized due to cost issues. This gives rise to operational risk due to norms like Know Your Customer and other risks. As a result, the same housing loan has an element of operational risk too.”
In the more developed banking systems, credit risk and market risk are differentiated on how the bank manages its position and assets. If the bank can sell its position and assets inside 10 days, it becomes market risk; above that period, it becomes credit risk. However, these risks are now covered in the derivative market. Thus, if the bank cannot change its position, it can sell and purchase the risk associated with that position. As a result, what was essentially a credit risk becomes a market risk. The difference between credit and market risk is therefore narrowing down. India is also moving in that direction, with the RBI issuing a directive on credit derivatives in April this year. These developments have strengthened the case for a robust risk management framework which Basel II promises.
The Basel II implementation has three approaches to it: policy and processes, conversion of all data into electronic format, and quantification. Because each bank has a different set of asset classes, it can embark on either one of the three. Says Bhatia, “For example, SBI has developed a good line of business in corporate credit. As a result, it would be having good data history and quantification of risk for the corporate line of its business, and would only need to embark on converting that data into electronic format. However, its consumer business is more recent, hence the approach would be different here.”
The IT side of the Basel equation
 Says Sanjay Sharma, advisor, IT, IDBI Bank, who also wears the hat of MD & CEO of IDBI Intech, “The end-objective of Basel II is to have control of the bank’s operations by quantifying each risk associated with its products, services and operations. For this you require technology.” The solution to the Basel II challenge lies in data, and huge amounts at that. To identify, measure, model and monitor risk, data is crucial. Concurs Taylor of Teradata, “The biggest challenge of Basel II is data i.e. accumulation, acquisition and organization of the data to populate applications and models.”
Equally important are the systems for aggregating this data. According to Bhatia, the IT challenges for Basel II can be classified into four categories—core banking systems (CBS), work flow, data warehouse and analytics. “For risk management, you need information about products, customers and losses. CBS gives information about loans, products and customers. It has some information about losses, but not the entire information because of accounting and non performing asset (NPA) rules.” Work flow solutions like loan approval systems capture customer information beyond traditional capture like customer history and employment history. “This type of information is not needed for transaction…it is only needed for customer acquisition,” notes Bhatia.
Data warehouses help consolidate data sitting in different systems at one place for a longer time. “You don’t maintain history in transaction systems because of performance issues, so you transfer all the data into a data warehouse,” explains Bhatia.
Analytics sit on top of the data warehouse. They can be used for capital computation, and computation of various risk factors at various levels of granularity.
According to Sharma, the data challenge for banks depends on the category they fall into. Category A banks have a CBS in place for more than five years, providing them with crucial historical data for analysis. Category B banks are those that have only transitioned to CBS recently, and have the data for 2-3 years. However, their historical base isn’t good enough because getting the analysis right requires more historical data. Category C banks are those with some branches on CBS and the rest on manual systems. For them, the challenge will be how to collate the data. “If a bank doesn’t have a CBS and a preponderance of distributed branch-based systems, it won’t be able to do things like transaction analysis across the bank,” Sharma explains.
next >>
|