final report - jigar

8/14/2019 Final Report - Jigar

1/37

A Report

On

OPERATIONAL RISK UNDER BASEL II

ACCORD & ITS IMPLEMENTATION IN

INDIAN BANKS

By

Limbani Jigar Natvar

06BS1624

Faculty Guide:Prof. Debarati Bhattacharjee

ICFAI BUSINESS SCHOOL.

A report submitted in partial fulfillment ofthe requirements of

MBA Program ofICFAI Business School

1


2/37

TABLE OF CONTENTS

Abstract 3

Introduction Purpose 5

Scope of study 5

Methodology 5

Limitations 6

Background 6- Risk Management in Banks 6- The origin of Basel 6- The three pillar approach 7- Challenges envisaged 8- Challenges for Indian Banking System in BASEL II 10

Main Text

Operational Risk defined 13

The measurement methodologies 151. Basic Indicator Approach 152. Standardized Approach 183. Advanced Measurement Approach 23

Qualifying Criteria 24

Ten Proposals 28

BASEL II Proposals : Banks concerns 29

Operational Risk Policy 30

Operational Risk and New Capital Accord : Views of RBI 31

RBI stresses on Internal Control 32

Operational Risk and Insurance 32

Risk Mitigation 33

Operational Risk Management Standards 34

Conclusion 36

References 37

2


3/37

ABSTRACT:

The banking environment has dramatically changed in the recent past. In addition withMarket risk and Credit risk one such all-pervasive risk that banks face is Operational risk.

It is one of the oldest risks that all along has been managed quite informally, but of latehas suddenly caught everyones attention. Emergence of new risk mitigation instrumentslike credit derivatives, weather derivative, securitization and other derivatives instrumentbrings different types of risk. Huge losses in Forex deals or securities deals are notuncommon in banking industry. Human omission and commission in day-to-dayoperational issue expose the banks to greater risk. These are only few issues which focusthe importance of operational risk management.

The increased competition resulting out of the deregulation and globalization are making banks activities more diverse and complex. Aggressive adoption of technology fordelivering financial services has only landed banks in new zones of operational risk.

Further, the new capital guidelines proposed by the Basel II demand that banks adoptrobust operational risk managing strategies. The Basel committee, having identifiedoperational risk as an important risk faced by the banks, proposed allocation of certainminimum capital by banks to protect themselves from such losses.

Operational risk is as old as banking. It even precedes market and credit risks, and yet,there is no universally accepted definition for it. Operational risk is often defined by whatit is not. Any risk that is not related to credit, market and liquidity risk is identified asoperational risk. The Basel committee on Banking Supervision defined operational risk asthe risk of loss resulting from inadequate or failed internal processes, people andsystems or from externals events. This definition includes legal risk but excludes strategicand reputation risk.

Therefore Operational risk involves: Loss of money/fund. Main category causing such loss is internal process, people and system. Additionally external events (e.g. flood, earthquake, terrorist attack etc.) also may

cause loss. Legal non-compliance is considered as operational risk. But strategic and reputation risk areas are not operational risk (in fact now

altogether a separate class-explained hereunder).

At present, there is no agreed upon universal definition of operational risk. Many bankshave defined operational risk as any risk not categorised as market or credit risk and somehave defined it as the risk of loss arising from various types of human or technical error.Many banks associate operational risk with settlement or payments risk andbusiness interruption, administrative and legal risks. Several types of events (settlement,collateral and netting risks) are seen by some banks as not necessarily classifiable asoperational risk and may contain elements of more than one risk. All banks see someform of link between credit, market and operational risk. In particular, an operationalproblem with a business transaction (for example, a settlement fail) could create market

3


4/37

or credit risk. While most banks view technology risk as a type of operational risk, somebanks view it as a separate risk category with its own discrete risk factors.

The majority of banks associate operational risk with all business lines, includinginfrastructure, although the mix of risks and their relative magnitude may vary

considerably across businesses. Many banks have targeted operational risk as mostimportant in business lines with high volume, high turnover (transactions/time), highdegree of structural change, and/or complex support systems. Operational risk is seen tohave a high potential impact in business lines with those characteristics, especially if the businesses also have low margins, as occurs in certain transaction processing andpayments-system related activities. Operational risk in trading activities was seen byseveral banks as high. A few banks stressed that operational risk was not limited totraditional back office activities, but encompassed the front office and virtually anyaspect of the business process in banks.

INTRODUCTION:

4


5/37

PURPOSE

This project shall discuss what operational risk is all about; how Basel II expects banks toallocate capital against operational risk and the challenges posed by the suggested

methodologies for measuring operational risk to banks. The project also deals with themitigation of operational risk. It also discusses the issue relating to additional supervisoryscrutiny of risk management and disclosure of size of capital charge and techniques usedto calculate it.

The objective of the project can be comprehended as follows:

To have an in-depth understanding of the Operational Risk under Basel II Accord.

To analyze the current status of the Indian Banks in respect of implementation ofBasel II norms.

To understand the Operational Risk Management practices being used by the

bank. On an academic note, the project will be helpful to understand the banking

operations and the risk management techniques.

Moreover, the project will definitely be an experiential learning process, which will provide the practical essence of banking operation related to operational riskmanagement.

SCOPE OF STUDY

Basel II is a three pillar based approach, which seeks to develop a comprehensive and

sophisticated systems for banks to assess various risks to which they are exposed. Thefirst pillar deals with issues relating to minimum capital requirements, the second pillar prescribed the supervisory review process. The third pillar is concerned with marketdiscipline or Public Disclosure.The new accord is based on risk-sensitive Minimum Capital Requirement (MCR)supplemented by appropriate supervisory process and market discipline. MCR will becalculated on the basis of three risk perceptions, namely, credit risk, market risk andOperational risk.

METHODOLGY

Study of various available reading materials and compendium on OperationalRisk; if any.

Collection of information by meeting few banking personnel. Also, it wouldgive an insight regarding their preparation for implementing Basel II norms.

Use of internet to obtain the requisite information.

LIMITATIONS

5


6/37

Complexity and vastness of the project requires lot of time and study.

Absence of practical exposure in banking operation is one of the majorlimitations of the project.

Unavailability of real data will not result in meaningful conclusion.

BACKGROUND

Risk Management in Banks

Any discussion of risk management in banking must start with the understanding thatbanks exists for the purpose of taking risk, and the objective of supervision is certainlynot eliminated, and perhaps not even to lower, risk-taking. Rather, the objective ofsupervision is to assist in the management of risk. Banks, from the very beginning, havemanaged risk- even before there were regulator and supervisors to insist that they do so.Banks must manage risk because they were in the business of banking and did not want to

fail and lose what, at least initially, was their own capital. Even in the modern bankingwith professional management largely divorced from the owners, professionalmanagement largely divorced from the owners, the desire of the management have theinstitution survive is still a major impetus to risk management.

The origin of Basel

Basel was an attempt to reduce the number of bank failures by tying a banks capitaladequacy ratio to the risk of the loans it makes. For instance, there is a less chance of aloan to the government going bad than a loan to say an Internet business. So the bank

would not have to hold as much capital in reserve against the first loan as against thesecond. To strengthen the stability of international banking system and to remove asource of competitive inequality arising from differences in national capital requirement,a capital measurement system commonly referred to as the Basel Capital Accord wasapproved by the G10 Governors and release to banks in 1988. According to 1988 AccordMinimum Capital standard of 8% was supposed to achieve by all banks by end of 1992.Basel I norms aimed at ensuring Capital Adequacy of Banks as proportion of the riskweighted assets. It is criticized to be a one size fits all model, lacking in sophisticatedmeasurement and management of risks. Hence the need for a set of new regulations, titledBasel II.

6


7/37

The Three Pillar Approach

The capital framework proposed in the New Basel Accord consists of three pillars, eachof which reinforces the other. The first pillar establishes the way to quantify the minimumcapital requirements, is complemented with two qualitative pillars, concerned with

organizing the regulator's supervision and establishing market discipline through publicdisclosure of the way that banks implement the Accord. Determination of minimumcapital requirements remains the main part of the agreement, but the proposed methodsare more risk sensitive and reflect more closely the current situation on financial markets.

First Pillar: Minimum Capital Requirement

The first pillar establishes a way to quantify the minimum capital requirements. While thenew framework retains both existing capital definition and minimal capital ratio of 8%,some major changes have been introduced in measurement of the risks. The mainobjective of Pillar I is to introduce greater risk sensitivity in the design of capitaladequacy ratios and, therefore, more flexibility in the computation of banks' individualrisk. This will lead to better pricing of Risks.

Capital Adequacy Ratio signifies the amount of regulatory capital to be maintained by abank to account for various risks inherent in the banking system. The Capital Adequacyratio is measured as;

Capital Adequacy Ratio = (Tier I capital + Tier II capital)/ RWA

Regulatory capital is defined as the minimum capital; banks are required to hold by theregulator, i.e. "The amount of capital a bank must have". It is the summation of Tier I andTier II capital.

1. Credit Risk:

The changes proposed to the measurement of credit risk are considered to have most farreaching implications. Basel II envisages two alternative ways of measuring credit risk.The standardized approach is conceptually the same as the present Accord, but is morerisk sensitive. The bank allocates a risk-weight to each of its assets and off-balance-sheetpositions and produces a sum of risk-weighted asset values. Individual risk weightscurrently depend on the broad category of borrower (i.e. sovereigns, banks or corporate).Under the new Accord, the risk weights are to be refined by reference to a rating providedby an external credit assessment institution that meets strict standards. Under the IRB

approach, distinct analytical frameworks will be provided for different types of loanexposures. The framework allows for both a foundation method in which a bank estimatethe probability of default associated with each borrower, and the supervisors will supplythe other inputs and an advanced IRB approach, in which a bank will be permitted tosupply other necessary inputs as well. Under both the foundation and advanced IRBapproaches, the range of risk weights will be far more diverse than those in thestandardized approach, resulting in greater risk sensitivity.

7


8/37

2. Operational Risk:

Basel II Accord set a capital requirement for operational risk. It defines operational riskas "the risk of direct or indirect loss resulting from inadequate or failed internal processes,people and systems or from external events". Banks will be able to choose between threeways of calculating the capital charge for operational risk the Basic Indicator Approach,

the Standardized Approach and the advanced measurement Approaches.

The Second Pillar: Supervisory Review Process

The supervisory review process requires supervisors to ensure that each bank has soundinternal processes in place to assess the adequacy of its capital based on a thoroughevaluation of its risks. Supervisors would be responsible for evaluating how well banksare assessing their capital adequacy needs relative to their risks. This internal processwould then be subject to supervisory review and intervention, where appropriate.

The Third Pillar: Market Discipline

The third pillar of the new framework aims to bolster market discipline through enhanceddisclosure by banks. Effective disclosure is essential to ensure that market participantscan better understand banks' risk profiles and the adequacy of their capital positions. Thenew framework sets out disclosure requirements and recommendations in several areas,including the way a bank calculates its capital adequacy and its risk assessment methods.The core set of disclosure recommendations applies to all banks, with more detailedrequirements for supervisory recognition of internal methodologies for credit risk, creditrisk mitigation techniques and asset securitization.

Challenges Envisaged

Against the above background and the complexities involved as also the areas of"constructive ambiguity" in concepts and their application we envisage the followingregulatory and supervisory challenges ahead:

India has three established rating agencies in which leading international creditrating agencies are stakeholders and also extend technical support. However, thelevel of rating penetration is not very significant as, so far, ratings are restricted to

issues and not issuers. While Basel II gives some scope to extend the rating ofissues to issuers, this would only be an approximation and it would be necessaryfor the system to move to ratings of issuers. Encouraging ratings of issuers wouldbe a challenge.

Basel II provides scope for the supervisor to prescribe higher than the minimumcapital levels for banks for, among others, interest rate risk in the banking bookand concentration of risks / risk exposures. As already stated, we in India have

8


9/37

initiated supervisory capacity building to identify slackness and to assess /quantify the extent of additional capital which may be required to be maintainedby such banks.

Cross border issues have been dealt with by the Basel Committee on Banking

Supervision recently. But, in India, foreign banks are statutorily required tomaintain local capital and the following issues would therefore, require to beresolved by us.

Whether the internal models approved by their head offices and home countrysupervisor adopted by the Indian branches of foreign banks need to be validatedagain by the Reserve Bank or whether the validation by the home countrysupervisor would be considered adequate?

Whether the data history maintained and used by the bank should be distinct forthe Indian branches compared to the global data maintained and used by the head

office?

Whether capital for operational risk should be maintained separately for theIndian branches in India or whether it may be maintained abroad at head office?

Whether these banks can be mandated to maintain capital as per SA / BIAapproaches in India irrespective of the approaches adopted by the head office?

Basel II could actually imply that the minimum requirements could become pro-cyclical. No doubt prudent risk management policies and Pillars II and III wouldhelp in overall stability. We feel that it would be preferable to have consistent

prudential norms in good and bad times rather than calibrate prudential norms tocounter pro-cyclicality.

The existence of large and complex financial conglomerates could potentiallypose a systemic risk and it would be necessary to put in place supervisory policiesto address this.

Banks adopting IRB Approach will be much more risk sensitive than the banks onStandardized Approach, since even a small change in degree of risk mighttranslate into a large impact on additional capital requirement for the IRB banks.Hence IRB banks could avoid assuming high risk exposures. Since banks

adopting Standardized Approach are not equally risk sensitive and since therelative capital requirement would be less for the same exposure, the banks onStandardized Approach could be inclined to assume exposures to high risk clients,which were not financed by IRB banks. As a result, high risk assets could flowtowards banks on Standardized Approach which need to maintain lower capital onthese assets than the banks on IRB Approach.

9


10/37

Similarly, low risk assets would tend to get concentrated with IRB banks whichneed to maintain lower capital on these assets than the Standardized Approachbanks. Hence, system as a whole may maintain lower capital than warranted.

Due to concentration of higher risks, Standardized Approach banks can become

vulnerable at times of economic downturns.

Challenges for Indian Banking System under Basel II

A feature, somewhat unique to the Indian financial system is the diversity of itscomposition. We have the dominance of Government ownership coupled with significantprivate shareholding in the public sector banks and we also have cooperative banks,Regional Rural Banks and Foreign bank branches. By and large the regulatory standardsfor all these banks are uniform.

Costly Database Creation and Maintenance Process: The most obvious impact of BASEL IIis the need for improved risk management and measurement. It aims to give impetus tothe use of internal rating system by the international banks. More and more banks mayhave to use internal model developed in house and their impact is uncertain. Most ofthese models require minimum 5 years bank data which is a tedious and high cost processas most Indian banks do not have such a database

Additional Capital Requirement: In order to comply with the capital adequacy norms wewill see that the overall capital level of the banks will raise a glimpse of which was seenwhen the RBI raised risk weightage for mortgages and home loans in October 2004. Here

there is a worrying aspect that some of the banks will not be able to put up the additionalcapital to comply with the new regulation and they may be isolated from the globalbanking system.

Large Proportion of NPA's:A large number of Indian banks have significant proportion ofNPA's in their assets. Along with that a large proportion of loans of banks are of poorquality. There is a danger that a large number of banks will not be able to restructure andsurvive in the new environment. This may lead to forced mergers of many defunct bankswith the existing ones and a loss of capital to the banking system as a whole.

Relative Advantage to Large Banks:The new norms seem to favor the large banks that have

better risk management and measurement expertise. They also have better capitaladequacy ratios and geographically diversified portfolios. The smaller banks are alsolikely to be hurt by the rise in weightage of inter-bank loans that will effectively pricethem out of the market. Thus banks will have to restructure and adopt if they are tosurvive in the new environment.

Increased Pro-Cyclicality:The appropriate question is not then whether Basel II introducespro-cyclicality but whether it increases it. The increased importance to credit ratings

10


11/37

under Basel II could actually imply that the minimum requirements could become pro-cyclical as banks are required to raise capital levels for loans in times of economic crises.

Low Degree of Corporate Rating Penetration: India has as few as three established ratingagencies and the level of rating penetration is not very significant as, so far, ratings are

restricted to issues and not issuers. While Basel II gives some scope to extend the ratingof issues to issuers, this would only be an approximation and it would be necessary forthe system to move to ratings of issuers. Encouraging ratings of issuers would be achallenge.

Cross Border Issues for Foreign Banks:In India, foreign banks are statutorily required tomaintain local capital and the following issues are required to be resolved;

Validation of the internal models approved by their head offices and homecountry supervisor adopted by the Indian branches of foreign banks.

Date history maintained and used by the bank should be distinct for the Indian

branches compared to the global data used by the head office capital for operational risk should be maintained separately for the Indian

branches in India

IT infrastructure: The technology infrastructure in terms of computerization is still in anascent stage in most Indian banks. Computerization of branches, especially for thosebanks, which have their network spread out in far flung areas, will be a daunting task.Penetration of information technology in banking has been successful in the urban areas,unlike in the rural areas where it is insignificant.

Risk Management Resources:Experts say that dearth of risk management expertise in the

Asia Pacific region will serve as a hindrance in laying down guidelines for a basicframework for the new capital accord.

Communication gap: An integrated risk management concept, which is the need of thehour to align market, credit and operational risk, will be difficult due to significantdisconnect between business, risk managers and IT across the organizations in theirexisting set up.

Huge Investment: Implementation of the Basel-II will require huge investments intechnology. According to estimates Indian banks, especially those with a sizeable branchnetwork, will need to spend well over $50-70 million on this.

In a recent survey conducted by the Federation of Indian Chambers of Commerce &Industry (FICCI), 55 per cent of the respondents' claim that Indian banks lack adequatepreparedness to be able to conform to the Basel-II provisions by 2006. Whereas, 50 percent of public sector banks have expressed their preparedness in meeting these guidelines,only 25 per cent of the old and new private sector and foreign banks are likely to be readyto meet them by 2006. According to the survey, concerns of the Indian banks inimplementing these norms are:

11


12/37

51.6 per cent said due to low levels of computerization, 87 per cent said due to absence of robust internal credit rating mechanism, 80.6 per cent said due to lack a strong management information system, And 58 per cent said due to lack of sufficient training and education to reach the

levels to conform to the provisions of Basel-II.

MAIN TEXT:

What is Operational Risk?

Operational risk is as old as banking. It even precedes market and credit risks, and yet,there is no universally accepted definition for it. Operational risk is often defined by whatit is not. Any risk that is not related to credit market and liquidity risk is identified as

12


13/37

operational risk. The Basel committee on Banking Supervision defined operational risk asthe risk of loss resulting from inadequate or failed internal processes, people andsystems or from externals events. This definition includes legal risk but excludes strategicand reputation risk.

Therefore Operational risk involves: Loss of money/fund.

Main category causing such loss is internal process, people and system.

Additionally external events (e.g. flood, earthquake, terrorist attack etc.) also maycause loss.

Legal non-compliance is considered as operational risk.

But strategic and reputation risk areas are not operational risk (in fact nowaltogether a separate class-explained hereunder).

Figure 1: operational Risk - Sources of Risk

Analysis of Components

Internal process and system related areas of operational risk may be of the followingnature:

Payment/settlement risk due to breakdown in process/reconciliation system.

Incorrect processing of service charges/cost (other than interest matter).

BusinessEnvironment

BusinessStrategy

Operationa

l

Risk

People

ControlSystems

IT Systems

ConstantChange

BusinessProcesses

13


14/37

Inappropriate product selection/product complexity especially in related segments.

Lack of integration of various processes e.g. deposit of cash by a customer of D/Dand subsequent issue of D/D

Inadequate infrastructure for control of process/systems.

Inadequate data information execution.

People related risk areas may be of the following:

Fraud by staff or by others.

Mistakes/errors not with any fraudulent motive.

Workforce disruption e.g. strike, lockout.

Loss of high skilled people e.g. Head of Technology Services Dept.

Health and safety issues of staff.

Strategic and Reputation risk

Adverse business decisions by the top management arising out of inadequate/inappropriate appreciation of market/ industry changes etc. and/or ineffectiveimplementation of top management decisions may be treated as strategic risk areas whichmay affect a banks profit/capital.

Shrinkage of market share is however a symptoms on goodwill of a bank (convertinggoodwill into bad will?) and in turn may effect banks profit/capital. This category of riskmay be as follows:

Negative public opinion about product/service or health and safety standards.

It is often said that an Internet bank is exposed to greater reputation risk than atraditional bank as the customer may quickly quit a bank if negative opinions isformed.

Adverse opinions by regulatory authority in regards to working of a bank.

Basel II Accord has not prescribed any special treatment for strategic andreputation risk probably because of difficulties than may be associated in properidentification, measurement and monitoring such risk. Hence, such risks inbanking would for the time being (till Basel III comes up??) continue to bemanaged as Hitherto.

The Measurement Methodologies

The framework outlined below presents three methods for calculating operationalrisk capital charges in a continuum of increasing sophistication and risksensitivity:

(1) The Basic Indicator Approach(2) The Standardized Approach

14


15/37

(3) Advanced Measurement Approaches (AMA)

Banks are encouraged to move along the spectrum of available approaches as theydevelop more sophisticated operational risk measurement systems and practices.

Internationally active banks and banks with significant operational risk exposures(for example, specialized processing banks) are expected to use an approach thatis more sophisticated than the Basic Indicator Approach and that is appropriate forthe risk profile of the institution.

A bank will be permitted to use the Basic Indicator or Standardized Approach forsome parts of its operations and an AMA for others provided certain minimumcriteria are met.

A bank will not be allowed to choose to revert to a simpler approach once it hasbeen approved for a more advanced approach without supervisory approval.

If a supervisor determines that a bank using a more advanced approach no longermeets the qualifying criteria for this approach, it may require the bank to revert toa simpler approach for some or all of its operations.

1.Basic Indicator Approach

Banks using the Basic Indicator Approach must hold capital for operational risk equal tothe average over the previous three years of a fixed percentage (denoted alpha) of positiveannual gross income. Figures for any year in which annual gross income is negative or

zero, should be excluded from both the numerator and denominator when calculating theaverage. The charge may be expressed as follows:

KBIA = GI *

Where,KBIA = the capital charge under the Basic indicator approach.GI = average annual gross income over the previous three years. = 15%, which is set by the committee, relating the industry- wide level of

the required capital to the industry-wide level of the indicator.

Gross Income for the above purpose consists of net interest income plus non-interestincome. Extra- ordinary income/expenses are to be ignored.Gross income is defined as net interest income plus net non-interest income. It isIntended that this measure should:(i) Be gross of any provisions (e.g. for unpaid interest).(ii) Be gross of operating expenses, including fees paid to outsourcing service.(iii) Exclude realized profits/losses from the sale of securities in the banking book.

15


16/37

and(iv) Exclude extraordinary or irregular items as well as income derived from insurance.

As a point of entry for capital calculation, no specific criteria for use of the Basic

Indicator Approach is set out in this Framework. Nevertheless, banks using this approachare encouraged to comply with the Committees guidance on Sound Practices for theManagement and Supervision of Operational Risk.

Example:Say gross income for the last three years is respectively Rs.20000, 30000 and 80000. Sothe capital requirement under the basic indicator approach is Rs.6500 as shown in Table

State Bank of India

YearGross

IncomeAlpha () KBIA

2005 4300

2006 4400

2007 4540Total 13240

Average 4413.333333 0.15 662

Punjab National Bank

YearGross

IncomeAlpha () KBIA

2005 1410

2006 1430

Table 1: Basic Indicator ApproachYear Gross INCOME (GI) Alpha() KBIA1 20000

2 30000

3 80000

Total 130000

Average 43333.33333 15% 6500

16


17/37

2007 1540

Total 4380

Average 1460 0.15 219

Bank of Baroda

Year

Gross

Income Alpha () KBIA

2005 670

2006 825

2007 1025

Total 2520

Average 840 0.15 126

ICICI Bank

YearGross

IncomeAlpha () KBIA

2005 2005

2006 2540

2007 3110

Total 7655

Average 2551.666667 0.15 382.75

HDFCBank

YearGross

IncomeAlpha () KBIA

2005 665

2006 8702007 1140

Total 2675

Average 891.6666667 0.15 133.75

Axis Bank

YearGross

IncomeAlpha () KBIA

2005 335

2006 485

2007 660

Total 1480

Average 493.3333333 0.15 74

2. The Standardized Approach

Under this approach capital requirement will be arrived at in the following manner:

17


18/37

In the Standardized Approach, banks activities are divided into eight businesslines: Corporate finance, trading & sales, retail banking, commercial banking,payment &settlement, agency services, asset management, and retail brokerage.

Within each business line, gross income is a broad indicator that serves as a proxy

for the scale of business operations and thus the likely scale of operational riskexposure within each of these business lines.

The capital charge for each business line is calculated by multiplying grossincome by a factor (denoted beta) assigned to that business line. Beta serves as a proxy for the industry-wide relationship between the operational risk lossexperience for a given business line and the aggregate level of gross income forthat business line.

It should be noted that in the Standardized Approach gross income is measuredfor each business line, not the whole institution, i.e. in corporate finance, the

indicator is the gross income generated in the corporate finance business line.

The total capital charge is calculated as the three-year average of the simplesummation of the regulatory capital charges across each of the business lines inyear. In any given year, negative capital charges (resulting from negative grossincome) in any business line may offset positive capital charges in other businesslines without limit. However, where the aggregate capital charge across allbusiness lines within a given year is negative, then the input to the numerator forthat year will be zero.

Table 2: Business Line-wise Betas

Business Lines Beta Factors

(In %)

Corporate finance (1) 18

Trading & sales (2) 18

Retail banking (3) 12

Commercial banking (4) 15Payment & settlement (5) 18

Agency services (6) 15

Asset management (7) 12

Retail Brokerage (8) 12

This may be expressed as:

18


19/37

KTSA = (GI1-81-8)WhereKTSA = the capita charge under the standardized ApproachGI1-8 = the average annual level of income over the past three years, as defined

above in the Basic Indicator Approach, for each of the eight businesslines.

1-8 = a fixed percentage fixed by the committee, relating the level of requiredcapital to the level of the gross income for each of the eight business lines.

Table 3: Standardized Approach

Business Lines Average GI Beta () GI*

Corporate Finance 3000 18% 540

Trading and Sales 2000 18% 360

Retail Banking 5000 12% 600

Commercial Banking 10000 15% 1500

Payment & Settlement 3000 18% 540

Agency Services 4000 15% 600

Asset Management 1000 12% 120

Retail Brokerage 2000 12% 240

KSA 4500

State Bank of India

Business LinesAverageGI

Beta ()

in % GI*

Corporate Finance 1246.67 0.18 224.40

Trading and Sales 540.00 0.18 97.20

Year CorporateFinance

Trading andSales

RetailBanking

Commercial Banking

Payment &Settlement

AgencyServices

AssetManagement

RetailBrokerage

2005 1210 540 875 1015 230 130 180 120

2006 1240 535 880 1055 235 120 200 135

2007 1290 545 890 1070 250 135 215 145

Total 3740 1620 2645 3140 715 385 595 400Average 1246.67 540.00 881.67 1046.67 238.33 128.33 198.33 133.33

19


20/37

Retail Banking 881.67 0.12 105.80

CommercialBanking 1046.67 0.15 157.00

Payment &Settlement 238.33 0.18 42.90

Agency Services 128.33 0.15 19.25

Asset Management 198.33 0.12 23.80Retail Brokerage 133.33 0.12 16.00

KSA 686.35

Bank of Baroda

YearCorporateFinance

Tradingand

Sales

RetailBanking

CommercialBanking

Payment&

Settlement

AgencyServices

AssetManagement

RetailBrokerage

2005 180 70 95 165 50 30 40 40

2006 205 95 80 190 70 55 70 60

2007 290 115 95 225 80 60 85 75

Total 675 280 270 580 200 145 195 175

Average 225.00 93.33 90.00 193.33 66.67 48.33 65.00 58.33


Beta ()

in % GI*



Retail Banking 90.00 0.12 10.80


Payment &

Settlement 66.67 0.18 12.00Agency Services 48.33 0.15 7.25

Asset Management 65.00 0.12 7.80

Retail Brokerage 58.33 0.12 7.00

KSA 131.15

ICICI Bank

20


21/37

YearCorporateFinance

Tradingand

Sales

RetailBanking

CommercialBanking

Payment&

Settlement

AgencyServices

AssetManagement

RetailBrokerage

2005 470 295 405 420 160 60 90 105

2006 580 350 510 525 230 95 120 130

2007 705 400 645 655 270 120 155 160

Total 1755 1045 1560 1600 660 275 365 395Average 585.00 348.33 520.00 533.33 220.00 91.67 121.67 131.67


Beta ()

in % GI*



Retail Banking 520.00 0.12 62.40


Payment &

Settlement 220.00 0.18 39.60Agency Services 91.67 0.15 13.75

Asset Management 121.67 0.12 14.60

Retail Brokerage 131.67 0.12 15.80

KSA 394.15

The Alternative Standardized Approach

At national supervisory discretion a supervisor can choose to allow a bank to use theAlternative Standardized Approach (ASA) provided the bank is able to satisfy itssupervisor that this alternative approach provides an improved basis by, for example,avoiding double counting of risks. Once a bank has been allowed to use the ASA, it willnot be allowed to revert to use the standardized Approach without the permission of itssupervisor.Under the ASA, the operational capital charge/methodology is the same as for theStandardized Approach except for the two business lines- retail banking and commercialbanking. For these business lines, loans and advances -multiplied by a fixed factor m-replace gross income as the exposure indicator. The betas for retail and commercialbanking are unchanged from the Standardized Approach. The ASA operational riskcapital charge for retail banking (with the same basic formula for commercial banking)can be expressed as:

KRB = RB m LARBWhereKRB = the capital charge for the retail banking business line

RB = the beta for the retail banking business line.LARB = total outstanding retails loans and advances (non-risk weighted and

gross of provisions), averaged over the past three yearsm = 0.035

21


22/37

For the purposes of the ASA, total loans and advances in the retail banking business lineconsists of the total drawn amounts in the following credit portfolios: retail, SMEs treatedas retail, and purchased retailreceivables. For commercial banking, total loans and advances consists of the drawn

amounts in the following credit portfolios: corporate, sovereign, bank, specializedlending, SMEs treated as corporate and purchased corporate receivables. The book valueof securities held in the banking book should also be included.

Under the ASA, banks may aggregate retail and commercial banking (if they wish to)using a beta of 15%. Similarly, those banks that are unable to disaggregate their grossincome into the other six business lines can aggregate the total gross income for these sixbusiness lines using a beta of 18%, with negative gross income treated as describedabove.

As under the Standardized Approach, the total capital charge for the ASA is calculated as

the simple summation of the regulatory capital charges across each of the eight businesslines.

Business Lines GROSS INCOME (GI)

Average

GI

Beta

() GI* m LA**m KASA

Year 1 Year 2 Year 3

Corporate Finance 4200 2500 2300 3000 18% 540 540

Trading and Sales 1200 1300 3500 2000 18% 360 360

Payment & Settlement 2000 4000 3000 3000 18% 540 540

Agency Services 3000 5000 4000 4000 15% 600 600

Asset Management 500 1200 1300 1000 12% 120 120

Retail Brokerage 2000 1500 2500 2000 12% 240 240

LOANS & ADVANCES(LA) Average LA LA*

Retail Banking

550000 450000 500000 500000 12% 60000 0.035 2100 2100

Commercial Banking

400000

1000000

1300000 900000 15% 135000 0.035 4725 4725

TOTAL KASA 9225

3. Advanced Measurement Approach

Subject to approval of Regulatory Authorities of each country, the capital required will beworked out taking into account the risk measure generated by banks integrated

operational risk management system using qualitative and quantitative criteria as laiddown in the Accord. As Per RBI Press Reports, RBI is likely to ask banks in India toadopt Basic Indicators Approach for the time being.

Under this method, banks are permitted to use their in-house model to calculate therequired capital, subject to, of course, supervisory approval on the following:

Active involvement of directors and senior management in the oversight of theoperational risk management framework.

22


23/37

Implementation of conceptually sound risk management system with integrity.

Process of sufficient resources that are required to manage different business lines

and to manage control and audit functions effectively.

As the approach to measurement of operational risk is still not perfected as much as themeasurement of market risk or credit risk, banks are in dilemma as to how to implementthe advanced model approach. The consultation paper has, however, identified threeforms of models for estimating operational risk:

Internal Modeling Approach

Under this method, the expected losses in each business lines are calculated by examining

the average of past losses experienced, and then multiplied by a standard Gama factor toderive a figure for unexpected or worst case losses which give the capital requirement.

Loss Distribution Approach

As in case pf VaR this method attempts top fit a statistical distribution of the historicallosses and derives the capital requirement from a confidence level on this distribution.

Scorecard Approach

Under this method, bank start estimating historical loss data as in the previous twomethods, but also take into consideration the future risk such as staff turnover and thequalitative assessment of the banks control environment.

Amongst the three models, the scorecard approach is perceived as an attractive approachfor it offers the following advantages:

It provides a more complete and accurate measure of operational risk, byincorporating forward-looking risk indicators and qualitative assessments of the

control environment as well as loss data. It gives managers much stronger incentives to reduce risks, and much better tools

to help them identify how to do so.

It is much easier to implement and also easier to adapt as the requirements of thebank and the regulators evolve over time.

The first two methods have measure defects. They fails to take into account the loss typethat have not yet occurred and secondly, they fails to adapt to the recent changes in the

23


24/37

risk environment that have altered the probability of likely impact of the events. Asagainst this, the scorecard approach captures these two issues by focusing on general riskclasses and on the risk factor that are internal and external to the bank that drives theprobability of these risks. There is, however, an element of subjectivity under thescorecard approach in assigning weights to each item.

Qualifying criteria

1.The Standardized Approach

In order to qualify for use of the Standardized Approach, a bank must satisfy itssupervisor that, at a minimum:

(A)Its board of directors and senior management, as appropriate, are activelyinvolved in the oversight of the operational risk management framework.

(B) It has an operational risk management system that is conceptually soundand is implemented with integrity; and

(C) It has sufficient resources in the use of the approach in the major businesslines as well as the control and audit areas.

Supervisors will have the right to insist on a period of initial monitoring of abanks Standardized Approach before it is used for regulatory capital purposes.

A bank must develop specific policies and have documented criteria formapping gross income for current business lines and activities into thestandardized framework. The criteria must be reviewed and adjusted for new orchanging business activities as appropriate.

As some internationally active banks will wish to use the StandardizedApproach, it is important that such banks have adequate operational riskmanagement systems. Consequently, an internationally active bank using theStandardized Approach must meet the following additional criteria:

(A)The bank must have an operational risk management system withclear responsibilities assigned to an operational risk managementfunction. The operational risk management function is responsible fordeveloping strategies to identify, assess, monitor and control/mitigateoperational risk; for codifying firm-level policies and proceduresconcerning operational risk management and controls; for the design andimplementation of the firms operational risk assessment methodology;and for the design and implementation of a risk-reporting system foroperational risk.

24


25/37

(B) As part of the banks internal operational risk assessment system, thebank must systematically track relevant operational risk data includingmaterial losses by business line. Its operational risk assessment systemmust be closely integrated into the risk management processes of thebank. Its output must be an integral part of the process of monitoring and

controlling the banks operational risk profile. For instance, thisinformation must play a prominent role in risk reporting, managementreporting, and risk analysis. The bank must have techniques for creatingincentives to improve the management of operational risk throughout thefirm.

(C) There must be regular reporting of operational risk exposures, includingmaterial operational losses, to business unit management, seniormanagement, and to the board of directors. The bank must haveprocedures for taking appropriate action according to the informationwithin the management reports.

(D) The banks operational risk management system must be welldocumented. The bank must have a routine in place for ensuringcompliance with a documented set of internal policies, controls andprocedures concerning the operational risk management system, whichmust include policies for the treatment of noncompliance issues.

(E) The banks operational risk management processes and assessmentsystem must be subject to validation and regular independent review.These reviews must include both the activities of the business units andof the operational risk management function.

(F) The banks operational risk assessment system (including the internalvalidation processes) must be subject to regular review by externalauditors and/or supervisors.

2.Advanced Measurement Approaches (AMA)

(1) General standards

In order to qualify for use of the AMA a bank must satisfy its supervisor that, at

a minimum:

(A) Its board of directors and senior management, as appropriate, areactively involved in the oversight of the operational riskmanagement framework.

(B) It has an operational risk management system that isconceptually sound and is implemented with integrity; and

25


26/37

(C) It has sufficient resources in the use of the approach in themajor business lines as well as the control and audit areas.

A banks AMA will be subject to a period of initial monitoring by its supervisor

before it can be used for regulatory purposes. This period will allow thesupervisor to determine whether the approach is credible and appropriate. Asdiscussed below, a banks internal measurement system must reasonably estimateunexpected losses based on the combined use of internal and relevant externalloss data, scenario analysis and bank-specific business environment and internalcontrol factors. The banks measurement system must also be capable ofsupporting an allocation of economic capital for operational risk across businesslines in a manner that creates incentives to improve business line operational riskmanagement.

(2) Qualitative standards

A bank must meet the following qualitative standards before it is permitted touse an AMA for operational risk capital:

(A)The bank must have an independent operational risk managementfunction that is responsible for the design and implementation ofthe banks operational risk management framework. Theoperational risk management function is responsible for codifyingfirm-level policies and procedures concerning operational riskmanagement and controls; for the design an implementation of thefirms operational risk measurement methodology; for the design a

implementation of a risk-reporting system for operational risk andfor developing strategies to identify, measure, monitor andcontrol/mitigate operational risk.

(B) The banks internal operational risk measurement systemmust be closely integrated into the day-to-day risk managementprocesses of the bank. Its output must be an integral part of theprocess of monitoring and controlling the banks operational riskprofile. For instance, this information must play a prominent role inrisk reporting, management reporting, internal capital allocation,and risk analysis. The bank must have techniques for allocatingoperational risk capital to major business lines and for creatingincentives to improve the management of operational riskthroughout the firm.

(C) There must be regular reporting of operational risk exposures andloss experience to business unit management, senior management,and to the board of directors. The bank must have procedures for

26


27/37

taking appropriate action according to the information within themanagement reports.

(D) The banks operational risk management system must be welldocumented. The bank must have a routine in place for ensuring

compliance with a documented set of internal policies, controls andprocedures concerning the operational risk management system,which must include policies for the treatment of noncomplianceissues.

(E) Internal and/or external auditors must perform regular reviews ofthe operational risk management processes and measurementsystems. This review must include both the activities of thebusiness units and of the independent operational risk managementfunction.

(F) The validation of the operational risk measurement system byexternal auditor and/or supervisory authorities must include thefollowing:

I. Verifying that the internal validation processes areoperating in a satisfactory manner; and

II. Making sure that data flows and processes associatedwith the risk measurement system are transparent andaccessible. In particular, it is necessary that auditors andsupervisory authorities are in a position to have easy access,whenever they judge it necessary and under appropriateprocedures, to the systems specifications and parameters.

(3) Quantitative standards

AMA soundness standard

Given the continuing evolution of analytical approaches for operational risk, theCommittee is not specifying the approach or distributional assumptions used togenerate the operational risk measure for regulatory capital purposes. However, abank must be able to demonstrate that its approach captures potentially severe

tail loss events. Whatever approach is used, a bank must demonstrate that itsoperational risk measure meets a soundness standard comparable to that of theinternal ratings-based approach for credit risk,(i.e. comparable to a one yearholding period and a 99.9th percentile confidence interval).

The Committee recognizes that the AMA soundness standard provides significantflexibility to banks in the development of an operational risk measurement andmanagement system. However, in the development of these systems, banks must

27


28/37

have and maintain rigorous procedures for operational risk model developmentand independent model validation. Prior to implementation, the Committee willreview evolving industry practices regarding credible and consistent estimates ofpotential operational losses. It will also review accumulated data, and the level ofcapital requirements estimated by the AMA, and may refine its proposals if

appropriate.

Ten Principles

Basel committee has identified the following 10 principles for successful management ofoperational risk:

1. Board of Directors should be aware of major aspects of Operational risk of theorganization as distinct risk category.

2. The Board of directors should ensure that operational management framework ofthe organization provided for effective and comprehensive internal audit.3. Senior management of the organization should consistently implement approved

operational management framework of the organization.4. In all material products, activities, processes and systems, operational risk

contract should be identified and assessed.5. Regular Monitoring system of operational risk profiles and material exposures to

losses should be in place.6. Policies, processes and procedures to control/mitigate operational risk should be

evolved.7. Contingency and business continue plan should be evolved.8. Regulatory Authorities should review periodically about organizations approach

to identify, assess, monitor and control/mitigate operational risk.9. Regulatory authorities may ensure that appropriate mechanisms are put in place to

allow them to remains appraised of position of operational risk management of thesupervised organizations.

10. Adequate public disclosures to be made to enable market participants to assessorganizations approach to operational risk.

Basel II proposals: Banks concerns

The Basel II proposals have indeed agitated the minds of bankers all over the globe. It has

generated a lot of debate and some of the critical concerns are summarized as:

It is felt that quantification of operational risk by taking gross income as proxymay distort the capital requirements. For instance, when a bank incurs huge lossesdue to operational problems, it needs to allocate very little capital towardsoperational risk. In other words, an efficiently performing bank is being taxedwith more capital allocation vis--vis a loss making bank.

28


29/37

It is obvious that an internationally active bank has more exposure to operationalrisk than a domestic-centered bank by virtue of its leaning towards large scalefee-generating activities such as instantaneous payments and transfer of funds,trading in global financial markets on behalf of the clients etc. However, theproposed method of calculating capital charge does not take into consideration the

source of income, its volatility and the level of exposure. Instead, this methodtreats both on par.

Similarly, there is a wide variation in the operational risk exposures of banks byvirtue of their ways of operating in different geographical locations. Hence, theuniform application of Alpha and Beta factors as prescribed under the guidelinesdoes not reflect the accurate requirement of capital coverage.

Some banks have averred that the Beta factors assigned to various lines ofbusiness under the standardized approach are high and are only applicable forbanks having above average exposure to operational risk.

It felt that there are no incentives such as reduction in capital charge, etc., forbanks to move from the basic indicator method to standardized approach, thoughthe qualifying criteria for such switch over calls for significant investment.

The advanced measurement, though it offers a good amount of flexibility to banksin terms off developing risk measurement and management systems and by notprescribing floor capital, is not within the reach of every bank. Hence, this ismore likely to create differences in the minimum capital requirement betweenlarge international banks and small banks operating in domestic markets.

The advance measurement approach mandates a 99.9% confidence interval forrecognizing a model. It is not certain if such a level of confidence could beachieved right now, since no one knows how these models will work. In the lightof this, it is desirable to give certain discretion to the supervisory authority inassessing the soundness of a model.

The guidelines indicate that the banks should use internal data, external data,scenario analysis and other qualitative adjustments to arrive at the capitalallocation under operational risk. However, it is desirable to grant discretion tobanks using whichever data they feel would be more suitable in the given context.

Some banks strongly feel that business strategy, which is a choice of directionto steer towards in future, is in itself highly risk prone and yet it is not captured inthe definitions. They argue that any major change in strategy usually requires achange in the organizational structure, information and control systems, attitudesand the training requirement of staff etc. At times, the very change initiated by theCEO may inflict financial losses by virtue of the alienating the operating stafffrom the proposed change. Failure of strategies, for whatever reasons, in

29


30/37

delivering the intended results lead to lost opportunities. Hence, some bankargues that business strategy must be captured under operational risk.

Operational Risk Policy

It is suggested that first and foremost requirement for each bank is to prepare operationalrisk policy, which would work as the Bible for its identification, measurement,monitoring and control of its operational risk areas. The policy document should inter aliaprovide:

Top management involvement should be on an ongoing basis-operational riskcommittee with top management members must meet at least on a quarterly basisto monitor operational risk areas.

Banks top management assessment (by a study of previous 5/7 years positions) asto the intensity of each component-process/system related vis--vis people related

vis--vis externals event related risk should be on regular basis.

Zone/area wise application of risk component e.g. in some parts of the country,external events related risks may be more than internal process/ system/peoplerelated risk.

What risk mitigates bank would like to have e.g. fidelity insurance for staff,banks property insurance etc.

How frequent manuals of instructions (Book of Instructions) to be updated-ideallyit should be on annual basis.

What specific arrangements for staff skilling / re-skilling are made?

What reward/punishment measures for intentional/deliberate mistakes/frauds arein place?

To what extents banks wishes to outsource technology or exclusively in dealingwith operational risk problem.

As per guidelines of RBI, operational policy document in a bank may take into accountfollowing aspects:

Business areas with the probability of high level of risk and on terms severity ofloss: to be avoided.

30


31/37

Areas of lower level of severity but high probabilities of losses: process andsystem design related problems to be thoroughly checked before taking up suchbusiness.

Small-scale losses with a low degree of probabilities may be accepted on cases to

case basis.

Where probability is low but severity is high, after initiating necessary preventivemeasures e.g. governance, internal control etc. and risk may be accepted.

The above is only indicative. Each bank will have to thoroughly look its businesssegments and operational risk elements and evolve its policy within the framework ofregulatory guidelines.

Operational risk and New Capital Accord: Views of Reserve Bank of India

The scope of new operational risk is measured by the probabilities and impact of theunexpected losses stemming from the deficiency or failure of internal processes, peopleand systems, or from external events. A quantitative assessment requires such losses to bequantified as expected and assumes that probabilities and actual losses can be measured.Complete quantification is difficult in practice. The analysis of the probability and size ofoperational risk is also defeated by the lack of relevant data. One possible way out is tosystematize operational risk and place them in the loss probability and size matrix.

Table 6: Size and probability of unexpected losses

Severity Probability

Low High

Low C B

High D A

For operational risk policy, the following rules result from an analysis of the size andprobability of losses.

Business area with a high like hood and high level of operational risk (Cell A) tobe avoided.

Areas with a low level but high probability of losses (B) are often not perceived asrisk areas, but merely cost-intensive or low quality. In such cases, problemsare frequently to be found in process and system design.

Small-sale losses with a low degree of probability (C) should be accepted if thecost of prevention exceeds the amount of reduction in losses.

31


32/37

The significant operational losses are mostly located where the probability is low, but the severity is high (D). In such cases, preventive measures such asgovernance, internal control and management incentives are most important.

RBI Stresses on Internal Control

Since operational risk is one of the important elements of the new Capital Accord, bankswould be required to stress upon their internal control and systems, particularly towardsclearing backlog in balancing of books to ward off clearing differences and inter-branchand Nostro accounts reconciliation. The progress made by banks in India in reconciliationof clearing differences as well as inter branch and Nostro accounts, which are prone tofrauds, should be closely monitored by banks. It is also imperative that banks makeconcerted efforts to build up appropriate system to reduce the outstandings as early aspossible and also to avoid incidence of fresh outstandings. In order to prevent frauds and

mitigate operational risk arising out of it, bank would be require to strengthen theirinternal systems and procedures and take specific steps, particularly in the followingareas (a) Strictly follows the principles of corporate governance; (b) Adhere to the KYCprinciples; (c) Build robust systems and procedure to prevent fraud; and (d) Strengtheninternal audit and control systems and put in place the accountability process for auditand inspection staff.

Operational Risk and Insurance

Insurance could be used to externalize the risk of potentially low frequency high severity

losses. The Basel draft expresses its readiness to recognize instruments of insurance toreduce capital held against operational risk.

The new accord proposes market disclosure on operational risk through pillar 3. Thewider capital markets which hitherto have rarely priced the embedded operational risk ofbusiness are likely to begin to do so. Banks that are in a strong position will be able,through greater degree of transparency, to apply pressure on less forthcoming competitorsand signal to regulators, the current standards that best reflect good practice.

This is not about the desirability or otherwise of the Basel draft accepting insurance toreduce the regulatory capital held against operational risk but on the bright prospects hat

the insurance industry has, both as a consequence of Basel norms and the generalwillingness of major banks to use insurance products more intensely in their riskmanagement programs.

Risk Mitigation

32


33/37

Under the AMA, a bank will be allowed to recognize the risk mitigating impact ofinsurance in the measures of operational risk used for regulatory minimum capitalrequirements. The recognition of insurance mitigation will be limited to 20% of the totaloperational risk capital charge calculated under the AMA. A banks ability to takeadvantage of such risk mitigation will depend on compliance with the following criteria:

The insurance provider has a minimum claims paying ability rating of A (orequivalent).

The insurance policy must have an initial term of no less than one year. For policies with a residual term of less than one year, the bank must makeappropriate haircuts reflecting the declining residual term of the policy, up to afull 100% haircut for policies with a residual term of 90 days or less.

The insurance policy has a minimum notice period for cancellation of 90 days.

The insurance policy has no exclusions or limitations triggered by supervisoryactions or, in the case of a failed bank, that preclude the bank, receiver orliquidator from recovering for damages suffered or expenses incurred by the bank,except in respect of events occurring after the initiation of receivership orliquidation proceedings in respect of the bank, provided that the insurance policymay exclude any fine, penalty, or punitive damages resulting from supervisoryactions.

The risk mitigation calculations must reflect the banks insurance coverage inmanner that is transparent in its relationship to, and consistent with, the actuallikelihood and impact of loss used in the banks overall determination of its

operational risk capital.

The insurance is provided by a third-party entity. In the case of insurance throughcaptives and affiliates, the exposure has to be laid off to an independent third-party entity, for example through re-insurance that meets the eligibility criteria.

The framework for recognizing insurance is well reasoned and documented.

The bank discloses a description of its use of insurance for the purpose ofmitigating operational risk.

OPERATIONAL RISK MANAGEMENT STANDARDS

The BASEL Committee is offering a range of options for assessing the Pillar 1 capitalcharge for operational risk. An institutions ability to meet specific criteria will determinethe specific capital framework for its operational risk calculation. To the extent they candemonstrate to supervisors increased sophistication and precision in their measurement,

33


34/37

management and control of operational risk, institutions are expected to move into moreadvanced approaches. This will generally result in a reduction of the operational riskcapital requirement.

Pillar 2 is an integral and critical component of the New Basel Capital Accord and

directly complements the Pillar 1 operational risk charge. Pillar 2 is intended not only toensure that banks have adequate capital to support all risks in their business, but also toencourage banks to develop and use better risk management techniques in monitoring,managing and controlling those risks. Pillar 2 strongly emphasises the importance of bankmanagement developing an internal capital assessment process and setting targets forcapital that are commensurate with the banks particular risk profile and controlenvironment. This internal process will be subject to supervisory review and intervention,where appropriate.

The qualitative judgments by supervisors inherent in the Pillar 1 operational riskframework increase the relative importance of the supervisory assessment of a banks

strategies, policies, practices and procedures contemplated under Pillar 2. Thisindependent evaluation of operational risk by supervisors should incorporate a review ofthe following:

The banks particular capital framework for determining its Pillar 1 operational riskcapital charge (i.e. Basic Indicator, Standardised Approach, or Internal MeasurementApproach);

The banks process for assessing overall capital adequacy for operational risk inrelation to its risk profile and its internal capital targets;

The effectiveness of the banks risk management process with respect to operationalrisk exposures;

The banks systems for monitoring and reporting operational risk exposures andother data quality considerations;

The banks procedures for the timely and effective resolution of operational riskexposures and events;

The banks process of internal controls, reviews and audit to ensure the integrity ofthe overall operational risk management process; and

The effectiveness of the banks operational risk mitigation efforts.

Deficiencies identified during the supervisory review may be addressed through a rangeof actions. Supervisors should use the tools most suited to the particular circumstances ofthe bank and its operating environment. Possible supervisory responses include:

Increased monitoring of the banks overall operational risk management and assessmentprocess;

34


35/37

Requiring enhancements to internal measurement techniques;

Requiring improvements in the operational risk control systems and/or personnel;

Requiring the bank to raise additional capital immediately; and

Requiring changes in responsible senior management.

CONCLUSION:

On the basis of the research done, it can be concluded that the Indian Banks are still in the preparatory phase of implementing Basel II. Most of the banks are confident inimplementing it by March 31, 2009. A major number of banks expressed that Datacollection and IT infrastructure are the biggest challenges in preparing the Basel IIroadmap. Most of the banks use Standardized approach to measure the operational riskwhich is more sophisticated than the Basic Indicator approach.

Moreover, the regulatory framework for the Indian banks has failed in supporting thesebanks with their preparedness of implementing Basel II.

35


36/37

REFERENCES:

Risk Management in Banking by Joel Bessis

Risk Management in Banks ICFAI Vision Press

The Journal of Banking and Finance

Reading materials by BCBS

ICMR Books

www.bis.orgwww.rbi.gov.inwww.erisk.comwww.riskglossary.comwww.ronalddomingues.com

36
http://www.bis.org/http://www.rbi.gov.in/http://www.erisk.com/http://www.riskglossary.com/http://www.ronalddomingues.com/http://www.bis.org/http://www.rbi.gov.in/http://www.erisk.com/http://www.riskglossary.com/http://www.ronalddomingues.com/


37/37

www.cmie.comwww.google.comwww.indiainfoline.comwww.fsa.gov.comhttp://www.bis.org/publ/bcbs107.htm

http://www.sungard.com/basel_ii/solutions/oprisk.htm
http://www.cmie.com/http://www.google.com/http://www.indiainfoline.com/http://www.fsa.gov.com/http://www.bis.org/publ/bcbs107.htmhttp://www.sungard.com/basel_ii/solutions/oprisk.htmhttp://www.cmie.com/http://www.google.com/http://www.indiainfoline.com/http://www.fsa.gov.com/http://www.bis.org/publ/bcbs107.htmhttp://www.sungard.com/basel_ii/solutions/oprisk.htm

final report - jigar

Documents