Risk in Banking: An inevitable thing that need to be mitigated not avoided

As we all know that the banking is a business of trust where we are dealing with public money with utmost care and earn the profit which makes the bank afloat. Risk is involved in every business decision of banking be it fund based decision, Non-fund-based decision, Financial decision or Non-financial decision. Risk goes hand in hand which we can not separate from banking. The profit of a bank depends on the risk management of the bank as the better risk management gives better financial result and on the other hand the bad risk management put the bank on risk and some time that may become the reason of having huge loss to the bank. The recent crisis of Yes Bank, PMC Bank etc. have shown the severity of risk management.

If we define Risk in a simple language we can say that the Risk is the probability of happening some thing bad which is not expected or desired. It means that the risk implies future uncertainty about deviation from expected outcome. Bank being a financial intermediary is exposed to various risks, primarily Credit risk, Market risk, Liquidity risk, Operational risk, Technology risk, compliance risk, Legal risk and Reputational risk. Every bank is committed to managing all the material risks and participating in opportunities as part of the strategic approach of risk calibrated growth in core operating profit with a less scope of provisions.

Major Risks which the Bank Faces:

Risks are part and parcel of the banking business which every bank faces and mitigates them with its laid down guidelines and policies in the broad framework of Reserve Bank of India. The major risks which the bank faces are:

Operational Risk: The risk which arises due to inadequate or failed internal processes, people and systems or from any external events. Major activities that comes under operational risk are Internal fraud, External fraud, Employment practices and workplace safety, Clients, Products and Processes, Damage to Physical assets of the bank, Execution and delivery of services etc.

Credit Risk:  Credit risk refers to the probability of financial loss arises due to borrowers not repaying their loans as per agreed terms and conditions accepted by them during sanction. Interruption in repayment of loan be it principal or interest, decreases the cash flow and increases the cost of collection for the bank. Major credit risks that come in banking businesses are Credit default risk, Concentration risk, Country risk, Settlement risk, Bankruptcy risk etc.

Market Risk: Market risk refers to the risk of losses arises due to adverse price movements of an investment. It is generally arising due to changes in interest rate, exchange rates, Geopolitical events or recession. Major Market risk which bank generally faces are Interest rate risk, Equity risk, Commodity risk and Currency risk etc.

Legal Risk: Legal risk is a risk of financial or reputational loss that can result from lack of awareness or misunderstanding of the way law and regulation apply to the banking businesses. It has close relationship with banking Products and services and its processes. The major legal risks are Disputes between bank and customers, Corporate Legal claims, Law suit against management etc.

Technology Risk: Technology risk in bank refers to the probability and potential of disruption in banking business due to failure of technology or cyberattacks. The major technology related risks are Cyberattacks, Hacking of software, Data storage, Data breaches etc.

Liquidity Risk: Liquidity risk refers to inability of a bank to meet its cash and collateral obligations, be it real or perceived. Three types of liquidity risk which arises in banking due to poor risk management are Central bank liquidity requirement risk, Market liquidity requirement risk and funding liquidity requirement risk.

Compliance Risk: Compliance risk in bank refers to the risk of regulatory sanctions, financial loss or damage to reputation which may arise from bank’s failures to comply with laws, regulations and industry standard to the sector. Anti-Money laundering violations, Customer KYC and Due diligence failures, Consumer protection violation and Data privacy and cyber security breaches are the major examples of compliance risk.

Strategies adopted by Banks for Risk Mitigation:

Risk mitigation in bank is a dynamic function which is very important and crucial. No bank can run without accepting risk and its proper mitigation. Every business decision in banking carries risk, but it does not mean that we have to avoid risk in our decision making rather we have to mitigate risk in the best possible way that make profit for the bank. It is common saying where risk is more profit is more so in the case of bank where we take more risk charge more spread on loan. Bank is adopting the following strategies to mitigate the risk in the best possible way:

Formation of operational risk mitigation committee: Bank is forming operational risk mitigation committee to look after the various activities associated to operational risk. They make the clear policy and procedure guidelines for doing the various banking business. They go through the various regulatory requirement and make it sure that the bank comply with all types of regulatory requirements with no exception.

Issuance of Credit Policy and Formation of credit Risk committee: Credit is one of the core businesses of a bank and the quality of credit determines the future of bank. To mitigate the credit risk, the bank is issuing Credit policy and reviewing the policy every year to make the necessary changes as per the available strength and weaknesses in the micro and macro economies. Credit committee reviews the development in key industrial sectors, major credit portfolios of the bank and approve the proposal as per the exposure limit fixed by the bank in different sectors. Apart from theseCredit risk-based pricing, Risk rating, Portfolio management, Diversification of loan, formingLoan review mechanism etc. are the other techniques to deal with the credit risk in bank.

Fixing of prudential exposures cap for Money Market operation: Market risk is a very dynamic and fast changing risk which changes on every minute. Market risk is closely associated with money market operation of the bank which dealt with interest rate risk, currency risk and price risk. To mitigate the market risk in proper way the bank fixes the cap for capital market exposures, interbank borrowings and fixing prudential limit for every sector. Apart from this bank is also using risk mitigation instrument of the market.

Conservation of capital for mitigation of Liquidity risk: Capital is required for every business and there is no exception for banking business too. Capital is very crucial to absorb any unpredicted and undesired shock in the banking business. To mitigate the liquidity risk, the bank conserves the capital and follow the BASEL rules (BASEL-I, BASEL-II and BASEL-III) of capital requirement and capital conservation. Apart from this the bank is also maintaining the LCR and NSFR for better and strong mitigation of liquidity risk.

Formation of information technology strategy committee: To mitigate the risk related to information technology the bank approves the IT policy to ensure that the IT strategy is aligned with business strategy. The information technology strategies committee regularly reviews the IT risks, and ensure the proper balance of IT investments for sustaining the bank’s growth. It also oversees the activity of Digital Council, review technology from a future readiness perspective, and oversees key projects progress and critical IT system performance and review of special IT initiatives.

Making Cyber Security Governance: Cyber risks management is an integral part of Bank’s risk management framework for which every bank is committed to work towards aligning itself with everchanging threat landscape. The Bank makes an information and cybersecurity governance framework consisting of leadership, organizational structures and processes that help them in mitigation of growing cyber security threat.

Participation in external cyberattack simulations:Now a days with increasing use of technology in banking the fear of cyberattack is mounting and becoming the risk factor for the bank. To mitigate this risk every bank conducts several cybersecurity attack simulation drills such as spear phishing drills on employees, DDoS (Distributed Denial of service) for internal service providers, Social engineering- based attacks on staff of data center to gain physical access etc. and by this way bank analyses the loop holes available on regular interval and take the necessary corrective action fast for continuous and smooth functioning of banking processes.

Formation of Audit and Compliance committee: Compliance and Audit function in bank is very crucial and important for the risk mitigation as this is the department which oversees all the functioning of bank and monitor on daily basis. If any irregularities found, the department caution the concerned people and take the corrective action on real time basis. Compliance consists of both internal compliance as well as regulatory compliance. This department oversees all the requirement of regulatory compliances and save the bank with any abnormal shock. Apart from this the audit committee provides direction to the audit function and monitor the quality of internal and statutory audit. They ensure fairness, sufficiency, and credibility of financial statements too.

Conclusion:

With the above discussion, we find that the risk is an integral part in banking which always go hand in hand in banking business. To mitigate the risk to the best possible ways every bank comes up with a robust risk management policy and form a risk management committee which oversees all the risk related regulatory as well as general compliances. The functions of risk management committee also include setting limit for industry and country exposures, Review the bank enterprise risk management framework, Risk appetite frame work,Stress testing framework, Internal Capital adequacy assessment process and framework for capital allocation, Review the implementation of BASEL implementation, Preparing the risk dashboard covering various risks, keeping eye watch on outsourcing activities and the activities of the Assets Liabilities management committee.

With increasing use of technology in banking to boost the digitization and automation processes for the customers, bank is always facing the threat of cyber attacks and due to this ensuring effective management and governance of data has become a critical work for the bank for cyber risk mitigation. Bank adopts various strategies to combat the risk sometimes bank accept and retain the risk whereas sometime they share the risk by diversifying or transferring the risk to other by paying premium. The profitability of a bank depends on risk mitigation as it reduces the requirement of provisions for bank. Thus, we can say that the risk is an integral part of banking which bank needs to mitigate not avoid as the avoidance of risk never gives the better result to the bank.