Home » News » Finance » SBP issues guidelines on risk management

SBP issues guidelines on risk management

KARACHI (August 16 2003) : The State Bank of Pakistan (SBP) on Friday has issued guidelines to banks and Development Financial Institutions (DFIs) on Risk Management and asked all banks to provide progress report at the end of each half year.

The guidelines have been finalised by the State Bank after taking into account the views and comments received from the concerned quarters.

These risk management guidelines, organised by corresponding risk category, are designed to provide an overview of actions financial institutions may take, and consequently, are not intended to detail every control procedure that might be put in place.

“These guidelines contain best practices and principles that banks are encouraged to follow according to their size, structure and diversification of activities and initially may not be construed as rules and regulation requiring strict compliance,” said a circular issued by the State Bank.

However, SBP would actively watch the progress that banks will be making in achieving a robust risk management framework in the light of these guidelines.

The adoption of these guidelines will also facilitate the banks in their preparation for the implementation of New Basel Capital Accord in due course.

Once the New Basel Accord is introduced in Pakistan, these guidelines will converge with the requirement of the Accord and will become enforceable regulation.

The State Bank has asked the banks to communicate to its Banking Supervision Department (BSD) the measures taken by them for implementation of these guidelines in the form of a half yearly progress report within 30 days from the end of each calendar half year ie 30th June and 31st December of each year.

The first such report should be submitted to the BSD for the half year ending 31st December 2003.

The State Bank's inspection teams would conduct on-site verification of the progress so reported during their routine inspection.

GUIDELINES ON RISK MANAGEMENT: As you are well aware the financial institutions are exposed to various risks in pursuit of their business objectives; the nature and complexity of which has changed rapidly over time.

The failure to adequately manage these risks exposes financial institutions not only to business losses, but may also render them unsuccessful in achieving their strategic business objectives.

In the worst case, inadequate risk management may result in circumstances so catastrophic in nature that financial institutions cannot remain in business.

2) Although rapid developments are taking place internationally in this area, our banks have yet to come out with a solid framework for risk management.

Some of the banks have made progress in this area, but they differ significantly in relation to the expertise, and the sophistication of systems in place for risk management. In some financial institutions, it has been considered primarily in an operational sense, while others practice a more structured approach towards risk management.

3) In view of the forgoing and coincidental to global recognition towards need of an effective risk management and control systems in financial sector, State Bank of Pakistan being cognisant of the importance of the subject, has prepared guidelines on Risk Management by banks/DFIs, which are attached.

These guidelines, organised by risk category, are designed to provide an overview of actions financial institutions may take, and consequently, are not intended to detail every control procedure that might be put in place.

4) The guidelines contain a brief introduction to risk management and a detailed elaboration of major risks that financial institutions may be exposed to.

Risk Management encompasses risk identification, assessment, measurement, monitoring and mitigating/controlling all risks inherent in the business of banking. The basic principles relating to risk management that are applicable to every financial institution, irrespective of its size and complexity, include:

i) The overall responsibility of risk management vests in the Board of Directors, which shall formulate policies in various areas of operations of the bank.

The senior management is, interalia, responsible for devising risk management strategy and well-defined policies and procedures for mitigating/controlling risks, which should be duly approved by the Board.

The senior management is also responsible for the dissemination, implementation, and compliance of approved policies and procedures.

ii) At operational level, risk assessment may be made on portfolio or business line basis, however, at the top level the management need to adopt a holistic approach in assessing and managing risk profile of the bank.

iii) Irrespective of a separate risk review or management function individuals heading various business lines or units are also accountable for the risk they are taking.

iv) Wherever possible risks should be quantitatively measured, reported, and mitigated.

v) The risk review function should be independent of those who approve and take risk. The review should include, interalia, stress tests exposing the portfolio to unanticipated movements in key variables or major systemic shocks.

vi) Banks should have contingency plans for any unexpected or worst case scenarios.

5) The major risks to which the financial institutions can be exposed to include credit, market, liquidity, and operational risks. While the detailed guidelines for identifying, measuring, monitoring, and mitigating /controlling these risks are attached, a brief description of the same is given hereunder:

i) Historically, Credit Risk has been the risk causing major losses to banks operating in Pakistan.

The Board of Directors is responsible for formulating a well-defined Credit Policy.

The senior management needs to develop policies, systems and procedures and establish an organisational structure to measure, monitor and control credit risk, which should also be duly approved by the board.

The bank should also put in place a well-designed credit risk management set-up commensurate with the size and complexity of their credit portfolio.

The loan origination function is of key importance, which necessitates the need for proper analysis of borrower's creditworthiness and financial health.

This aspect is reinforced by credit administration function that not only ensures the activities conform to bank's policies and procedures, but also maintains credit files, loan documents and monitors compliance of loan covenants.

The banks are encouraged to assign internal credit ratings to individual credit exposures.

The architecture of such a rating system may vary among banks.

The loan portfolio should be monitored regularly and a report prepared at periodic intervals both for the aggregate as well as sectoral and individual loan level.

Finally, banks are required to formulate a strategy/action plan to deal with problem loans.

ii) Market risk is the possibility of loss due to adverse movement in the interest rates, foreign exchange rates, commodity prices or equity prices.

Notwithstanding the fact that the board and senior management should develop the bank's strategy and transform those strategies by establishing policies and procedures for market risk management, a robust risk management framework is an important element to manage market risk.

Such a framework includes an organisational set-up commensurate with the size and nature of business and system and procedures for measurement, monitoring and mitigating/controlling market risks.

Ideally, the hierarchical structure includes an ALCO (Asset Liability Committee) headed by the CEO of the bank, which may provide updates to Board of Directors' Sub-committee on Risk Management. Further, banks should establish a mid office between front office and back office functions.

This unit should manage risks relating to treasury operations and report directly to senior management.

There is a vast array of methodologies to measure Market risk, ranging from static gap analysis to sophisticated risk models. Banks may adopt various techniques to measure market risk, as they deem fit.

Finally, the banks should ensure that they have adequate control mechanisms and appropriate set-up such as periodic risk reviews/audits, etc to monitor market risk.

iii) Liquidity risk is the possibility of loss due to bank's inability to fund their commitments without incurring unacceptable costs.

As the impact of such risk could be catastrophic, the senior management needs to establish a mechanism to identify, measure and mitigate/control liquidity risk.

The senior management should also establish an effective organisational structure to continuously monitor bank's liquidity. Generally, the bank's board constitutes a committee of senior management known as ALCO to undertake the function.

Key elements of sound liquidity management process include an effective MIS, risk limits and contingency funding plan.

iv) Operational risk is the risk of loss due to inadequate or failed internal processes, procedures, systems and controls or from external events. Besides establishing a tolerance level for operational risk, the BOD needs to ensure that the senior management has put in place adequate systems, procedures and controls for all significant areas of operations.

Further, the management of the bank should effectively communicate laid down procedures/guidelines down the line and put in place a reasonable set-up to implement the same.

6) Banks are encouraged to put in place an effective risk management strategy based on the attached guidelines.

These guidelines are flexible in the sense that banks can adapt them in line with the size and complexity of their business, as against the Prudential Regulations which need to be fully complied with at all times, for every transaction, both in letter and spirit.

The adoption of these guidelines will also facilitate the banks in their preparation for the implementation of New Basel Capital Accord in due course.

Once the New Basel Accord is introduced in Pakistan, these guidelines will converge with the requirement of the Accord and will become enforceable regulation.

The banks are, therefore, encouraged to take necessary steps for their implementation.

The banks are also expected to provide necessary training to their concerned staff in risk management through Institute of Bankers or other training institutions/experts having expertise in this area.

The measures taken by the banks for implementation of these guidelines will be communicated to this Department in the form of a half yearly progress report within 30 days from the end of each calendar half year ie 30th June and 31st December of each year.

The first such report shall be submitted for the half year ending 31st December 2003.

The State Bank's inspection team shall conduct on-site verification of the progress so reported during their routine inspection.

Leave a Reply