Institute for Development and Research in

Banking Technology
Keynote Address by K. Cherian Varghese, Chairman & Managing Director,
Union Bank of India, at the Conference of Business Heads of Banks,
IDRBT, Hyderabad on October 05, 2005

Risk Management and Basel II Compliance

I am delighted to see that IDRBT, which is an institute for promoting

banking technology, has thought of having sessions on preparing for
Risk Management and Basel II compliance. The relevance of technology
to assist banks in managing risks and ensuring regulatory compliance is
being increasingly understood by banks. I compliment IDRBT for taking
the initiative in this direction to reinforce the efforts taken by the
banking system.

2.1 The Core business of a bank is to mobilize deposits and lend the
funds to those who can repay. The difference in interest paid to the
depositor and that collected from the borrower should take care of the
bank’s long-term sustainability after providing for default in
repayment by borrowers. Banks also have assets in the form of
investments. Even if credit risk in respect of an investment like a
Central Government Security may be assumed to be nil, there is a
possibility of market risk because of the change in the price of the
security on account of interest rate movements. In respect of
investment in commodities or foreign exchange exposures also, there
is inherent market risk because of price fluctuation. Banks also
undertake a number of services apart from the mainline function of
taking deposits and giving loans. Operational risk in respect of
activities undertaken may also result in losses. Thus banks are exposed

1
to credit risk, market risk and operational risk in respect of their
business.

2.2 If the earnings and realization of assets are not adequate to meet
the obligations of a bank, there has to be a cushion to absorb the
losses. This cushion has to be provided in the form of capital.

3.1 There were bank failures in Europe and the need to protect
depositors and the financial system from disastrous developments was
keenly felt by the international community. Bank for International
Settlements (BIS) based at Basel took the initiative in putting in place
adequate safeguards against bank failures with the co-operation of
central banks across the globe.

3.2 The first initiative from BIS came in the form of Basel I accord with
over 100 central banks in different countries accepting the
benchmarks stipulated under the agreement. It was agreed that a
minimum capital of 8 percent of risk weighted assets would be
maintained by banks. Different risk weights were assigned for
specified categories of exposure. For example, Government securities
carried zero risk weight while for corporate exposures, it was 100
percent. The norms were very simple and rudimentary but a good
beginning was made. In India, Reserve Bank of India stipulated a
minimum capital adequacy of 9 percent and it goes to the credit of
both the central bank and the Indian banking fraternity that the
regulatory capital requirement was met by the banking system.

4. Basel I stipulated a single rate of capital adequacy for credit risk

irrespective of the degree of risk within that category. As a result,
there was no incentive in respect of capital for a high quality credit
portfolio. It also did not adequately address risks involved in increasing

2
use of financial innovations like securitisation of assets and derivatives
and the credit risk inherent in these developments. Attention was also
not given to recognize operational risk.

5.1 Basel II has made a more comprehensive approach to manage risks

for the banking system. It captures the risk on a consolidated basis for
internationally active banks. Banking, Securities and other financial
subsidiaries are consolidated to reckon capital requirements. The
framework encompasses all the entities in a banking group. It tries to
ensure that the capital recognized in capital adequacy measures
provides adequate protection to depositors.

5.2 Basel II adopts a three pillar approach to risk management.

Under Pillar 1 minimum capital requirements are stipulated for credit
risk, market risk and operational risk.
Pillar 2 deals with supervisory review process by the central bank.
Pillar 3 underlines the need for market discipline and disclosures
required thereunder.

5.3 Pillar 1 stipulates the following options for assigning capital to

meet credit risk:
1. Standardised Approach
2. Internal Rating Based (IRB) Approach
3. Advanced IRB Approach.
5.3.1 Standardised Approach.
Banks may use external credit ratings by institutions recognized
for the purpose by the central bank for determining the risk weight.
Exposure on sovereigns and their central banks could vary from zero
percent to 150 percent depending on credit assessment from ‘AAA’ to
below B- . Similarly, exposure on public sector entities, multilateral
development banks, other banks, securities firms and corporates also

3
may have risk weights from 20 percent to 150 percent. Exposure on
retail portfolio may carry risk weight of 75 percent. While Basel II
stipulates minimum capital requirement of 8 percent on risk weighted
assets, India has prescribed 9 percent. Under Basel II exposure on a
corporate with ‘AAA’ rating will have a risk weight of only 20 percent.
This implies that for Rs. 100 crore exposure on a ‘AAA’ rated corporate
the capital adequacy will be only Rs.1.8 crore (100 x 20% x 9%)
compared to the earlier requirement of Rs. 9 crore. However, claims
on a corporate with below BB- rating will carry a risk weight of 150
percent and the capital requirement will be Rs.13.50 crore (100 x 150%
x 9%). Thus, a bank with a credit portfolio with superior rating may be
able to save capital while banks having lower rated credit exposure
will have to mobilize more capital. Risk weights can go beyond 150
percent in respect of exposures with low rating. For example,
securitisation tranches with rating between BB+ and BB- may carry risk
weight of 350 percent. In order to adopt standardized approach, banks
will have to encourage their corporate customers to go in for ‘obligor
rating’ and get themselves rated. The central bank has to accredit
External Credit Assessment Institutions (ECAI) who satisfy defined
criteria of objectivity, independence, international access,
transparency, disclosure, resources and credibility.

5.3.2 Internal Ratings Based (IRB) Approach: Foundation and Advanced

Approach.
Banks, which have developed reliable Management Information System
(MIS) and have received the approval of the central bank can use the
IRB approach to measure credit risk on their own. The bank should
have reliable data on Probability of Default (PD), Loss Given Default
(LGD), Exposure at Default (EAD) and effective maturity (M) to make
use of IRB approach. Minimum requirements to adopt the IRB
approach are:

4
 1. Bank’s overall Credit Risk management practices must be
consistent with the sound practice guidelines issued by the
Basel committee and the National Supervisor.
2. Rating dimensions to include both Borrower Rating and
Facility Rating and has to be applied to all asset classes.
3. The Rating Structure adopted need to have minimum 7
grades of performing borrowers and a minimum 1 Grade of
non-performing borrowers and Enough grades to avoid undue
concentrations of borrowers in particular grades.
4. Criteria of Rating Systems to be documented and have the
ability to differentiate risk, predictive and discriminatory
power.
5. Assessment Horizon for PD estimation to be 1 year
6. Use of models to be coupled with the use of human
judgement and oversight.
7. Rating Assignment and Rating Confirmation to be
independent.
8. The PD to be a long run average over an entire economic
cycle (at least 5 years)
9. Banks should have confidence in the robustness of PD
estimates and the underlying statistical analysis.
10.Data collection and IT systems to improve the predictive
power of rating systems and PD estimates.
11.Validation of internal Rating systems/ Models by the
Supervisor.
12.Streamlining use of credit risk mitigants and ensuring legal
certainty of executed documents.
Under foundation approach banks provide more of their own estimates
of PD and rely on supervisory estimates for other risk components. In
the case of advanced approach banks provide more of their own

5
estimate of PD, LGD, EAD and M, subject to meeting minimum
stipulated standards.

5.3.3. Market Risk:

A bank’s investment portfolio is impacted by the fluctuation in
prices of securities. Even in respect of sovereign exposure there will
be change in market price because of interest rate movements. When
the prices of securities are marked to market, a bank may incur loss if
the prices have declined. Change in interest rates, foreign exchange
rates and prices of equity, corporate debt instruments and
commodities may involve market risk for the bank. Mismatches in
interest rates on assets and liabilities may also entail risk for the bank.
The investment portfolio has to be divided into the trading book and
the banking book. While the trading book has to be valued on a daily
basis on mark to market basis, for the banking book, there should be
frequent assessment of shock absorption capacity of the portfolio to
interest rate movements.

5.3.4. Operational Risk:

A bank also encounters risks other than on account of default by
a third party or adverse market rate movements. These risks can be
attributed to failed internal systems, processes, people and external
events. Mistakes committed because of weak internal systems may
lead to losses. Frauds may be committed on the bank by some
customers, outsiders and even by employees. If a proper KYC system is
not in place, a bank may be exposed to loss of money and reputation
in a punitive action by the regulators. To minimize operational risks
Know your Employee (KYE) principles are also to be observed before
employees are entrusted with sensitive assignments.

6
5.3.5. Pillar 1 envisages that banks assess credit risk, market risk and
operational risk and provide for adequate capital to cover the risks.

6. Pillar 2: Supervisory Review Process.

Compliance of requirements under Pillar 1 and providing adequate
capital alone may not be enough to prevent bank failures and to
protect the interests of depositors. Therefore, under Pillar 2 which
deals with key principles of supervisory review, risk management
guidance and supervisory transparency and accountability with respect
to banking risks, including guidance relating to the treatment of
interest rate risk in the banking book, credit risk (stress testing,
definition of default, residual risk and credit concentration risk),
operational risk, enhanced cross border communication and co-
operation and securitisation, supervisors are expected to evaluate how
well banks are assessing their capital needs relative to their risks and
to intervene where appropriate. This interaction is intended to foster
an active dialogue between banks and supervisors so that when
deficiencies are identified, prompt and decisive action can be taken to
reduce risk or restore capital. Supervisors may focus more intensely on
banks with risk profiles or operational experience, which warrants
such attention. There are the following four main areas to be treated
under Pillar 2:

1. Risks considered under Pillar 1 that are not fully captured by

Pillar 1 process (e.g credit concentration risk);
2. Those factors not taken into account by Pillar 1 process (e.g.
interest rate risk in the banking book, business and strategic
risk).
3. Factors external to the bank (e.g. business cycle effects).

7
 4. Assessment of compliance with minimum standards and
disclosure requirements of the more advanced methods
under Pillar 1.
Supervisors have to ensure that these requirements are being met both
as qualifying criteria and on a continuing basis.
6.1 The four key principles of supervisory review are:

Principle 1: Banks should have a process for assessing their overall

capital adequacy in relation to their risk profile and a strategy for
maintaining their capital levels.
The five main features of a rigorous process are as follows:
1. Board and senior management oversight;
2. Sound capital assessment;
3. Comprehensive assessment of risks;
4. Monitoring and reporting; and
5. Internal control review.

Principle 2: Supervisors should review and evaluate banks’ internal

capital adequacy assessments and strategies, as well as their ability to
monitor and ensure their compliance with regulatory capital ratios.
Supervisors should take appropriate supervisory action if they are not
satisfied with the result of this process.

Principle 3: Supervisors should expect banks to operate above the

minimum regulatory capital ratios and should have the ability to
require banks to hold capital in excess of the minimum.

Principle 4: Supervisors should seek to intervene at an early stage to

prevent capital from falling below the minimum levels required to
support the risk characteristics of a particular bank and should require
rapid remedial action if capital is not maintained or restored.

8
6.2 Reserve Bank of India has implemented the risk-based supervision
and has made a good beginning in implementation of the guidelines
under Pillar 2. Internal inspections of banks in India are also tuned
more towards risk-based audit.

7.Pillar 3 – Market Discipline.

Disclosure requirements are stipulated for banks to encourage market
discipline. This will help the market participants to assess the
information on capital, risk exposures, risk assessment processes and
capital adequacy of the bank. Such disclosures are more important in
the case of banks, which are permitted to rely on internal
methodologies giving them more discretion in assessing capital
requirements. Market discipline supplements regulation as sharing of
information facilitates assessment of the bank by others including
investors, analysts, customers, other banks and rating agencies. It also
leads to good corporate governance. Supervisors can stipulate the
minimum disclosures to be made by banks. Banks can also have Board
approved policies on disclosure. A transparent organization may create
more confidence in the investors, customers and counter parties with
whom the bank has dealings. It would also be easier for such banks to
attract more capital.

8. All the requirements under the three Pillars of Basel II can be met
only if banks have a robust and reliable MIS. Technology therefore
plays a crucial role in implementation of Basel II. Beyond Core Banking
which facilitates networking of branches to put through customer
transactions with ease and speed, technology should be able to play a
supportive role in enabling banks to access and use data in a
meaningful manner so that the demands of Basel II can be met in a
cost effective manner. Reliance on internal methodologies will save

9
cost and provide greater discretion to banks to make assessment of
capital requirements. Capital is a very scarce resource and it needs to
be put to optimum use. As per present norms, tier II capital can be
only 100 percent of Tier I capital. The stipulation of minimum
Government holding of 51 percent poses challenges for public sector
banks in raising tier I capital. India may have to find a solution to this
issue by asking for acceptance of new instruments as tier I capital. In
the context of the very robust growth in credit, which supports a
buoyant economy, more capital becomes indispensable for the Indian
banking system. And compliance of Basel II norms will help Indian
banks adopt best international practices, enable them to have a larger
global presence and attract capital even from abroad.

_____________________________________________________________

Keynote address on Risk Management and Basel II Compliance by K.Cherian Varghese,

Chairman & Managing Director, Union Bank of India, at the Conference of Business
Heads of Banks at the Institute for Development and Research in Banking
Technology, Hyderabad, on 4th October 2005.

10