Circulars/Notifications - Circulars/Notifications    

 BSD Circular No.07
August 15, 2003 

The Presidents/ Chief Executives

All Banks/DFIs

Guidelines on Risk Management

As you are well aware the financial institutions are exposed to various risks in pursuit of their business objectives; the nature and complexity of which has changed rapidly over time. The failure to adequately manage these risks exposes financial institutions not only to business losses, but may also render them unsuccessful in achieving their strategic business objectives. In the worst case, inadequate risk management may result in circumstances so catastrophic in nature that financial institutions cannot remain in business.

 2)            Although rapid developments are taking place internationally in this area, our banks have yet to come out with a solid framework for risk management. Some of the banks have made progress in this area, but they differ significantly in relation to the expertise, and the sophistication of systems in place for risk management. In some financial institutions, it has been considered primarily in an operational sense, while others practice a more structured approach towards risk management.

 3)         In view of the forgoing and coincidental to global recognition towards need of an effective risk management and control systems in financial sector, State Bank of Pakistan being cognizant of the importance of the subject, has prepared guidelines on Risk Management by banks/DFIs, which are attached. These guidelines, organized by risk category, are designed to provide an overview of actions financial institutions may take, and consequently, are not intended to detail every control procedure that might be put in place.

 4)         The guidelines contain a brief introduction to risk management and a detailed elaboration of major risks that financial institutions may be exposed to. Risk Management encompasses risk identification, assessment, measurement, monitoring and mitigating/controlling all risks inherent in the business of banking. The basic principles relating to risk management that are applicable to every financial institution, irrespective of its size and complexity, include: 

        i)            The overall responsibility of risk management vests in the Board of Directors, which shall formulate policies in various areas of operations of the bank. The senior management is, interalia, responsible for devising risk management strategy and well-defined policies and procedures for mitigating/controlling risks, which should be duly approved by the Board. The senior management is also responsible for the dissemination, implementation, and compliance of approved policies and procedures. 

      ii)            At operational level, risk assessment may be made on portfolio or business line basis, however, at the top level the management need to adopt a holistic approach in assessing and managing risk profile of the bank. 

    iii)            Irrespective of a separate risk review or management function individuals heading various business lines or units are also accountable for the risk they are taking. 

    iv)            Wherever possible risks should be quantitatively measured, reported, and mitigated.

       v)            The risk review function should be independent of those who approve and take risk. The review should include, interalia, stress tests exposing the portfolio to unanticipated movements in key variables or major systemic shocks. 

    vi)            Banks should have contingency plans for any unexpected or worst case scenarios. 

5)         The major risks to which the financial institutions can be exposed to include credit, market, liquidity, and operational risks. While the detailed guidelines for identifying, measuring, monitoring, and mitigating /controlling these risks are attached, a brief description of the same is given hereunder:

         i)            Historically, Credit Risk has been the risk causing major losses to banks operating in Pakistan. The Board of Directors is responsible for formulating a well-defined Credit Policy. The senior management needs to develop policies, systems and procedures and establish an organizational structure to measure, monitor and control credit risk, which should also be duly approved by the board. The bank should also put in place a well-designed credit risk management setup commensurate with the size and complexity of their credit portfolio. The loan origination function is of key importance, which necessitates the need for proper analysis of borrower’s creditworthiness and financial health. This aspect is reinforced by credit administration function that not only ensures the activities conform to bank’s policies and procedures, but also maintains credit files, loan documents and monitors compliance of loan covenants. The banks are encouraged to assign internal credit ratings to individual credit exposures. The architecture of such a rating system may vary among banks. The loan portfolio should be monitored regularly and a report prepared at periodic intervals both for the aggregate as well as sectoral and individual loan level. Finally, banks are required to formulate a strategy / action plan to deal with problem loans.

       ii)            Market risk is the possibility of loss due to adverse movement in the interest rates, foreign exchange rates, commodity prices or equity prices. Notwithstanding the fact that the board and senior management should develop the bank’s strategy and transform those strategies by establishing policies and procedures for market risk management, a robust risk management framework is an important element to manage market risk. Such a framework includes an organizational setup commensurate with the size and nature of business and system and procedures for measurement, monitoring and mitigating/controlling market risks. Ideally, the hierarchical structure includes an ALCO (Asset Liability Committee) headed by the CEO of the bank, which may provide updates to Board of Directors’ Sub-committee on Risk Management. Further, banks should establish a mid office between front office and back office functions. This unit should manage risks relating to treasury operations and report directly to senior management. There is a vast array of methodologies to measure Market risk, ranging from static gap analysis to sophisticated risk models. Banks may adopt various techniques to measure market risk, as they deem fit. Finally, the banks should ensure that they have adequate control mechanisms and appropriate setup such as periodic risk reviews / audits etc to monitor market risk.   

    iii)            Liquidity risk is the possibility of loss due to bank’s inability to fund their commitments without incurring unacceptable costs. As the impact of such risk could be catastrophic, the senior management needs to establish a mechanism to identify, measure and mitigate/control liquidity risk. The senior management should also establish an effective organizational structure to continuously monitor bank’s liquidity. Generally, the bank’s board constitutes a committee of senior management known as ALCO to undertake the function. Key elements of sound liquidity management process include an effective MIS, risk limits and contingency funding plan.

 

    iv)            Operational risk is the risk of loss due to inadequate or failed internal processes, procedures, systems and controls or from external events.  Besides establishing a tolerance level for operational risk, the BOD needs to ensure that the senior management has put in place adequate systems, procedures and controls for all significant areas of operations. Further, the management of the bank should effectively communicate laid down procedures / guidelines down the line and put in place a reasonable set up to implement the same.

 6)         Banks are encouraged to put in place an effective risk management strategy based on the attached guidelines. These guidelines are flexible in the sense that banks can adapt them in line with the size and complexity of their business, as against the Prudential Regulations which need to be fully complied with at all times, for every transaction, both in letter and spirit. The adoption of these guidelines will also facilitate the banks in their preparation for the implementation of New Basel Capital Accord in due course. Once the New Basel Accord is introduced in Pakistan, these guidelines will converge with the requirement of the Accord and will become enforceable regulation. The banks are, therefore, encouraged to take necessary steps for their implementation. The banks are also expected to provide necessary training to their concerned staff in risk management through Institute of Bankers or other training institutions / experts having expertise in this area.

 7).                The measures taken by the banks for implementation of these guidelines will be communicated to this Department in the form of a half yearly progress report within 30 days from the end of each calendar half year i.e. 30th June and 31st December of each year. The first such report shall be submitted for the half year ending 31st December 2003. The State Bank’s inspection team shall conduct on-site verification of the progress so reported during their routine inspection.

Please acknowledge receipt. 

Encl: As Above
Yours faithfully,
(Jameel Ahmad)
Director

Back to Circular Page / Home Page

 
       
Home
About SBP
Publications
Economic Data
Press Releases
Circulars/Notifications
Laws, Legislations & Regulations
Monetary Policy
Help Desk
SBP Videos
Feedback
Contact us
What's New?
Speeches
Online Tenders
Web Links

Educational Resources
Regulatory Returns
Library
Rupey ko Pehchano
Events
Zahid Husain Memorial Lecture
Careers
Sitemap
 
Best view Screen Resolution : 1024 * 768
Copyright © 2016. All Rights Reserved.