Banks, Risk Management and Objectives
Muhammad Abubakar Siddique,
Lecturer, Int’l Institute of Islamic Economics (IIIE),
Int’l Islamic University, Islamabad.
Oct. 28, 2021
1. BANKS AND RISK MANAGEMENT
A bank uses deposit funds to extend financing facilities to customers; it also faces potential losses from the credit exposures accounted as the cost of doing business. Risks in the form of credit, market and operational risks can become actual losses from weak oversight of bank directors and senior management, causing monetary injuries to stakeholders, particularly the depositors and consequently the financial system. The bank faces business risk, which is potential loss from adopting the wrong business model. Whilst business risk affects capital, credit, market and operational risks affect the banking portfolio that can also adversely affect capital when the bank reports losses. In Islamic banking, another form of business risk prevails in the value of the portfolio of the purchase of assets purchased intended for trading. To illustrate on the various risks faced by the bank, refer to Figure 1.1.
1.1. RISK MANAGEMENT OBJECTIVES
Align risk appetite and strategy – Bank’s directors are responsible to define the risk appetite acceptable to the business from the business model and strategy adopted by them. Risk appetite is the degree of risk, on a broad-based level, that the bank is willing to accept in pursuit of its goals. Risk appetite is set first in evaluating strategic alternatives, then in setting objectives aligned with the selected strategy and in developing mechanisms to manage the related risk.
Link growth, risk and return – To accept risk as part of the value creation and preservation, and expect the returns to commensurate with the risk. The risk framework provides and enhances the ability to identify and assess risks and establish acceptable levels of risk relative to growth and return objectives.
Enhance risk response decisions –To identify and select among alternative risk responses such as risk avoidance, reduction, sharing and acceptance based on generally accepted practices and methodologies.
Minimize operational surprises and losses – To continually enhance its capability to identify potential events, assess risk and establish responses, thereby reducing the occurrence of surprises and related costs or losses.
Identify and manage cross-risk – Every product faces numbers of risk. Banks not only manage individual risks, but also manage interrelated impacts.
Rationalize capital – More robust information on total risk allows the bank to more effectively assess overall capital needs and improve capital allocation.
1.2. RISK MANAGEMENT FRAMEWORK
A risk management framework encompasses the scope of risks to be managed, the process/systems and procedures to manage risk and the roles and responsibilities of individuals involved in risk management. The framework should be comprehensive enough to capture all risks a bank is exposed to and have flexibility to accommodate any change in business activities.
This framework may consist of four basic components, namely:
- Corporate Governance
- Policies and Procedures
- Monitoring and Supervision.
- Risk Measurement
1.2.1. CORPORATE GOVERNANCE
Corporate governance is about the control behavior that can give birth to a risk culture that can be both positive and constructive. Within an organizational framework, this task falls to the board of directors, who are responsible for validating the policies and procedures, defining the risk appetite and establishing the risk strategy for the business models adopted. The main role of a risk management function is to act as an advisor to the board, a job delegated by senior management to the risk managers.
The corporate governance means the way in which business and affairs of each institution is directed and managed by their ‘Board of Directors’ and the Management’. To be effective, it must be independent from senior management, hence the establishment of the board’s risk management committee which oversees the bank’s risk management function.
Members of the Board should know their responsibilities and powers in clear terms. Further, it should be ensured that the Board of Directors focus on policy making and general direction, oversight and supervision of the affairs and business of the bank/DFI and does not play any role in the day-to-day operations, as that is the role of the ‘Management’.
RESPONSIBILITIES OF BOARD OF DIRECTORS – SBP
The directors of listed companies shall exercise their powers and carry out their fiduciary duties with a sense of objective judgment and independence in the best interests of the listed company.
Every listed company shall ensure that:
1) Statement of Ethics and Business Practices’ is prepared and circulated annually by its Board of Directors to establish a standard of conduct for directors and employees, which Statement shall be signed by each director and employee in acknowledgement of his understanding and acceptance of the standard of conduct;
2) the Board of Directors adopt a vision/ mission statement and overall corporate strategy for the listed company and also formulate significant policies, having regard to the level of materiality, as may be determined it;
Explanation: Significant policies for this purpose may include:
- Risk management;
- Human resource management including preparation of a succession plan;
- Procurement of goods and services;
- Determination of terms of credit and discount to customers;
- Write-off of bad/doubtful debts, advances and receivables;
- Acquisition/ disposal of fixed assets;
- Borrowing of moneys and the amount in excess of which borrowings shall be sanctioned/ ratified by a general meeting of shareholders;
- Donations, charities, contributions and other payments of a similar nature;
- Determination and delegation of financial powers;
- Transactions or contracts with associated companies and related parties; and
- Health, safety and environment
A complete record of particulars of the above-mentioned policies along with the dates on which they were approved or amended by the Board of Directors shall be maintained.
The Board of Directors shall define the level of materiality, keeping in view the specific circumstances of the company and the recommendations of any technical or executive sub-committee of the Board that may be set up for the purpose.
3) the Board of Directors establish a system of sound internal control, which is effectively implemented at all levels within the company;
4) the following powers are exercised by the Board of Directors on behalf of the company and decisions on material transactions or significant matters are documented by a resolution passed at a meeting of the Board:
- Investment and disinvestment of funds where the maturity period of such investments is six months or more, except in the case of banking companies, trusts, mutual funds and insurance companies;
- Determination of the nature of loans and advances made by the company and fixing a monetary limit thereof;
- Write-off of bad debts, advances and receivables and determination of a reasonable provision for doubtful debts;
- Write-off of inventories and other assets; and
- Determination of the terms of and the circumstances in which a law suit may be compromised and a claim/ right in favor of the company may be waived, released, extinguished or relinquished; e.
5) Appointment, remuneration and terms and conditions of employment of the Chief Executive Officer (CEO) and other executive directors of the listed company are determined and approved by the Board of Directors;
1.2.3. ORGANIZATIONAL STRUCTURE
Based on the risk management framework outlined above, the organization structure of the banking firm is crucial in ensuring the effectiveness of risk management. The underlying principle of risk management is for the risk functions to operate as an independent control, working in partnership with the business units which include the retail, corporate, investment, credit and risk management departments.
As examined earlier, the board of directors holds the ultimate responsibility in putting forth an effective management of risks in the banking organization where the control and management of risk is undertaken by the board’s risk management committee.
In general, the board of directors is responsible for setting the strategic direction of the bank and ensuring that senior management, employees, and the board itself comply with established policies, as well as banking laws and regulations.
1.2.4. MANAGEMENT INFORMATION SYSTEM
There should be an effective management information system that ensures flow of information from operational level to top management and a system to address any exceptions observed. There should be an explicit procedure regarding measures to be taken to address such deviations.
The framework should have a mechanism to ensure an ongoing review of systems, policies and procedures for risk management and procedure to adopt changes.
1.2.5 POLICIES AND PROCEDURES
Banking policies are rules set by the board of directors to reflect the intent of the shareholders in fulfilling the objectives of the banking firm. A procedure is a document to support the policy directive. It is a step-by-step sequence of activities that must be followed in the same order to correctly perform a task. With policies and procedures intact, achieving the greatest reward possible for an acceptable level of risk can therefore be realised by the banking firm. It is thus critical, for organizations to develop their own set of procedures that conforms to the organisation’s goals and risk appetite. This will enable banking firms to optimise the risk they are taking while the regulators are mainly concerned about minimising the risk that the bank takes.
With the establishment of a set of policies and procedures, personnel at the respective business s will have clear guidelines to deal with the risk. For example, credit policy sets clear guidelines concerning the terms and conditions for giving a loan or financing, the criteria for approving the facility, while the credit process and procedures spell out the sequence of steps, from the time of receipt of the financing application, accepted, the financing proceeds being disbursed, and the debt (i.e., selling price) is placed on the financier’s book as an asset.
1.2.6 RISK MEASUREMENT
The banking business is in the business of managing risk. The task of the risk manager is to know how much risk the organisation is taking. The bank faces credit, market, liquidity and operational risk in the loans or financing it provides. Complex mathematical models are applied in measuring risk associated with financing portfolio consisting of murabahah, ijarahand other related contracts. Risk measures related to default; market volatilities and maturity mismatches are completed where one model does not fit all. The central issue lies in the amount of capital needed to back the exposures; hence the importance of measuring risk associated with unforeseen events that can bring about capital destruction and subsequently bank insolvencies. In the measurement of unexpected losses, a risk statistic called Value-at Risk (VaR) is applied by banks as it calculates the worst loss over a given horizon at a given confidence level under normal market conditions. VaR can help prevent portfolio managers from taking exceedingly high risk more than what is permitted in the bank portfolio risk policy. Risk measurement must also be complimented by other measures such as stress tests that take into account extreme events not captured by VaR statistics (as it only captures situations under normal economic conditions). Stress tests can help identify extreme events that could trigger catastrophic losses which VaR has not been able to assume in its estimation of loss.
1.2.7 MONITORING AND SUPERVISION
When risks need measuring banks must ensure that the risk management function is separated from the business. This means that independent controls must be put in place by way of audits and external validations of the models and procedures used in risk management function.
The internal audit department also complements the role of managing risk in the following manner:
• Ensures that the risk policies prepared by the risk management department are enforced through a regular audit cycle.
• Performs independent reviews to assess the risk control environment developed by the risk management department.
• Performs independent reviews to assess the risk grading system and the credit process.
Forms independent opinion on risk controls formulated by the risk management department.
A Shari’ah audit meanwhile is performed specially on Shariah compliance matters based on the process and policies laid down for the respective business lines as approved by the board of directors.
نیچے دیے گئے لنک پر کلک کریں اور سبسکرائب کریں ۔
اسلامی معلومات ، روایتی معاشیات ، اسلامی معاشیات اور اسلامی بینکاری سے متعلق یو ٹیوب چینل