of Croatian banking regulation and practice with the Basel Accord, and the future .... multilateral development banks, on banks, security firms, corporates, retail .... according to the information within the management reports; (5) the bank's ...
Mira Dimitrić University of Rijeka, Faculty of Economics Marija Kaštelan-Mrak University of Rijeka, Faculty of Economics Dunja Škalamera-Alilović University of Rijeka, Faculty of Economics
INTERNAL MODELS FOR RISK MANAGEMENT IN BANKS – - IMPLEMENTATION POSSIBILITIES IN CROATIA
Key words: risk management, internal models, The New Basel Capital Accord, Croatia ABSTRACT The research aims of this paper are: to give the global framework of internal models for risk management in banks according to Basel II and to research the compatibility of Croatian banking regulation and practice with the Basel Accord, and the future development expectations. The achieved level of risk management in Croatia is evaluated through the analysis of the International Monetary Fund and the World Bank, presented in their country report and through the survey of Croatian National Bank, presented in its questionnaire concerning the attitudes of Croatian banks according to Basel II. Future expectations of internal models implementation are based on achieved prerequisites and charted development directions. Internal models implementation will be based on contemporary risk organizational model that will include features and elements presented and described in the paper. New policies and processes of risk management contribute to the business decision process and a broader system of banking business governance and supervision in order to strengthen the soundness and stability of banking system and to diminish competitive inequality among banks.
1. INTRODUCTION The Basel Committee on Banking Supervision1 issued a capital measurement system commonly referred to as The Basel Capital Accord in 1988. It became a standard for more than a hundred countries and it contributed to international competitiveness and
1
The Basel Committee on banking supervision was established by the central-bank Governors of the Group of Ten countries in 1974. United States, Canada and Japan are being associated to its membership later. Committee formulates broad supervisory, capital measurement and risk measurement standards and helps non-members to implement them in their own national systems.
2 stability of banking system at a global level. Croatia introduced basic elements of Basel's standard as long ago as 1993, when Central Bank enforced first instructions about guarantee capital (regulatory capital), capital adequacy and risk-weighted bank assets items measurement. Then credit risk as the basic parameter for capital adequacy calculating was introduced in Croatian banking sector for the first time. Account methodology has been continuously improving since then by modifications of various kinds of regulatory capital elements. In 2004 was established The New Basel Capital Accord, so-called Basel II that updates and significantly improves the Basel rules by providing incentives for good risk management, increased risk sensitivity and reducing opportunities for regulatory arbitrage. The transposition of the New Basel Accord into the EU legislation is made by The New Capital Adequacy Directive (CAD3), issued also in 2004. Solvency Ratios Directive, Consolidated Banking Directive, CAD1 and CAD2 are the EU directives that were harmonized with previous accord, Basel I. As a non-member country, Croatia is not obliged to harmonize its legislation with the EU directives, but harmonization with The New Basel Capital Accord is in process and it will facilitate adaptation to the EU legislation. It is supported with mergers in Croatian banking sector and entering foreign banks. To be eligible for internal models application in regulatory purposes, a bank must demonstrate to its supervisor that it meets requirements in Basel documents. The first part of the paper explains Basel II guidelines for risk management in banks, especially: internal rating systems for credit risk and advanced measurement approach for operational risk. The central part analyses basic features of risk management in Croatian banks and circumstances for its development. And finally, the third part explains the reasons for the achieved level of internal models implementation and directions of future expectations.
2. INTERNAL MODELS FOR RISK MANAGEMENT IN BANKS ACCORDING TO BASEL GUIDELINES One of the shortcomings in the 1988 Accord is that regulatory capital requirements do not accurately reflect risk. Under the risk weights from Basel I, there has been a widening gap between economic capital, the amount of capital banks would prudently choose to hold against a loan and for other business reasons, and regulatory capital, the amount of capital they are required to set against a loan. This is because the weights do not provide sufficient degrees of differentiation between different borrowers’ default risks. This lack of differentiation is also apparent in the risk weights attached to lending to national governments. For instance, an AAA credit-rated government outside the OECD currently attracts a higher risk weight than a government inside the OECD, regardless of the credit rating of the OECD member. Some banks may have relied on regulatory capital requirement for pricing purposes, instead of investing in better risk management processes, and that resulted with less effective management of bank assets. The Basel I may have given inappropriate incentives for financial innovation by focusing more on regulatory capital effects than on business needs.
3 Basel II is built on three interlocking pillars: minimum capital requirements, supervisory review and market discipline/disclosure. Pillar 1 regulates calculation of minimum regulatory capital requirements connected with credit, operational and market risk. Pillar 2 is aimed to ensure banks have good monitoring and management of risk processes and Pillar 3 is designed to allow capital adequacy to be compared across institutions and encourage market discipline. All pillars concern risks management, but on the different levels and depths. 2.1. Internal models for credit risk Credit risk is most simply defined as the potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms. The goal of credit risk management is to maximise a bank's risk-adjusted rate of return by maintaining credit risk exposure within acceptable parameters. Banks need to manage the credit risk inherent in the entire portfolio as well as the risk in individual credits or transactions. Banks should also consider the relationships between credit risk and other risks. The effective management of credit risk is a critical component of a comprehensive approach to risk management and essential to the long-term success of any banking organisation. Basel guidelines propose to permit banks a choice between two broad methodologies for calculating their capital requirements for credit risk. One alternative is to measure credit risk in a standardised manner, supported by external credit assessments. The second alternative is internal rating systems. Standardised approach prescribes that risk weights from 0% to 150% depend on credit assessment that could be from AAA to unrated, all divided for claims on sovereigns and their central banks, on non-central government public sector entities, on multilateral development banks, on banks, security firms, corporates, retail commitments and others and taking in account a kind of collateral or securitization. Off-balance sheet items under the standardised approach will be converted into credit exposure equivalents through the use of prescribed credit conversion factors. There are two options for claims on banks. All claims from banks of any country can be marked by the one stage higher weight that is assigned to that country, or in other case, external credit assessment of particular bank can be taken into consideration. Standardised approach includes credit risk mitigation techniques and exposures related to securitisation. Banks use a number of techniques to mitigate the credit risks. Exposures may be collaterized by first priority claims, with cash or securities, a loan exposure may be guaranteed by a third party, or a bank may buy a credit derivative to offset various forms of credit risk. While the use of these techniques reduces credit risk, it simultaneously may increase other risks to the bank, such as legal, operational, liquidity and market risks. By using of collaterals, guaranties and credit derivatives, banks can decrease capital requests. Under the Internal Ratings-Based Approach (IRB) banks must categorise banking-book exposures into broad classes and sub-classes of assets with different underlying risk characteristics. These classes of assets are: corporates, sovereigns, banks, retail and equity. Working out of each class is very complex and detailed. For example, a
4 corporate exposure is defined as a debt obligation of a corporation, partnership, or proprietorship, and separately small and medium-sized enterprises. There are five subclasses of specialised lending within the corporate asset class that have specific legal form or economic substance: project finance, object finance, commodities finance, income-producing real estate and high-volatility commercial real estate. Project finance is a method of funding in which the lender looks primarily to the revenues generated by a single project, both as the source of repayment and as security for the exposure. Object finance refers to a method of funding the acquisition of physical assets where the repayment of the exposure is dependent on the cash flows generated by the specific assets that have been financed and pledged or assigned to the lender. Commodities finance refers to structured short-term lending to finance reserves, inventories, or receivables of exchange-traded commodities, where the exposure will be repaid from the proceeds of the sale of the commodity and the borrower has no independent capacity to repay the exposure. Income-producing real estate refers to a method of providing funding to real estate where the prospects for repayment and recovery on the exposure depend primarily on the cash flows generated by the assets. And finally, highvolatility commercial real estate is connected with higher loss rate volatility. For each of the asset classes covered under the IRB there are three key elements: risk components, risk weight functions and minimum requirements. There are four components of risk that bank must measure for each class of asset, or adopt by supervisor under the IRB: probability of default, loss given default, the exposure to default and effective maturity. Basel guidelines propose two versions of internal models for credit risk: basic or foundation and advanced, depends on the fact whether risk components are defined according to bank’s own estimates or are specified by supervisor. In the foundation internal model bank estimates only probability of default independently. Risk weight functions, as the second key element according to IRB, are the means by which risk components are transformed into risk weighted assets and capital requirements. Minimum requirements are the minimum standards that must be met in order for a bank to use the IRB approach for a given asset class. To be eligible for the IRB approach a bank must demonstrate to its supervisor that it meets certain minimum requirements of which a certain number is in the form of objectives that a qualifying bank’s risk rating systems must fulfil. These requirements are connected with rating system design and structure, operative function, data quality and disposability, and control and supervision function. 2.2. Internal models for operational risk Operational risk is defined as the risk resulting from inadequate or failed internal processes, people and systems or from external events 2. This definition includes legal risk, but excludes strategic and reputational risk. Operational risk concept was not explicitly articulated until recently, meaning that regulatory efforts have not also been focused on this specific risk type, nor have any formal frameworks for the evaluation and management of this type of risk been established. The emergence of that concept
2
The New Basel Capital Accord, Bank for International Settlements, Basel, par. 2,V,A,607., p.120
5 has provided a new and comprehensive vision for banking regulation 3, which was also reflected in the new Basel capital agreement where operational risk drew special regulatory attention and was also institutionalized along with credit and market risk. Under the Basel I Accord, operational risk was implicitly treated as part of credit risk. Basel II introduces capital requirements for operational risk for the first time while the opinion prevailing recently is that operational risk is the most important after the credit risk. To compensate for the introduction of an explicit operational risk charge, credit risk charges will be lower on average under Basel II. That field of risk management is regulated very fluidly and there has been no long practice and experience in that risk treatment. Basel guidelines offer three methods of operational risk measurement: The Basic Indicator Approach, The Standardised Approach and The Advanced Measurement Approach (AMA). Banks using the Basic Indicator Approach must hold capital for the operational risk equal to a fixed percentage (denoted alpha) of average annual gross income 4 over the previous three years. Alpha is 15%, set by Basel Committee as a widely acceptable proportion. Operational risk capital is allocated on the basis of a single indicator (gross income) as a proxy for an institution’s overall operational risk exposure and that concept is easy to implement for a bank. The key advantage of the Basic Indicator Approach is its simplicity leading to very low implementation costs for a bank. However, but disadvantage is that it does not particularly motivate any improvement in operational risk management. Cost reduction is therefore very low and the bank involved does not have any great economic motivation to implement it. The bank merely follows the regulator’s orders and not its own interests. The simplicity of the Basic Indicator Approach therefore comes at the price of its limited responsiveness to firm-specific needs and characteristics, which is the main problem5. Due to the very wide definition of operational risk, gross income need not be the only indicator of that risk and some banks may be obliged to set higher operational risk capital requirements. Banks with significant operational risk are expected to use more sophisticated approaches like the Standardized Approach. In that approach banks’ activities are divided into eight business lines: corporate finance, trading and sales, retail banking, commercial banking, payment and settlement, agency services, asset management and retail brokerage. Since the process of managing operational risk is more dispersed across the bank and implemented in different departments separately, the chance to detect and diminish it increases, helping to reduce the bank’s operational risk losses. The capital charge for each business line is calculated by multiplying gross income by a factor (denoted beta) assigned to that business line. Beta serves as a proxy for the industry-wide relationship between the operational risk loss experience for a 3
Power M., ‘The Invention of the Operational Risk’, London School of Economics and Political Science, Centre for Analysis of Risk and Regulation, Discussion Paper No.: 16, 2003. 4 defined by national supervisors or accounting standards 5 Bardach E., R. Kagan, ‘Going by the book: the problem of regulatory unreasonableness’, Philadelphia: Temple University Press, 1982, ch.7; also: Stewart R. B., ‘Regulation and the crisis of legalism in the United States’ in T. Daintith (ed.), Law as an Instrument of Economic Policy (Berlin, 1998)
6 given business line and the aggregate level of gross income for that business line. Beta factors are from 12% for asset management line, retail brokerage and retail banking line, to 18% for corporate finance, trading and sales line and payment and settlement line. The total capital charge is calculated as the simple summation of the regulatory capital charges across each of the business lines. As national supervisory discretion a supervisor can choose to allow a bank to use the Alternative Standardised Approach (ASA). Under the ASA, the operational risk capital methodology is the same as for the Standardised Approach except for two business lines – retail banking and commercial banking. For these business lines, loans and advances, multiplied by a fixed factor, replaces gross income as the exposure indicator. Using of gross income as the single indicator has an important disadvantage. If in the current year the stock market experiences a boom, the gross income would be much greater than in the year of a stock market depression and the basic indicator would calculate different operational capital requirements, even though operational risk should be independent of the market reaction incorporated in the market risk. To sum up, a bank deciding to replace the Basic Indicator Approach with the Standardized Approach clearly has more cost advantages than disadvantages. Thus, the bank’s economic motivation for implementation is much more based on its own interests than it would be with the Basic Indicator Approach. Internal model for operational risk measurement is the Advanced Measurement Approach (AMA). Under the AMA, the regulatory capital requirement will equal the risk measure generated by the bank’s internal operational risk measurement system using the quantitative and qualitative criteria for the AMA. Use of AMA is subject to supervisory approval. Qualitative criteria for AMA using are: (1) the bank has to form organizational unit with strictly defined responsibilities for operational risk management; (2) the bank must systematically track relevant operational risk data including material losses by particular business line; (3) there must be regular reporting of operational risk exposures to business unit management, senior management, and to the board of directors; (4) the bank must have procedures for taking appropriate action according to the information within the management reports; (5) the bank’s operational risk management system must be well documented and there must be a set of internal policies, controls and procedures concerning that system; (6) the bank’s operational risk management system must be subject to validation and regular independent review by external auditors and/or supervisors. These reviews include both the activities of the related business units and of the operational risk management function. Quantitative criteria for AMA using do not prescribe any particular parameters or approach for capital requirement accounting. The bank must be able to demonstrate that its model captures potentially severe loss events. The Committee will review progress in regard to operational risk approaches by the end of 2006 and the level of capital requirements estimated by the AMA. On that basis it may refine its proposals if appropriate.
7 2.3. Internal models for market risk Market risk is the risk of losses arising from movements in market prices. The minimum capital requirement to cover market risk in Basel II is unchanged from the Basel I. Basel guidelines offer Standardised Approach and more sophisticated Internal Models Approach concerning market risk. The Standardised Approach allows measurement of these four risks: interest rate, equity position, foreign exchange and commodity risks. Under that approach, there are specific forfeits and rules for defining to which base they apply, allowing some offsetting effects within portfolios of traded instruments. Offsetting effects reduce the base for calculating the capital charge by using a net exposure rather than gross exposures. Tradable assets have random variations of which distributions result from observable sensitivities of instruments and volatilities of market parameters. The stand-alone market risk of an instrument is a VaR (or maximum potential loss) resulting from profit and loss distribution derived from the underlying market parameter variations. Things get more involved for portfolios because risks offset to some extent. The “portfolio effects” reduces the portfolio risk, making it lower than the sum of all individual standalone risks. Internal market risks models are subject to a number of conditions, related to qualitative standards of models and processes. Models should incorporate historical observation over at least one year. No particular type of VaR model6 (e.g. variancecovariance, historical simulation, or Monte Carlo) is prescribed. The model must be able to capture adequately all the material risks embodied in equity returns including both the general market risk and specific risk exposure of the institution’s equity portfolio. Internal models must adequately explain historical price variation, capture both the magnitude and changes in the composition of potential concentrations, and be robust to adverse market environments.
3. RISK MANAGEMENT IN CROATIAN BANKS According to the analysis7 provided by the staff team of the International Monetary Fund and the World Bank, credit risk is the main systemic vulnerability. Sensitivity analysis reveals that, assuming immediate provisioning, the two largest banks, accounting for almost half of the assets of the banking sector, would be able to absorb losses of about 5 percent of their respective risk-weighted assets before reaching the minimum statutory capital requirement, while the banking system as a whole would be able to absorb losses of almost 10 percent of risk weighted assets before reaching this requirement. The banking system is primarily exposed to risks stemming from macroeconomic policies and adverse external exogenous shocks, since these 6
VaR is statistical technique designed to give an estimate of the maximum loss that could be made for a given factor of confidence over a set time horizon under normal market conditions. 7 IMF Country Report No. 02/180., 2004, Republic of Croatia: Financial System Stability Assessment, Including Reports on the Observance of Standards and Codes on the Following Topics: Banking Supervision, Payments System, Security Regulation, Insurance Regulation, and Monetary and Financial Policy Transparency, p 15-24.
8 developments are likely to have the most significant effect on credit quality. The expansion of bank credit deserves closer monitoring, as experience of other countries shows that credit growth in excess of 15 percent can result in increased losses. Banks’ direct exposure to exchange rate risk is limited, but there is considerable uncertainty about the extent of the credit risk stemming from unhedged foreign currency-based borrowing. The direct effect, estimated by analyzing the net open position, is relatively small for most banks; on average banks have a long position and would appear to benefit from a depreciation of the kuna. The indirect effects of exchange rate fluctuations on the banking system, however, can be considerable because of the widespread use of foreign currency-based borrowing. While it is difficult to quantify the indirect credit risk stemming from exchange rate changes, some statistical calculations indicate that an assumed depreciation or an appreciation in the 15-25 percent range, depending on indicated default and recovery rates, would result in decline of the capital adequacy rate of the banking system from 18.8 percent to the 712 percent range. Under these assumptions, the changes in the exchange rate can result in serious problems for the least capitalized banks. The analysis shows that most of the largest banks are less exposed to other risks, including interest rate, equity price and liquidity risk, although there are significant differences among the individual banks. Based on partial information on repricing mismatches of credits, and deposits and borrowings, current profits can absorb the effect of minor interest rate changes for most banks. Banks are also exposed to liquidity risk, both in kuna and foreign exchange, but high reserve requirements, and the requirement to maintain at a minimum 53 percent of foreign currency liabilities with a maturity of less than one year in short-term foreign exchange claims, help reducing these risks. The supervision of banks is carried out by the Banking Supervision Division of Croatian National Bank through on-site and off-site examinations8. Although the supervision is quite efficient, the analyses are conducted on single entities only and not on a consolidated basis. The development of appropriate procedures to calculate and set limits for market and other related risks is in process. The existing legal framework does not allow the Central National Bank to formally establish international agreements, which would be very important due to the significant presence of foreign banks. Croatian National Bank made a survey in 2004 by means of questionnaire that was referred to Croatian banks and whose aims were: to research the level of knowledge and implementation of Basel II, practice in minimal capital requirements fulfilment and some areas of Pillar II and Pillar III of Basel Guidelines treatment. The most important results of HNB survey concerning the attitudes of Croatian banks according to Basel II are presented in the table 1: 8
On-site examination is based on direct insight into business books and original documentation in the bank, while off-site examination is based on indirect insight into statements, information and data required or prescribed by central bank and sent from banks to central bank.
9 Table 1: The most important results of HNB questionnaire concerning the attitudes of Croatian banks according to Basel II Knowledge of Basel II Satisfactory 50% Insufficient 32% Preparations to Basel II implementation In course 37% Will start soon 18% Take no action 45% Education On the 26% Other forms of 47% None 17% group level education The most appropriate approach for credit risk measurement Standardised approach 32% Foundation Internal 45% Ratings-Based approach Advanced Internal Ratings-Based 13% Indecisive 10% approach The most appropriate approach for operational risk measurement The Basic Indicator Approach 45% The Standardised Approach 23% Advanced Measurement Approach 15% Indecisive 17% Desirable date of Basel II implementation Not decided yet 74% Decided 26% The most important advantage of Basel II using Possibility of internal models 35% Lower capital requests for credit 33% application risk Lower dependence on 21% Other 11% regulators The most important problem regarding Basel II using Needed Needed additional Development of additional capital 4% capital for 21% information 55% for credit risk operational risk support Lack of supervisors preparation 6% Other 14% Present methodology of debtors/receivables rating Prescribed by Croatian 61% Own internal methodology 39% National Bank Use of external assessment in debtors rating9 A great 3% Modest 3% A little 51% Not at all 43% Number of debtors risk groups10 Three 16% Four to six 47% More than six 37% 11 Calculation model of economic capital for credit risk Good
9
18%
agencies, e.g.: S&P, Fitch IBCA, Moody etc. More risk groups indicates bringing closer to Basel II. 11 Economic capital is a model of advanced risk management; it includes advanced internal approaches for credit risk measurement, for calculation an indispensable 10
10 Internal 3% Model of leader 18% Concept of economic 79% model bank in group capital is not used Established procedures and politics for operational risk management Not established or 75% Established 16% Established 9% established less before one to before more than than one year two years two years Organizational model for operational risk management No particular 24% Particular organizational unit or developing 32% organizational unit of org. unit is in process Developing of org. 26% Operational risk management is not and will 18% unit is planed be not organized under the org.unit level Source: prepared on the basis of HNB documents: Results of questionnaire on Basel II, Questionnaire on The New Basel Capital Accord, Results of questionnaire on Basel II – processing in excell; www.hnb.hr.supervizija, March 2005.
There are great differences among particular banks in Croatia in the knowledge level of Basel II and in the development level of risk management. Larger banks and banks in foreign ownership have better knowledge of Basel II and higher development level of risk management. Smaller and domestic banks are directed to legal prescriptions or HNB instructions in risk management procedures and techniques. It is quite expected since bigger banks have more and better experts, organizational and educational prerequisites, financial resources and better motivation for Basel standards implementation. Costs of Basel standards implementation are estimated at 80 to 150 mil.EUR per bank with larger scope and complex structure of business activities. 12 Above presented results show that the most appropriate approach for credit risk measurement is Foundation Internal Ratings-Based approach, but for operational risk it is The Basic Indicator Approach. For the majority of banks the most important advantage of Basel II using is possibility of internal models application and the most important problem regarding Basel II using is information support. Bigger banks have own internal methodology of debtors/receivables rating and for the majority the present methodology is prescribed by Croatian National Bank. The concept of economic capital for credit risk is not used in general, except by the biggest banks. Procedures and politics for operational risk management are also not established for the majority of banks with the same exception as for the concept of economic capital. The structure of Croatian banking system converges towards better risk management prerequisites. Of 37 banks at the end of 2004, the twenty largest account for 97.5% of the banking market and two of them hold 45.4% of total assets. The number of banks capital in order to cover risks, and for real return on capital measurement. It is the amount of capital that a financial institution deems appropriate based on their own internal assessment, to meet the needs of their business undertaking. 12 PricewaterhouseCoopers (2004), Study on the financial and macroeconomic consequences of the draft proposing new capital requirements for banks and investment firms in the EU, Final Report, p. 14.
11 continually declines, from 53 in 1999 and 40 at the end of 2003. Foreign ownership is the highest among transitional countries, 91%13. Concentration and the foreign ownership extend preferential treatment to risk management improvement.
4. FUTURE EXPECTATIONS IN INTERNAL MODELS IMPLEMENTATION Preparations for Basel II implementation include: adequate organizational model constitution, staff education, own internal techniques, calculations and procedures preparation, modern IT, supervision and reporting system implementation. Education methods that banks can exploit in order to achieve Basel II adaptation can be internal, on the group level, through foreign and domestic workshops and seminars, by foreign consultants engagement and other forms of education. Croatia is in the process of fulfilment all requirements as prerequisites for internal models and contemporary risk management implementation. 4.1. Risk management organizational model The development of bank risk management organization is an ongoing process. Traditional commercial bank organization tends to be dual, with the financial sphere on one side and with the business sphere on the other. Financial sphere is focused on profitability, with dedicated credit and market risk monitoring units, while the business lines tend to develop volume of business activities, with less attention to the risks or with taking more risk to achieve their profitability targets. Contemporary efforts are directed to the centralization of risk management and a clean break between risk-taking business lines and risk-supervising units. Risk centralization is a product of risk diversification and the risk department emerged from the need for global oversight on risks. Separating risk control from business and the need for global oversight first generated Asset-Liability management (ALM) function and after that risk departments with credit and market risk units. Later, while risk measuring and monitoring developed, other central functions with different focuses, such as management control, accounting, compliance with regulations, reporting and auditing, differentiated. ALM is the unit in charge of managing the interest rate risk and liquidity of the bank by focussing essentially on the commercial banking. It defines adequate structure of the balance sheet and the hedging programmes for liquidity and interest rate risks. That means that mission of ALM is not only to provide relevant risk measures, but also to keep interest and liquidity risks under control given expectations of future interest rates. Getting an overview of risks is feasible with separate entities dedicated to each main risk. When this stage is reached it sounds natural to integrate the risk supervision function into a risk department because of several organizational and technical reasons. From an organizational standpoint, integration facilitates the overview of all risks across all business lines. Separate risk control entities could possibly deal separately with business lines, to the detriment of the global policy. A single transaction can trigger multiple risks, some of them not obvious at first sight. Investment banking activities, for example, generate credit, interest and operational risk. For such reasons the risk department emerged in major institutions, preserving the differentiation of 13
Bulletins of Croatian National Bank and data from: www.hnb.hr
12 different risks, but guaranteeing the integration of risk monitoring, risk analysis and risk reporting. Each major business pool can have its own risk unit, interacting with the risk department. Successful organizational model of risk management requires definition of: the main objective, tasks and activities for achieving the aim, organizational positioning, expertness and knowledge of staff, and links with other organizational units of the bank and communication with external subjects.14 The contents of particular elements are shown in table 2: Table 2: Contents of successful organizational model of risk management Objective Tasks and activities
Organizational positioning Expertness and knowledge
Links with other organizational units of the bank and communication with external subjects
Supervision of risk exposure and compliance with risk limits Data collecting and processing, risk policies and procedures control, quantitative analysis and new models development, ensuring consistency, reliability and comprehensiveness of risk exposure identification and measurement, models verification, reporting, information technology developing, recommendations and support to higher management, risk valuation of new bank’s products etc. Independency and centralisation with different levels of diversification (portfolio, kind of risk, risk interdependence) Continuous process in education of: specialists in quantitative modelling, financial instruments trading, price valuation, macroeconomic specialists, marketing specialists and information technology specialists. Most important: accounting, financial control, trading and IT divisions External subjects: investors rating agencies, regulators, auditors etc.
As we can see from the previous chapter, according to Croatian National Bank survey, 32% Croatian banks have separate organizational units for operational risks or developing of such organizational unit is in process. Only two largest banks already have such organizational unit. The largest Croatian bank, Privredna Banka has four organizational divisions dealing with risk management and risk control group of activities: Risk management division, Credit analysis division, Credit risk monitoring
14
A.Pavlović: Model ustroja funkcije upravljanja tržišnim rizicima u hrvatskim bankama – bitni elementi i preporuke (Model of market risks management function in Croatian banks – basic elements and recommendation), Financije i porezi, TEB, Zagreb, 10/2004, p. 69-80.
13 and reporting division and Loan recovery and reconstructing division. 15 Organizational aspect of risk management practise in Croatian banks is also under the rule that the biggest banks that are included in foreign international banking groups have better prerequisites for more sophisticated and complex organizational models developing. According to the main characteristics of Croatian banking system, high concentration and foreign ownership, the future expectations of risk management organization structure can be optimistic in the sense of its compatibility with organizational requests of the biggest banks of the EU countries. Above explained organizational model that is expected to be developed in Croatian banks is the base of successful implementation of internal risk models. Other elements that concern organizational model are: process model, quantitative model, culture of risk management and support of higher management, and information system. 16 Process model include risk management policies and procedures connected with responsibility and authority system. Quantitative model has to be developed from simple to more complicated, from more prescribed and recommended to original and autonomous. Culture of risk management has to be flexible and to balance between risk and profit in order not to reject good business opportunities. Risk culture cannot be enforced from outside in short time. Higher management support is a two-tier process, from higher management and toward higher management. It is a consequence of awareness that business decisions must be risk adjusted and that risk management function cannot be developed without comprehensive support of higher management levels. Information system includes two subsystems: risk management and risk control systems. It follows from distinction between operational risk exposure management through trading function and risk measurement, modelling and control function.
5. CONCLUSION The second pillar of Basel II introduces a process of supervisory review that is intended not only to ensure that banks have adequate capital, but also to ensure that they have appropriate systems in place to ensure good monitoring and management of their risks. The third pillar of Basel Accord develops a set of disclosure requirements that will allow risk exposure, risk assessment processes and capital adequacy be compared across institutions. Such disclosures are particularly important where reliance on internal methodologies gives banks more discretion in assessing capital requirement. Internal credit risk models have first been developed in the area of physical persons credits (credit scoring models). There is intention to extend internal approaches to all credits to express individual risk profile. Institutions that move towards more sophisticated approaches are rewarded with some incentives and express lower capital requests for credit risk, compared to the use of standardized approach. Indeed, that free space is commonly substituted by other risks requests, what is implicitly included in 15
Annual Report 2003, Privredna banka, Zagreb; PBZ, a bank of Gruppo Banca Intesa The Practice of Risk Management, Implementing processes for managing firm wide market risk, GoldmanSachs&SRC Warburg Dillon Read, Euromoney Books, London, 1998. 16
14 such new approaches. Internal market risk models are developed in Croatian banking system, supported by many prescribed decisions and recommendations of Croatian National bank. Internal operational risk models are less developed, because it is the newest sphere of risk management with very high costs of implementation. Analysis of Croatian banking system concerning the risks exposure shows that: (1) Assuming immediate provisioning Croatian banking system is able to absorb losses of about 5% to 10% of their risk-weighted assets before reaching the minimum statutory capital requirement; (2) The banking system is primarily exposed to risks stemming from macroeconomic policies and fast credit expansion; (3) Exposure to exchange credit risk is limited because of long net-open position prevailing and (4) The largest Croatian banks are less exposed to other risks, including interest rate, equity price, and liquidity risk, although there are significant differences among the individual banks. Development level of risk management in Croatian banks depends basically on bank’s size. Modern risk management organization separates risk management units from business units. Risk supervisors should be independent of business lines to ensure that risk control is not under the influence of business and profit-making policies. Other elements of efficient risk management function are: process model, quantitative model, culture of risk management and support of higher management, and information technology. In Croatian banking system large banks are in foreign ownership and leading banks additionally support domestic banks by mergers in contemporary risk management processes. International owners structure plays significant role not only in risk management improvement but also in global inclusion of Croatian banks in the EU financial structure. It has a positive influence in dissemination of knowledge, procedures, business relations, ethics and behaviour rules that prevail in developed countries. The result is a high harmony level of reporting procedures and internal risk models with Basel and the EU norms.
REFERENCES Annual Report, (2003), Privredna banka, Zagreb; PBZ, a bank of Gruppo Banca Intesa Bank for International Settlements, (2004), The New Basel Capital Accord, Basel. Bardach E., R. Kagan, (1982), Going by the book: the problem of regulatory unreasonableness, Philadelphia: Temple University Press, ch.7. Basel Committee on Banking Supervision, (2003), Third Consultative Paper, Basel. Basel Committee on Banking Supervision, (2003), Sound Practices for the Management and Supervision of Operational Risk, Basel. Basel Committee on Banking Supervision, (2004), Principles for the home-host recognition of AMA operational risk capital, Basel. Basel Committee on Banking Supervision, (2003), Quantitative Impact Study – Overview of Global Results, Basel.
15 Bessis, J. (2002) Risk Management in Babking, J.Wiley&Sons, ltd, New York, USA. Bulletins of Croatian National Bank, several numbers. IMF Country Report No. 02/180., (2004), Republic of Croatia: Financial System Stability Assessment, Including Reports on the Observance of Standards and Codes on the Following Topics: Banking Supervision, Payments System, Security Regulation, Insurance Regulation, and Monetary and Financial Policy Transparency. Pavlović, A. (2004), Model ustroja funkcije upravljanja tržišnim rizicima u hrvatskim bankama – bitni elementi i preporuke (Model of market risks management function in Croatian banks – basic elements and reccommendation), Financije i porezi, TEB, Zagreb, 10/2004. Power M. (2003), The Invention of the Operational Risk, London School of Economics and Political Science, Centre for Analysis of Risk and Regulation, Discussion Paper No.: 16. PricewaterhouseCoopers (2004), Study on the financial and macroeconomic consequences of the draft proposed new capital requirements for banks and investment firms in the EU, Final Report. Stewart R. B. (1998), Regulation and the crisis of legalism in the United States in T. Daintith (ed.), Law as an Instrument of Economic Policy, Berlin. The Practice of Risk Management, Implementing processes for managing firmwide market risk, (1998), GoldmanSachs&SRC Warburg Dillon Read, Euromoney Books, London.
