Islamic finance risk management standard based on Basel II

IFSB (Islamic Financial Services Board) www.ifsb.org/ has issued Risk Management standards which leveraged on Basel II.

Discussion on the above will be interesting indeed.

Retail / Corporate under Basel II

I am currently struggling in setting the retail / Corporate limit in our company.

Should the turnover limit be applied also for limited exposures?

Operational Risk under AMA - some fundamental issues

It is highly pertinent for banks which are going for Advanced Measurement Approaches (AMA) for assessment and management of operational risk to clearly understand and implement a framework for capturing loss events across business lines. However, reaching on a decision as what will be the exact approach and methodology to capture these events is easier said then done. Since the fundamental essence of AMA is based on the flexibility for the bank to decide on the exact approach and methodology, it brings in plenty of subjectivity and also discretion of national supervisors for allowing the AMA to be eligible for Capital calculation purpose.

A bank needs to face and resolve many micro-level issues once the overall framework is decided. Many a banks face issues related to availability of internal loss data and standardisation of the same. Another chicken-and-egg issue is that for starting the exercise of internal loss data collection, banks face many fundamental issues which ultimately go towards deciding on the overall framework as well. Below are few of such fundamental issues related to internal data and AMA

• How to take into account loss events in supporting departments like Information Technology, Human Resources and Administrative Services. These departments' loss events cut-across core business lines of a bank and hence loss amount allocation is not definitive. Also, its not very easy to allocate losses from each core-business line-wise for IT or HR related loss events as underlying all actual losses may not be captured. What is the best approach for this issue needs proper deliberation.
• Can qualitative measure be used to quantify probability of loss event in absence of sufficient historical loss data? How acceptable this method can be to national supervisors, if loss data is gradually used over few years to replace the qualitative model?
• Can gamma factor (used in Internal Measurement Approaches) be totally ignored if industry-wide initiative is not there to decide on gamma? How to factor in the effect of gamma in such a situation.
• How to standardise Potential loss events which are Low-frequency, High-impact? how low is low and how high is high?
• How to define and differentiate between near miss and potential loss events?

Expert and experienced professionals' ideas in these regards will be highly valuable for banks which are in the starting phase of Operational Risk assessment and management initiative.

Evolution of Operational Risk Management

An interesting article by Kris Lovejoy, VP of Consul RM.

Today's vision of Operational Risk Management is to optimize the performance of a business by understanding the effects of adverse operational losses on our business activities and assets so that we can insure against them by preparing for that 'rainy day.'

Traditionally, operational risk can be associated with the following:

• People: losses associated with intentional violation of internal policies by current or past employees.
• Process: losses that have been incurred due to a deficiency in an existing procedure, or the absence of a procedure. Losses can result from human error or unintentional failure to follow an existing procedure.
• Systems: losses that are caused by unintentional breakdowns in existing systems or technology.
• External: losses occurring as a result of natural or man-made forces, or the direct result of a third party's action.

What is the Status of Operational Risk Management in the World Today?
The answer to this question varies according to geographic region. In Europe, for example, there are often more formal, structured, enterprise-wide operational risk programs in the works. Why? Regulators there appear to have been more vocal about operational risk for the past decade, most likely in the wake of events like the Barings rogue trading incident and in reaction to the Basel II Capital Accord.

In the U.S., on the other hand, risk management efforts have been focused on tactical initiatives and activities: risk assessment and monitoring, risk mitigation and remediation, measurement, and monitoring within a business line, or around a specific operation. Often, efforts within this area are identified as security management efforts, which are often driven by the need to comply with minimum-security standards. Read the rest of article.

Catastrophe Modeling

Before Hurricane Hugo swept through Georgia and North and South Carolina in 1989, the insurance industry in the U.S. had never suffered a loss of more than $1 billion from a single disaster. Since then, numerous catastrophes have exceeded that figure. Hurricane Andrew in 1992 caused $15.5 billion in insured losses in southern Florida and Louisiana. Damages from the Northridge earthquake on the Western coast of the U.S. in January 1994 amounted to $12.5 billion.

Residential and commercial development along coastlines and areas that are prone to earthquakes and floods suggest that future insured losses will only grow -- a trend that emphasizes, as never before, the need to assess and manage risk on both a national and a global scale. 'People today are asking the question, 'How do we scientifically evaluate catastrophic risk?' Read on.

Do companies need Risk Management?

Risk is inevitable within business environments. Taking and managing risk is part of what organisations must do to create profits and shareholder value.
However, a market study by DeveloperEye.com discovered that many organisations neither manage risk well nor fully understand the risks they are taking.
The study aims to discuss the level of knowledge about Risk Management amongst organisations, the management of IT risks, government encouragements towards Risk Management, and the advantages/disadvantages with Risk Management.

650 organisations (500+ employees) within Europe were interviewed in order to evaluate the level of knowledge and familiarity with the term; Risk Management. 64% of the respondents had a good knowledge of Risk Management and where able to give us the essence of what Risk Management is all about. Another 31% gave us a fair explanation, but most of them were financial orientated. The remaining 5% of the respondents were unable to give any explanation at all.

To fully understand Risk Management, two characteristics are essential: uncertainty and loss. Risk Management can be seen in relation the organisational response of companies to the challenge posed by dramatic changes of the economic and social impacts of natural hazards. Furthermore, Risk Management also involves evaluation of business strategy risks and the achievement of best practices.

The nature of Risk Management has changed throughout the recent years. Traditionally, management were concerned with risk categories like vendor, technology and project related risk. Nowadays, the impact of IT risks such as government regulations and outsourcing have forced organisations to rethink their risk strategies. Read on".

How to deal with big risks?

According to Denise Caruso in this month's HBR, there is still not much that can be done about true "Acts of God" risks. But when assessing big man-made risks without owners (such as in the case of genetically modified food), companies must involve a broad community that includes experts and all those that might feel the repercussions.

Companies tend to focus on their immediate interests. However big risks affect people and organizations far beyond the risk taker and it's about time companies make sure they are prepared where possible.

Bestselling Risk Analysis Books

Strategic RM

According to Booz Allen Hamilton, to protect shareholder value, companies must link RM with strategic planning and avoid overreacting to regulatory compliance mandates, such as Sarbanes-Oxley.

More shareholder value has been wiped out in the past five years as a result of mismanagement and bad execution of strategy than was lost because of all of the recent compliance scandals combined. Despite its reputation as a panacea for raising the bar on business governance, SOX is essentially a quality-control mechanism piggybacking on financial reporting systems.

In reacting to Sarbanes-Oxley with an exaggerated fear of risk exposure, many companies are tempted to reduce RM to an expensive “box-checking exercise” in regulatory compliance.

However, to thrive in the current business environment, companies need to do much more: They must be proactive in addressing risk by understanding and anticipating the full range of threats to their businesses. And they must embed RM in strategic planning capabilities. Board directors and senior managers need to look beyond traditional risks — typically, capital credit and physical security — and anticipate earnings-driver risks and cultural risks, too.

Read more about the five RM imperatives in this interesting article.

10 Hiding Places for Business Credit Risk

For some of us this article will only confirm what you already know, but I happened to like convenient shopping lists (provided they are good). And I believe this one from Atradius Trade Credit Insurance may come useful for credit managers better manage risk following the recent wave of corporate reporting irregularities. Recent collapses have demonstrated the crucial need for credit professionals to look beyond the figures issued in corporate financial statements. Atradius suggests credit managers should be sure the following areas are evaluated when assessing business credit risk:
1. Capitalization - Evaluate how the firm is capitalized and if it has access to future capital. Determine sources of capital and how the capital is structured.
2. Loss on Derivatives - Find out if complex hedging strategies are in place that may not be actual hedges. Determine if derivatives used are liquid and if there are "naked" positions.
3. Mark-to-Market Accounting - Ensure derivative positives in place are valued correctly and find out valuation rationale. Determine if rationale has material impact on financials.
4. Managing Leverage with New Forms of Debt - Determine if convertibles that look like equity actually act as debt triggers.
5. Goodwill and Intangible Valuations - Assess if valuations are accurate and what assets are being valued and at what price. Check to see if big write offs are coming.
6. Off Balance Sheet Transactions - Determine if there are operating leases that should be capital leases or capital leases that should be operating leases.
7. Calculating Pension Liability - Reconcile estimated needs with the projected returns and see if projections are realistic. Evaluate how options are treated.
8. Financial Engineering with SPE's and JV's - Find out if companies are being set up to assist in product financing to customers of the parent and determine the effect on the parent if the entity fails.
9. Engineering with Mergers and Acquisition Activity - Establish if any mergers or acquisitions impacted the firm's overall debt/risk ratio.
10. Revenue Recognition and Measurement - Determine if company is booking future revenue in current periods for long-term contract deals and if unrealized revenue is being calculated correctly. Check to see if swap transactions overstate revenue and add no realized value. Assess how currency value affects earnings.
A further white paper is available on http://www.atradius.us