The key to proactive risk management is establishing a risk appetite framework approved by the board
The banking and financial services sector has sailed through many downturns since the global financial crisis. Business sentiments had turned cautiously optimistic as the economy steered towards the road to recovery. But the recent news around the rising non-performing assets (NPA) has brought to the fore the risks faced by the banking sector in India.
While Reserve Bank of India (RBI) has taken steps to mitigate the risks by introducing stringent asset quality reviews demanding more provisions, increasing the powers of the asset reconstruction companies and banks, there is general acknowledgement that this phenomenon of higher NPA recognition and provision is characterised by a build up, over time, in risks that have not been fully recognised and transparently managed. The banks had board and committees that are accountable for overseeing the business model and strategies. Yet, this buildup of excessive risk reveals that the board and committees were not adequately understanding the linkage between the business strategy and risks, in addition to challenging management about the key risks that could affect the individual bank or have a broader systematic impact. As on quarter ended December 2015, 24 out of the 39 listed commercial banks posted an aggregate loss of R10,911 crore, in just 40 days, listed banks lost more than R1.8 trillion in market capitalisation.
The government authorities have reacted by developing roadmap for infusing R70,000 crore capital to PSU banks and the current budget marks R25,000 crore for infusion in FY17, while these measures can reduce the likelihood of failure it does not prevent re-occurrence. Therefore, the need of the hour is to improve risk governance arrangements and promote internal process within banks that helps to assess and understand the key risks associated with business strategy and growth plans. This process should also facilitate escalation and intervention measures to prevent the building up excessive risk(s). In the current context, assessment of the possible composition of risk-weighted assets or degradation of asset quality in adverse situations and timely actions during business reviews could have helped in reducing the collateral damage to a great extent. The EY Risk Governance 2020 initiative strives for a sea change in how risk management should be approached in financial services sector and Risk Appetite Framework (RAF) is a critical component.
The RAF explicitly links the strategy, annual business plan, capital allocation decisions and new product decisions to the level of risk undertaken by the bank. For every business and finance targets (RoE, EPS growth, liquidity, capital adequacy, etc.), the level and nature of risks that the bank is willing to take needs to be identified and expressed by the boards through Risk Appetite Statements (RAS). The RAF should define various risk limits to allocate group level risk appetite to specific categories and business units. The RAF should include mechanisms to escalate decisions so that senior executives and risk function are aware of any early warning signals of a potential risk breach. Therefore, a well-established Risk Appetite Framework helps to establish meaningful reports for senior management and the board that will enable them to make well informed decisions.
The RAS should cover all risks including those that are hard to quantify such as operational, business and conduct risk. RAS should combine quantitative measures, such as impact of risk taking on earnings, capital and liquidity as well as qualitative measures, such as bank’s reputation and operational environment. While the RAF cannot touch all facets of risk management, the overall risk management architecture should be consistent with the RAF and get monitored against it. The idea of RAF is to directly influence such decisions and not serve to back test existing plans after the fact.
Given below is one of the use cases of risk appetite by analysing an objective function of financial budgeting, return on equity (RoE). When the bank set out a target RoE for shareholders, the board should also look at the business plan that is going to deliver the required returns. A simple Du Pont analysis of RoE reveals that the results is influenced by financial leverage and return on assets (RoA). The increased financial leverage magnifies the volatility over the business/economic cycle and hence, the banks should plan to achieve the required RoA. In the pursuit of RoA, it is important to prevent risks from building up excessively and, therefore, the banks should develop risk adjusted returns. One such risk sensitive tool for returns measurement is RAROC, adoption of which would enable the banks to achieve the following:
- Factor both on-balance sheet and off-balance sheet exposures as part of return measurement
- Consider the level of risk (both expected and unexpected) associated with different asset classes
- Cascade RoE to enables granular analysis and action at various portfolio levels (i.e. bank level, region level, branch level, asset class level, product level and borrower level)
The senior management may define specific sectors, industries and geographies wherein credit offtake may be targeted to achieve the desired return measure given the regulatory and internal constraints such as priority sector lending and lending to certain sectors/industries.
Specific limits may be put in place by the senior management to periodically monitor and assess the income generated, and associated risk levels (expected loss and unexpected losses) to enable proactive action plan for the required re-calibration of loan book portfolio by aligning portfolio yields and associated losses.
Asset classes/exposures that are bordering high expected losses (lower RAROC) can be reviewed and decided on subsequent exposures/actions on the same. An independent thematic review of asset classification and expected losses computation can be conducted to obtain a balanced view of the risk adjusted returns.
This RAF will enable the senior management to target the sectors and industries for increased credit offtake based on the outlook and direction provided by the board. The operational parameters can be integrated with business planning and risk based capital allocation decisions taken by the management. While, the CRO will define an early warning mechanism so that any capital, earnings and/or liquidity strains can be identified early, enabling preventive actions to be taken where necessary.
Similar to the return measures (RoE and RAROC) discussed above that could be used by the management for return generation, capital allocation and utilisation. Banks, should also consider other facets of planning and risk management to define holistic risk sensitive measures, such as earnings volatility (measures earnings predictability for shareholders and helps improve shareholders confidence on reported earnings), liquidity coverage (enables the board to drive optimal liquidity in short term, medium term and long term), reputation and control environment (enables board to define tolerance and measures to monitor non-qualitative measures). Excessive risk taking on any of these aspects would result in an adverse situation; hence, RAF needs to consider both the universe of risk and performance in entirety.
RBI, government and other authorities have initiated various steps for governance, accountability and responsibility. Even at the global level, Financial Stability Board has set out a series of papers on regulatory thinking around risk governance and appetite, which will have a fundamental effect on the way banks are managed.
Analysis of the current situation indicates that banks need to become more proactive in framing policies and guidelines and implementing it right from the grass root level, with constant supervision by the top management. The key to proactive risk management is establishing a risk appetite framework approved by the board, with limits defined across risk/return categories enabling the management for proactive risk management and monitoring of risk exposures through appropriate metrics.
The author is partner, advisory services, EY India. Views are personal