The most-talked-about issue in the recent banking arena is risk management which is considered to be the prudential means for ensuring sustainability as well as financial stability of banking business. The role of risk management is very critical in the periphery of highly competitive as well as diversified and complex financial products and services of the banking system. The risk management initiative got its formal shape in mid-2009 through formation of separate Risk Management Divisions (RMD) (earlier Risk Management Unit) by the banks for managing overall risks of banks at the instruction of Bangladesh Bank.
Presently the risk management activities are mostly focused on meeting the regulatory requirement with limited attention to extending capacity building, policy formulation and structural development. The article will clarify the current risk management practices in the banking sector of Bangladesh compared to global standards including risk culture, risk governance, risk management structure and major challenges of the area.
Risk and risk management: Risk is an uncertain event that negatively affects the achievement of objectives while risk management is the understanding of all material risks and handling those risks in a way best-suited to achieve organisational objectives. Risk management initiatives should encompass the level of risks depending on the size, nature and complexity being aligned with objectives, corporate activities, and scope of the bank.
Risk culture: An effective risk culture ensures a distinct and consistent tone from the Board and senior management regarding taking and managing calculative risks and also ensures clear accountability and ownership of specific risks. A sound and effective risk culture depends on various fundamentals which include risk governance, effective risk appetite frameworks, risk management structures and practices that promote appropriate risk taking behaviour. Risk appetite refers to the level of risk that a bank is able and willing to accept.
In an ideal risk culture, Board and Managing Director (MD) are expected to be responsible for ensuring sustainable growth of the bank considering the balance between business objectives and embedded risk of the businesses. In line with matters mentioned above, business units will be responsible for generating income to achieve the business objectives while Chief Risk Officer (CRO) and Head of RMD should be responsible and accountable for keeping the risk within the risk limit with the support of other operational units. However, in the present context of Bangladesh the role of CRO has deviated from the standard and sometimes compromises with the critical role of the position. Most of the CROs are primarily responsible and accountable for business drive which ultimately acts as a bottleneck to playing the critical role of a CRO and consequently exposes the banks to many unexpected risks.
In addition, the role of the RMD is still at the grooming stage. The head of RMD and the CRO always try to follow the current practices of the banking sector of Bangladesh without considering the risk nature of the respective bank and/or global standard. The above approach is a remarkable bottleneck to the banking sector for further improvement towards risk management practice to the advanced stage. Consequently, the risk-based approach such as Risk Control Self-Assessment (RCSA) for Operational Risk, Capital Rationing for capital management, and Internal Rating Based Approach (IRB) etc are not strongly spotlighted for implementation even in the near future. The roles of CRO as well as the Head of RMD are not still quantifiable (except regulatory reporting and BB risk management rating) for assessing their effectiveness in risks mitigation and risk management process, for which their accountability cannot be ensured.
Risk governance: An effective risk governance environment helps work more efficiently through effective teamwork, collaboration, open communication with a view to ensuring an optimum risk taking approach resulting in long-term viability of risk and return of the bank. At the developed stage of risk governance, Board (including relevant Board Committees) is actively involved in sketching broad risk issues to formulate a precise risk-balanced strategy for the bank. The Board will also be responsible for setting a well-defined risk appetite (both qualitative and quantitative) in synchronisation with the bank's objectives.
Reviewing risk governance in the banking sector of Bangladesh, it is observed that most of the banks are in the formative stage while few are in the emerging stage. In most of the cases RMDs are regarded as independent departments for meeting regulatory requirement instead of highly-valued partners to the business units by providing risk-related advice. RMD as well as risk management functions are not closely involved and embedded in strategic decision making, budgeting, and planning. Risk appetite covers a partial area of aggregate risk issues and the same has little application in the overall business decision and risk management of the bank. In addition to that scope of risk appetite quantification and aggregation are also at the limited level. It is also not measurable how much the objective will be deviated if any risk parameter crosses the risk appetite threshold. The track record of the senior management regarding risk management initiatives beyond the regulatory thresholds is yet to arrive at a visible level.
Risk management structure: In an ideal scenario, the risk management structure should consist of different layers (currently three layers -- strategic, managerial and operational) with structural superiority, defined responsibilities as well as specific accountability to the superior layer. Banks have already formed the minimum structural set-up to fulfil the minimum requirement of the central bank. The main driver of Operation Layer (consisting of risk manager and risk taker) is the Risk Management Division (RMD) of the Bank, where other wings perform the supportive role of RMD.
As senior management has little attachment to holistic risk strategy and facilitating overall development of risk awareness, risk-related issues get least attention at the time of business target finalisation and overall strategy formulations by the Board of Directors in most of the banks. In case of direct reporting line, there are few RMDs that have a direct reporting line with the Board Risk Management Committee (RMC) regarding high risk issues. Considering the role and responsibility, RMDs of different banks are working with inadequate manpower without having adequate related training of the same.
Apart from the risk management intention of Board and Senior Management (ie excluding CRO), the success of a quality risk management structure primarily depends on two positions ie the CRO and Head of RMD along with the team. More precisely, these two entities can be considered as a bottleneck to the bank for getting the maximum benefit out of risk management function.
Risk management process: Risk management process is a combination of risk identification, assessment, control, monitoring and reporting. Effective risk management is a set of tools and techniques for effectively identifying and assessing the risk with severity and frequency and imposing appropriate controls with timely monitoring and reporting.
Majority of risk management functions in the banking sector are concentrated on credit risk management following a reactive approach in the absence of a forecasting tool for scenario analysis. The market, liquidity and other risk management functions are still in an emerging stage. Though most of the risks are the result of operational risk, the banks do not firmly focus on the same. Most of the banks consider different credit risks and capital management indicators (ie NPL, CAR, HHI etc) as Key Risk Indicators (KRI) and few banks consider liquidity and profitability indicators as KRI. In case of aggregate level risk assessment, risk reports are not accurately and precisely conveying aggregated risk information for strategy formulation and policy development; rather the risk reports are used merely for reporting purposes only without adding value to business decision.
The RMDs of the bank are not able to quantify the risk profile and qualitative measures to capture all risks. In response to developing a risk congruence culture, branch officials are still not closely connected with corporate level risk management activities of banks.
In most of the banks RMDs do not have veto right in case of a new product, policy, large loan proposal and not even the review opinion against the same. The heads of RMDs are not yet members of all important risk-related committees such as credit risk committee, ALCO etc. IT infrastructure and data architecture in the banks do not fully support an RMD for generating risk reports by using a system on the demand and ad-hoc basis to meet a broad range of risk data aggregation.   Â
Challenges: Since inception, RMD is not only struggling for capacity development and meeting the regulatory requirement but also dealing with a number of challenges for further strengthening the enterprise-wide risk culture. Major challenges are lack of coordination among related departments, support from superior layer and risk awareness etc. Strong coordination ensures a structured internal pattern of relationship and communication for facilitating the enterprise risk culture with information sharing.
In addition to the above organisational structure of risk management, the lack of IT infrastructure and risk awareness and unavailability of skilled human resources with related training in Bangladesh are also the challenges for ensuring global standard risk practices in the banking sector of Bangladesh.
Considering the current status of overall risk management activities of the banking sector, banks are needed to take effective initiatives for improving the risk management activities as well as reach the developed stage of risk management. Given the short period of RMD's birth in Bangladesh, involvement of Board-level committees is also a good trend further aiding the risk management activities. In addition, regulators are also showing a keen interest and prompt response for risk-related issues in addition to regular monitoring and other activities. However, in order to improve the overall risk management functions, members of all layers have to realise effectiveness of their roles and responsibilities; rather than considering the issue merely as compliances. All the stakeholders need to work together for ensuring an overall effective risk culture and sustainability of the banking sector of Bangladesh.      Â
The views expressed in the article are the writer's own and not necessarily of the organisation he represents. The writer is working at the Risk Management Division of Bank Asia Limited and may be contacted at t.islam@bankasia-bd.com
Risk management practices and limitations in banking sector
Md Touhidul Islam | Published: May 28, 2016 00:00:00 | Updated: February 01, 2018 00:00:00
Share if you like