Definition of risk management:

It is a process of identification, analysis and either acceptance or mitigation of uncertainty in investment decision-making. Essentially, risk management occurs anytime an investor or fund manager analyzes and attempts to quantify the potential for losses in an investment and then takes the appropriate action (or inaction) given their investment objectives and risk tolerance. Inadequate risk management can result in severe consequences for companies as well as individuals. Risk managementis the identification, assessment, and prioritization ofrisksfollowed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate eventsor to maximize the realization of opportunities. For example, the recession that began in 2008 was largely caused by the loose credit risk management of financial firms.

Simply put, risk management is a two-step process - determining what risks exist in an investment and then handling those risks in a way best-suited to your investment objectives. Risk management occurs everywhere in the financial world. It occurs when an investor buys low-risk government bonds over more risky corporate debt, when a fund manager hedges their currency exposure with currency derivatives and when a bank performs a credit check on an individual before issuing them a personal line of credit.

Types of Risk Management:

Risk is a part of human life. Banking is also a risk bearing industry. There are numerous risks in banking activities. Bankers have to achieve their objectives by managing these risks.Present banking industry expects that Banks equity holders will receive value along with profit of their shares; depositors money will remain safe and the organization, as a whole will confirm strength & transparency in all respect. To achieve this objectives Core Risks Management guidelines are the prime issue in the present-day banking activities. Identification, measurement and mitigation of risks and acquiring strength to cover these risks are the mandatory issues to be maintained in the banking organization. Sonali Bank Limited has already introduced risk management guidelines in accordance with Bangladesh Bank guidelines.As per Bangladesh Bank guidelines there are five core risks in Banking Sector These are: 1. Credit Risks 2. Asset and Liability / Balance Sheet Risks 3. Internal Control & Compliance Risks 4. Money Laundering Risks 5. Foreign Exchange Risks

6. Environmental Risk

7. Information and Communication Technology Security Risk

1. Credit Risks: Credit risk arises from non-performance by a borrower. It may arise from either an inability or an unwillingness to perform in the pre-committed contracted manner. This can affect the lender holding the loan contract, as well as other lenders to the creditor. Therefore, the financial condition of the borrower as well as the current value of any underlying collateral is of considerable interest to its bank. The real risk from credit is the deviation of portfolio performance from its expected value. Accordingly, credit risk is diversifiable, but difficult to eliminate completely. This is because a portion of the default risk may, in fact, result from the systematic risk outlined above. In addition, the idiosyncratic nature of some portion of these losses remains a problem for creditors in spite of the beneficial effect of diversification on total uncertainty. This is particularly true for banks that lend in local markets and ones that take on highly illiquid assets. In such cases, the credit risk is not easily transferred, and accurate estimates of loss are difficult to obtain.2. Assets and Liability Management Risk: It is defined as how bank will take care about born assets and liabilities in order to avoid miss-match situation. Asset and liability management is the most important function of Bank management. Asset Liability Management ensures balanced fund mobilization and their deployment withrespect to their maturity profile, cost, and yield as well as risk exposure.ALM policy statement through ALCO paper Indicates as follows: Loan Deposit Ratio Whole - sale Borrowing Guidelines Commitments Medium Term Funding Ratio Maximum Cumulative Out- flow Liquidity Contingency Plan Loan Regulatory ComplianceALM also discusses the following issues: i) Balance sheet Risk ii)Liquidity Risk iii)Interest Rate Risk and iv)Capital Adequacy Risk3. Internal Control & Compliance Risks:

It is a process to design to provide reasonable assurance regarding achievement of objectives in the effectiveness and efficiency of operations. As part of ensuring internal control & compliance risk management Sonali Bank Limited have formed a high level MANAGEMENT COMMITTEE

( MANCOM) headed by CEO & Managing Director.

The committee comprised of:01. CEO & Managing Director

Chairman

02. Deputy Managing Director -1

Member

03. Deputy Managing Director -2

Member

04. All General Managers from Head Office

Member

05. Deputy General Manager, Board Division, Head OfficeMember

06. Deputy General Manager, M & R Division, Head Office

Member

07. Deputy General Manager, MDs Secretariat

Member Secretary

The Main functions of MANCOM are to: i) Assess Identify Risks

ii) Measurement or evaluation of Risks

iii) Control function and duty allocation in all tiers

iv) Develop Management Information System (MIS)

v) Supervision / Monitoring function & rectification of irregularities

vi) Functions of external auditors

vii)Compliance of regulations imposed by regulatory Authority, etc.

The MANCOM achieves its objectives through 3 separate units, namely:

i) Compliance unit : ensures compliance of Banks rules & regulations.

ii) Monitoring unit: Identification / evaluation of risks through MIS at each level

iii) Audit & Inspection Unit: Conducts Audit & Inspections at regular interval.These 3 separate units formed in the tier of HO /Division / PO/RO level.

Internal control system is achieved through:

I) Internal Control Function Checklist (Daily, Weekly, Monthly, Quarterly)

II) Quarterly Operations Report

4. Money Laundering RisksIt is acquisition of assets illegally and transferring through bank account. It is the process by which proceeds from a criminal activity are dis-guised to conceal their illicit origins. Basically, money laundering involves the proceeds of criminally derived property rather than the property itself. Money launderers send illicit funds through legal channels in order to conceal their criminal origins.The Money Laundering Prevention activities in banking includes: Obtention of KYC, TP forms & maintenanceRecord keepingReporting -STR, CTR, Quarterly report etc.Staff training regarding AML activitiesCommunication with regulatory AuthorityCompliance of AML guidelines by bank authorityBank BOD Commitment towards AML guidelines.5. Foreign Exchange Risk:

The globalization process has made the foreign exchange market a worldwide network. The market is open around the clock and follows the sun around the globe with the help of communication satellites. There is none statutory international body that regulates the activities of foreign exchange market. Therefore, it has been emerged as a self-regulated market, regulated by 'The Model Code' developed by Association Cambistle International - The Financial market Association (ACI - FMA). These are the professional association of global traders with the sole objective of the enhancement of the professionalism.

MARKET INSTRUMENT COVERED BY THE MODEL CODE:

Foreign Exchange Dealing- Spot, Forward and Future

Forward Rate Agreements

Exchange rate Options

Interest rate options

Foreign Exchange Options

Interest Rate Options

Interest Rate and Currency Swaps

Money Market Dealing

TYPES OF EXCHANGE POSITION:

Overbought (Long)

Total Purchase exceeds total Sales

Currency outlook-expected appreciation

Risk-If depreciates

Oversold (Short)

Total Sales exceeds total Purchase

Currency outlook-expected depreciation

Risk-If appreciates

6. Environmental Risk:

By giving loan whether a consumer will occurs any environmental hazardous activities or not. This is very important factor in case of giving loan from bank. Bank need to check details information for what purpose customer takes loans. Environmental Risk can be defined as the actual or potential threat of adverse effects on living organisms and the environment by effluents, emissions, wastes, resource depletion, etc., arising out of an organization's activities.7. Information and Communication Technology Security Risk:

It means comprehensive IT policy to protect the risk of IT system for operation of banking. For example Virus, opening of computer, shut down of computer, protection of computer, and equipment, keeping backup, physical security. How can we manage risk in commercial banking sector?While financial institutions have faced difficulties over the years for a multitude of

Reasons, the major cause of serious banking problems continues to be directly related to lax

Credit standards for borrowers and counterparties, poor portfolio risk management, or a lack

Of attention to changes in economic or other circumstances that can lead to a deterioration in the

Credit standing of a banks counterparties. To manage the risk in bank, we will here discuss each category risk individually.

1. Credit risk

Credit risk is most simply defined as the potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms.

The sound practices set out in this paper specifically address the following areas:

(i) establishing an appropriate credit risk environment

(ii) operating under a sound credit granting process

(iii) Maintaining an appropriate credit administration, measurement and monitoring process.

(iii) Ensuring adequate controls over credit risk.

Credit risk management practices may differ among banks depending upon the nature and

Complexity of their credit activities, a comprehensive credit risk management program will

Address these four areas. These practices should also be applied in conjunction with sound

Practices related to the assessment of asset quality, the adequacy of provisions and reserves

And the disclosure of credit risk.

Establishing an appropriate credit risk environment

The board of directors should have responsibility for approving and periodically (at least annually) reviewing the credit risk strategy and significant credit risk policies of the bank. The strategy should reflect the banks tolerance for risk and the level of profitability the bank expects to achieve for incurring various credit risks. Senior management should have responsibility for implementing the credit risk strategy approved by the board of directors and for developing policies and procedures for identifying, measuring, monitoring and controlling credit risk. Such policies and procedures should address credit risk in all of the banks activities and at both the individual credit and portfolio levels. Banks should identify and manage credit risk inherent in all products and activities. Banks should ensure that the risks of products and activities new to them are subject to adequate risk management procedures and controls before being introduced or undertaken, and approved in advance by the board of directors or its appropriate committee.

Operating under a sound credit granting process

Banks must operate within sound, well-defined credit-granting criteria. These criteria should include a clear indication of the banks target market and a thorough understanding of the borrower or counterparty, as well as the purpose and structure of the credit, and its source of repayment. Banks should establish overall credit limits at the level of individual borrowers and counterparties, and groups of connected counterparties that aggregate in a comparable and meaningful manner different types of exposures, both in the banking and trading book and on and off the balance sheet. Banks should have a clearly-established process in place for approving new credits as well as the amendment, renewal and re-financing of existing credits. All extensions of credit must be made on an arms-length basis. In particular, credits to related companies and individuals must be authorized on an exception basis, monitored with particular care and other appropriate steps taken to control or mitigate the risks of non-arms length lending.

Maintaining an appropriate credit administration, measurement and

Monitoring process

Banks should have in place a system for the ongoing administration of their various credit risk-bearing portfolios. Banks must have in place a system for monitoring the condition of individual credits, including determining the adequacy of provisions and reserves. Banks are encouraged to develop and utilise an internal risk rating system in managing credit risk. The rating system should be consistent with the nature, size and complexity of a banks activities. Banks must have information systems and analytical techniques that enable management to measure the credit risk inherent in all on- and off-balance sheet activities. The management information system should provide adequate information on the composition of the credit portfolio, including identification of any concentrations of risk. Banks must have in place a system for monitoring the overall composition and quality of the credit portfolio. Banks should take into consideration potential future changes in economic conditions when assessing individual credits and their credit portfolios, and should assess their credit risk exposures under stressful conditions.

Ensuring adequate controls over credit risk

Banks must establish a system of independent, ongoing assessment of the banks credit risk management processes and the results of such reviews should be communicated directly to the board of directors and senior management. Banks must ensure that the credit-granting function is being properly managed and that credit exposures are within levels consistent with prudential standards and internal limits. Banks should establish and enforce internal controls and other practices to ensure that exceptions to policies, procedures and limits are reported in a timely manner to the appropriate level of management for action. Banks must have a system in place for early remedial action on deteriorating credits, managing problem credits and similar workout situations.

The role of supervisors

Supervisors should require that banks have an effective system in place to identify, measure, monitor and control credit risk as part of an overall approach to risk management. Supervisors should conduct an independent evaluation of a banks strategies, policies, procedures and practices related to the granting of credit and the ongoing management of the portfolio. Supervisors should consider setting prudential limits to restrict bank exposures to single borrowers or groups of connected Counter parties. To evaluate the quality of credit risk management systems, supervisors can take a number of approaches. A key element in such an evaluation is the determination by supervisors that the bank is utilising sound asset valuation procedures. Most typically, supervisors, or the external auditors on whose work they partially rely, conduct a review of the quality of a sample of individual credits. In those instances where the supervisory analysis agrees with the internal analysis conducted by the bank, a higher degree of dependence can be placed on the use of such internal reviews for assessing the overall quality of the credit portfolio and the adequacy of provisions and reserves Supervisors or external auditors should also assess the quality of a banks own internal validation process where internal risk ratings and/or credit risk models are used. Supervisors should also review the results of any independent internal reviews of the credit-granting and credit administration functions.

Supervisors should also make use of any reviews conducted by the banks external auditors, where available. Supervisors should take particular note of whether bank management recognizes problem credits at an early stage and takes the appropriate actions. Supervisors should monitor trends within a banks overall credit portfolio and discuss with senior management any marked deterioration. Supervisors should also assess whether the capital of the bank, in addition to its provisions and reserves, is adequate related to the level of credit risk identified and inherent in the banks various on- and off-balance sheet activities. In reviewing the adequacy of the credit risk management process, home country supervisors should also determine that the process is effective across business lines, subsidiaries and national boundaries. It is important that supervisors evaluate the credit risk management system not only at the level of individual businesses or legal entities but also across the wide spectrum of activities and subsidiaries within the consolidated banking organization. After the credit risk management process is evaluated, the supervisors should address with management any weaknesses detected in the system, excess concentrations, the classification of problem credits and the estimation of any additional provisions and the effect on the banks profitability of any suspension of interest accruals. In those instances where supervisors determine that a banks overall credit risk management system is not adequate or effective for that banks specific credit risk profile, they should ensure the bank takes the appropriate actions to improve promptly its credit risk management process.Common Sources of Major Credit Problems:ConcentrationsConcentrations are probably the single most important cause of major credit problems. Credit concentrations are viewed as any exposure where the potential losses are large relative to the banks capital, its total assets or, where adequate measures exist, the banks overall risk level. Relatively large losses may reflect not only large exposures, but also the potential for unusually high percentage losses given default.Credit Process Issues

Many credit problems reveal basic weaknesses in the credit granting and monitoring processes. While shortcomings in underwriting and management of market-related credit exposures represent important sources of losses at banks, many credit problems would have been avoided or mitigated by a strong internal credit process.

Market and Liquidity-Sensitive Credit Exposures

Market and liquidity-sensitive exposures pose special challenges to the credit processes at banks. Market-sensitive exposures include foreign exchange and financial derivative contracts. Liquidity-sensitive exposures include margin and collateral agreements with periodic margin calls, liquidity back-up lines, commitments and some letters of credit, and some unwind provisions of securitizations. The contingent nature of the exposure in these instruments requires the bank to have the ability to assess the probability distribution of the size of actual exposure in the future and its impact on both the borrowers and the banks leverage and liquidity.

2. Asset and Liability / Balance Sheet Risks

Abalance sheet(akastatement of condition,statement of financial position) is a financial report that shows the value of a company's assets, liabilities, and owner's equity at a specific period of time, usually at the end of an accounting period, such as a quarter or a year. Anassetis anything that can be sold for value. Aliabilityis an obligation that must eventually be paid, and, hence, it is a claim on assets. The owner's equity in a bank is often referred to asbank capital, which is what is left when all assets have been sold and all liabilities have been paid. The relationship of the assets, liabilities, and owner's equity of a bank is shown by the following equation:

Bank Assets = Bank Liabilities + Bank Capital

A bank uses liabilities to buy assets, which earns its income. By using liabilities, such as deposits or borrowings, to finance assets, such as loans to individuals or businesses, or to buy interest earning securities, the owners of the bank can leverage their bank capital to earn much more than would otherwise be possible using only the bank's capital.

Assets and liabilities are further distinguished as being either current or long-term.Current assetsare assets expected to be sold or otherwise converted to cash within 1 year; otherwise, the assets are long-term (akanoncurrent assets).Current liabilitiesare expected to be paid within 1 year; otherwise, the liabilities are long-term (akanoncurrent liabilities).Working capitalis the excess of current assets over current liabilities, a measure of itsliquidity, meaning its ability to meet short-term liabilities:

Working Capital = Current Assets Current Liabilities

Generally, working capital should be sufficient to meet current liabilities. However, it should not be excessive, since capital in the form of long-term assets usually has a higher return. The excess of the bank's long-term assets over its long-term liabilities is an indication of itssolvency, its ability to continue as a going concern.

Assets: Uses of Funds

Assets earn revenue for the bank and include cash, securities, loans, and property and equipment that allow it to operate.

Cash and Cash Equivalents

One of the major services of a bank is to supply cash on demand, whether it is a depositor withdrawing money or writing a check, or a bank customer drawing on a credit line. A bank also needs funds to pay bills, but while bills are predictable in both amount and timing, cash withdrawals by customers are not.

Hence, a bank must maintain a certain level of cash compared to its liabilities to maintain solvency. A bank must hold some cash as reserves, which is the amount of money held in a bank's account at the Federal Reserve (Fed). The Federal Reserve determines the legal reserves, which is the minimum amount of cash that banks must hold in their accounts to ensure the safety of banks and also allows the Fed to effectmonetary policyby adjusting the reserve level. Often, banks will keepexcess reservesfor greater safety.

To do business at its branches and automated teller machines (ATMs), a bank also needsvault cash, which includes not only cash in its vaults, but also cash elsewhere on a bank's premises, such as in teller drawers, and the cash in its ATM machines.

Some banks, usually smaller banks, also have accounts at larger banks, calledcorrespondent banks. which are usually larger banks that often borrow from the smaller banks or perform services for them. This relationship makes lending expeditious because many of these smaller banks are rural and have excess reserves whereas the larger banks in the cities usually have a deficiency of reserves.

Another source of cash iscash in the process of collection. When a banks receives a check, it must present the check to the bank on which it is drawn for payment, and, previously, this has taken several days. Nowadays, checks are being processed electronically and many transfers of funds are being conducted electronically instead of using checks. So this category of cash is diminishing significantly, and will probably disappear when all financial transactions finally become electronic.

Cash equivalentsare another short-term asset, so-called because they are nearly equivalent to cash: short-term investments that can either be used as cash or can be quickly converted to cash without loss of value, such as demand deposits, T-bills, and commercial paper. A primary characteristic offinancial instrumentsthat are classified as cash equivalents is that they have a short-term maturity of 3 months or less, sointerest rate riskis minimal, and they are the most highly rated securities or issued by a government that can print its own money, such as theT-billsissued by the US government, so there is little credit risk.

Securities

The primary securities that banks own areUnited States Treasuriesandmunicipal bonds. These bonds can be sold quickly in the secondary market when a bank needs more cash, so they are often referred to assecondary reserves.

The recent credit crisis has also underscored the fact that banks held manyasset-backed securitiesas well. United States banks are not permitted to ownstocks, because of the risk, but, ironically, they can hold much riskier securities calledderivatives.

Loans

Loans are the major asset for most banks. They earn more interest than banks have to pay on deposits, and, thus, are a major source of revenue for a bank. Often banks will sell the loans, such asmortgages,credit cardandauto loan receivables, to be securitized into asset-backed securities which can be sold to investors. This allows banks to make more loans while also earning origination fees and/or servicing fees on the securitized loans.

Loans include the following major types:

business loans, usually called commercial and industrial (C&I) loans

real estate loans

residential mortgages

home equity loans

commercial mortgages

consumer loans

credit cards

auto loans

interbank loans

Liabilities: Sources of Funds

Liabilities are either the deposits of customers or money that banks borrow from other sources to use to fund assets that earn revenue. Deposits are like debt in that it is money that the banks owe to the customer but they differ from debt in that the addition or withdrawal of money is at the discretion of the depositor rather than dictated by contract.

Checkable Deposits

Checkable depositsare deposits where depositors can withdraw the money at will. These include all checking accounts. Some checkable deposits, such as NOW, super-NOW, and money market accounts pay interest, but most checking accounts pay very little or no interest. Instead, depositors use checking accounts for payment services, which, nowadays, also includes electronic banking services.

Before the 1980s, checkable deposits were a major source of cheap funds for banks, because they paid little or no interest on the money. But as it became easier to transfer money between accounts, people started putting their money into higher yielding accounts and investments, transferring the money when they needed it.

No transaction Deposits

Includesavings accountsandtime deposits, which are basicallycertificates of deposits(CDs). Savings accounts are not used as a payment system, which is why they are categorized as non transaction deposits and is also the reason why they pay more interest. Savings deposits of yore were mostlypassbook savings accounts, where all transactions were recorded in a passbook. Nowadays, technology and regulations have allowedstatement savingswhere transactions are recorded electronically and may be viewed by the depositor on the bank's website or a monthly statement is mailed to the depositor; and money market accounts, which have limited check writing privileges and earn more interest than either checking or savings accounts.

ACertificate of Deposit(CD) is a time deposit where the depositor agrees to keep the money in the account until the CD expires. The bank compensates the depositor with a higher interest rate. Although the depositor can withdraw the money before the CD expires, banks charge a hefty fee for this.

There are 2 types of certificates of deposit (CDs): retail and large. A retail CD is for less than $100,000 and is generally sold to individuals. It cannot be resold easily. Large CDs are for $100,000 or more and are highly negotiable so they can be easily resold in the money markets. Large negotiable CDs are a major source of funding for banks.

Non transaction deposits indepository institutionsare now insured to $250,000 by theFederal Deposit Insurance Corporation(FDIC).

Borrowings

Banks also borrow money, usually from other banks in what is called thefederal funds market, so-called because funds kept in their reserve accounts at the Federal Reserve are called federal funds, and it is these accounts that are credited or debited as money is transferred between banks. Banks with excess reserves, which are usually smaller banks located in smaller communities, lend to the larger banks in metropolitan areas, which are usually deficient in reserves.

The interbank loans in the federal funds market are unsecured, so banks only lend to other banks that they trust. Part of the reason for the 2007 - 2009 Credit Crisis is that banks didn't know which other banks were holding risky mortgage-backed securities that were beginning to default in large numbers, so they stopped lending to each other, forcing banks to restrict their lending to the public, which caused the supply of money to decline and the economy to contract.

Banks also borrow fromnon depository institutions, such as insurance companies and pension funds, but most of these loans are collateralized in the form of arepurchase agreement(akarepo), where the bank gives the lender securities, usually Treasuries, as collateral for a short-term loan. Most repos are overnight loans that are paid back with interest the very next day.

As a last resort banks can also borrow from the Federal Reserve (Fed), though they rarely do this since it indicates that they are under financial stress and unable to get funding elsewhere. However, during the credit freeze in 2008 and 2009, many banks borrowed from the Fed because they could not get funding elsewhere.

Bank Capital

Banks can also get more funds either from the bank's owners or, if it is a corporation, by issuing morestock. For instance, 19 of the largest banks that received federal bailout money during the credit crisis raised $43 billion of new capital in 2009 by issuing stock because their reserves were deemed inadequate in response to stress testing by the United States Treasury.

New Accounting Rules for Valuing Assets

Bank capital(= total assets total liabilities)is the bank'snet worth. However, recent accounting changes have made it more difficult to determine a bank's true net worth.

Banks were having a tough time in early 2009. The credit crisis has caused many defaults on mortgages, credit cards, and auto loans, forcing them to increase their loan loss reserves and to devalue many of theasset-backed securitiesthat they held based on these loans. Consequently, banks were suffering major losses. A major contributor to these losses was because the asset-backed securities that were still held by the banks had to be valued by mark-to-market rules and since no one was buying these toxic securities, their mark-to-market value was very low.

To restore confidence in the banking system, the government allowed some changes to the accounting rules that artificially increased the revenues of the banks. The Financial Accounting Standards Board (FASB) allowed banks to value their assets according tofair value, as determined by the banks. Additionally, banks also didn't have towrite downassets that they intended to keep to maturity. However, many critics assert that there will be more defaults on the underlying loans of these securities, and, thus, will have to be accounted for in the future.

Banks could also record income on their books if the market value of their debt declines. The reason for this allowance is because they could buy back their own debt in the market, thus reducing their debt for a fraction of its face value. However, critics have pointed out that if a bank doesn't have the money to buy back its debt, it could still record the reduced value as revenue even though the bank would have to pay the principal back when the debt matures.

Citigroup is a good example of how much the new accounting rules can change the income reported by a bank. According to this Bloomberg article, the $1.6 billionprofitreported by Citigroup under the new accounting rules for its 1stquarter in 2009 would have been reduced to a $2.5 billionlossunder the old accounting rules. Hence, Citigroup enjoyed a gain of $4.1 billion simply by changing the accounting rules.Asset-liability management committee (ALCO)ALCO is a senior management level committee responsible for supervision/ management of market risk (mainly interest rate and liquidity risks). The committee generally comprises of senior managers from treasury, chief financial officer, business heads generating and using the funds of the bank, credit, and individuals from the departments having direct link with interest rate, foreign exchange and liquidity risks. The CEO must be the head of the committee.To be effective ALCO should have members from each area of the bank that significantly influences interest rate, foreign exchange and liquidity risks. In addition, the head of the Information System Department (if any) may be an invitee for building up of MIS and related computerization. Major responsibilities of ALCO include the following: Ensure that the bank's measurement and reporting systems accurately convey the degrees of liquidity risk, interest-rate risk, and foreign exchange risk; Monitor the structure/composition of bank's assets and liabilities Identifying balance sheet management issues like balance sheet gaps, interest rate gap/profiles etc. that are leading to under performance; Decide on major aspects of balance sheet structure, such as maturity and currency mix of assets and liabilities, mix of wholesale versus retail funding; Articulate interest rate view of the bank and deciding on the future business strategy; Review and revise bank's funding policy; Decide on the transfer pricing policy of the bank; Evaluate market risk involved in launching of new products; Review deposit-pricing strategy for the local market; and Review liquidity contingency plan for the bank.ALCO should ensure that risk management is not limited to collection of data only. Rather, it will ensure that detailed analysis of assets and liabilities is carried out so as to assess the overall balance sheet structure and risk profile of the bank. The ALCO should cover the entire balance sheet/business of the bank while carrying out the periodic analysis. The ALCO should meet on a regular basis at least once in a month.

Executive board's credit committeeThe responsibilities of Executive Board's Credit Committee include the following:

a) Deciding on credit applications that exceed the lending authorities of business units;

b) Preparing credit policies for approval by the board; and

c) Participating in decisions on the overall valuation of the loan portfolio and the adequacy of loan loss allowances

Risk management unitThe Risk Management Unit (RMU) shall be headed by the Chief Risk Officer (CRO). The RMD needs to manage and measure risks on the basis of the bank's approved risk parameters, independently of regulatory requirements and categories. It should also be independent from ratings of transactions, which may not address the bank's specific issues or be aligned to the bank's standards and risk management goals. The responsibilities of RMD include the following:

d) Serving as secretariat of All Risk Committee;

e) Designing bank's overall risk management strategy;

f) Developing and overseeing implementation of stress tests;

g) Developing, testing, and observing use of models for measuring and monitoring risk;

h) Informing the board and All Risk Committee about the appetite for risk across the bank;

Risk management reportingThe following reports are required to be submitted before the board on different intervals:

Quarterly reportingICAAP: Internal capital adequacy assessment process (ICAAP), including an evaluation of the bank's preferred risk profile, the actual risks identified, the means by which they will be mitigated, and what risks will be covered by capital. The results of stress tests should be covered in this report. The overall capital need shall also be reported.

Key figures from the credit portfolio: An overview of credit-quality indicators focusing on unauthorized excesses and overdue payments, the number of upgrades and downgrades in the classification system, and trends in lending volumes.

Market risk: An analysis of the bank's current equity, interest-rate risk, and foreign exchange risk positions as well as reports on the utilization of board-approved limits since the preceding report.

Annual reportingRisk policy: Review of the overall risk policy, including a consideration of whether any revisions are required.

ICAAP: An evaluation of the preferred risk profile, the overall capital need, and the conclusions drawn from stress testing.

Risk management framework: A thorough analysis of the bank's risk profile, including identification and description of risks and an update on the use of risk management models.

Credit portfolio quality: An analysis of adversely-classified loans, provisions and charge-offs by types of loan.

3. Foreign exchange riskForeign exchange risk is the current or prospective risk to earnings and capital arising from adverse movements in currency exchange rates.

The foreign exchange positions arise from the following activities:

a) trading in foreign currencies through spot, forward and option transactions as a market maker or position taker, including the unheeded positions arising from customer-driven foreign exchange transactions;

b) holding foreign currency positions in the banking book (e.g. in the form of loans, bonds, deposits or cross-border investments)

c) engaging in derivative transactions that are denominated in foreign currency for trading or hedging purposes.

In the foreign exchange business, banks also face the risk of default of the counter parties or settlement risk. Thus, banks may incur replacement cost, which depends upon the currency rate movements.

Banks also face another risk called time-zone risk, which arises out of time lags in settlement of one currency in one center and the settlement of another currency in another time zone.

Foreign exchange risk management programManaging foreign exchange risk involves prudently managing foreign currency positions in order to control, within set parameters, the impact of changes in exchange rates on the financial position of the bank. The frequency and direction of rate changes, the extent of the foreign currency exposure and the ability of counterparts to honor their obligations to the bank are significant factors in foreign exchange risk management. A comprehensive foreign exchange risk management program requires:

a) establishing and implementing sound and prudent foreign exchange risk management policies

b) Developing and implementing appropriate and effective foreign exchange risk management and control procedures.

Foreign exchange risk management policyA bank should establish a written policy on foreign exchange risk that:

i. includes a statement of principles and objectives governing the extent to which a bank is willing to assume foreign exchange risk;

ii. establishes explicit and prudent limits on a bank's exposure to foreign exchange risk; and

iii. Clearly defines the levels of personnel who have the authority to trade in foreign exchange.

Statement of foreign exchange risk principles and objectivesBefore setting foreign exchange risk limits and management controls it is necessary for a bank to decide the objectives of its foreign exchange risk management program and in particular its willingness to assume risk.

The tolerance of each bank to assume foreign exchange risk will vary with the extent of other risks (e.g. liquidity, credit risk, interest rate risk, investment risk) and the bank's ability to absorb potential losses. The objective of foreign exchange risk management need not necessarily be the complete elimination of exposure to changes in exchange rates. Rather, it should be to manage the impact of exchange rate changes within self imposed limits after careful consideration of a range of possible foreign exchange rate scenarios.

Foreign exchange risk limitsEach bank needs to establish explicit and prudent foreign exchange risk limits, and ensure that the level of its foreign exchange risk exposure does not exceed these limits. Where applicable, these limits need to cover, at a minimum:

a) the currencies in which the bank is permitted to incur exposure; and

b) the level of foreign currency exposure that the institution is prepared to assume.

Foreign exchange risk limits need to be set within a bank's overall risk profile, which reflects factors such as its capital adequacy, liquidity, credit quality, investment risk and interest rate risk. Foreign exchange positions should be managed within a bank's ability to quickly cover such positions if necessary. Moreover, foreign exchange risk limits needs to be reassessed on a regular basis to reflect potential changes in exchange rate volatility, the bank's overall risk philosophy and risk profile.

Authorized currencies will normally include currencies in which the bank may be called on to settle foreign exchange transactions. These are usually the currencies in which the bank or its customers conduct business.

Limits on a bank's foreign exchange exposure should reflect both the specific foreign currency exposures that arise from daily foreign currency dealing or trading activities (transactional positions) and those exposures that arise from a bank's overall asset/liability infrastructure, both on- and off-balance sheet (structural or translational positions). The establishment of aggregate foreign exchange limits that reflect both foreign currency dealing and structural positions helps to ensure that the size and composition of both positions are appropriately and prudently managed and controlled and do not overextend a bank's overall foreign exchange exposure.

Usually, risk limits are established in terms of a relationship between the foreign exchange position and earnings or capital, or in terms of foreign exchange volume, such as total dollars or numbers of transactions.

Although the overall assessment of foreign exchange counterparties is an integral component of any foreign exchange operation, this may be conducted by a bank's credit risk management function, thus obviating the need for separate counterparty assessment within the bank's foreign exchange operations.

Delegation of authorityClearly defined levels of delegated authority help to ensure that a bank's foreign exchange positions do not exceed the limits established under its foreign exchange risk management policies. Authorities may be absolute, incremental or a combination thereof, and may also be individual, pooled, or shared within a committee.

The delegation of authority needs to be clearly documented, and must include at a minimum:

a) the absolute and/or incremental authority being delegated;

b) the units, individuals, positions or committees to whom authority is being delegated;

c) the ability of recipients to further delegate authority; and

d) the restrictions, if any, placed on the use of delegated authority.

The extent to which authority is delegated will the experience and ability of the individuals for carrying out the foreign exchange risk management activities.

Foreign exchange risk management and control proceduresEach bank engaged in foreign exchange activities is responsible for developing, implementing and overseeing procedures to manage and control foreign exchange risk in accordance with its foreign exchange risk management policies. These procedures must be at a level of sophistication commensurate with the size, frequency and complexity of the bank's foreign exchange activities.

Foreign exchange risk management procedures need to include, at a minimum:

i. accounting and management information systems to measure and monitor foreign exchange positions, foreign exchange risk and foreign exchange gains or losses;

ii. controls governing the management of foreign currency activities; and

iii. Independent inspections or audits.

Control of foreign exchange activitiesThe key elements of any foreign exchange control program are well-defined procedures governing:

a) organizational controls to ensure that there exists a clear and effective segregation of duties between those persons who initiate foreign exchange transactions and those persons who are responsible for operational functions such as arranging prompt and accurate settlement, and timely exchanging and reconciliation of confirmations, or account for foreign exchange activities;

b) procedural controls to ensure that:

i. transactions are fully recorded in the records and accounts of the bank;

ii. transactions are promptly and correctly settled; and

iii. unauthorized dealing is promptly identified and reported to management; and

c) Controls to ensure that foreign exchange activities are monitored frequently against the bank's foreign exchange risk, counterparty and other limits and that excesses are reported.

Moreover, each bank needs to ensure that employees conducting foreign exchange trading activities on behalf of the bank do so within a written code of conduct governing foreign exchange dealing. Such a code of conduct should include guidance respecting trading with related parties and transactions in which potential conflicts of interest exists. These should include trading with affiliated entities, personal foreign exchange trading activities of foreign exchange traders, and foreign exchange trading relationships with foreign exchange and money market brokers with whom the bank deals. Each bank should ensure that these guidelines are periodically reviewed with all foreign exchange traders.

4. Internal Control & Compliance RisksIn todays stringent regulatory business environment with new standards and mandates coming to effect at a never-before pace, the need to keep up with regulatory changes and ensure ongoing compliance with them has emerged as the banks crucial priority. Also, as banks face increasing compliance complexity from the growth of regulations, ad hoc approaches tocompliance managementcan expose them to significant risks. Because of the nature and levels of risks inherent to their business activities, complex banking organizations should have in place a compliance-risk management framework that makes it possible to identify, monitor, and effectively control the compliance risks facing their entire organization. As a result, compliancerisk managementhas emerged as key business concerns across the globe.

Compliance risk, which is often overlooked as it blends intooperational riskand transaction processing, is the risk to earnings or capital arising from violations of, or non-conformance with, laws, rules & regulations, code of conduct, customer relationship rules or ethical standards. It encompasses all laws, as well as prudent ethical standards and contractual obligations. Compliance risk also arises in situations where the laws or rules governing certain bank products or activities of the bank's clients may be ambiguous or untested. Compliance risk, also referred to as integrity risk sometimes, exposes the organization to legal penalties, payment of damages, limitation of business opportunities, diminished reputation, reduced franchise value, lessened expansion potential and the voiding of contracts.

To strengthen its compliance risk program, the banks need an efficient solution for conducting compliance processes, identifying & assessing risks, implementing & monitoring controls and mitigating/eliminating the gaps across its vast multi-country operations.Managing compliance risk has become a core skill that every bank must have in todays highly regulated industry and a consolidated-or "enterprise-wide"-approach to compliance risk management has become "mission critical" for large, complex banking organizations.

Risk-based Compliance Management:Traditionally, risk management and compliance management were treated as separate disciplines. Risk managers dealt with risk identification and mitigation, while compliance managers dealt with compliance auditing. However, this approach is no longer cost-effective or efficient. Increasing compliance requirements call for a strategy that is integrated with risk management and corporate objectives.

Visionary companies have achieved this goal by adopting a risk based approach. Risk based compliance management allows compliance managers to first identify the most significant compliance risks, and then propose controls to mitigate those risks. This way, the focus is only on the risks and compliance regulations that really matter to banking institutions. Managers can also tailor the compliance program to meet the specifics of their business. The result is improved compliance management.

Further, basing a compliance management program on risk management can be an effective communication tool. Managers who may be averse to the term "compliance" may respond much more readily to "risk." This approach may therefore provide banks with an effective means of getting management to understand and give appropriate attention to compliance priorities.

A successful compliance-risk management program which is an essential for sound and vibrant banking system contains the following elements:

Active board and senior management oversight:An effective board and senior management oversight is the cornerstone of an effective compliance risk management process.

Effective policies and procedures:Compliance risk management policies and procedures should be clearly defined and consistent with the nature and complexity of a banking institutions activities.

Compliance risk analysis and comprehensive controls:Banking organizations should use appropriate tools in compliance risk analysis like self-assessment, risk maps, process flows, key indicators and audit reports; which enables establishing an effective system of internal controls.

Effective compliance monitoring and reporting:Banking organizations should ensure that they have adequate management information systems that provide management with timely reports on compliance like training, effective complaint system and certifications.

Testing:Independent testing should be conducted to verify that compliance-risk mitigation activities are in place and functioning as intended throughout the organization.

Internal control system: all of the financial, operational and other control systems which are carried out by internal controllers and which involve monitoring, independent evaluation and timely reporting to management levels systematically in order to ensure that all the bank activities are performed by management levels in accordance with current policies, methods, instructions and limits.

Internal audit (inspection) system: a systematic audit process which is carried out by internal auditors independently as a part of internal control function and in the form of financial activities and compliance audit independent of the banks daily activities, considering the management needs and the banks structure; which covers all the activities and units of the bank, mainly the internal control system and the risk management system, and which enables the assessment of these activities and units, wherein evidences and findings used in assessments are obtained as a result of reporting, monitoring and examination.

Internal supervision (control & audit) system: the integrated process consisting of the internal control system and the internal audit system;

Risk management system: all of the mechanisms concerning the process of standard-setting, reporting, verifying the compliance with standards, decision-making and implementing, which are established by the board of directors in order to monitor, to keep under control and, if necessary, to change the risk/return structure of the future cash flows of the bank and, accordingly, the quality and the extend of the activities;

Senior management: the bank's general manager and deputy general managers, and managers of operational departments who hold signature authority;

Inspector: a staff who inspects the conformity of the banks activities with the banking law and the internal regulations of the bank, based on the authority of the bank who according to the fourth paragraph of Article 9 of Banking Law no. 4389, based on an authority granted by the banks board of directors or by the office of president whom the board of directors appointed, inspects the conformity of the banks operations to the banking regulations, and banks' internal regulations;

Internal control unit: A unit that organizes manages and coordinates the bank's internal control process;

Internal controller: A staff of the bank, other than inspectors, who is authorized by the bank management to monitor, examine and control the activities of the bank on an on-going basis;

Risk management group: The whole structure that comprises the executive risk committee, bank risk committee, and risk management committees of the individual operational units, centralized or decentralized, established in order to manage the risks the bank is exposed to in a systematic way;

Asset/liability management committee: The committee assigned by the board of directors with the duties of determining the policies for asset/liability management and mobility of the funds and taking decisions to be executed by relevant units within the framework of the banks balance-sheet management and monitoring implementation of the activities;

Risk management staff: Staff in risk management committees who is responsible for such issues as defining, verifying, and assessing risks to which the bank is exposed through certain criteria, quantitative and analytic techniques, and has adequate knowledge and experience in risk management; who works in coordination with internal controllers in accordance with the provisions and procedures set out by the board of directors.

Risk: The probability of decrease in economic benefit due to a monetary loss or an unexpected expense or loss occurred concerning a transaction;

Controllable risks: Risks where the probability of a loss that may be incurred by the bank can be mitigated by using risk mitigation techniques or imposing limits to transactions that may generate risk;

Uncontrollable risks: depending on the variability of controllable risks over time, Risks of loss which cannot be predicted by using any risk measurement and mitigation techniques or by implementing exposure limits, and which is realized when emerge;

Participations controlled by the bank: The participations on which a bank has a controlling power, as mentioned in the regulations related to consolidated financial statements which are in effect pursuant to banking regulations.

Responsibility of the board of directors in performing the internal control function

The board of directors shall develop and approve significant strategies and policies concerning the control activities of the bank, and periodically review their implementation, and take measures to establish and maintain an efficient internal supervision (audit/control) system and risk management system in accord with the institutional structure within the bank.

In compliance with provisions set out in this Regulation, the board of directors shall ensure that the banks organizational structure will explicitly embody the internal supervision (audit/control) system and risk management system and define principles and procedures concerning the administrative structure, personnel and quality of these systems.

The board of directors shall regularly review assessments of internal control function made by senior management, internal audit (inspection) unit, the internal control unit, and the risk management group, and by the external auditors; and verify whether or not the recommendations made by the external auditors for improvement of internal supervision (control/audit) systems are being acted upon; and periodically assess the compliance with banks strategies policies with the current risk exposure limits.

Responsibilities of senior management

In coordination with the units defined in this Regulation to perform internal control function, the senior management shall be responsible to the Board of Directors with an in-house regulation, for the followings;

(a)Formulation, execution and on-going review of internal control strategies, policies and process approved by the Board of Directors, and revision thereof so as to include new risks, if necessary and verification of its efficiency,

(b)Development of necessary methods, instruments and implementation procedures to identify, measure, monitor and control the risks the bank is exposed to,

(c)Explicitly defining authorities and responsibilities and monitoring whether the duties and responsibilities are effectively carried out.

Any person who has been allocated to senior management cannot be employed in any committee in the risk management group, the auditing committee or the internal control unit, except for the executive risk committee.

Formation of executive risk committee and its responsibilities

The Executive Risk Committee shall be responsible for preparing the risk management strategies and policies of the bank on a consolidated and unconsolidated basis, for submitting them to the board of directors for approval, and for monitoring their implementation.

The Executive Risk Committee chaired by the member of board of directors responsible for maintaining the internal supervision (control/audit) system shall consist of the head of the bank's risk committee, which is set up pursuant to Article 33 of this Regulation, the head of the assets/liabilities management committee, the head of the credit committee, if any, and head of executive risk committees or similar units of consolidated subsidiaries.

In case the bank has no "assets/liabilities management committee" and this function has been assigned to another unit, then the person in charge of such unit shall be appointed to the Executive Risk Committee.

Responsibilities of other personnel

In order to ensure an efficient internal control, authority and responsibilities of all personnel concerning carrying out their duties and within this framework, to report activities which are inconsistent with professional ethics, contradict bank's policies or are illegal, to the senior management, shall be set out in written form and notified to related personnel.

Any policy and implementation shall be avoided encouraging operations inconsistent with professional ethics of the bank and imprudent transactions; neglecting risks which could be realized over the long run through putting the emphasis on short term performance and operational results, leading to inefficient use of the bank's funds as a result of an improper allocation of duties and authority, implementing incentives for short-term targets or not running a proper sanction mechanism for misconducts.

5. Money laundering riskBeing aware of the risks incurred by banks of being used, intentionally or unintentionally, for criminal activities, the Basel Committee on Banking Supervision is issuing these guidelines to describe how banks should include money laundering (ML) and financing of terrorism (FT) risks within their overall risk management. The Committee has a long-standing commitment to promote the implementation of sound Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) policies and procedures that are critical in protecting the safety and soundness of banks and the integrity of the international financial system. Following an initial statement in 1988, 1 it has published several documents in support of this commitment. In September 2012, the Committee reaffirmed its stance by publishing the revised version of the Core principles for effective banking supervision, in which a dedicated principle (BCP 29) deals with the abuse of financial services.

Essential elements of sound ML/FT risk management

In accordance with the updated Core principles for effective banking supervision (2012), all banks should be required to have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the banking sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities. This requirement is to be seen as a specific part of banks general obligation to have sound risk management programmers in place to address all kinds of risks, including ML and FT risks. Adequate policies and processes in this context requires the implementation of other measures in addition to effective CDD rules. These measures should also be proportional and risk-based, informed by banks own risk assessment of ML/FT risks. This document sets out guidance in respect of such measures.Assessment and understanding of risks

Sound risk management15 requires the identification and analysis of ML/FT risks present within the bank and the design and effective implementation of policies and procedures that are commensurate with the identified risks. In conducting a comprehensive risk assessment to evaluate ML/FT risks, a bank should consider all the relevant inherent and residual risk factors at the country, sectored, bank and business relationship level, among others, in order to determine its risk profile and the appropriate level of mitigation to be applied. The policies and procedures for CDD, customer acceptance, customer identification and monitoring of the business relationship and operations (product and service offered) will then have to take into account the risk assessment and the banks resulting risk profile. A bank should have appropriate mechanisms to document and provide risk assessment information to competent authorities such as supervisors. 16. A bank should develop a thorough understanding of the inherent ML/FT risks present in its customer base, products, delivery channels and services offered (including products under development or to be launched) and the jurisdictions within which it or its customers do business. This understanding should be based on specific operational and transaction data and other internal information collected by the bank as well as external sources of information such as national risk assessments and country reports from international organizations. Policies and procedures for customer acceptance, due diligence and ongoing monitoring should be designed and implemented to adequately control those identified inherent risks. Any resulting residual risk should be managed in line with the banks risk profile established through its risk assessment. This assessment and understanding should be able to be demonstrated as required by, and should be acceptable to, the banks supervisor.

Customer acceptance policy

A bank should develop and implement clear customer acceptance policies and procedures to identify the types of customer that are likely to pose a higher risk of ML and FT pursuant to the banks risk assessment. When assessing risk, a bank should consider the factors relevant to the situation, such as a customers background, occupation (including a public or high-profile position), source of income and wealth, country of origin and residence (when different), products used, nature and purpose of accounts, linked accounts, business activities and other customer-oriented risk indicators in determining what is the level of overall risk and the appropriate measures to be applied to manage those risks. Such policies and procedures should require basic due diligence for all customers and commensurate due diligence as the level of risk associated with the customer varies. For proven lower risk situations, simplified measures may be permitted, if this is allowed by law. For example, the application of basic account-opening procedures may be appropriate for an individual who expects to maintain a small account balance and use it to conduct routine retail banking transactions. It is important that the customer acceptance policy is not so restrictive that it results in a denial of access by the general public to banking services, especially for people who are financially or socially disadvantaged.

Customer and beneficial owner identification, verification and risk profiling

For the purposes of this guidance, a customer refers, in accordance with the FATF Recommendation 10, to any person21 who enters into a business relationship or carries out an occasional financial transaction with the bank. The customer due diligence should be applied not only to customers but also to persons acting on their behalf and beneficial owners. In accordance with the FATF standards, banks should identify customers and verify their identity. A bank should establish a systematic procedure for identifying and verifying its customers and, where applicable, any person acting on their behalf and any beneficial owner(s). Generally, a bank should not establish a banking relationship, or carry out any transactions, until the identity of the customer has been satisfactorily established and verified in accordance with FATF Recommendation.Ongoing monitoring Ongoing monitoring is an essential aspect of effective and sound ML/FT risk management. A bank can only effectively manage its risks if it has an understanding of the normal and reasonable banking activity of its customers that enables the bank to identify attempted and unusual transactions which fall outside the regular pattern of the banking activity. Without such knowledge, the bank is likely to fail in its obligations to identify and report suspicious transactions to the appropriate authorities. Ongoing monitoring should be conducted in relation to all business relationships and transactions, but the extent of the monitoring should be based on risk as identified in the bank risk assessment and its CDD efforts. Enhanced monitoring should be adopted for higher-risk customers or transactions. A bank should not only monitor its customers and their transactions, but should also carry out cross-sectional product/service monitoring in order to identify and mitigate emerging risk patterns.

Management of information

Record-keeping

A bank should ensure that all information obtained in the context of CDD is recorded. This includes both (i) recording the documents the bank is provided with when verifying the identity of the customer or the beneficial owner, and (ii) transcription into the banks own IT systems of the relevant CDD information contained in such documents or obtained by other means.

Updating of information

Only if banks ensure that records remain accurate, up-to-date and relevant by undertaking regular reviews of existing records and updating the CDD information can other competent authorities, law enforcement agencies or financial intelligence units make effective use of that information in order to fulfil their own responsibilities in the context of AML/CFT. In addition, keeping up-to-date information will enhance the banks ability to effectively monitor the account for unusual or suspicious activities. Supplying information to the supervisors A bank should be able to demonstrate to its supervisors, on request, the adequacy of its assessment, management and mitigation of ML/FT risks; its customer acceptance policy; its procedures and policies concerning customer identification and verification; its ongoing monitoring and procedures for reporting suspicious transactions; and all measures taken in the context of AML/CFT.Reporting of suspicious transactions Ongoing monitoring and review of accounts and transactions will enable banks to identify suspicious activity, eliminate false positives and report promptly genuine suspicious transactions. The process for identifying, investigating and reporting suspicious transactions to the FIU should be clearly specified in the banks policies and procedures and communicated to all personnel through regular training. These policies and procedures should contain a clear description for employees of their obligations and instructions for the analysis, investigation and reporting of such activity within the bank as well as guidance on how to complete such reports.

Reporting of asset freezingFinancing of terrorism has similarities compared to money laundering, but it also has specificities that banks should take into due consideration: funds that are used to finance terrorist activities may be derived either from criminal activity or from legal sources, and the nature of the funding sources may vary according to the type of terrorist organization. In addition, it should be noted that transactions associated with the financing of terrorists may be conducted in very small amounts.