1

A SUMMER TRAINING REPORT ON

OPERATIONAL RISK MANAGEMENT IN BANKING AT STATE BANK OF BIKANER & JAIPUR BANK

SUBMITTED IN THE FULLFILLMENT OF THE REQUIRENMENT OF THE AWARD OF THE DEGREE OF

MASTER OF BUSINESS ADMINISTRATION 2012-2014

SUBMITTED BY: JIGYASA SONI

Under Guidance Of:

Industry Guide Faculty Guide

Mrs.Usha yadav Dr. Harsh Purohit

Cheif Manager- ORMD Faculty Finance

Sbbj Bank, Jaipur wisdom, Bansthali Vidyapith

2

ACKNOWLEDGEMENT

“Nothing we achieve in this world is achieved alone. It is always achieved with others teaching us along the way”

It is my proud privilege to express my sincere gratitude to all those who helped me directly or indirectly in completion of this project report…

First of all I would like to thank Mr. S. K. Jain ( DGM- IRM Dept. SBBJ Bank, Jaipur.. ) who gave me the opportunity to complete my forty five days summer internship program in SBBJ bank Jaipur as per requirement of my curriculum of MASTER OF BUSINESS ADMINISTRATION…

I would like to thank Mr. Sujit Kumar deb (AGM- IRMD . SBBJ Bank,Jaipur), & Mrs. Usha Yadav (Chief Manager operational risk-SBBJ), Sitaram Meena (MIS Dept.) under whose guidance I could learn various operations in SBBJ, Jaipur and for his expert & invaluable guidance, constant encouragement and constructive criticism to accomplish such laborious & exhaustive work timely and perfectly.

I would want to thank Prof. Harsh Purohit without his unending support this internship would not have been possible. He always seemed to have time for me to help me in all my difficulties.

Last but not least I’m indebted to those entire people and other personnel working at the SBBJ bank, head office, Tilak Marg, C- Scheme, Jaipur. Who indirectly contributed and without whom this work would not have been possible…

Endeavour has been made to make the project error free yet I apologies for the mistakes…..

JIGYASA SONI

3

ABSTRACT

commerical banks are in the risk business. In the process of providing financial services, they assume various kinds of financial risks. The past decade has seen dramatic losses in the banking industry. Firms that had been performing well suddenly announced large losses due to credit exposures that turned sour, interest rate positions taken, or derivative exposures that may or may not have been assumed to hedge balance sheet risk. In response to this, commercial banks have almost universally embarked upon an upgrading of their risk management and control systems.

Here in this project I have discuss the concept of risk management in banks, to know whether the Banks are following RBI guidelines to manage the risks, shortcomings of the current methodology used to analyze risk, and the elements that are missing in the current procedures of risk management.

4

TABLE OF CONTENTS

SR. NO TOPIC

1. Introduction about bank.

2. Organization profile of SBBJ bank

3. Introduction to the topic

4. Operational risk

5. Risk management at SBBJ Bank.

6. Research design

7. Data Analysis

8. Findings and Suggestions

9. Conclusion

10. Recommendation

11. Bibliography

5

6

7

ABOUT STATE BANK OF BIKANER AND JAIPUR

Brief History of the Bank

The genesis of State Bank of Bikaner and Jaipur dates back to the year 1943-44, when the Bank of Jaipur Ltd. and the Bank of Bikaner Ltd. came into existence. In 1960, both banks were incorporated as subsidiaries of State Bank of India and named as State Bank of Bikaner and State Bank of Jaipur. On January 1, 1963, both banks were merged into one entity viz. State Bank of Bikaner and Jaipur. The constitution, capital, management and other matters pertaining to the Bank are governed by the provisions of SBI (Subsidiary Banks) Act, 1959.

75% of the shares of SBBJ are held by SBI and the remaining by institutions and general public. The Bank took over the business of the Govind Bank Pvt. Ltd, Mathura on 25th April, 1966. SBBJ went public in the year 1997-98 with an issue of

12.21 lakh shares of 100 each at a premium of 440/-. SBBJ is the only public sector bank with headquarter in Rajasthan.

At the time of incorporation, the Bank had a business of 45 crore, net profit of 7.5 lakh and a network of 124 branches (96 in Rajasthan). By March 2013 the business of the Bank increased to 1,30,590 crore, net profit stood at 730.24 crore.

The number of branches increased to 1037 ( 855 in Rajasthan) as on 31.03.2013. SBBJ had sponsored three Regional Rural Banks viz. Marwar Gramin Bank (set up in 1976), Sriganganagar Kshetriya Gramin Bank (1984) and Bikaner Kshetriya Gramin bank (1985). These were merged into single RRB viz. MGB Gramin Bank in June 2006. On 25.02.2013 the MGB Gramin Bank (RRB sponsored by SBBJ) and Jaipur Thar Gramin Bank (RRB sponsored by UCO Bank) were amalgamated into a single Regional Rural Bank named 'Marudhara Gramin Bank' sponsored by SBBJ with Head office at Jodhpur. The Bank shoulders Lead Bank responsibility in 9 districts of the State.

8

Bank's Vision and Mission

The Bank has codified its ethos, values, culture and aspirations in its Vision and Mission statements. The Vision and Mission statements were last revised in the year 2000 and a need was felt to revise these statements keeping in view the changed market conditions. Accordingly, the statements were revised in the year 2009-10 and the revised statements are as under:-

Vision :

“To be a state-of-the-art, customer-centric, values driven and professionally managed banking organisation; committed to the highest standards of good corporate governance practices; perpetual enhancement of the wealth of the shareholders and welfare of all stakeholders and the society”.

Mission :

“To provide one stop solutions to all the banking needs of customers through a highly motivated, professional and efficient human resources pool with quality of service, customer care and customers’ business in focus by efficient use of Information Technology in a cost effective manner; meeting the expectations of all stakeholders through transparent, true and fair disclosures and responsive management principles in all the activities; to strive to fulfil corporate social responsibility with special emphasis on financial inclusion throughout the State of Rajasthan and aiming to provide the best banking services to one and all”.

The major distinguishing features of the revised Vision and Mission Statements were laying emphasis on being state-of-the-art Bank, adopting good corporate governance practices, welfare of all stakeholders and the society, providing one stop solutions to all customers, efficient use of information technology in a cost effective manner, transparent/ true/ fair disclosures, responsive management principles, fulfilling corporate social responsibility and implementing financial inclusion in the State of Rajasthan.

9

Our Management Committee

The management team of SBBJ Bank consists of the following individuals who are very well qualified, possess rich experience and are competent professionals from their field.

Name Designation

Shri B Sriram Managing Director

Shri Sanjay Kumar SinghChief General Manager (Retail Banking)

Shri Santanu MukherjeeChief General Manager (Commercial Banking)

Shri Nirmal JoshiChief Vigilance Officer

Shri G.D.RozarioGM-Inspection & Audit

Shri Siddarth BiswalGM-IT & New Business

Shri Narayan Swamy RGM (Try, F&A ) & Chief Financial Officer

Shri K.K.Das

GM- (Risk Mgmt.,Credit Policy,Procedures)& Chief

Risk Officer

Shri S.S.NegiGM-MSME,Rural Banking & Financial Inclusion

Ms. Papia SenguptaGM- HR & General Administration

Shri Haridas K.V.GM-Recovery & Rehabilitation

10

Offerings

11

OFFERINGS

1) PERSONAL BANKING

a)DEPOSITS

State Bank of Bikaner & Jaipur offers various deposit plans that you can choose from depending on the nature of deposit, term period, unique saving and withdrawal features. Apart from competitive interest rates and convenient withdrawal options, our deposit plans offer other features such as overdraft facility, outstation cheque collections, safe deposit lockers, ATM's etc.

b) SAVINGS BANK ACCOUNT

Simplest deposit option available to the depositor. Easy to operate. Terms and conditions kept simple to facilitate understanding. No hidden costs. Low minimum balance requirement. Option to withdraw money through withdrawal forms or by cheque. An ideal option to cultivate the habit of banking and saving amongst the younger

generation. Students above 10 years can open accounts in their own names. Easy withdrawal of cash under single window concept.

2) NRI SERVICES

India is one of the fastest growing economies of Asia and offer unique opportunities to Non-Resident Indians, both individuals and corporations, for investment. The country is looking towards its Non-Residents for flow of foreign exchange resources and invite all Non-Resident Indians to contribute their mite in its developmental activities. One of such avenues is deposit of funds with the banks and we, the State Bank of Bikaner and Jaipur, welcome you all for putting your deposits in any of our branches. State Bank of Bikaner and Jaipur is one of the associates of State Bank of India with over 833 offices in India and a network of correspondents all over the world. We can meet all your needs offering satisfactory Banking services.

We offer undernoted type of accounts: Finest and fastest rates for any foreign exchange transaction, for any account and for any

delivery. Forward cover as well as rollover cover. Market intelligence from our extensive database Profiles, prospects, rate forcast for foreign currencies. Counseling, risk management and hedging of your total foreign exchange exposure in the

long-term perspective.

Offerings

Personal NRI Inter-national

Banking

Corporate

Banking

Agri-

culture

Products

Service

to SME's

Other

12

3) INTERNATIONAL BANKING

International Banking services of State Bank of Bikaner & Jaipur are delivered for the benefit of its Indian customers, non-resident Indians, foreign entities and banks. Amongst the various services offered by us are. For this purpose 68 of our branches are authorized to do Forex business.

Services for exporters and importers Services for domestic customers SBBJ expo gold card Export credit interest rate Interest gold card Service charges

4) CORPORATE BANKING

WE provide financial products / services of a wide range for large, medium and small corporates Infrastructure, non-infrastructure, manufacturing units, and services such as tourism- we are there to cater to the needs of all. We provide both fixed interest and floating interest loans.

SBBJ offers: Working Capital Finance including Trade Finance Export Credit Project Finance Deferred Payment Guarantee Term Loan Loan Syndication

5) AGRICULTURAL PRODUCTS

We, at State Bank of Bikaner & Jaipur have always understood the need for developing the agrarian community of the nation. As such we are committed to the development of Agriculture, not only in the state of Rajasthan, but also elsewhere in the country. To cater to the needs of the farmers, we offer finance for a number of activities as enumerated below

Kisan Credit Card  Scheme (KCC) Kisan Gold Card Scheme (KGC) Loans for Purchase of Agricultural Implements:

13

Tractor Plus Thresher, Implements etc.

Minor/Micro Irrigation Scheme: Loan for new wells /deepening of wells/Bore wells  For pump sets diesel/electric/submersible.  For conveyance Pipes/Lining of water courses.  For sprinkler sets For drip sets

Loans for activities allied to Agriculture Dairy Loans Loans for Poultry/Sheep/Goat rearing.

Loans for Medicinal & Horticulture Plantation Kisan Vahan Yojana Vermi Compost Scheme for Organic Farming

For development of storage facilities Construction of farmers/Rural godowns Cold storage

For Rural housing – Gramin Awas/ Sahyog Niwas Schemes. Arthias Plus scheme. Loans to Agri Input seeds, fertilizers/Agri. Machinery dealers/Cattle feed and Poultry

feed dealers. Others.

6) SERVICES TO SME’S

Interest Simplified Common Loan Application Form For MSEs Regional MSME Care Centre

7) OTHER SERVICES Cross selling activities E-mitra Dermat services Internet banking ATM services Real time gross settlement National electronic fund transfer Zero balance current account

14

15

Indian Banking Sectory

The Reserve Bank of India (RBI), as the central bank of the country, closely monitors

developments in the whole financial sector. It was established in April 1935 with a share capital

of Rs. 5 crores on the basis of the recommendations of the Hilton Young Commission. Reserve

Bank of India was nationalized in the year 1949.

As at end-March 2002, there were 296 Commercial banks operating in India. This included 27

Public Sector Banks (PSBs), 31 Private, 42 Foreign and 196 Regional Rural Banks. Also, there

were 67 scheduled co-operative banks consisting of 51 scheduled urban co-operative banks and

16 scheduled state co-operative banks.

Retail Banking is the new mantra in the banking sector. The home loans alone account for nearly

two-third of the total retail portfolio of the bank. According to one estimate, the retail segment is

expected to grow at 30 to 40% in the coming years.

Net banking, phone banking, mobile banking, ATMs and bill payments are the new buzz words

that banks are using to lure customers. Just too many players. 27 Public sector banks, 31 Private

Banks and 29 foreign banks.

The Indian banking sector is headed for consolidation. The presence of many regional players

will see few banks emerging as global competitors. Future belongs to technology. Cheaper

delivery points like Internet and tele banking to improve their shares. ATM banking costs 80%

while Internet and telebanking costs only 15% compared to normal banking transactions.

16

BRIEF HISTORY ABOUT SBBJ BANK

State Bank of Bikaner & Jaipur (SBBJ) is an associate bank of State Bank of India. Currently,

SBBJ has 1000 branches, mostly located in the state of Rajasthan, India. Its branch network out

of Rajasthan covers all the major business centers of India. In 1997, the Bank entered in the

capital market with an Initial Public Offering of 13,60,000 shares at a premium of Rs 440 per

share.

State Bank of Bikaner & Jaipur came into existence on 1963 when two banks, namely, State Bank of Bikaner (established in 1944) and State Bank of Jaipur (established in 1943), were merged. Both these banks were subsidiaries of the State Bank of India under the State Bank of India (Subsidiary Bank) Act, 1959. On April 25, 1966 SBBJ took over Govind Bank, Mathura.

In 1984 SBBJ sponsored and established Ganganagar Kshetriya Gramin Bank as a Regional Rural Bank. Thereafter, in 1985 SBBJ opened the Bikaner Kshetriya Gramin Bank, the second Regional Rural Bank sponsored by it. The third Regional Rural Bank, sponsored by SBBJ was Marwar Gramin Bank covering the districts of Pali, Jalore and Sirohi. On 12 June 2006, SBBJ merged all three Regional Rural Banks sponsored by SBBJ were merged and the merged entity was named MGB Gramin Bank, with headquarters in Pali.

The bank follows transparent corporate goverence polocies and has smoothly migrated to Basel II.

On the technology front , the bank migrated all branches to core banking solution and become among the first new bank in india to offer outline banking facilities across the country the bank has installed 495 ATMs.

17

18

OBJECTIVE

To bring to light the various Operational Risks involved in the Banking sector.

To find out the efficiency with which Sbbj Bank can handle and manage Operational Risk.

To know the guidelines set up by RBI for commercial banks.

To know whether the banks are following those guidelines or not.

To know the bank performance.

19

INTRODUCTION TO RISK MANAGEMENT

What is risk?

Risk is hazard, danger, chance of loss or injury that a person can face. It is also the degree of probability of loss and volatility of unexpected outcomes.Operating in a liberalized and globalized environment, banks are exposed to various kinds of risks that can emanate from financial and non-financial factors. Generally, risks faced by banks are grouped into clearly identifiable categories, which include

i) Credit risk

ii) Market risk

iii) Operational risk.

With progressive de-regulation, cross border dealings, globalization, introduction of wide range of products and services, improvement in technology and communications significant changes have occurred in the operating environment as well as in the balance sheets of banks. Risks faced by banks have now increased manifold posing significant challenges to both, banks and the supervisor. To respond to these challenges there have been various supervisory initiatives to induce better operating standards in banks, greater transparency and sensitivity towards risk management by banks.

20

A brief description of the various risks is given below:

1) Market Risk

Market Risk is the possibility of loss to a bank caused by changes in the market variables.The Bank for International Settlements (BIS) defines market risk as “the risk that the value of ‘on’ or ‘off’ balance sheet positions will be adversely affected by movements in equity and interest rate markets, currency exchange rates and commodity prices”.

Market risk consists of: -

Liquidity risk

Liquidity risk occurs when Bank is not in a position to pay amounts due to its customers/counterparties or these are met by borrowing from the market at high cost.

Measured in terms of the negative gap in any time bucket. As per RBI guidelines, this gap should not exceed 20% of outflows in first two time buckets.

Interest Rate Risk

The risk that changes in interest rates will adversely impact the revenues and balance sheet.

Balance sheet comprises of diverse assets and liabilities, each of which is subject to different interest rates, maturity period.

Hence, calculation of impact of interest rate changes is a complex and computer-intensive task.

Forex risk

Risk that a bank may suffer losses as a result of adverse exchange rate movements during a period in which it has an open position.

Equity/Commodity risk –

21

Risk that a bank may suffer losses as a result of adverse movements in equity/commodity prices during a period in which it has an open position.

2) Operational risk

Operational risk arises out of inadequate or failed internal processes, people and systems or from external events. It includes People risk (incompetence, frauds, work environment, motivation) Process risk (errors in transactions, product complexities) Operational control risk (failure of operational controls, volumes) Model risk (model application error, methodology error).

For risk profiling of banks under RBS, the following risks have also been included in operational risk: -.

Legal risk

Legal risk can arise due to the possibility of actions of a bank not being in conformity with the laws of a country or being in violation there of. The bank can also experience legal risk when customers approach court of law for redressal of their grievances where transactions with its counterparties are not supported by proper documents or the terms of the contract are unclear or even due to lack of well established legal pronouncements in cases where issues involved are nebulous. Legal risk can also assume shades of cross border risk when the legal requirements of other countries are unknown or unclear or when jurisdiction ambiguities with respect to the responsibilities of different national authorities arise.

Reputational risk

22

The financial implication of a moral obligation cast on a bank in the environment it is functioning or by virtue of its association with another organization is called Reputational risk. Reputational risk is the potential of suffering loss due to significant negative public opinion, bad or wrong publicity. It could arise either from the bank’s own failure to perform or due to the actions of a third party. The bank can also experience Reputational risk on account of contagion effect of adverse developments in its subsidiaries.

Technology risk

Technology risk can arise out of IT related factors like validity of IT systems, back up and disaster recovery systems, failure of systems, security of systems, programming errors, etc. It can also arise due to obsolescence of technology being used, technology not being in alignment with business needs or adoption of untried and untested technology, inability of staff to respond to new technology etc. Adoption of Internet banking, in the initial stages, can also be fraught with several risks like reputation risk, legal risk including cross border risk and money laundering risk.

3) Credit Risk

Credit risk is defined as the possibility that a borrower or counterparty will fail to meet its obligations in accordance with agreed terms. Credit risk, therefore, arises from the banks dealings with or lending to a corporate, individual, another bank, financial institution or a country. Credit risk may take various forms, such as: In the case of direct lending, that funds will not be repaid; In the case of guarantees or letters of credit, that funds will not be forthcoming from the

customer upon crystallization of the liability under the contract; In the case of treasury products, that the payment or series of payments due from the

counterparty under the respective contracts is not forthcoming or ceases; In the case of securities trading businesses, that settlement will not be effected; In the case of cross-border exposure, that the availability and free transfer of currency is

restricted or ceases.

23

24

INTRODUCTION

Since the mid-1990s, the topics of market risk and credit risk have been the subject of much

debate and research, with the result that financial institutions have made significant progress in

the identification, Measurement and management of both these forms of risk.

Globalization and deregulation in financial markets, combined with increased sophistication in

financial technology, have introduced more complexities into the activities of banks and

therefore their risk profiles. These reasons underscore banks' and supervisors' growing focus

upon the identification and measurement of operational risk.

Events such as the September 11 terrorist attacks, rogue trading losses at Societe Generale,

Barings, AIB and National Australia Bank serve to highlight the fact that the scope of risk

management extends beyond merely market and credit risk.

The list of risks (and, more importantly, the scale of these risks) faced by banks today includes

fraud, system failures, terrorism and employee compensation claims. These types of risk are

generally classified under the term 'operational risk'. The identification and measurement of

operational risk is a real and live issue for modern-day banks, particularly since the decision by

the Basel Committee on Banking Supervision (BCBS) to introduce a capital charge for this risk

as part of the new capital adequacy framework (Basel II).

State bank of bikaner & jaipur Bank is no exception. The Bank in order to minimize the

Operational Risk in its daily operations have put in place certain controls and checks , thereby

complying with the necessary regulations.

This project highlights the involvement of financial risk while processing of bank’s various

products and services.

25

DEFINITION OF OPERATIONAL RISK

Operational Risk: The risk of loss resulting from inadequate or failed internal processes, people

and systems, or from external events.

Operational risk is one of the three primary risk disciplines in the financial services industry,

along with Credit Risk and Market Risk.

It includes legal, Technology and reputational risk to the Bank that they are impacted or impact

Operational Risk.

There have been a number of major incidents within financial organizations over recent years

caused not by credit or market risks, but by the very nature of risks associated with running a

financial services company, known as Operational Risk.

Some of the causes of operational risk:

There are numerous causes of operational risk. For eg, day-to-day

problems such as the difficulty in recruiting and retraining staff.

Other examples of operational risk :

Fires, flood and earthquake- risk arising from natural disorders.

Fraud

Terrorist attacks

Human error

Hacking

26

Dissatisfied customer

Supply or supplier failure Regulatory breaches

Incomplete documentation

Failed trades

Unsettled transactions

Unauthorized transactions

Inadequate checking

Untrained staff

Misleading advertising

Failure to treat customers fairly

Unsafe buildings, System Failure

27

28

SBBJ BANK AND OPERATIONAL RISK

SBBJ Bank has to manage Operational Risk in order to comply with the regulations BASEL II

BASEL II

In 2007 a new directive came into force for all financial companies known as BASEL II

This directive defines Operational Risk as one of the three risks for which all banks mast:

- Put aside capital (PILLAR 1)

- Be available for supervisory review (PILLAR 2)

- Disclose information to the market (PILLAR 3)

OPERATIONAL RISK MANAGEMENT POLICY

Operational risk management(ORM) policy sets the tone and objectives of operational risk

management in SBBJ .the ORM policy at SBBJ has been approved by the Board of Directors on

24/09/2004 and subsequently reviewed on 19/01/2006.

The Objectives of ORM are:

Enabling a pro-active operational risk management framework which covers:

Risk identification

Risk assessment

Risk control/mitigation plans

Risk measurement

Capital calculation

Risk monitoring and reporting-covering “KRIs, risk reporting, validation of RCSA risk

assessment with empirical loss data” as pro-active risk monitoring tools.

29

Improving quality of services/products/processes through robust risk management

system and rewards better risk management.

Developing a common understanding of operational risk across the bank involving every

employee at all levels and assign risk ownership.

- This policy is applicable to all branches/business units of the bank and has been circulated

to all branches/offices of the bank.

THE OPERATIONAL RISK FRAMEWORK

Operational Risk Policies & Procedures- what needs to be done

Compliance assurance- how we know it is being done

Risk & Loss Reporting- information in an accessible and consistent format

An Operational Risk Management Toolkit- Key Control Standards (KCS), Key Control Self-

Assessment (KCSA) and Key Risk Indicators (KRI)

An Operational Risk Committee structure- the management structure

People with defined roles & responsibilities- who does what

30

THE OPERATIONAL RISK TOOLKIT

The “tools” available for managing Operational Risk at SBBJ Bank:

i) RCSA

ii) KRIs

iii) LOSS DATA

iv) SCENARIO ANALYSIS

OPERATIONAL RISK ASSESSMENT PROCESS:-

1) RCSA(RISK AND CONTEOL SELF-ASSESSMENT)

A risk and control self-assessment (RCSA) forms an integral elements of the overall operational risk framework.is it helps the bank in risk identification and risk management efforts and to improve the understanding control and oversight of its operational risks.

Purposes of RCSA

An RSCA programs covers two business lines functions- risk self-assessment and control self-assessment. Risk self-assessment is a practice that enables department’s heads to analyze various business risks and rank them as high, medium, low based on potential losses.

A control self-assessment program helps senior manager ensure that internal controls, procedures and mechanism are adequate, functional and conform to top leadership’s recommendations, industry practices, professional standards and regulatory guidelines.

31

OBJECTIVES OF RCSA:-

a) Early detection of unidentified, uncontrolled and / or under estimate risks.

b) Assess the acceptability level of identified risks and controls.

c) Evaluation of effectiveness in the risk profils.

d) Identify material changes in the risk profile.

e) Establish a relationship between changes in the business environment and controls with the risk profile.

f) Involve the business and support groups (IT , LEGAL , HUMAN RESOURCE) in their risk assessment, thereby creating responsibilities from respective management to proactively manage and monitor its operational risks, framing and implementation of mitigation plans.

RBI GUIDELINES FOR RCSA

RBI Guidelines on risk and control self-assessment forming part of the circular issued on “Guidance note on management of operational risk” dated 14th October, 2005.these are:-

Para 4.8:-A bank assesses its operational and activities against a menu of potential operational risk vulnerabilities . this purpose is internally driven and often incorporates checklists and / or workshop to identify the strength and weakness of the operational risk environment.

BENEFITS OF RCSA:-

A risk and control self-assessment framework is critical in a banking sector.

RCSA program include early detection of risks that have not been effectively managed and the development of mitigation plan that safeguard the bank against significant business risks occurring.

RCSA also improves the control environment by:

32

Increasing awareness of organizational objective and the important role that internal control plays in their achievement.

Training participants how to analyses and report on internal controls.

Helping to achieve a culture where employee apply risk management processes in their day to day

STEPS FOR RCSA

RCSA include four key steps:

1. Risk identification

2. Risk assessment

3. Risk mitigation/control

4. Risk reporting

ROLES AND RESPONSIBILITIES:-

Operational risk management committee (ORMS):-

a) Review and approve the development and implementation of operational risk methodologies for

risk and control self-assessment(RCSA).

33

b) Review and approve the RCSA plan and its coverage for the ensuing year.

c) Review and approve RCSA manual at yearly intervals.

d) Review the risk profile, understand future changes and threats and prioritize actions steps.

Operational risk management department (ORMD):-

a) Responsible for establishing and implementing the RCSA procedures contained in this manual.

b) Maintenance of library of risk registers.

c) Facilitate conduct of workshops to assess residual risk and design effectiveness of controls.

d) Reporting of RCSA results to the ORMS.

e) Design RCSA training programme.

Zonal OR managers:-

a) Assist in testing controls identified as mitigating action points during the RCSA exercise.

b) Identify the outliner in the RCSA exercise.

c) Develop RCSA training programme in coordination with ORMD.

d) Reporting of consolidated RCSA data.

34

Reporting unit(business unit head, branch head & operational unit head):-

a) Validate the risk events identified during the RCSA process

b) Approve the residual risk rating.

c) Endorse the control rating for the RCSA entity.

d) Ensure successful completion of the RCSA exercise.

e) Submit the RCSA results to the ZORM as per the time schedule.

f) Develop risk mitigation plan and follow up on the implementation for bringing down the risk

scores to acceptable levels within definite timelines.

RCSA PARTICIPANTS (OFFICIALS WHO PARTICIPANTS IN RCSA):-

a) Complete the RCSA exercise in a timely manner.

b) Provides the RCSA template(completed) to the head of RCSA entity for validation.

INSPECTION & AUDIT DEPARTMENTS:-

a) Independent review/audit of the bank’s RCSA process.

b) Share information on inspection reports with ORMD to review and enhance its risk.

35

Basel Accord and RBI Guidelines lay down 3 approaches for

measuring and managing operational risks and specify certain

qualitative criteria in respect of each approaches which are

addressed by RCSA.

1)APPROACH : Basic Indicator Approach

Qualitative criteria addressed by RCSA:

No specific criteria suggested by Basel, but it encourage banks to follow guidance of sound

practices on operational risk management(SPOR).the following principal

Of SPOR are addressed by RCSA methodology:

Principal 4: Banks to identify and assess the inherent risk in all material products,

activities, process and system.

Principal 5: regular monitoring of OR risk profile and material exposures to losses.

Regular reporting of pertinent information to senior management and the board for proactive

ORM.

Principal 6: policies, process and procedures in place to control and/or mitigate material

OR.

2 APPROCH : Standardized Approach

36

Qualitative criteria addressed by RCSA :

The following qualitative requirements under standardized approach are addressed by RCSA:

ORM function to incorporate following elements:

Strategies to identify, assess, monitor and control/mitigate operational risk.

Risk reporting system for operational risk.

3.APPROCH: Advance measurement Approach(AMA)

Qualitative criteria addressed by RCSA:

The bank must have an independent operational risk management function that is responsible

for the design and implementation of the bank’s operational risk management framework. The

operational risk management function is responsible for:

Codifying bank-level policies and procedures concerning operational risk management and

controls.

Design and implementation of a risk- reporting system for operational risk; and

Developing strategies to identify, measure, monitor and control/mitigate operational risk.

37

2) KRIs( KEY RISK INDICATORS)

KEY RISK:

key risk is defined as an event that could significantly impact bank’s ability to implement its

strategy and to achieve its established objectives.

KEY RISK INDICATORS:

Key risk indicators (KRIs) are early warning signals, which enable management to

Monitor and mitigate operational risks that are beyond acceptable levels. These are

Statistics and / or metrics, which can provide insight into a bank’s operational, risk profile and its

changes.

Example of KRIs would be- For branches numbers of days , day end cash did not tally numbers

of days cash retention limit was breached, number of days ATM cash did not tally with admin

balance.

OBJECTIVES:

38

The KRIs framework aims at the following:

Provide effective monitoring tool to track change in risk levels and keep management apprised of

shift in thresholds.

Timely reporting of significant control slippages.

Minimize the occurrence of a risk event/loss; and

Provide a homogenous monitoring tool that can give the bank a complete view of its

operations.

Quantify, where applicable operational risk appetite of the bank.

Key risk indicator process

The key risk indicator process is to establish indicators for each of the key risks which appear on

the business risk profile .the number of indicators and the type of indicators that can be identified

for which risk will vary depending on a number of factor. In general key risk indicators(KRIs)

have the following attributes:

a) Indicators are linked to risks or controls identified in the RCSA exercise.

b) Indicators need to be appropriately defined to ensure understanding of the measures i.e whether

KRIs will be monitored on a percentage basis or whole number etc.

c) Data need to be sourced for each indicators.

d) Thresholds should be established to reflect the business tolerance or appetite to risk;

e) Indicators need to be monitored, reported and escalated appropriately; and

f) Thresholds to be established for each KRI.

39

Key process steps for identification of key risk indicators:

The KRI process comprises of the following phases:

a) Development Phase of KRIs

i) Identification and documentation of KRIs.

ii) Source , validation and analysis data

iii) Determine threshold levels for monitoring KRIs.

b) Ongoing review of KRIs

i) Aggregation of KRIs

ii) Monitoring of KRIs

The pictorial representation of key steps and processes involved in

identification of key risk indicators (KRI) is as under:

DdDevelopmentOngoing reviewDevelopment Ongoing review

Source, validate and Analyse data

Identify and document KRIs

Determine Tolerance

Aggregation of KRIs

Monitor KRIs

40

a) Development phase of KRIs:

Development of KRIs is an iterative process initially. It may not be possible to identify

meaningful KRIs. However , as knowledge of the drivers or causes of risks and controls improve

more effective indicators can be identified.

Identification and documentation of KRIs

Identification of KRIs

1. Preparation

Result from the RCSA exercise should be used as the starting point for the identification process.

The documented controls of the RCSA entity should be classified as either preventive or

detective controls.

A preventive control helps to prevent or stop the risk event from occurring.

A detective controls aids the business to identify whether a risk events has occurred.

A recovery control helps the business minimize the impact of an event should it occur.

Indicators linked to preventive controls are generally more predictive in nature than those for

detective controls.

2. How to identify indicators

When identifying potential indicators, it is useful to consider the four main categories of KRIs:

Predictive/lead risk indicators

Predictive/lead control indicators

41

Lagging/detective risk indicators

Lagging/detective control indicators.

- Predictive indicators can be identified by considering how the business can monitor the

cause and preventive controls in place.

- Lagging indicators usually relate to the risk consequence, detective or recovery controls.

Examples for preventive/lead indicator

Where an employee earlier handled on an average 20 transaction in a day, due to business

growth, the employee now handle 40 transactions in a day. The increase in volume without a

corresponding increase in manpower would imply that an employee would have to skip some

parts of the process would have to skip some parts of the process so as to complete the increased

volume within the same time period. Thus percentage increase in the business without increase

in manpower is a leading indicator of the potential error in the process.

The type of deviations in account opening process would indicate the likelihood of fraud

occurrence.

Example for detective / lag indicator

Percentage of customer complaints is a lag indicator of the level of customer satisfaction.

Documentation of KRIs

The following information should be documented for each KRI:

The title of the KRI- what the indicator is called e.g. staff turnover, customer complaints, etc.

The risk or control it is monitoring.

42

The definition of the KRI- it is important to appropriately define the indicators this ensures that

the correct data is sourced and inform how the indicators is to be interpreted e.g. how will staff

turnover be measured.

If the KRI is predictive or lagging.

If the indicator is a risk or control indicator.

i. Source, Validation and Analyses Data

Assessing Data Quality

Change to data

Extraction of data

ii. Determine Threshold level for monitoring of KRIs

a) Threshold level zones

Thresholds determine how well the bank’s operational activities are managed.

In simple terms a threshold level is a measure which determines the seriousness/ probability of a

risk materializing.

i. Threshold levels can be measured at the 3 levels namely- GREEN, AMBER and RED.

ii. These thresholds also demonstrate the risk tolerance of the activity/ operation.

iii. The units are expected to operate below the threshold levels in the respective activity/operation.

As mentioned earlier, thresholds would be calibrated into green, amber and red zones. The color

coding is assigned to facilitate the attention of the management to the areas that are critical.

These zones would represent the tolerance level of the indicators:

43

RED Highlights the need for immediate resolution.

AMBER A potential problem that requires further review and analysis.

GREEN No immediate concern.

Red (Unacceptable):

The KRIs should be escalated to senior management and appropriate mitigation initiatives

implemented to manage the KRI back to the green zone.

Amber(increased concern):

The KRI should be closely monitored and where appropriate actions should be put in place to

manage the KRI back to green zone.

Green(Acceptable):

Normally no action required.

b) Criteria for threshold determination:

When setting tolerance , the following guidelines may be useful for the bank to consider:-

i. The approach taken to setting tolerance for each KRI may differ.

ii. Tolerance should difference between what is expected(business as usual ) variance in data and

what may highlight there is an increased chance of risk occurring or a control failing.

iii. The bank may want to consider setting more prudent tolerance thresholds initially until

experience of monitoring and analyzing the data is deeper.

44

iv. Tolerance should be set at level to meet management needs I .e at what level should management

be made aware of a particular metrics.

Ongoing review of KRIs

i. Aggregation of KRIs

KRI that are similar across the various units of the bank can be consolidated for reporting at the

entity level, if there are multiple indicators for a single risk group , average of the scores of all

the indicators can be reporting purpose.

Monitoring of KRIs:

On an ongoing basis KRIs need to be reviewed to assess the degree of relevance and relevance and usefulness in monitoring the underlying risk and control.

Roles and Responsibilities

1. Operational risk management committee(ORMC)

o Review and approve the development and implementation manual of operational risk

methodologies for key risk indicators.o Approving threshold level for various KRIs. In consultation with ORMD.

45

2. Zonal level operational risk management committee(ZRMC)

o Discuss and recommend suitable actions for KRIs to ORMD.

3. Operational risk management department (ORMD)

o Maintain and update the list of key risk indicators (KRIs) and related policy documentation.

o Reporting KRI analysis results to ORMC.

o Testing and validating KRIs.

o Decide on threshold on KRIs in consultation with business and support groups and place it

before respective ORMC for approval.

4. OR managers

o Coordinate with ORMD and respective reporting units for gathering data for KRIs.

o Verify completeness of all KRIs reported & consolidate KRIs at the zonal level.

o Assist in testing of KRI values reported as required by ORMD.

o Report the KRI’s to ZRMC.

5. Reporting unit (business unit head,branch head & operational unit head)

o Submit the relevant data required for KRI reporting.

o Ensure successful completion of the KRI exercise.

o Provide evidence to OR manager, during KRI testing.

6. Inspection & audit department

o Independent assessment and evaluation of the KRI process.

o Test-check the data provided by reporting units during internal audits.

46

3 LOSS DATA MANAGEMENT:

DEFINATION: -

The operational risk loss data, derived from pooling of individual loss experience, provides banks with an invaluable insight into the past frequency of the events and their impact. In addition of the loss information, the associated rating of business and control environment at the time of loss is also collected. Combined together these evaluations help banks derive the loss distributions for each of the ratings or risk classes.

Regulatory guidelines:

RBI Guidelines on loss data management from part of the circular issued on “implementation of the Advance Measurement Approach (AMA) for calculation of capital charge for operational risk “dated 27th April, 2011.the important guidelines are as under:-

Essential data element of an AMA model:

Para 8.5.1.1 A bank’s internal loss data may not be sufficient to model the operational risk exposures faced by the bank as many of the potential risks to which the bank is exposed would not have materialized during the life of the bank. Basel II framework, therefore, requires that a bank measurement system must incorporate four key data input.

These four inputs/elements are:

Internal bank

Relevant external operational risk data;

Scenario analysis; and

47

Business environment and control factors (BEICFs) : [BEICF are indicators of a bank’s operational risk profile that reflects underlying business risk factors and an assessment of the effectiveness of the internal control environment.

Internal loss data

Para 8.5.4.3 (i): the collection, tracking and use of internal loss data is an essential pre-requisite to the development and functioning of a credible and robust ORMS.

Para 8.5.4.3 (ii): the bank should have documented policies and procedures for assessing the ongoing relevance of historical internal loss data, including situations where scaling, judgment overrides or other adjustment may be used , to what extent that may be used and who is authorized to make such decisions. The policies and procedures should identify when an operational risk events becomes an operational risk loss for the purpose of collection within the operational risk loss data base and when it is to be included in the calculation data set. The policies and procedures should provide for consistent treatment across the bank.

Para 8.5.4.3 (5) A bank adopting AMA should have a minimum 5 years observation period of internal loss data requirement whether the internal loss data is used to be the operational risk measure or to validate it, the 5 years loss data should be available with the bank for building the operational risk measure or to validate it before making a formal application to RBI for Implementing AMA.However, when a bank first moves to an AMA , a 3 years historical data window may be allowed subject to written approval by RBI. RBI would consider this based on factors such as quality of operational risk management systems, quality of external of external data available and banks.

48

OBJECTIVES OF LDM (LOSS DATA MANAGEMENT):

The LDM framework aims at the following:- Timely and immediate reporting of incident. Minimizing the future recurrence of similar loss events , by identifying control weakness and

initiating root cause analysis. Complying with the regulatory requirements. Meeting the loss data collection standard. Facilitating the calculation of regulatory capital; and Providing a transparent and uniform framework for LDM.

LOSS DATA ELEMENTS:

Any operational loss event will comprises three elements viz. cause of the loss, loss event type and the loss effect. it is important to identify losses and categorize them into their appropriate event type and business line. given below the definitions of:-

a) Loss event typeb) Loss event cause; andc) Loss event effects.

1. Loss event type: The definition of each loss event type is detailed below:

Internal fraud (IF):-Losses or potential losses due to acts of a type intended to defraud, misappropriate property.Example:-

a) Losses to the resulting from the instance of an employee paying illegal compensation to generate or retain business.

49

b) Losses to the bank resulting from unauthorized trading.

External fraud (EF):-Losses or potential losses due to acts of a type intended to intended to defraud , misappropriate property or circumvent the law, by the third party.Example:-

a) Losses to the bank resulting from a default of a loan where it was determined that the loan had been obtained through fraudulent documents.

b) Losses resulting from fraud by false identify or identify theft by using computer systems.

Employment practices and workplace safety(EPWS):-Losses or potential losses arising from acts inconsistent with employment, health or safety laws or agreements , from payment of personal injury claim, or from diversity/ discrimination events.Examples:-

a) Losses to the bank resulting from discrimination against employee based on age, gender, religion or sexual orientation.

b) Losses to the bank resulting from the unavailability of workforce due to store specific to the bank.

Client, products & business practices(CPBP):-Losses or potential losses arising from an unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements ), or from the nature or design of a product.Examples:-

a) Losses resulting from breach of corporate policies like:branding, communication, email rerention ,investigation ,outsourcing, etc.

b) Losses on account of miselling.

Damage to physical assets(DPA):-Losses arising from loss or damage to physical assets from natural disasters or other events.Examples:-

a) Losses resulting from disruption caused by civil/political actions.b) Losses resulting to the bank from floods, landslides , etc.

Business disruption & system failures(BDSF):-

50

Losses arising from disruption of business or system failures.Examples:-

a) Losses to the bank resulting from the use of absolute systems that cannot handle current workload, volume or product complexity.

b) Losses caused by interruptions of communication lines, e.g. telephone lines, security access network (staff cannot enter the building).

EXECUTION, DELIVERY & PROCESS MANAGEMENT(EDPM):-Losses from failed transactions processing or process management, from relations with trade counterparties and vendors.Examples:-

a) Losses to the bank resulting from failure to deliver mandatory reports.b) Losses to the bank resulting from the omission of valid documents in marketing materials, or

from poor or non- existent documentation.c) Losses on account of employee’s missing deadlines ( not remitting to RBI on time.)d) Losses on account of incorrect entries posted and subsequent temporary overdraft granted to the

customer.

LOSS EVENT CAUSES :-

Operational risk loss events can be grouped into the following categories, according to the cause of the loss events:-

PEOPLE RISK:-The risk resulting from the deliberate or unintentional actions or treatment of employees and / or management – i.e employee error, employee misdeeds- or involving employees, such as in the area of employment deployment disputes. The risk class covers internal organizational problem and losses. Examples:-

a) Human resource issues(employee unavailability, hiring/firing etc.)b) Personal injury- physical injury (health and safety, etc.).

PROCESS RISK:-Risk related to the execution and maintenance of transaction , and the various aspects of running a business, including products and services.Examples:-

a) Business /operational process (lack of proper due diligence , inadequate/ problematic account reconciliation, etc.)

51

b) Error and omissions (inadequate maker/ checker controls, inadequate/ problematic quality controls,etc.)

TECHNOLOGY RISK:-The risk of loss caused by a piracy , theft , risk resulting from inadequate or failed systems infrastructure including network , hardware , software , communication and their interface; also include risk of technology failing to meet business needs.Examples:-

a) General technology problems (Unauthorized use/misuse of technology, etc.)b) Hardwarec) Security (hacking, firewall failure, etc.)d) Software (computer virus, programming bug , etc)e) Systems (system failures , systems maintenance , etc.)f) Telecommunication ( telephone , fax , etc.)

EXTERNAL EVENTS:-

The risk resulting from external events to the bank. This category also includes the risk presented by actions of external parties or in the case of regulators, the execution of change that would alter the bank’s ability to continue operating in certain markets.Examples:-

a) Disasters (natural disasters, non- natural disasters, etc.)b) External misdeeds (external fraud, external money laundering, etc.)c) Litigation/regulation (capital control, regulatory change, legal change, etc.)

LOSS EVENT EFFECTS:-

This refers to the effect by an operational risk event. Following are some categories of loss effects;-

a) Legal liability due to operational risk.b) Loss/damage of assets; this refers to direct reduction in value of physical assets.c) Write downs: this refers to direct reduction in value of assets.

52

d) Loss of recourse: this refers to payments or disbursements made to wrong parties and not recovered.

4 . Scenario analysis

Scenario analysis is a systematic and well-reasoned process of getting experts drawn from the business and relevant support functions to estimate the most severe losses that could materialize in the firm and the likelihood of such occurrences.

Scenario analysis for operational risk involves analyzing events that might occur infrequency , but have the potential for significant business impact(i.e. losses) that have a significant impact on capital.

Scenarios are defined as an outline, description or model of a sequence of unexpected or adverse events.

53

AIMS OF SCENARIO ANALYSIS:-Scenario analysis aims to identify and assess severe operational risk events that could plausibly happen.

OBJECTIVES OF SCENARIO ANALYSIS:-The objectives of operational risk scenario analysis is to identify potential scenario applicable to your business, assess how bad these could be, and consider the events and failures that would need to occur for such an event to crystallize.

RBI GUIDELINES ON SCENARIO ANALYSIS :-Rbi guidelines on scenario analysis from part of the circular issued on implementation of the advanced measured approach (AMA) for calculation of capital charge for operational risk “ dated 27th april , 2011. The important guidelines are as under:-

Para 8.5.2.6: Scenarios are likely to have a significant influence on the amount of capital calculation as per AMA. Scenarios involving multiple risk factors(frequency/severity of losses in different events types) would obviously require assumptions of correlations. For this purpose , the correlation among various risk factors already calculated by the bank based on historical data could form the basis of projections with appropriate to account for the possibility that the correlations could break down under a stressed scenario.

Para 8.5.4.1: A bank’s internal loss data may not be sufficient to model the operational risk exposures faced by the bank as many of the potential risk to which the bank is exposed would not have materialized during the life of the bank. Basel-II framework, therefore , requires that a bank’s operational risk measurement system must incorporate four key data inputs.

These 4 inputs / elements are:

Internal data

External data

Scenario analysis

Business environment and internal control factors(BEICF)

54

Para 8.5.4.5: (iii) scenario analysis is especially relevant for business lines, activities or operational loss event type where internal and relevant external loss data or assessments of the business environment and internal control factors(BEICFs) do not provide a sufficiently robust estimate of the exposure of the bank to operational risk.

Scenario analysis process flow and timelines:-

Scenario analysis process flow Time frame1. Pre-workshop preparation:

a) Identification of scenarios for the workshop;

b) Development of scenario analysis tool kit.

c) Selection of participants for the workshop; and

d) Familiarizing the participants with the probable scenarios.

a) Exercise should commence one month before scenario analysis workshop.

2. Scenario analysis workshop:-a) Conduct of scenario analysis

workshop;b) Documentation of results;c) Approval from business heads for the

a) Scenario workshops for all business units/departments can be phased coinciding with RCSA schedule as outcome of RCSA will be an input for the workshop.

55

outcomes of the results; andd) Placing the results before the

concerned business department, the ORMC.

b) All scenario workshops should be completed by January end.

3. Capital computation In the month of February.

4. Validation of scenario analysis process by I&A

In the month of march.

Roles and Responsibilities:-

Roles and responsibilities of the departments and participants:-

Department & participants Roles and responsibilitiesOperational risk management department (ORMD)

a) Determine scenarios.b) Preparation of background analysis material.c) Documentation of scenario analysis result.d) Present the result to the heads of the respective business

department for sign off.e) Present the outcome before the concerned business

departments, the ORMC .Department heads a) Selection participants for scenario analysis workshop; and

b) Review extreme events scenarios for their plausibility and validity assumptions.

Scenario participants a) Participate in the identification of scenarious.b) Provide inputs for the assessment of the scenario impacts ; andc) Incorporate outputs of the scenario analysis into day – to day

56

business, as appropriate.Inspection and audit departments

a) As a part of qualitatives validation , audit team will validate the scenario analysis process and its results after computation of AMA capital.

b) Audit will submit its findings to (a) the operational risk management committee through ORMD ; and (b) the audit committee of the board (ACB)

ROLES AND RESPONSIBILITIS OF THE COMMITTEES:-

COMMITTEE PESPONSIBILITIESOperational risk management committee(ORMC)

a) Review and approve results of scenario analysis;b) Approve changes,if considered necessary to scenario assessment

rating viz.most likely loss frequency(MF) , most likely loss severity (MS) , worst likely frequency (WF) & worst likely severity (ws) ; and

c) Annual review of scenario analysis framework;d) Propose / approve enhancement to scenario analysis framework,

as considered necessary from time to time.

Risk management committee of the board(RMCB)

a) Take note of the result of scenario analysis process.

Audit committee of a) Review finding of audit on scenario analysis process

57

the Board(ACB)

ADVANTAGE OF SCENARIO ANALYSIS :-

Scenario analysis provides a forward-looking view of operational risk that complements

historical internal and external loss data.

Scenario analysis (SA) is a systematic process of obtaining expert opinions.

scenario analysis, which uses a systematic approach to anticipate a broad range of possible

outcomes, provides valuable insights. Scenario analysis facilitates business decisions by taking

into account a number of potential developments and possible future events in business

environments.

58

Most insurers use scenario analysis for strategy development and risk management.

Scenario analysis is particularly important for insurers, as their survival depends on their abilities

to gauge and appropriately price risk.

To manage the broad range of risks they face -- many of which are interrelated --

Insurers often develop scenarios for risk management, underwriting and pricing decisions,

Strategic planning and capital management.

The popularity of scenario analysis is the result of the limitations with the others three

approaches and the fact that regulators have accepted that there is a role for human judgment and

expertise in measuring operational risk and setting a side capital.

MANAGING OPERATIONAL RISK

Managing operational risk is becoming an important feature of sound risk management practices in modern financial markets in the wake of phenomenal increase in the volume of transactions, high degree of structural changes and complex support systems. The most important type of operational risk involves breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial loss through error, fraud, or failure to perform in a timely manner or cause the interest of the bank to be compromised.

Generally, operational risk is defined as any risk, which is not categorized as market or credit risk. This is the risk of loss arising from various types of human or technical error. It is also synonymous with settlement or payments risk and business interruption, administrative and legal risks. Operational risk has some form of link between credit and market risks. An operational problem with a business transaction could trigger a credit or market risk.

In order to manage Operational Risk, the following is required

Identifying issues, control breaches and risks

59

Assessing impacts of issues, control breaches and risks

Setting priorities on issues, control breaches and risks

Reporting and discussing issues , control breaches and risks

Resolving or escalating issues, control breaches and risks

Mitigating or containing issues, control breaches and risks

This provides a standard methodology.

One of the major tools for managing operational risk is the well-established internal control system, which includes segregation of duties, clear management reporting lines and adequate operating procedures. Most of the operational risk events are associated with weak links in internal control systems or laxity in complying with the existing internal control procedures.

The ideal method of identifying problem spots is the technique of self-assessment of internal control environment. The self-assessment could be used to evaluate operational risk along with internal/external audit reports/ratings or RBI inspection findings. Banks should endeavor for detection of operational problem spots rather than their being pointed out by supervisors/internal or external auditors.

Along with activating internal audit systems, the Audit Committees should play greater role to

ensure independent financial and internal control functions.

The Basle Committee on Banking Supervision proposes to develop an explicit capital charge for

operational risk.

Control of Operational Risk

Internal controls and the internal audit are used as the primary means to mitigate operational risk.

The contingent processing capabilities could also be used as a means to limit the adverse impacts

of operational risk. Insurance is also an important mitigator of some forms of operational risk.

Risk education for familiarizing the complex operations at all levels of staff can also reduce

operational risk.

60

Business continuity plan and disaster recovery drill are important tools

61

RESEARCH METHODOLOGY

Research in common parlance refers to search of knowledge. In otherwords research means search for facts-answers to questions andsolutions to the problem. It is purposive investigation.

Research methodology may be understood as all those methods/techniques that are used for conduction of research. Thus it refers to the methods the researchers use in performing research

62

operations. Since the object of research is to arrive at a solution for a given problem, the available data and the unknown aspects of the problem have to be related to each other to make a solution possible.

The selection of appropriate methodology for doing research is very important. It must be in accordance to the topic of the research. The topic of the study is:Study of risk management at state bank of Bikaner & Jaipur Bank

Research design It is the framework or plan for the study that is used as a guide in collecting and analyzing the data. It is the framework of the project that stipulates what information is to be collected from what sources and by what procedures.

Designing is preliminary step in every activity. It provides a picture forthe whole before starting of the work.

RESEARCH PROCESS FOLLOWED………

Review the Literature

Review concepts & theories

FF

63

Review previous research findings

Formulate hypothesis

Design research(including sample design)

Collect Data

AnalyzeData

F

Research objective

The objective of the study is to understand the concept of risk management in banking and to analyze whether the bank is following those guidelines or not.

Collection of Data

1. Primary data sourcesUnder primary sources we have data in the form of personal interview.

2. Secondary data sourcesBasically this research is exploratory research; the secondary data used for the research is collected through Bank’s documents, websites and magazines.

Sampling Area Jaipur

Define research

Interpret & Report writing

64

65

ANALYSIS

Operational Risk in Banking, the topic of the project is very complex and critical to the

functioning of the banking industry as a whole. As the topic indicates the study involves the

collection of secondary data for the research purpose. Secondary data refers to the data collected

by someone else other than the user. A common source of secondary data is organizational

records.

As the project studies the Operational Risk with major emphasis on State bank of Bikaner &

Jaipur Bank’s products and processes , the information gathered is restricted to the bank’s

internal products and services. Thus the research done in this project is based on secondary data

provided by the bank’s record.

The first step towards the data collection was to request the personal in charge for the processing

of the respective product to provide the secondary data from the bank’s database. The samples

kept for the record of the bank were shown with major emphasis on those cheques which could

have lead to Operational Risk. Like in the case of Account Opening Form , personal from the

Fraud Control Unit showed the necessities which are required to be checked in order to avoid

fraud and forgeries. The same procedure was followed for all the products and services.

Therefore the data analysis done in the project is based on the secondary database of the State

bank of Bikaner and Jaipur.

66

67

FINDINGS

Good co-ordination between the sales and finance department add all comfort ability to

Operational services.

Different vendor services related to software solutions, at times hamper processing function

affecting customer services and thus making the bank more prone to operational risk.

With load of information, the server sometimes goes down affecting the speed of Operational

processing and thereby causing delay in the functioning of the bank and thus adding to

operational risk problems.

On regular basis Key Control Standards are updated with new records which help to keep

effective check on fraud and forgeries.

Anytime banking (i.e internet banking , phone banking , sms banking ) is available for 24 * 7

days for easy access of information to the customer.

Any query between the insurance provider and the sales and marketing team are simultaneously

informed to operations and sales department through e-mails. Thus the sales and marketing team

are made responsible first to report to operation department which would further be responsible

to the service provider and the same norm will be followed by the investment department. This

provides a systematic approach to the bank for eliminating any discrepancy as far as operational

risk is concerned.

68

Regular static data related to each customer’s personal information or account related

information is regularly updated to avoid any discrepancy on the part of the bank.

As far as managing operational risks are concerned the needs to tighten up it’s checking of the

Account Opening Forms and Inward Clearing process as these areas are most prone to such types

of risks.

69

CONCLUSION

70

On the basis of data provided to me, I can say that bank is trying to moving on the policies prescribed by Reserve Bank of India. The bank is also using their own policies as per guidelines of RBI for risk management. As the Bank move more off balance sheet, the implied risk of these activities must be integrated into overall risk management and strategic decision making, but generally they are ignored when bank risk management is considered.

Here the question is not that“How far should risk management go in public banking?”But the real question is“How good is risk management in public Banking and how can it be improved?”

71

RBI should show the banks as to how the banks can benefit by following their guidelines. All the banks should provide complete information so that there is more transparency. The banks must be make their risk management practices robust to address operational risk

which is increasing with diversification of business lines and more dependence on technology

As a part of developing an understanding of OR, manual of operational guidelines should be there in the bank.

72

Bank policies

Bank Manual-RCSA,KRI,LOSS DATA,SCENARIO ANALYSIS

73

RBI CIRCULARS OR BASEL-II

WWW.Sbbjbank.com

www.google.com

www.bankingonly.com

www.rbi.co.in

74