THE SIGNIFICANCE OF RISK MANAGEMENT FOR BANKS AND OTHER FINANCIAL INSTITUTIONS

Risk management is an area that is experiencing rapid growth and it entails many and various perspectives and views of factors that are involved, how they are conducted and their uses. As a consequence of global financial crisis, regulators and financial industry leaders agree on the need for a comprehensive risk management reform in the financial field. Even though solutions may differ, most agree that the lack of an appropriate risk management system was one of the key factors in causing the financial crisis. This paper provides a literature review on sound risk management governance for banks and other financial institutions.


INTRODUCTION
Banks and financial institutions assume risks during the course of conducting business for the purpose of realizing returns on investments. It is obvious that these risks can potentially eliminate expected returns and entail losses for these institutions. Some are expected while others may be unexpected. Banks and institutions typically have reserves for expected losses but unpredictable events such as economic crisis or falling interest rates cause institutions to rely on their capital to alleviate related losses. This is where the need for effective risk management frameworks in banks and financial institutions is crucial to their survival. By utilizing efficient risk management systems, these institutions will become competent in optimizing their risk return trade off.

THE IMPORTANCE OF RISK
Because taking risk is an integral part of the banking business, it is not surprising that banks have been practicing risk management ever since there have been banks -the industry could not have survived without it. The only real change is the degree of sophistication now required to reflect the more complex and fast-paced environment.
The Asian financial crisis of 1997 illustrates that ignoring basic risk management can also contribute to economy-wide difficulties. The long period of remarkable economic growth and prosperity in Asia masked weaknesses in risk management at many financial institutions. Many Asian banks did not assess risk or conduct a cash flow analysis before extending a loan, but rather lent on the basis of their relationship with the borrower and the availability of collateraldespite the fact that collateral was often hard to seize in the event of default. The result was that loans -including, loans by foreign banks -expanded faster than the ability of the borrowers to repay. Additionally, because many banks did not have or did not abide by limits on concentrations of lending to individual firms or business sectors, loans to overextended borrowers were often large relative to bank capital, so that when economic conditions worsened, these banks were weakened the most.
Although avoiding failure is a principal reason for managing risk, global financial institutions also have the broader objective of maximizing their risk-adjusted rate of return on capital, or RAROC. This means not just avoiding excessive risk exposures, but measuring and managing risks relative to returns and to capital. By focusing on risk-adjusted returns on capital, global institutions avoid putting too much emphasis on activities and investments that have high expected returns but equally high or higher risk. This has led to better management decisions and more efficient allocation of capital and other resources. Indeed, bank shareholders and creditors expect to receive an appropriate risk-adjusted rate of return, with the result that banks that do not focus on risk-adjusted returns will not be rewarded by the market.
A point too often overlooked, however, is that, by focusing on risk-adjusted returns, risk management also contributes to the strength and efficiency of the economy. It does so by providing a mechanism that is designed to allocate resources, initially financial resources but ultimately real resources to their most efficient use. Projects with the highest risk adjusted expected profitability is the most likely to be financed and to succeed. The result is more rapid economic growth. The ultimate gain from risk management is higher economic growth. Without sound risk management, no economy can grow to its potential. Stability and greater economic growth, in turn, lead to greater private saving, greater retention of that saving, greater capital imports and more real investment. Without it, not only do we lose these gains, but we also incur the considerable costs of bank disruptions and failures that follow from unexpected, undesired and unmanaged risk-taking.

RISK MANAGEMENT PREREQUISITES
There are prerequisites for banks to develop the ability to measure and manage risk effectively. First, in order to measure risk, the country must have solid accounting and disclosure standards that provide accurate, relevant, comprehensive and timely information so that banks can assess the condition and performance of borrowers and counterparties. To ensure accuracy, accounting systems need to be supplemented by auditing systems and backed up by enforceable legal penalties for providing fraudulent or misleading information to government agencies and outsiders. Banks also need reliable information on the credit history of potential borrowers and on macroeconomic and financial variables that can affect credit and other risks. Additionally, banks need a staff with sufficient expertise in risk management to identify and evaluate risk.
Implicit in most methods of evaluating credit risk is the assumption that the probability of repayment depends on the ability of the borrower to repay, in other words, that willingness to repay is not the issue. If repayment depends on whim, then its probability is difficult if not impossible to assess. Thus, an adequate legal system and "credit culture", in which borrowers are expected to repay and are penalized if they do not, are yet further prerequisites for sound and accurate risk management. The ability to seize the collateral of borrowers in default is essential if banks are to have the incentives and ability to mitigate risk. Without the legal infrastructure -the laws, courts and impartial judges -necessary to enforce financial contracts in a timely manner, much of risk management would be for nothing, once the initial decision to extend credit was made. Finally, the potential for conflicts of interest in risk management must be limited. In particular, regulations are needed that restrict and require disclosure of connected lending to bank owners, shareholders or management. Without such regulations, the desire for personal gain may distort the incentives of bank owners and managers to manage risk appropriately.

TYPES OF BANKING RISKS
There are six common risks concerned with banking. Each of these risks is described below: Credit Risk: Credit risk arises from the potential that an obligor is either unwilling to perform on an obligation or its ability to perform such obligation is impaired resulting in economic loss to the institution.
Liquidity Risk: Liquidity risk is the potential for loss to an institution arising from either its inability to meet its obligations as they fall due or to fund increases in assets without incurring unacceptable cost or losses. Liquidity risk includes inability to manage unplanned decreases or changes in funding sources. Liquidity risk also arises from the failure to recognize or address changes in market conditions that affect the ability to liquidate assets quickly and with minimal loss in value. Operational Risk: Operational risk is the current and prospective risk to earnings and capital arising from inadequate or failed internal processes, people and systems or from external events. Strategic Risk: Strategic risk is the current and prospective impact on earnings, capital, reputation or good standing of an institution arising from poor business decisions, improper implementation of decisions or lack of response to industry, economic or technological changes. This risk is a function of the compatibility of an organization's strategic goals, the business strategies developed to achieve these goals, the resources deployed to meet these goals and the quality of implementation.

Market Risk
Compliance Risk: Compliance risk is the current or prospective risk to earnings, capital and reputation arising from violations or non-compliance with laws, rules, regulations, agreements, prescribed practices, or ethical standards, as well as from incorrect interpretation of relevant laws or regulations. Institutions are exposed to compliance risk due to relations with a great number of stakeholders, e.g. regulators, customers, counter parties, as well as, tax authorities, local authorities and other authorized agencies.

RISK MODELS
Risk models are the primary means through which financial institutions measure the magnitude of their exposure to market risk. These models are designed to estimate, for a given portfolio, the maximum amount that a bank could lose over a specific time period with a given probability (Jorion, 1997). This way, they provide a summary measure of the risk exposure generated by the given portfolio. Management then decides whether it feels comfortable with this level of exposure or not and acts accordingly. Value-at-Risk models are extensively used for reporting and limiting risk, allocating capital, and measuring performance (Brian, 1995). Three methods are commonly used to calculate value-at-risk which is described further.

Delta-Normal Method:
Delta-normal approach is the simplest method to implement. However, it has several drawbacks such as non-stability of parameters used, and the assumptions of normal distributions for all risk factors and linearity for all securities in the risk factors. This method consists of going back in time and computing variances and correlations for all risk factors. Portfolio risk is then computed by a combination of linear exposures to numerous factors and by the forecast of the covariance matrix (Dunbar, 1998). For this method, positions on risk factors, forecasts of volatility, and correlations for each risk factor are required. Delta-normal approach is generally not appropriate to portfolios that hold options or instruments with imbedded options such as mortgage-backed securities, callable bonds, and many structured notes. This approach is relatively easier to compute and compare.

Historic/Back Simulation Method:
Historic Approach is also a relatively simple method where distributions can be non-normal, and securities can be non-linear. Historic approach involves keeping a historical record of preceding price changes. It is essentially a simulation technique that assumes that whatever the realizations of those changes in prices and rates were in the earlier period is what they can be over the forecast horizon. It takes those actual changes, applies them to the current set of rates, and then uses those to revalue the portfolio. The outcome is a set of portfolio revaluations corresponding to the set of possible realizations of rates. This approach is easy to compute and to understand. It allows for non-normality and non-linearity. It can also easily be adapted to scenario analysis. However it has several drawbacks such as unstable parameters and altering variances. In addition, the model may not work well if based on small sample (Stulz, 2000).

Monte-Carlo Method:
Monte Carlo approach is widely regarded as the most sophisticated value at risk method. It looks easy to code Monte Carlo analyses. However, it takes hours or even days to run those analyses, and to speed up analyses complicated techniques such as variance reduction need to be implemented (Dowd, 1998). In theory, Monte Carlo method makes some assumptions about the distribution of changes in market prices and rates. Then, it collects data to estimate the parameters of the distribution, and uses those assumptions to give successive sets of possible future realizations of changes in those rates. For each set, the portfolio is revalued and, as in the historic method, outcomes are ranked and the appropriate value-at-risk is selected. Monte-Carlo method makes it easier to cope with extreme non-linearity as it allows for nonlinear securities. It can also easily be adjusted according to the distribution of risk factors. However it is computationally burdensome which constitutes a problem for routine use (Dunbar, 1998).

KEY PRINCIPLES OF EFFECTIVE RISK MANAGEMENT
The following principles can be applied to any bank or financial institution at almost any stage of development and in any jurisdiction. Every bank or institution must implement its own practical means of observing these principles and must be capable of demonstrating them to outside reviewers in terms of their effectiveness.

Risk Appetite Determination:
Financial institutions need to determine their appetite for different types and levels of risk, carefully taking into consideration their organizational capacity to manage such risks. The comprehensive understanding of that risk appetite throughout the various levels of an organization should drive the balancing of risk and return, the allocation of capital, product pricing, as well as incentives and remuneration structures for employees, management, and Board members. Business strategy as the backbone of revenue pursuits needs to be developed and continuously brought in line with that risk appetite.

Risk-Based Incentives and Compensation:
Financial institutions should remunerate and incentivize employees and management on the basis of long-term, risk-adjusted value added to the organization. Profitability of business units and any measures of financial returns should be adjusted to reflect measures of associated risks. The impact of remuneration and incentives is less visible but equally important at the level of the control functions, including the risk function. There, the main problem is the lack of a widely accepted and transparent methodology of measuring those functions' contributions to "the bottom line". Notwithstanding this problem, giving appropriate incentives to control functions, including risk management, is absolutely necessary for ensuring that they perform their functions to the best of their ability and in the best interest of the institution. should be instituted and consistently maintained. Closely related to the incentives that influence decision-makers is the issue of conflict of interest, or simultaneously holding mandates for different parties where the interests of one contradict the interests of the other. A procedure needs to exist for dealing with such a situation and no compromise can be made when it is discovered -the person involved should be relieved of all duties, at least until the conflict is resolved. Appropriate codes of ethics, arm's length and related party transaction rules should be carefully developed and vigorously enforced.

Conflict of Interest Elimination
Pervasive Risk Culture: Beyond setting the right policies and structure, risk culture plays a major role for the success of an organization in its risk management. Building a risk-aware culture requires recognition at all levels and by all members of an organization including individual responsibility and accountability in identifying and managing risks. It also requires continuous feedback and realignment of business objectives, assessment processes, and employee incentives. This is a long and arduous process but its impact is long-lasting and farreaching. As with setting risk appetite and performing formal risk assessment, the risk culture must also extend across all of the organization's units and business lines and encompass all relevant risks, both financial and non-financial (e.g. reputational risk).
Effective Communication: Sound risk governance requires highly effective communication that includes educating, collecting feedback, reporting, and engaging in constructive dialogue about risk. Communication of risks is just as important for sound risk governance as measuring and controlling them. The role of risk managers and of everyone involved in the risk process should include a significant responsibility for communicating risk information throughout the organization. Communication includes educating, collecting feedback, reporting, and engaging in constructive dialogue about risk. Communication of risks is just as important for sound risk governance as measuring and controlling them. The role of the risk manager and of everyone involved in the risk process should include a signify cant responsibility for communicating risk information throughout the organization.

Strong Chief Risk Officer and Risk Function:
Every financial institution should have a designated senior executive responsible for all aspects of risk management and all types of risk typically called the CRO. The organizational hierarchy and the allocation of executive powers should reflect the CRO's and the risk function's importance as being on par with those of revenue-generating functions. The risk management function in every organization should be given adequate status, authority and resources. The financial and technological resources available to the risk function are also a measure of risk function strength and should be commensurate with the complexity and importance of its role.

Strong Risk Competencies:
Financial institutions should hire and continuously train a sufficient number of risk management professionals who have adequate business experience, are highly competent communicators, and are proficient in all aspects of risk theory, including economics, financial theory, mathematics and statistics, information science, and information technology. Risk management is a dynamic and complex discipline, and banking is an industry conducive to rapid product development and innovation. For both of those reasons those involved in risk management should continually upgrade their skills and experience. The institution should organize group training initiatives and should encourage and financially support employees' individual efforts to keep abreast of developments in their areas of expertise through courses, conferences, journals, memberships, and other channels.

RISK MITIGATION AND CONTROL
Day to day control of legal risk will, amongst other things, involve periodic review and updating of documentation used by the institution. Sound practice would suggest that documentation should be reviewed both in response to specific events (e.g. new case law or legislation) that might require amendment and also on a regular basis in order to ensure that the institution remains in step with market practice and legal developments that might otherwise have escaped attention. Depending on the resources of the in house legal department, it may be appropriate to use external legal resources for all or part of such review.

CONCLUSION
Risk management is a higher priority these days for almost all industry fields. Not many industries have experienced the effect of risk management more profoundly than the financial services industry. As experienced as results of economic crisis, failure to address risk from a holistic perspective will have adverse consequences for banks, financial institutions and the economy as a whole. Leading executives recognize that paying close attention to risk management will not only avoid losses, but will also be a means of competitive advantage. Therefore, risk management has never been of more vital importance than it is today.

RECOMMENDATIONS FOR FUTURE RESEARCH
After studying the information presented in this paper, research can be carried out further to define more specific measures for managing risks in banks and financial institutions. Questions will arise such as how an institution can determine its particular risk return tradeoff? Will this differ across institutions or be relatively constant for members of a particular financial group? Given the many different types of risks, how can they be aggregated so as to measure the total risk exposure of the institution? Answers to similar questions can be addressed in future research.