Ashraf Mahmood Wathra: Risk management framework in banks

Welcome address by Mr Ashraf Mahmood Wathra, Acting Governor of the State Bank of Pakistan, at the SAARCFINANCE Regional Seminar on "Risk Management Framework in Banks", Islamabad, 17 March 2014.

The views expressed in this speech are those of the speaker and not the view of the BIS.

Central bank speech  | 
02 April 2014
PDF version
(134kb)
 |  3 pages

Good morning, Ladies and Gentlemen.

I am immensely delighted to welcome you all in Islamabad. It is my pleasure to inaugurate this SAARCFINANCE event on the ever important theme of "Risk Management Framework for Banks". I believe the program will facilitate sharing of best practices, latest developments in risk management and generate a fruitful discussion on impending challenges in the field of risk management while analyzing its different facets.

An efficient and healthy banking system is a prerequisite for sustainable economic growth of a country. In this context, effective risk management practices enable the banking industry to build public trust and confidence in the institutions which is necessary for mobilizing private savings for investment to facilitate economic growth. On the flip side, inadequate risk management practices in the banking industry would result in bank failures leading to erosion of public confidence in the industry having adverse implications for the economic growth. Therefore, an effective risk management framework is a prerequisite for banks to achieve their own business objectives and also play their role in the economic growth of the country.

Ideally, banks' risk management framework should strive to cover the full spectrum of risks by analyzing them from both business and enterprise level perspectives. Each banking institution should tailor its risk management program to its need and circumstances.

I would like to elaborate on the main elements of a risk management framework that apply to banking institutions irrespective of their size and complexity of business:

First and foremost, effective risk management framework demands active involvement of the Board of Directors (BoD) and senior management in the formulation and oversight of risk management processes. Accordingly, they should provide strategic direction and approve the overall business strategies and significant policies of their institutions, including those related to managing and taking risks, and should also ensure that senior management is fully capable of managing the activities that their institutions undertake.

Second, adequate Policies, Procedures, and Limits need to be defined by an institution's directors and senior management to tailor their risk management policies and procedures to the types of risks that arise from the activities the institution conducts.

Third, adequate Risk Monitoring and Management Information Systems need to be developed for effective risk monitoring and to identify and measure all material risk exposures. Consequently, risk monitoring activities must be supported by information systems that provide senior managers and directors with timely reports on the financial condition, operating performance, and risk exposure of the institution.

Fourth, establishing and maintaining an effective system of controls, including the enforcement of official lines of authority and the appropriate separation of duties such as trading, custodial, and back-office is one of management's more important responsibilities. A properly structured system of internal controls promote effective operations and reliable financial and regulatory reporting, safeguards assets, and helps to ensure compliance with relevant laws, regulations, and institutional policies. Given the importance of appropriate internal controls, the results of audits or reviews should be adequately documented, as should management's responses to them.

Fifth, the Risk Management Function should be institutionalized to supervise overall risk management at the bank. Ideally, overall risk management function should be independent from those who take or accept risk on behalf of the institution.

Ladies and Gentlemen!

One would assume that these principles are fairly simple to understand and practice, however, banks failures of the past & the recent Global Financial Crisis highlight weaknesses/ vulnerabilities in the risk management systems/ practices of the financial industry. Following are some of the key lessons which should not be overlooked, to ensure effective risk management at banks:

  • Boards need to be more actively engaged and involved in risk policy setting and governance, and spend more focused, higher-quality time on risk issues.
  • The responsibilities and influence of Chief Risk Officers (CROs) need to be elevated and strengthened with CROs actively participating in business strategy and planning as opposed to having only veto power over decisions that adversely impact risk. The risk function is not in place to manage risk, but to make sure that risks are managed."
  • Banks need to align pay to risk-adjusted performance
  • There is a need to institutionalize an appropriate risk culture throughout the organization, where risk is everyone's business from the board to the front line.
  • Banks need to improve the transparency, quality, accuracy and timeliness of information to support risk management.
  • Institute enterprise wide risk management systems instead of managing the risks in silos.
  • Use both qualitative and quantitative techniques with varied assumptions instead of blindly following the models.

Ladies and Gentlemen!

I would now like to give a brief overview of some of the main steps taken by Pakistan to improve the soundness and stability of its banking system. Over the years, our banking sector has witnessed a transformation from an entirely public sector owned industry to the now majority privately owned sector. This shift was one of the main factors which led to improved performance of the overall banking sector.

Keeping in view the importance of risk management for banks, SBP has put in place detailed guidelines for banks in the area of Risk Management (2003), Internal Controls (2004), Country Risk (2004), internal credit rating systems (2007), general policies framework (2007) which provides broad guidelines for the formulation of polices in the major risk areas, stress testing (2012) and Fraud Risk Management & Reporting (2014).

In addition, we have constantly been refining our regulatory and supervisory oversight. For instance, we have issued separate set of prudential regulations for corporate/ commercial banking, Consumer financing, SME financing, Microfinance & Agriculture financing which are updating on an on-going basis. PRs for corporate/ commercial banking cover four areas of risk management, corporate governance, CDD & AML and banks' operations. Likewise, stress testing guidelines have been revised extensively in line with BCBS reforms package which provide for a bigger role for stress testing in the determination of capital buffers under Pillar 2. Moreover, as per Pillar 2 of Basel capital accord, risk management framework is dealt under the "Internal Capital Adequacy Assessment Process (ICAAP)" of banks, therefore, in order to make the ICAAP exercise more effective we have issued a standardized reporting template for ICAAP in December 2012.

Moreover, a major on-going development is the implementation of Basel III in Pakistan from December 2013. Our efforts to keep the banking sector well capitalized and have sufficient capital buffers to absorb minor to moderate shocks can be judged from the fact that our banking sector has healthy capital adequacy ratio of 16%. I am sure you will hear more about the implementation of Basel III in Pakistan during the presentation of country papers.

As a regulator, SBP has established a comprehensive and well balanced regulatory and supervisory set up to ensure that sound risk management practices are being followed within the banking sector.

Ladies and Gentlemen!

In the end, I would like to say that expanding business arenas, globalization of financial activities, emergence of new financial products and increased level of competition have opened up opportunities but also increased the potential risks from such developments. I strongly believe that regional forums such as SAARCFINANCE are very helpful in facilitating knowledge exchange and ongoing collaboration for region specific issues which may pose potential risks for each of our banking sectors.

I hope you will enjoy your stay at Islamabad and continue deliberations in the forthcoming sessions of the seminar.

Thanks.