Summer Training Report on Operational Risk Management at State bank of bikaner & Jaipur

1. 1
A SUMMER TRAINING REPORT
ON
OPERATIONAL RISK MANAGEMENT IN BANKING
AT
STATE BANK OF BIKANER & JAIPUR BANK
SUBMITTED IN THE FULLFILLMENT OF THE REQUIRENMENT OF
THE AWARD OF THE DEGREE OF
MASTER OF BUSINESS ADMINISTRATION
2012-2014
SUBMITTED BY: JIGYASA SONI
Under Guidance Of:
Industry Guide Faculty Guide
Mrs.Usha yadav Dr. Harsh Purohit
Cheif Manager- ORMD Faculty Finance
Sbbj Bank, Jaipur wisdom, Bansthali Vidyapith

2. 2
ACKNOWLEDGEMENT
“Nothing we achieve in this world is achieved alone. It is always achieved with
others teaching us along the way”
It is my proud privilege to express my sincere gratitude to all those who helped me
directly or indirectly in completion of this project report…
First of all I would like to thank Mr. S. K. Jain ( DGM- IRM Dept. SBBJ Bank,
Jaipur.. ) who gave me the opportunity to complete my forty five days summer
internship program in SBBJ bank Jaipur as per requirement of my curriculum of
MASTER OF BUSINESS ADMINISTRATION…
I would like to thank Mr. Sujit Kumar deb (AGM- IRMD . SBBJ Bank,Jaipur), &
Mrs. Usha Yadav (Chief Manager operational risk-SBBJ), Sitaram Meena (MIS
Dept.) under whose guidance I could learn various operations in SBBJ, Jaipur and
for his expert & invaluable guidance, constant encouragement and constructive
criticism to accomplish such laborious & exhaustive work timely and perfectly.
I would want to thank Prof. Harsh Purohit without his unending support this
internship would not have been possible. He always seemed to have time for me to
help me in all my difficulties.
Last but not least I‟m indebted to those entire people and other personnel working
at the SBBJ bank, head office, Tilak Marg, C- Scheme, Jaipur. Who indirectly
contributed and without whom this work would not have been possible…
Endeavour has been made to make the project error free yet I apologies for the
mistakes…..
JIGYASA SONI

3. 3
ABSTRACT
commerical banks are in the risk business. In the process of providing financial
services, they assume various kinds of financial risks. The past decade has seen
dramatic losses in the banking industry. Firms that had been performing well
suddenly announced large losses due to credit exposures that turned sour, interest
rate positions taken, or derivative exposures that may or may not have been
assumed to hedge balance sheet risk. In response to this, commercial banks have
almost universally embarked upon an upgrading of their risk management and
control systems.
Here in this project I have discuss the concept of risk management in banks, to
know whether the Banks are following RBI guidelines to manage the risks,
shortcomings of the current methodology used to analyze risk, and the elements
that are missing in the current procedures of risk management.

4. 4
TABLE OF CONTENTS
SR. NO TOPIC
1. Introduction about bank.
2. Organization profile of SBBJ bank
3. Introduction to the topic
4. Operational risk
5. Risk management at SBBJ Bank.
6. Research design
7. Data Analysis
8. Findings and Suggestions
9. Conclusion
10. Recommendation
11. Bibliography

5. 5

6. 6
ABOUT STATE BANK OF BIKANER AND JAIPUR
Brief History of the Bank
The genesis of State Bank of Bikaner and Jaipur dates back to the year 1943-44, when the Bank
of Jaipur Ltd. and the Bank of Bikaner Ltd. came into existence. In 1960, both banks were
incorporated as subsidiaries of State Bank of India and named as State Bank of Bikaner and State
Bank of Jaipur. On January 1, 1963, both banks were merged into one entity viz. State Bank of
Bikaner and Jaipur. The constitution, capital, management and other matters pertaining to the
Bank are governed by the provisions of SBI (Subsidiary Banks) Act, 1959.
75% of the shares of SBBJ are held by SBI and the remaining by institutions and general public.
The Bank took over the business of the Govind Bank Pvt. Ltd, Mathura on 25th April, 1966.
SBBJ went public in the year 1997-98 with an issue of
12.21 lakh shares of 100 each at a premium of 440/-. SBBJ is the only public sector bank
with headquarter in Rajasthan.
At the time of incorporation, the Bank had a business of 45 crore, net profit of 7.5 lakh and a
network of 124 branches (96 in Rajasthan). By March 2013 the business of the Bank increased to
1,30,590 crore, net profit stood at 730.24 crore.
The number of branches increased to 1037 ( 855 in Rajasthan) as on 31.03.2013. SBBJ had
sponsored three Regional Rural Banks viz. Marwar Gramin Bank (set up in 1976),
Sriganganagar Kshetriya Gramin Bank (1984) and Bikaner Kshetriya Gramin bank (1985).
These were merged into single RRB viz. MGB Gramin Bank in June 2006. On 25.02.2013 the
MGB Gramin Bank (RRB sponsored by SBBJ) and Jaipur Thar Gramin Bank (RRB sponsored
by UCO Bank) were amalgamated into a single Regional Rural Bank named 'Marudhara Gramin
Bank' sponsored by SBBJ with Head office at Jodhpur. The Bank shoulders Lead Bank
responsibility in 9 districts of the State.

7. 7
Bank's Vision and Mission
The Bank has codified its ethos, values, culture and aspirations in its Vision and Mission
statements. The Vision and Mission statements were last revised in the year 2000 and a need was
felt to revise these statements keeping in view the changed market conditions. Accordingly, the
statements were revised in the year 2009-10 and the revised statements are as under:-
Vision :
“To be a state-of-the-art, customer-centric, values driven and professionally managed banking
organisation; committed to the highest standards of good corporate governance practices;
perpetual enhancement of the wealth of the shareholders and welfare of all stakeholders and the
society”.
Mission :
“To provide one stop solutions to all the banking needs of customers through a highly motivated,
professional and efficient human resources pool with quality of service, customer care and
customers‟ business in focus by efficient use of Information Technology in a cost effective
manner; meeting the expectations of all stakeholders through transparent, true and fair
disclosures and responsive management principles in all the activities; to strive to fulfil corporate
social responsibility with special emphasis on financial inclusion throughout the State of
Rajasthan and aiming to provide the best banking services to one and all”.
The major distinguishing features of the revised Vision and Mission Statements were laying
emphasis on being state-of-the-art Bank, adopting good corporate governance practices, welfare
of all stakeholders and the society, providing one stop solutions to all customers, efficient use of
information technology in a cost effective manner, transparent/ true/ fair disclosures, responsive
management principles, fulfilling corporate social responsibility and implementing financial
inclusion in the State of Rajasthan.

8. 8
Our Management Committee
The management team of SBBJ Bank consists of the following individuals who are very well
qualified, possess rich experience and are competent professionals from their field.
Name Designation
Shri B Sriram Managing Director
Shri Sanjay Kumar Singh
Chief General Manager (Retail Banking)
Shri Santanu Mukherjee
Chief General Manager (Commercial Banking)
Shri Nirmal Joshi
Chief Vigilance Officer
Shri G.D.Rozario
GM-Inspection & Audit
Shri Siddarth Biswal
GM-IT & New Business
Shri Narayan Swamy R
GM (Try, F&A ) & Chief Financial Officer
Shri K.K.Das
GM- (Risk Mgmt.,Credit Policy,Procedures)& Chief
Risk Officer
Shri S.S.Negi
GM-MSME,Rural Banking & Financial Inclusion
Ms. Papia Sengupta
GM- HR & General Administration
Shri Haridas K.V.
GM-Recovery & Rehabilitation

9. 9
Offerings
Offerings
Personal
Banking
NRI
Services
Inter-
national
Banking
Corporate
Banking
Agri-
culture
Products
Service
to SME's
Other
Services

10. 10
OFFERINGS
1) PERSONAL BANKING
a)DEPOSITS
State Bank of Bikaner & Jaipur offers various deposit plans that you can choose from depending on the
nature of deposit, term period, unique saving and withdrawal features. Apart from competitive interest
rates and convenient withdrawal options, our deposit plans offer other features such as overdraft facility,
outstation cheque collections, safe deposit lockers, ATM's etc.
b) SAVINGS BANK ACCOUNT
Simplest deposit option available to the depositor.
Easy to operate. Terms and conditions kept simple to facilitate understanding.
No hidden costs.
Low minimum balance requirement.
Option to withdraw money through withdrawal forms or by cheque.
An ideal option to cultivate the habit of banking and saving amongst the younger
generation.
Students above 10 years can open accounts in their own names.
Easy withdrawal of cash under single window concept.
2) NRI SERVICES
India is one of the fastest growing economies of Asia and offer unique opportunities to Non-
Resident Indians, both individuals and corporations, for investment. The country is looking
towards its Non-Residents for flow of foreign exchange resources and invite all Non-Resident
Indians to contribute their mite in its developmental activities. One of such avenues is deposit of
funds with the banks and we, the State Bank of Bikaner and Jaipur, welcome you all for putting
your deposits in any of our branches. State Bank of Bikaner and Jaipur is one of the associates of
State Bank of India with over 833 offices in India and a network of correspondents all over the
world. We can meet all your needs offering satisfactory Banking services.
We offer undernoted type of accounts:
 Finest and fastest rates for any foreign exchange transaction, for any account and for any
delivery.
 Forward cover as well as rollover cover.
 Market intelligence from our extensive database
 Profiles, prospects, rate forcast for foreign currencies.
 Counseling, risk management and hedging of your total foreign exchange exposure in the
long-term perspective.

11. 11
3) INTERNATIONAL BANKING
International Banking services of State Bank of Bikaner & Jaipur are delivered for the benefit
of its Indian customers, non-resident Indians, foreign entities and banks. Amongst the various
services offered by us are. For this purpose 68 of our branches are authorized to do Forex
business.
 Services for exporters and importers
 Services for domestic customers
 SBBJ expo gold card
 Export credit interest rate
 Interest gold card
 Service charges
4) CORPORATE BANKING
WE provide financial products / services of a wide range for large, medium and small corporates
Infrastructure, non-infrastructure, manufacturing units, and services such as tourism- we are
there to cater to the needs of all. We provide both fixed interest and floating interest loans.
SBBJ offers:
 Working Capital Finance including Trade Finance
 Export Credit
 Project Finance
 Deferred Payment Guarantee
 Term Loan
 Loan Syndication
5) AGRICULTURAL PRODUCTS
We, at State Bank of Bikaner & Jaipur have always understood the need for developing the
agrarian community of the nation. As such we are committed to the development of Agriculture,
not only in the state of Rajasthan, but also elsewhere in the country. To cater to the needs of the
farmers, we offer finance for a number of activities as enumerated below
 Kisan Credit Card Scheme (KCC)
 Kisan Gold Card Scheme (KGC)
 Loans for Purchase of Agricultural Implements:

12. 12
 Tractor Plus
 Thresher, Implements etc.
 Minor/Micro Irrigation Scheme:
 Loan for new wells /deepening of wells/Bore wells
 For pump sets diesel/electric/submersible.
 For conveyance Pipes/Lining of water courses.
 For sprinkler sets
 For drip sets
 Loans for activities allied to Agriculture
 Dairy Loans
 Loans for Poultry/Sheep/Goat rearing.
 Loans for Medicinal & Horticulture Plantation
 Kisan Vahan Yojana
 Vermi Compost Scheme for Organic Farming
 For development of storage facilities
 Construction of farmers/Rural godowns
 Cold storage
 For Rural housing – Gramin Awas/ Sahyog Niwas Schemes.
 Arthias Plus scheme.
 Loans to Agri Input seeds, fertilizers/Agri. Machinery dealers/Cattle feed and Poultry
feed dealers.
 Others.
6) SERVICES TO SME’S
Interest
Simplified Common Loan Application Form For MSEs
Regional MSME Care Centre
7) OTHER SERVICES
 Cross selling activities
 E-mitra
 Dermat services
 Internet banking
 ATM services
 Real time gross settlement
 National electronic fund transfer
 Zero balance current account

13. 13

14. 14
Indian Banking Sectory
The Reserve Bank of India (RBI), as the central bank of the country, closely monitors
developments in the whole financial sector. It was established in April 1935 with a share capital
of Rs. 5 crores on the basis of the recommendations of the Hilton Young Commission. Reserve
Bank of India was nationalized in the year 1949.
As at end-March 2002, there were 296 Commercial banks operating in India. This included 27
Public Sector Banks (PSBs), 31 Private, 42 Foreign and 196 Regional Rural Banks. Also, there
were 67 scheduled co-operative banks consisting of 51 scheduled urban co-operative banks and
16 scheduled state co-operative banks.
Retail Banking is the new mantra in the banking sector. The home loans alone account for nearly
two-third of the total retail portfolio of the bank. According to one estimate, the retail segment is
expected to grow at 30 to 40% in the coming years.
Net banking, phone banking, mobile banking, ATMs and bill payments are the new buzz words
that banks are using to lure customers. Just too many players. 27 Public sector banks, 31 Private
Banks and 29 foreign banks.
The Indian banking sector is headed for consolidation. The presence of many regional players
will see few banks emerging as global competitors. Future belongs to technology. Cheaper
delivery points like Internet and tele banking to improve their shares. ATM banking costs 80%
while Internet and telebanking costs only 15% compared to normal banking transactions.

15. 15
BRIEF HISTORY ABOUT SBBJ BANK
State Bank of Bikaner & Jaipur (SBBJ) is an associate bank of State Bank of India. Currently,
SBBJ has 1000 branches, mostly located in the state of Rajasthan, India. Its branch network out
of Rajasthan covers all the major business centers of India. In 1997, the Bank entered in the
capital market with an Initial Public Offering of 13,60,000 shares at a premium of Rs 440 per
share.
State Bank of Bikaner & Jaipur came into existence on 1963 when two banks, namely, State
Bank of Bikaner (established in 1944) and State Bank of Jaipur (established in 1943), were
merged. Both these banks were subsidiaries of the State Bank of India under the State Bank of
India (Subsidiary Bank) Act, 1959. On April 25, 1966 SBBJ took over Govind Bank, Mathura.
In 1984 SBBJ sponsored and established Ganganagar Kshetriya Gramin Bank as a Regional
Rural Bank. Thereafter, in 1985 SBBJ opened the Bikaner Kshetriya Gramin Bank, the second
Regional Rural Bank sponsored by it. The third Regional Rural Bank, sponsored by SBBJ was
Marwar Gramin Bank covering the districts of Pali, Jalore and Sirohi. On 12 June 2006, SBBJ
merged all three Regional Rural Banks sponsored by SBBJ were merged and the merged entity
was named MGB Gramin Bank, with headquarters in Pali.
The bank follows transparent corporate goverence polocies and has smoothly migrated to Basel
II.
On the technology front , the bank migrated all branches to core banking solution and become
among the first new bank in india to offer outline banking facilities across the country the bank
has installed 495 ATMs.

16. 16

17. 17
OBJECTIVE
To bring to light the various Operational Risks involved in the Banking sector.
To find out the efficiency with which Sbbj Bank can handle and manage Operational
Risk.
To know the guidelines set up by RBI for commercial banks.
To know whether the banks are following those guidelines or not.
To know the bank performance.

18. 18
INTRODUCTION TO RISK MANAGEMENT
What is risk?
Risk is hazard, danger, chance of loss or injury that a person can face. It is also the degree of
probability of loss and volatility of unexpected outcomes.
Operating in a liberalized and globalized environment, banks are exposed to various kinds of
risks that can emanate from financial and non-financial factors. Generally, risks faced by banks
are grouped into clearly identifiable categories, which include
i) Credit risk
ii) Market risk
iii) Operational risk.
With progressive de-regulation, cross border dealings, globalization, introduction of wide range
of products and services, improvement in technology and communications significant changes
have occurred in the operating environment as well as in the balance sheets of banks. Risks faced
by banks have now increased manifold posing significant challenges to both, banks and the
supervisor. To respond to these challenges there have been various supervisory initiatives to
induce better operating standards in banks, greater transparency and sensitivity towards risk
management by banks.

19. 19
A brief description of the various risks is given below:
1) Market Risk
Market Risk is the possibility of loss to a bank caused by changes in the market variables.
The Bank for International Settlements (BIS) defines market risk as “the risk that the value of
„on‟ or „off‟ balance sheet positions will be adversely affected by movements in equity and
interest rate markets, currency exchange rates and commodity prices”.
Market risk consists of: -
Liquidity risk
Liquidity risk occurs when Bank is not in a position to pay amounts due to its
customers/counterparties or these are met by borrowing from the market at high cost.
Measured in terms of the negative gap in any time bucket. As per RBI guidelines, this
gap should not exceed 20% of outflows in first two time buckets.
Interest Rate Risk
The risk that changes in interest rates will adversely impact the revenues and balance
sheet.
Balance sheet comprises of diverse assets and liabilities, each of which is subject to
different interest rates, maturity period.
Hence, calculation of impact of interest rate changes is a complex and computer-intensive
task.
Forex risk
Risk that a bank may suffer losses as a result of adverse exchange rate movements during
a period in which it has an open position.

20. 20
Equity/Commodity risk –
Risk that a bank may suffer losses as a result of adverse movements in equity/commodity
prices during a period in which it has an open position.
2) Operational risk
Operational risk arises out of inadequate or failed internal processes, people and systems or
from external events. It includes People risk (incompetence, frauds, work environment,
motivation) Process risk (errors in transactions, product complexities) Operational control
risk
(failure of operational controls, volumes) Model risk (model application error,
methodology error).
For risk profiling of banks under RBS, the following risks have also been included in
operational risk: -.
Legal risk
Legal risk can arise due to the possibility of actions of a bank not being in conformity
with the laws of a country or being in violation there of. The bank can also experience legal
risk when customers approach court of law for redressal of their grievances where
transactions with its counterparties are not supported by proper documents or the terms of the
contract are unclear or even due to lack of well established legal pronouncements in cases
where issues involved are nebulous. Legal risk can also assume shades of cross border risk
when the legal requirements of other countries are unknown or unclear or when jurisdiction
ambiguities with respect to the responsibilities of different national authorities arise.

21. 21
Reputational risk
The financial implication of a moral obligation cast on a bank in the environment it is
functioning or by virtue of its association with another organization is called Reputational risk.
Reputational risk is the potential of suffering loss due to significant negative public opinion,
bad or wrong publicity. It could arise either from the bank‟s own failure to perform or due to the
actions of a third party. The bank can also experience Reputational risk on account of contagion
effect of adverse developments in its subsidiaries.
Technology risk
Technology risk can arise out of IT related factors like validity of IT systems, back up and
disaster recovery systems, failure of systems, security of systems, programming errors, etc. It can
also arise due to obsolescence of technology being used, technology not being in alignment
with business needs or adoption of untried and untested technology, inability of staff to respond
to new technology etc. Adoption of Internet banking, in the initial stages, can also be fraught
with several risks like reputation risk, legal risk including cross border risk and money
laundering risk.
3) Credit Risk
Credit risk is defined as the possibility that a borrower or counterparty will fail to meet its
obligations in accordance with agreed terms. Credit risk, therefore, arises from the banks
dealings with or lending to a corporate, individual, another bank, financial institution or a
country. Credit risk may take various forms, such as:
 In the case of direct lending, that funds will not be repaid;
 In the case of guarantees or letters of credit, that funds will not be forthcoming from the
customer upon crystallization of the liability under the contract;
 In the case of treasury products, that the payment or series of payments due from the
counterparty under the respective contracts is not forthcoming or ceases;
 In the case of securities trading businesses, that settlement will not be effected;
 In the case of cross-border exposure, that the availability and free transfer of currency is
restricted or ceases.

22. 22

23. 23
INTRODUCTION
Since the mid-1990s, the topics of market risk and credit risk have been the subject of much
debate and research, with the result that financial institutions have made significant progress in
the identification, Measurement and management of both these forms of risk.
Globalization and deregulation in financial markets, combined with increased sophistication in
financial technology, have introduced more complexities into the activities of banks and
therefore their risk profiles. These reasons underscore banks' and supervisors' growing focus
upon the identification and measurement of operational risk.
Events such as the September 11 terrorist attacks, rogue trading losses at Societe Generale,
Barings, AIB and National Australia Bank serve to highlight the fact that the scope of risk
management extends beyond merely market and credit risk.
The list of risks (and, more importantly, the scale of these risks) faced by banks today includes
fraud, system failures, terrorism and employee compensation claims. These types of risk are
generally classified under the term 'operational risk'. The identification and measurement of
operational risk is a real and live issue for modern-day banks, particularly since the decision by
the Basel Committee on Banking Supervision (BCBS) to introduce a capital charge for this risk
as part of the new capital adequacy framework (Basel II).
State bank of bikaner & jaipur Bank is no exception. The Bank in order to minimize the
Operational Risk in its daily operations have put in place certain controls and checks , thereby
complying with the necessary regulations.
This project highlights the involvement of financial risk while processing of bank‟s various
products and services.

24. 24
DEFINITION OF OPERATIONAL RISK
Operational Risk: The risk of loss resulting from inadequate or failed internal processes, people
and systems, or from external events.
Operational risk is one of the three primary risk disciplines in the financial services industry,
along with Credit Risk and Market Risk.
It includes legal, Technology and reputational risk to the Bank that they are impacted or impact
Operational Risk.
There have been a number of major incidents within financial organizations over recent years
caused not by credit or market risks, but by the very nature of risks associated with running a
financial services company, known as Operational Risk.
Some of the causes of operational risk:
There are numerous causes of operational risk. For eg, day-to-day
problems such as the difficulty in recruiting and retraining staff.
Other examples of operational risk:
Fires, flood and earthquake- risk arising from natural disorders.
Fraud
Terrorist attacks
Human error
Hacking

25. 25
Dissatisfied customer
Supply or supplier failure Regulatory breaches
Incomplete documentation
Failed trades
Unsettled transactions
Unauthorized transactions
Inadequate checking
Untrained staff
Misleading advertising
Failure to treat customers fairly
Unsafe buildings, System Failure

26. 26

27. 27
SBBJ BANK AND OPERATIONAL RISK
SBBJ Bank has to manage Operational Risk in order to comply with the regulations BASEL II
BASEL II
In 2007 a new directive came into force for all financial companies known as BASEL II
This directive defines Operational Risk as one of the three risks for which all banks mast:
- Put aside capital (PILLAR 1)
- Be available for supervisory review (PILLAR 2)
- Disclose information to the market (PILLAR 3)
OPERATIONAL RISK MANAGEMENT POLICY
Operational risk management(ORM) policy sets the tone and objectives of operational risk
management in SBBJ .the ORM policy at SBBJ has been approved by the Board of Directors on
24/09/2004 and subsequently reviewed on 19/01/2006.
The Objectives of ORM are:
Enabling a pro-active operational risk management framework which covers:
Risk identification
Risk assessment
Risk control/mitigation plans
Risk measurement
Capital calculation
Risk monitoring and reporting-covering “KRIs, risk reporting, validation of RCSA risk
assessment with empirical loss data” as pro-active risk monitoring tools.

28. 28
Improving quality of services/products/processes through robust risk management
system and rewards better risk management.
Developing a common understanding of operational risk across the bank involving every
employee at all levels and assign risk ownership.
- This policy is applicable to all branches/business units of the bank and has been circulated
to all branches/offices of the bank.
THE OPERATIONAL RISK FRAMEWORK
Operational Risk Policies & Procedures- what needs to be done
Compliance assurance- how we know it is being done
Risk & Loss Reporting- information in an accessible and consistent format
An Operational Risk Management Toolkit- Key Control Standards (KCS), Key Control Self-
Assessment (KCSA) and Key Risk Indicators (KRI)
An Operational Risk Committee structure- the management structure
People with defined roles & responsibilities- who does what

29. 29
THE OPERATIONAL RISK TOOLKIT
The “tools” available for managing Operational Risk at SBBJ Bank:
i) RCSA
ii) KRIs
iii) LOSS DATA
iv) SCENARIO ANALYSIS
OPERATIONAL RISK ASSESSMENT PROCESS:-
 1) RCSA(RISK AND CONTEOL SELF-ASSESSMENT)
A risk and control self-assessment (RCSA) forms an integral elements of the overall operational
risk framework.is it helps the bank in risk identification and risk management efforts and to
improve the understanding control and oversight of its operational risks.
Purposes of RCSA
An RSCA programs covers two business lines functions- risk self-assessment and control self-
assessment. Risk self-assessment is a practice that enables department‟s heads to analyze various
business risks and rank them as high, medium, low based on potential losses.
A control self-assessment program helps senior manager ensure that internal controls, procedures
and mechanism are adequate, functional and conform to top leadership‟s recommendations,
industry practices, professional standards and regulatory guidelines.

30. 30
OBJECTIVES OF RCSA:-
a) Early detection of unidentified, uncontrolled and / or under estimate risks.
b) Assess the acceptability level of identified risks and controls.
c) Evaluation of effectiveness in the risk profils.
d) Identify material changes in the risk profile.
e) Establish a relationship between changes in the business environment and controls with the risk
profile.
f) Involve the business and support groups (IT , LEGAL , HUMAN RESOURCE) in their risk
assessment, thereby creating responsibilities from respective management to proactively manage
and monitor its operational risks, framing and implementation of mitigation plans.
RBI GUIDELINES FOR RCSA
RBI Guidelines on risk and control self-assessment forming part of the circular issued on
“Guidance note on management of operational risk” dated 14th
October, 2005.these are:-
Para 4.8:-A bank assesses its operational and activities against a menu of potential operational
risk vulnerabilities . this purpose is internally driven and often incorporates checklists and / or
workshop to identify the strength and weakness of the operational risk environment.
BENEFITS OF RCSA:-
A risk and control self-assessment framework is critical in a banking sector.
RCSA program include early detection of risks that have not been effectively managed and the
development of mitigation plan that safeguard the bank against significant business risks
occurring.
RCSA also improves the control environment by:

31. 31
Increasing awareness of organizational objective and the important role that internal control
plays in their achievement.
Training participants how to analyses and report on internal controls.
Helping to achieve a culture where employee apply risk management processes in their day to
day
STEPS FOR RCSA
RCSA include four key steps:
1. Risk identification
2. Risk assessment
3. Risk mitigation/control
4. Risk reporting
ROLES AND RESPONSIBILITIES:-
 Operational risk management committee (ORMS):-
a) Review and approve the development and implementation of operational risk methodologies for
risk and control self-assessment(RCSA).

32. 32
b) Review and approve the RCSA plan and its coverage for the ensuing year.
c) Review and approve RCSA manual at yearly intervals.
d) Review the risk profile, understand future changes and threats and prioritize actions steps.
 Operational risk management department (ORMD):-
a) Responsible for establishing and implementing the RCSA procedures contained in this manual.
b) Maintenance of library of risk registers.
c) Facilitate conduct of workshops to assess residual risk and design effectiveness of controls.
d) Reporting of RCSA results to the ORMS.
e) Design RCSA training programme.
 Zonal OR managers:-
a) Assist in testing controls identified as mitigating action points during the RCSA exercise.
b) Identify the outliner in the RCSA exercise.
c) Develop RCSA training programme in coordination with ORMD.
d) Reporting of consolidated RCSA data.

33. 33
 Reporting unit(business unit head, branch head & operational unit head):-
a) Validate the risk events identified during the RCSA process
b) Approve the residual risk rating.
c) Endorse the control rating for the RCSA entity.
d) Ensure successful completion of the RCSA exercise.
e) Submit the RCSA results to the ZORM as per the time schedule.
f) Develop risk mitigation plan and follow up on the implementation for bringing down the risk
scores to acceptable levels within definite timelines.
 RCSA PARTICIPANTS (OFFICIALS WHO PARTICIPANTS IN RCSA):-
a) Complete the RCSA exercise in a timely manner.
b) Provides the RCSA template(completed) to the head of RCSA entity for validation.
 INSPECTION & AUDIT DEPARTMENTS:-
a) Independent review/audit of the bank‟s RCSA process.
b) Share information on inspection reports with ORMD to review and enhance its risk.

34. 34
Basel Accord and RBI Guidelines lay down 3 approaches for
measuring and managing operational risks and specify certain
qualitative criteria in respect of each approaches which are
addressed by RCSA.
1)APPROACH : Basic Indicator Approach
Qualitative criteria addressed by RCSA:
No specific criteria suggested by Basel, but it encourage banks to follow guidance of sound
practices on operational risk management(SPOR).the following principal
Of SPOR are addressed by RCSA methodology:
 Principal 4: Banks to identify and assess the inherent risk in all material products,
activities, process and system.
 Principal 5: regular monitoring of OR risk profile and material exposures to losses.
Regular reporting of pertinent information to senior management and the board for proactive
ORM.
 Principal 6: policies, process and procedures in place to control and/or mitigate material
OR.
2 APPROCH : Standardized Approach

35. 35
Qualitative criteria addressed by RCSA:
The following qualitative requirements under standardized approach are addressed by RCSA:
 ORM function to incorporate following elements:
 Strategies to identify, assess, monitor and control/mitigate operational risk.
 Risk reporting system for operational risk.
3.APPROCH: Advance measurement Approach(AMA)
Qualitative criteria addressed by RCSA:
The bank must have an independent operational risk management function that is responsible
for the design and implementation of the bank‟s operational risk management framework. The
operational risk management function is responsible for:
 Codifying bank-level policies and procedures concerning operational risk management and
controls.
 Design and implementation of a risk- reporting system for operational risk; and
 Developing strategies to identify, measure, monitor and control/mitigate operational risk.

36. 36
 2) KRIs( KEY RISK INDICATORS)
KEY RISK:
key risk is defined as an event that could significantly impact bank‟s ability to implement its
strategy and to achieve its established objectives.
KEY RISK INDICATORS:
Key risk indicators (KRIs) are early warning signals, which enable management to
Monitor and mitigate operational risks that are beyond acceptable levels. These are
Statistics and / or metrics, which can provide insight into a bank‟s operational, risk profile and its
changes.
Example of KRIs would be- For branches numbers of days , day end cash did not tally numbers
of days cash retention limit was breached, number of days ATM cash did not tally with admin
balance.
OBJECTIVES:
The KRIs framework aims at the following:

37. 37
Provide effective monitoring tool to track change in risk levels and keep management apprised of
shift in thresholds.
Timely reporting of significant control slippages.
Minimize the occurrence of a risk event/loss; and
Provide a homogenous monitoring tool that can give the bank a complete view of its
operations.
Quantify, where applicable operational risk appetite of the bank.
Key risk indicator process
The key risk indicator process is to establish indicators for each of the key risks which appear on
the business risk profile .the number of indicators and the type of indicators that can be identified
for which risk will vary depending on a number of factor. In general key risk indicators(KRIs)
have the following attributes:
a) Indicators are linked to risks or controls identified in the RCSA exercise.
b) Indicators need to be appropriately defined to ensure understanding of the measures i.e whether
KRIs will be monitored on a percentage basis or whole number etc.
c) Data need to be sourced for each indicators.
d) Thresholds should be established to reflect the business tolerance or appetite to risk;
e) Indicators need to be monitored, reported and escalated appropriately; and
f) Thresholds to be established for each KRI.

38. 38
Key process steps for identification of key risk indicators:
The KRI process comprises of the following phases:
a) Development Phase of KRIs
i) Identification and documentation of KRIs.
ii) Source , validation and analysis data
iii) Determine threshold levels for monitoring KRIs.
b) Ongoing review of KRIs
i) Aggregation of KRIs
ii) Monitoring of KRIs
The pictorial representation of key steps and processes involved in
identification of key risk indicators (KRI) is as under:
DdDevelopment
Ongoing reviewDevelopment Ongoing review
Source, validate
and Analyse data
Identify and
document KRIs
Determine
Tolerance
Aggregation of
KRIs
Monitor KRIs

39. 39
a) Development phase of KRIs:
Development of KRIs is an iterative process initially. It may not be possible to identify
meaningful KRIs. However , as knowledge of the drivers or causes of risks and controls improve
more effective indicators can be identified.
Identification and documentation of KRIs
Identification of KRIs
1. Preparation
Result from the RCSA exercise should be used as the starting point for the identification process.
The documented controls of the RCSA entity should be classified as either preventive or
detective controls.
 A preventive control helps to prevent or stop the risk event from occurring.
 A detective controls aids the business to identify whether a risk events has occurred.
 A recovery control helps the business minimize the impact of an event should it occur.
Indicators linked to preventive controls are generally more predictive in nature than those for
detective controls.
2. How to identify indicators
When identifying potential indicators, it is useful to consider the four main categories of KRIs:
 Predictive/lead risk indicators
 Predictive/lead control indicators
 Lagging/detective risk indicators

40. 40
 Lagging/detective control indicators.
- Predictive indicators can be identified by considering how the business can monitor the
cause and preventive controls in place.
- Lagging indicators usually relate to the risk consequence, detective or recovery controls.
Examples for preventive/lead indicator
 Where an employee earlier handled on an average 20 transaction in a day, due to business
growth, the employee now handle 40 transactions in a day. The increase in volume without a
corresponding increase in manpower would imply that an employee would have to skip some
parts of the process would have to skip some parts of the process so as to complete the increased
volume within the same time period. Thus percentage increase in the business without increase
in manpower is a leading indicator of the potential error in the process.
 The type of deviations in account opening process would indicate the likelihood of fraud
occurrence.
Example for detective / lag indicator
 Percentage of customer complaints is a lag
indicator of the level of customer satisfaction.
Documentation of KRIs
The following information should be documented for each KRI:
 The title of the KRI- what the indicator is
called e.g. staff turnover, customer complaints, etc.

41. 41
 The risk or control it is monitoring.
 The definition of the KRI- it is important to
appropriately define the indicators this ensures that the correct data is sourced and inform how
the indicators is to be interpreted e.g. how will staff turnover be measured.
 If the KRI is predictive or lagging.
 If the indicator is a risk or control indicator.
i. Source, Validation and Analyses Data
 Assessing Data Quality
 Change to data
 Extraction of data
ii. Determine Threshold level for monitoring of
KRIs
a) Threshold level zones
Thresholds determine how well the bank‟s operational activities are managed.
In simple terms a threshold level is a measure which determines the seriousness/ probability of a
risk materializing.
i. Threshold levels can be measured at the 3
levels namely- GREEN, AMBER and RED.
ii. These thresholds also demonstrate the risk
tolerance of the activity/ operation.

42. 42
iii. The units are expected to operate below the
threshold levels in the respective activity/operation.
As mentioned earlier, thresholds would be calibrated into green, amber and red zones. The color
coding is assigned to facilitate the attention of the management to the areas that are critical.
These zones would represent the tolerance level of the indicators:
RED Highlights the need for immediate resolution.
AMBER A potential problem that requires further review and analysis.
GREEN No immediate concern.
Red (Unacceptable):
The KRIs should be escalated to senior management and appropriate mitigation initiatives
implemented to manage the KRI back to the green zone.
Amber(increased concern):
The KRI should be closely monitored and where appropriate actions should be put in place to
manage the KRI back to green zone.
Green(Acceptable):
Normally no action required.
b) Criteria for threshold
determination:
When setting tolerance , the following guidelines may be useful for the bank to consider:-

43. 43
i. The approach taken to setting tolerance for
each KRI may differ.
ii. Tolerance should difference between what is
expected(business as usual ) variance in data and what may highlight there is an increased
chance of risk occurring or a control failing.
iii. The bank may want to consider setting more
prudent tolerance thresholds initially until experience of monitoring and analyzing the data is
deeper.
iv. Tolerance should be set at level to meet
management needs I .e at what level should management be made aware of a particular metrics.
Ongoing review of KRIs
i. Aggregation of KRIs
KRI that are similar across the various units of the bank can be consolidated for reporting at the
entity level, if there are multiple indicators for a single risk group , average of the scores of all
the indicators can be reporting purpose.
Monitoring of KRIs:
On an ongoing basis KRIs need to be reviewed to assess the degree of relevance and relevance
and usefulness in monitoring the underlying risk and control.

44. 44
Roles and Responsibilities
1. Operational risk management committee(ORMC)
o Review and approve the development and implementation manual of operational risk
methodologies for key risk indicators.
o Approving threshold level for various KRIs. In consultation with ORMD.
2. Zonal level operational risk management committee(ZRMC)
o Discuss and recommend suitable actions for KRIs to ORMD.
3. Operational risk management department (ORMD)
o Maintain and update the list of key risk indicators (KRIs) and related policy documentation.
o Reporting KRI analysis results to ORMC.
o Testing and validating KRIs.
o Decide on threshold on KRIs in consultation with business and support groups and place it
before respective ORMC for approval.
4. OR managers
o Coordinate with ORMD and respective reporting units for gathering data for KRIs.
o Verify completeness of all KRIs reported & consolidate KRIs at the zonal level.
o Assist in testing of KRI values reported as required by ORMD.
o Report the KRI‟s to ZRMC.

45. 45
5. Reporting unit (business unit head,branch head & operational unit head)
o Submit the relevant data required for KRI reporting.
o Ensure successful completion of the KRI exercise.
o Provide evidence to OR manager, during KRI testing.
6. Inspection & audit department
o Independent assessment and evaluation of the KRI process.
o Test-check the data provided by reporting units during internal audits.
 3 LOSS DATA MANAGEMENT:
DEFINATION: -
The operational risk loss data, derived from pooling of individual loss experience, provides
banks with an invaluable insight into the past frequency of the events and their impact. In
addition of the loss information, the associated rating of business and control environment at the
time of loss is also collected. Combined together these evaluations help banks derive the loss
distributions for each of the ratings or risk classes.
Regulatory guidelines:
RBI Guidelines on loss data management from part of the circular issued on “implementation of
the Advance Measurement Approach (AMA) for calculation of capital charge for operational
risk “dated 27th
April, 2011.the important guidelines are as under:-

46. 46
Essential data element of an AMA model:
Para 8.5.1.1 A bank‟s internal loss data may not be sufficient to model the operational risk
exposures faced by the bank as many of the potential risks to which the bank is exposed would
not have materialized during the life of the bank. Basel II framework, therefore, requires that a
bank measurement system must incorporate four key data input.
These four inputs/elements are:
 Internal bank
 Relevant external operational risk data;
 Scenario analysis; and
 Business environment and control factors (BEICFs) : [BEICF are indicators of a bank‟s
operational risk profile that reflects underlying business risk factors and an assessment of
the effectiveness of the internal control environment.
Internal loss data
Para 8.5.4.3 (i): the collection, tracking and use of internal loss data is an essential pre-requisite
to the development and functioning of a credible and robust ORMS.
Para 8.5.4.3 (ii): the bank should have documented policies and procedures for assessing the
ongoing relevance of historical internal loss data, including situations where scaling, judgment
overrides or other adjustment may be used , to what extent that may be used and who is

47. 47
authorized to make such decisions. The policies and procedures should identify when an
operational risk events becomes an operational risk loss for the purpose of collection within the
operational risk loss data base and when it is to be included in the calculation data set. The
policies and procedures should provide for consistent treatment across the bank.
Para 8.5.4.3 (5)
A bank adopting AMA should have a minimum 5 years observation period of internal loss data
requirement whether the internal loss data is used to be the operational risk measure or to
validate it, the 5 years loss data should be available with the bank for building the operational
risk measure or to validate it before making a formal application to RBI for Implementing AMA.
However, when a bank first moves to an AMA , a 3 years historical data window may be allowed
subject to written approval by RBI. RBI would consider this based on factors such as quality of
operational risk management systems, quality of external of external data available and banks.
OBJECTIVES OF LDM (LOSS DATA MANAGEMENT):
The LDM framework aims at the following:-
 Timely and immediate reporting of incident.
 Minimizing the future recurrence of similar loss events , by identifying control weakness and
initiating root cause analysis.
 Complying with the regulatory requirements.
 Meeting the loss data collection standard.
 Facilitating the calculation of regulatory capital; and
 Providing a transparent and uniform framework for LDM.
LOSS DATA ELEMENTS:
Any operational loss event will comprises three elements viz. cause of the loss, loss event type
and the loss effect. it is important to identify losses and categorize them into their appropriate
event type and business line. given below the definitions of:-

48. 48
a) Loss event type
b) Loss event cause; and
c) Loss event effects.
1. Loss event type:
The definition of each loss event type is detailed below:
Internal fraud (IF):-
Losses or potential losses due to acts of a type intended to defraud, misappropriate property.
Example:-
a) Losses to the resulting from the instance of an employee paying illegal compensation to generate
or retain business.
b) Losses to the bank resulting from unauthorized trading.
External fraud (EF):-
Losses or potential losses due to acts of a type intended to intended to defraud , misappropriate
property or circumvent the law, by the third party.
Example:-
a) Losses to the bank resulting from a default of a loan where it was determined that the loan had
been obtained through fraudulent documents.
b) Losses resulting from fraud by false identify or identify theft by using computer systems.
Employment practices and workplace safety(EPWS):-
Losses or potential losses arising from acts inconsistent with employment, health or safety laws
or agreements , from payment of personal injury claim, or from diversity/ discrimination events.
Examples:-
a) Losses to the bank resulting from discrimination against employee based on age, gender, religion
or sexual orientation.
b) Losses to the bank resulting from the unavailability of workforce due to store specific to the
bank.
Client, products & business practices(CPBP):-

49. 49
Losses or potential losses arising from an unintentional or negligent failure to meet a
professional obligation to specific clients (including fiduciary and suitability requirements ), or
from the nature or design of a product.
Examples:-
a) Losses resulting from breach of corporate policies like:branding, communication, email rerention
,investigation ,outsourcing, etc.
b) Losses on account of miselling.
Damage to physical assets(DPA):-
Losses arising from loss or damage to physical assets from natural disasters or other events.
Examples:-
a) Losses resulting from disruption caused by civil/political actions.
b) Losses resulting to the bank from floods, landslides , etc.
Business disruption & system failures(BDSF):-
Losses arising from disruption of business or system failures.
Examples:-
a) Losses to the bank resulting from the use of absolute systems that cannot handle current
workload, volume or product complexity.
b) Losses caused by interruptions of communication lines, e.g. telephone lines, security access
network (staff cannot enter the building).
EXECUTION, DELIVERY & PROCESS MANAGEMENT(EDPM):-
Losses from failed transactions processing or process management, from relations with trade
counterparties and vendors.
Examples:-
a) Losses to the bank resulting from failure to deliver mandatory reports.
b) Losses to the bank resulting from the omission of valid documents in marketing materials, or
from poor or non- existent documentation.
c) Losses on account of employee‟s missing deadlines ( not remitting to RBI on time.)
d) Losses on account of incorrect entries posted and subsequent temporary overdraft granted to the
customer.
LOSS EVENT CAUSES:-
Operational risk loss events can be grouped into the following categories, according to the cause
of the loss events:-

50. 50
PEOPLE RISK:-
The risk resulting from the deliberate or unintentional actions or treatment of employees and / or
management – i.e employee error, employee misdeeds- or involving employees, such as in the
area of employment deployment disputes. The risk class covers internal organizational problem
and losses.
Examples:-
a) Human resource issues(employee unavailability, hiring/firing etc.)
b) Personal injury- physical injury (health and safety, etc.).
PROCESS RISK:-
Risk related to the execution and maintenance of transaction , and the various aspects of running
a business, including products and services.
Examples:-
a) Business /operational process (lack of proper due diligence , inadequate/ problematic account
reconciliation, etc.)
b) Error and omissions (inadequate maker/ checker controls, inadequate/ problematic quality
controls,etc.)
TECHNOLOGY RISK:-
The risk of loss caused by a piracy , theft , risk resulting from inadequate or failed systems
infrastructure including network , hardware , software , communication and their interface; also
include risk of technology failing to meet business needs.
Examples:-
a) General technology problems (Unauthorized use/misuse of technology, etc.)
b) Hardware
c) Security (hacking, firewall failure, etc.)
d) Software (computer virus, programming bug , etc)
e) Systems (system failures , systems maintenance , etc.)
f) Telecommunication ( telephone , fax , etc.)
EXTERNAL EVENTS:-

51. 51
The risk resulting from external events to the bank. This category also includes the risk
presented by actions of external parties or in the case of regulators, the execution of change that
would alter the bank‟s ability to continue operating in certain markets.
Examples:-
a) Disasters (natural disasters, non- natural disasters, etc.)
b) External misdeeds (external fraud, external money laundering, etc.)
c) Litigation/regulation (capital control, regulatory change, legal change, etc.)
LOSS EVENT EFFECTS:-
This refers to the effect by an operational risk event. Following are some categories of loss
effects;-
a) Legal liability due to operational risk.
b) Loss/damage of assets; this refers to direct reduction in value of physical assets.
c) Write downs: this refers to direct reduction in value of assets.
d) Loss of recourse: this refers to payments or disbursements made to wrong parties and not
recovered.

52. 52
 4 . Scenario analysis
Scenario analysis is a systematic and well-reasoned process of getting experts drawn from the
business and relevant support functions to estimate the most severe losses that could materialize
in the firm and the likelihood of such occurrences.
Scenario analysis for operational risk involves analyzing events that might occur infrequency ,
but have the potential for significant business impact(i.e. losses) that have a significant impact on
capital.
Scenarios are defined as an outline, description or model of a sequence of unexpected or
adverse events.
AIMS OF SCENARIO ANALYSIS:-
Scenario analysis aims to identify and assess severe operational risk events that could plausibly
happen.
OBJECTIVES OF SCENARIO ANALYSIS:-
The objectives of operational risk scenario analysis is to identify potential scenario applicable to
your business, assess how bad these could be, and consider the events and failures that would
need to occur for such an event to crystallize.
RBI GUIDELINES ON SCENARIO ANALYSIS :-
Rbi guidelines on scenario analysis from part of the circular issued on implementation of the
advanced measured approach (AMA) for calculation of capital charge for operational risk “
dated 27th
april , 2011. The important guidelines are as under:-

53. 53
Para 8.5.2.6: Scenarios are likely to have a significant influence on the amount of capital
calculation as per AMA. Scenarios involving multiple risk factors(frequency/severity of losses in
different events types) would obviously require assumptions of correlations. For this purpose ,
the correlation among various risk factors already calculated by the bank based on historical data
could form the basis of projections with appropriate to account for the possibility that the
correlations could break down under a stressed scenario.
Para 8.5.4.1: A bank‟s internal loss data may not be sufficient to model the operational risk
exposures faced by the bank as many of the potential risk to which the bank is exposed would
not have materialized during the life of the bank. Basel-II framework, therefore , requires that a
bank‟s operational risk measurement system must incorporate four key data inputs.
These 4 inputs / elements are:
Internal data
External data
Scenario analysis
Business environment and internal control factors(BEICF)
Para 8.5.4.5: (iii) scenario analysis is especially relevant for business lines, activities or
operational loss event type where internal and relevant external loss data or assessments of the
business environment and internal control factors(BEICFs) do not provide a sufficiently robust
estimate of the exposure of the bank to operational risk.

54. 54
Scenario analysis process flow and timelines:-
Scenario analysis process flow Time frame
1. Pre-workshop preparation:
a) Identification of scenarios for the
workshop;
b) Development of scenario analysis
tool kit.
c) Selection of participants for the
workshop; and
d) Familiarizing the participants with
the probable scenarios.
a) Exercise should commence one month
before scenario analysis workshop.
2. Scenario analysis workshop:-
a) Conduct of scenario analysis
workshop;
b) Documentation of results;
c) Approval from business heads for the
outcomes of the results; and
d) Placing the results before the
concerned business department, the
ORMC.
a) Scenario workshops for all business
units/departments can be phased
coinciding with RCSA schedule as
outcome of RCSA will be an input
for the workshop.
b) All scenario workshops should be
completed by January end.
3. Capital computation In the month of February.
4. Validation of scenario analysis
process by I&A
In the month of march.

55. 55
Roles and Responsibilities:-
Roles and responsibilities of the departments and participants:-
Department & participants Roles and responsibilities
Operational risk
management department
(ORMD)
a) Determine scenarios.
b) Preparation of background analysis material.
c) Documentation of scenario analysis result.
d) Present the result to the heads of the respective business
department for sign off.
e) Present the outcome before the concerned business
departments, the ORMC .
Department heads a) Selection participants for scenario analysis workshop; and
b) Review extreme events scenarios for their plausibility and validity
assumptions.
Scenario participants a) Participate in the identification of scenarious.
b) Provide inputs for the assessment of the scenario impacts ; and
c) Incorporate outputs of the scenario analysis into day – to day
business, as appropriate.
Inspection and audit
departments
a) As a part of qualitatives validation , audit team will validate the
scenario analysis process and its results after computation of
AMA capital.
b) Audit will submit its findings to (a) the operational risk
management committee through ORMD ; and (b) the audit
committee of the board (ACB)

56. 56
ROLES AND RESPONSIBILITIS OF THE COMMITTEES:-
COMMITTEE PESPONSIBILITIES
Operational risk
management
committee(ORMC)
a) Review and approve results of scenario analysis;
b) Approve changes,if considered necessary to scenario assessment
rating viz.most likely loss frequency(MF) , most likely loss
severity (MS) , worst likely frequency (WF) & worst likely
severity (ws) ; and
c) Annual review of scenario analysis framework;
d) Propose / approve enhancement to scenario analysis framework,
as considered necessary from time to time.
Risk management
committee of the
board(RMCB)
a) Take note of the result of scenario analysis process.
Audit committee of
the
Board(ACB)
a) Review finding of audit on scenario analysis process

57. 57
ADVANTAGE OF SCENARIO ANALYSIS :-
Scenario analysis provides a forward-looking view of operational risk that complements
historical internal and external loss data.
Scenario analysis (SA) is a systematic process of obtaining expert opinions.
scenario analysis, which uses a systematic approach to anticipate a broad range of possible
outcomes, provides valuable insights. Scenario analysis facilitates business decisions by taking
into account a number of potential developments and possible future events in business
environments.
Most insurers use scenario analysis for strategy development and risk management.
Scenario analysis is particularly important for insurers, as their survival depends on their abilities
to gauge and appropriately price risk.
To manage the broad range of risks they face -- many of which are interrelated --
Insurers often develop scenarios for risk management, underwriting and pricing decisions,
Strategic planning and capital management.
The popularity of scenario analysis is the result of the limitations with the others three
approaches and the fact that regulators have accepted that there is a role for human judgment and
expertise in measuring operational risk and setting a side capital.
MANAGING OPERATIONAL RISK

58. 58
Managing operational risk is becoming an important feature of sound risk management practices
in modern financial markets in the wake of phenomenal increase in the volume of transactions,
high degree of structural changes and complex support systems. The most important type of
operational risk involves breakdowns in internal controls and corporate governance. Such
breakdowns can lead to financial loss through error, fraud, or failure to perform in a timely
manner or cause the interest of the bank to be compromised.
Generally, operational risk is defined as any risk, which is not categorized as market or credit
risk. This is the risk of loss arising from various types of human or technical error. It is also
synonymous with settlement or payments risk and business interruption, administrative and legal
risks. Operational risk has some form of link between credit and market risks. An operational
problem with a business transaction could trigger a credit or market risk.
In order to manage Operational Risk, the following is required
Identifying issues, control breaches and risks
Assessing impacts of issues, control breaches and risks
Setting priorities on issues, control breaches and risks
Reporting and discussing issues , control breaches and risks
Resolving or escalating issues, control breaches and risks
Mitigating or containing issues, control breaches and risks
This provides a standard methodology.
One of the major tools for managing operational risk is the well-established internal control
system, which includes segregation of duties, clear management reporting lines and adequate
operating procedures. Most of the operational risk events are associated with weak links in
internal control systems or laxity in complying with the existing internal control procedures.
The ideal method of identifying problem spots is the technique of self-assessment of internal
control environment. The self-assessment could be used to evaluate operational risk along with
internal/external audit reports/ratings or RBI inspection findings. Banks should endeavor for

59. 59
detection of operational problem spots rather than their being pointed out by supervisors/internal
or external auditors.
Along with activating internal audit systems, the Audit Committees should play greater role to
ensure independent financial and internal control functions.
The Basle Committee on Banking Supervision proposes to develop an explicit capital charge for
operational risk.
Control of Operational Risk
Internal controls and the internal audit are used as the primary means to mitigate operational risk.
The contingent processing capabilities could also be used as a means to limit the adverse impacts
of operational risk. Insurance is also an important mitigator of some forms of operational risk.
Risk education for familiarizing the complex operations at all levels of staff can also reduce
operational risk.
Business continuity plan and disaster recovery drill are important tools

60. 60
RESEARCH METHODOLOGY

61. 61
Research in common parlance refers to search of knowledge. In other
words research means search for facts-answers to questions and
solutions to the problem. It is purposive investigation.
Research methodology may be understood as all those methods/techniques that are used for
conduction of research. Thus it refers to the methods the researchers use in performing research
operations. Since the object of research is to arrive at a solution for a given problem, the
available data and the unknown aspects of the problem have to be related to each other to make a
solution possible.
The selection of appropriate methodology for doing research is very important. It must be in
accordance to the topic of the research. The topic of the study is:
Study of risk management at state bank of Bikaner & Jaipur Bank
 Research design
It is the framework or plan for the study that is used as a guide in collecting and analyzing the
data. It is the framework of the project that stipulates what information is to be collected from
what sources and by what procedures.
Designing is preliminary step in every activity. It provides a picture for
the whole before starting of the work.
RESEARCH PROCESS FOLLOWED………
FF

62. 62
Review the Literature
Error! Reference source not found.
 Research objective
The objective of the study is to understand the concept of risk management in banking and to
analyze whether the bank is following those guidelines or not.
 Collection of Data
1. Primary data sources
Under primary sources we have data in the form of personal interview.
2. Secondary data sources
Basically this research is exploratory research; the secondary data used for the research is
collected through Bank‟s documents, websites and magazines.
 Sampling Area
Jaipur
Define
researc
h
proble
m
Review
concepts
&
theories
Interpre
t &
Report
writing

63. 63
ANALYSIS
Operational Risk in Banking, the topic of the project is very complex and critical to the
functioning of the banking industry as a whole. As the topic indicates the study involves the
collection of secondary data for the research purpose. Secondary data refers to the data collected

64. 64
by someone else other than the user. A common source of secondary data is organizational
records.
As the project studies the Operational Risk with major emphasis on State bank of Bikaner &
Jaipur Bank‟s products and processes , the information gathered is restricted to the bank‟s
internal products and services. Thus the research done in this project is based on secondary data
provided by the bank‟s record.
The first step towards the data collection was to request the personal in charge for the processing
of the respective product to provide the secondary data from the bank‟s database. The samples
kept for the record of the bank were shown with major emphasis on those cheques which could
have lead to Operational Risk. Like in the case of Account Opening Form , personal from the
Fraud Control Unit showed the necessities which are required to be checked in order to avoid
fraud and forgeries. The same procedure was followed for all the products and services.
Therefore the data analysis done in the project is based on the secondary database of the State
bank of Bikaner and Jaipur.

65. 65
FINDINGS

66. 66
Good co-ordination between the sales and finance department add all comfort ability
to Operational services.
Different vendor services related to software solutions, at times hamper processing
function affecting customer services and thus making the bank more prone to operational risk.
With load of information, the server sometimes goes down affecting the speed of
Operational processing and thereby causing delay in the functioning of the bank and thus adding
to operational risk problems.
On regular basis Key Control Standards are updated with new records which help to
keep effective check on fraud and forgeries.
Anytime banking (i.e internet banking , phone banking , sms banking ) is available
for 24 * 7 days for easy access of information to the customer.
Any query between the insurance provider and the sales and marketing team are
simultaneously informed to operations and sales department through e-mails. Thus the sales and
marketing team are made responsible first to report to operation department which would further
be responsible to the service provider and the same norm will be followed by the investment
department. This provides a systematic approach to the bank for eliminating any discrepancy as
far as operational risk is concerned.
Regular static data related to each customer‟s personal information or account related
information is regularly updated to avoid any discrepancy on the part of the bank.
As far as managing operational risks are concerned the needs to tighten up it‟s checking of the
Account Opening Forms and Inward Clearing process as these areas are most prone to such types
of risks.

67. 67

68. 68
CONCLUSION
On the basis of data provided to me, I can say that bank is trying to moving on the policies
prescribed by Reserve Bank of India. The bank is also using their own policies as per guidelines
of
RBI for risk management. As the Bank move more off balance sheet, the implied risk of these
activities must be integrated into overall risk management and strategic decision making, but
generally they are ignored when bank risk management is considered.
Here the question is not that

69. 69
“How far should risk management go in public banking?”
But the real question is
“How good is risk management in public Banking and how can it be improved?”

70. 70
RBI should show the banks as to how the banks can benefit by following their
guidelines.
All the banks should provide complete information so that there is more transparency.
The banks must be make their risk management practices robust to address
operational risk which is increasing with diversification of business lines and more dependence
on technology
As a part of developing an understanding of OR, manual of operational guidelines
should be there in the bank.

71. 71
Bank policies
Bank Manual-RCSA,KRI,LOSS DATA,SCENARIO ANALYSIS

72. 72
RBI CIRCULARS OR BASEL-II
WWW.Sbbjbank.com
www.google.com
www.bankingonly.com
www.rbi.co.in

73. 73