Credit risk is defined as the possibility of losses associated with diminution in the credit quality of borrowers or counterparties. In a bank's portfolio, losses stem from outright default due to inability or unwillingness of a customer or counterparty to meet commitments in relation to lending, trading, settlement and other financial transactions. Alternatively, losses result from reduction in portfolio value arising from actual or perceived deterioration in credit quality. Credit risk emanates from a bank's dealings with an individual, corporate, bank, financial institution or a sovereign. Credit risk may take the following forms

• in the case of direct lending: principal/and or interest amount may not be repaid;

• in the case of guarantees or letters of credit: funds may not be forthcoming from the constituents upon crystallization of the liability;

• in the case of treasury operations: the payment or series of payments due from the counter parties under the respective contracts may not be forthcoming or ceases;

• in the case of securities trading businesses: funds/ securities settlement may not be effected;

• in the case of cross-border exposure: the availability and free transfer of foreign currency funds may either cease or restrictions may be imposed by the sovereign.

In this backdrop, it is imperative that banks have a robust credit risk management system which is sensitive and responsive to these factors. The effective management of credit risk is a critical component of comprehensive risk management and is essential for the long term success of any banking organisation. Credit risk management encompasses identification, measurement, monitoring and control of the credit risk exposures.

In a bank, an effective credit risk management framework would comprise of the following distinct building blocks:

• Policy and Strategy

• Organisational Structure

• Operations/ Systems

The Board of Directors of each bank shall be responsible for approving and periodically reviewing the credit risk strategy and significant credit risk policies.

1. Every bank should have a credit risk policy document approved by the Board. The document should include risk identification, risk measurement, risk grading/ aggregation techniques, reporting and risk control/ mitigation techniques, documentation, legal issues and management of problem loans.

2. Credit risk policies should also define target markets, risk acceptance criteria, credit approval authority, credit origination/ maintenance procedures and guidelines for portfolio management.

3. The credit risk policies approved by the Board should be communicated to branches/controlling offices. All dealing officials should clearly understand the bank's approach for credit sanction and should be held accountable for complying with established policies and procedures.

4. Senior management of a bank shall be responsible for implementing the credit risk policy approved by the Board.

1. Each bank should develop, with the approval of its Board, its own credit risk strategy or plan that establishes the objectives guiding the bank's credit-granting activities and adopt necessary policies/ procedures for conducting such activities. This strategy should spell out clearly the organisation's credit appetite and the acceptable level of risk-reward trade-off for its activities.

2. The strategy would, therefore, include a statement of the bank's willingness to grant loans based on the type of economic activity, geographical location, currency, market, maturity and anticipated profitability. This would necessarily translate into the identification of target markets and business sectors, preferred levels of diversification and concentration, the cost of capital in granting credit and the cost of bad debts.

3. The credit risk strategy should provide continuity in approach as also take into account the cyclical aspects of the economy and the resulting shifts in the composition/ quality of the overall credit portfolio. This strategy should be viable in the long run and through various credit cycles.

4. Senior management of a bank shall be responsible for implementing the credit risk strategy approved by the Board.

Sound organizational structure is sine qua non for successful implementation of an effective credit risk management system. The organizational structure for credit risk management should have the following basic features:

1. The Board of Directors should have the overall responsibility for management of risks. The Board should decide the risk management policy of the bank and set limits for liquidity, interest rate, foreign exchange and equity price risks.

2. The Risk Management Committee will be a Board level Sub committee including CEO and heads of Credit, Market and Operational Risk Management Committees. It will devise the policy and strategy for integrated risk management containing various risk exposures of the bank including the credit risk. For this purpose, this Committee should effectively coordinate between the Credit Risk Management Committee (CRMC), the Asset Liability Management Committee and other risk committees of the bank, if any. It is imperative that the independence of this Committee is preserved. The Board should, therefore, ensure that this is not compromised at any cost. In the event of the Board not accepting any recommendation of this Committee, systems should be put in place to spell out the rationale for such an action and should be properly documented. This document should be made available to the internal and external auditors for their scrutiny and comments. The credit risk strategy and policies adopted by the committee should be effectively communicated throughout the organisation.

Each bank may, depending on the size of the organization or loan/ investment book, constitute a high level Credit Risk Management Committee (CRMC). The Committee should be headed by the Chairman/CEO/ED, and should comprise of heads of Credit Department, Treasury, Credit Risk Management Department (CRMD) and the Chief Economist. The functions of the Credit Risk Management Committee should be as under:

1. Be responsible for the implementation of the credit risk policy/ strategy approved by the Board.

2. Monitor credit risk on a bank wide basis and ensure compliance with limits approved by the Board.

3. Recommend to the Board, for its approval, clear policies on standards for presentation of credit proposals, financial covenants, rating standards and benchmarks,

4. Decide delegation of credit approving powers, prudential limits on large credit exposures, standards for loan collateral, portfolio management, loan review mechanism, risk concentrations, risk monitoring and evaluation, pricing of loans, provisioning, regulatory/legal compliance, etc.

Concurrently, each bank should also set up Credit Risk Management Department (CRMD), independent of the Credit Administration Department. The CRMD should:

1. Measure, control and manage credit risk on a bank-wide basis within the limits set by the Board/ CRMC

2. Enforce compliance with the risk parameters and prudential limits set by the Board/ CRMC.

3. Lay down risk assessment systems, develop MIS, monitor quality of loan/ investment portfolio, identify problems, correct deficiencies and undertake loan review/audit. Large banks could consider separate set up for loan review/audit.

4. Be accountable for protecting the quality of the entire loan/ investment portfolio. The Department should undertake portfolio evaluations and conduct comprehensive studies on the environment to test the resilience of the loan portfolio.

Banks should have in place an appropriate credit administration, credit risk measurement and monitoring processes. The credit administration process typically involves the following phases:

1. Relationship management phase i.e. business development.

2. Transaction management phase covers risk assessment, loan pricing, structuring the facilities, internal approvals, documentation, loan administration, on going monitoring and risk measurement.

3. Portfolio management phase entails monitoring of the portfolio at a macro level and the management of problem loans

4. On the basis of the broad management framework stated above, the banks should have the following credit risk measurement and monitoring procedures:

5. Banks should establish proactive credit risk management practices like annual / half yearly industry studies and individual obligor reviews, periodic credit calls that are documented, periodic visits of plant and business site, and at least quarterly management reviews of troubled exposures/weak credits

Banks should have a system of checks and balances in place for extension of credit viz.:

1. Separation of credit risk management from credit sanction

2. Multiple credit approvers making financial sanction subject to approvals at various stages viz. credit ratings, risk approvals, credit approval grid, etc.

3. An independent audit and risk review function.

4. The level of authority required to approve credit will increase as amounts and transaction risks increase and as risk ratings worsen.

5. Every obligor and facility must be assigned a risk rating.

6. Mechanism to price facilities depending on the risk grading of the customer, and to attribute accurately the associated risk weightings to the facilities.

7. Banks should ensure that there are consistent standards for the origination, documentation and maintenance for extensions of credit

8. Banks should have a consistent approach towards early problem recognition, the classification of problem exposures, and remedial action.

9. Banks should maintain a diversified portfolio of risk assets; have a system to conduct regular analysis of the portfolio and to ensure ongoing control of risk concentrations.

10. Credit risk limits include, obligor limits and concentration limits by industry or geography. The Boards should authorize efficient and effective credit approval processes for operating within the approval limits.

11. In order to ensure transparency of risks taken, it is the responsibility of banks to accurately, completely and in a timely fashion, report the comprehensive set of credit risk data into the independent risk system

12. Banks should have systems and procedures for monitoring financial performance of customers and for controlling outstanding within limits.

13. A conservative policy for provisioning in respect of non-performing advances may be adopted.

14. Successful credit management requires experience, judgement and commitment to technical development. Banks should have a clear, well-documented scheme of delegation of powers for credit sanction.

15. Banks must have a Management Information System (MIS), which should enable them to manage and measure the credit risk inherent in all on- and off-balance sheet activities. The MIS should provide adequate information on the composition of the credit portfolio, including identification of any concentration of risk. Banks should price their loans according to the risk profile of the borrower and the risks associated with the loans.