Credit Risk Management in Kenya

worst financial crisis since the Great Depression of the 1930s. It was triggered by a liquidity shortfall in the United States banking system and has resulted in the collapse of large financial institutions, the bailout of banks by national governments, and downturns in stock markets around the world. In many areas, the housing market has also suffered, resulting in numerous evictions, foreclosures and prolonged vacancies.

(Brunnermeier, 2009) states that “the bursting of the housing bubble, which peaked in 2006, as being the first major sign that the values of securities tied to U.S. real estate pricing would plummet and damage major financial institutions such as; Lehman Brothers, Merrill Lynch, AIG globally. Questions regarding bank solvency, declines in credit availability and damaged investor confidence had an impact on global stock markets, where securities suffered large losses during late 2008 and early 2009. Economies worldwide slowed during this period, as credit tightened and international trade declined and banks were forced to write down several hundred billion dollars in bad loans caused by mortgage delinquencies.”

Moreover, the Federal Reserve Bank feared a deflationary period after the bursting of the Internet bubble and thus did not counteract the buildup of the housing bubble. At the same time, the banking system underwent an important transformation.

Traditional banking model, in which the issuing banks hold loans until they are repaid, was replaced by the ‘originate and distribute’ banking model, in which loans are pooled, tranched, and then resold via securitization. The creation of new securities facilitated the large capital inflows from abroad. (Wikipedia, 2009). Mechanical phenomena (domino effects due to the linkages between many of these financial institutions), resulted in simultaneous spread worldwide to many financial and economic areas.”

“The heavy exposure of a number of EU countries to the US subprime problem was clearly revealed when BNP Paribas froze redemptions for three investment funds, citing its inability to value structured products. As a result, counterparty risk between banks increased dramatically, as reflected in soaring rates charged by banks to each other for short-term loans and the began to spread into the European markets, Asian and eventually African markets.” (Brunnermeier, 2009)

A study done by Samuel Mwega on the contagion effects of the global financial crisis with reference to Kenya indicates that some developing markets that had seen strong economic growth saw significant slowdowns. For example, growth forecasts in Cambodia showed a fall from more than 10% in 2007 to close to zero in 2009. This saw to a dramatic rise in the number of households living below the poverty line, be it 300,000 in Bangladesh or 230,000 in Ghana.

1The central bank of Kenya argues that Kenya is primarily a rural agro-based economy with only a small minority of the population such as tourism and commercially- oriented agriculture such as horticulture, tea and coffee directly interfacing with the developed world. Indirectly, foreign exchange volatility, cost and availability of inputs would be impacted.

“The worst hit sectors however, were the banking industry and stock markets. In terms of ownership structure, foreign banks comprise about a quarter of all banks in the country, with 11 foreign banks out of 42 commercial banks as of 2007.thus, foreign banks account for about 40% of commercial banks core capital.” (Mwega, 2010)

In the stock markets, Portfolio flows have been adversely affected, with foreign sales exceeding foreign buys in many counters, as foreign portfolio investors diversify from the market. Moreover, the NSE 20-share index has taken a hit since mid-2008 on the back of the post-election violence and the global financial crisis.

Generally, Kenya achieved only 3-4% growth in 2009, down from 7% in 2007. According to the research by the Overseas Development Institute, reductions in growth been attributed to falls in trade, commodity prices, investment and remittances sent from migrant workers (which reached a record $251 billion in 2007, but have fallen in many countries since.

“Hitherto, the financial industry has always been affected by unsystematic changes such as changes in the economic situation (uncertain interest rates, foreign exchange rates), political changes, social changes and systematic risk such as internal controls, corporate governance and information technology systems as well.” (Committee, 2000). Risk management has become a main topic for the financial institute especially since financial services is a business sector related to conditions of uncertainty. The financial sector is the most influenced by the volatile conditions of the financial crisis. Financial institutions are exposed to a large number of risks through their activities. In order to promote confidence amongst a financial institution’s stakeholders and shareholders, the institution must invest money into a risk management system and promote strong risk management within their organization.

Statement of the Problem

The Basel committee’s document on principles for the management of credit risk (2000) states that while financial institutions have faced difficulties over the years for a multitude of reasons, the major cause of serious banking problems continues to be directly related to lax credit standards for borrowers and counterparties, poor portfolio risk management, or a lack of attention to changes in economic or other circumstances that can lead to a deterioration in the credit standing of a bank’s counterparties.

2Credit risk is most simply defined as the potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms. The goal of credit risk management is to maximize a bank’s risk-adjusted rate of return by maintaining credit risk exposure within acceptable parameters. Banks need to manage the credit risk inherent in the entire portfolio as well as the risk in individual credits or transactions. Banks should also consider the relationships between credit risk and other risks. The effective management of credit risk is a critical component of a comprehensive approach to risk management and essential to the long-term success of any banking organization.

Critiques argue that the current credit crunch would have been predictable. Risk management practices had become so secretive that, in some banks, the back office had no idea what Value at Risk (potential losses) the front office was taking. Today’s banking sector has been described as “a demonstrably fragile financial system that has produced unimaginable wealth for some, while repeatedly risking a cascading breakdown of the system as a whole.” This is not how capital markets should operate. The worst banking crisis in history requires more than just a business as usual response; it requires a

Current concepts of credit risk management in financial institutions must now be revisited for purposes of creating the solid financial footing that will regenerate trust in the market. They need to create a new model for investment banking built on the four principles of; transparency, peering, sharing intellectual property, and acting global.

Credit risk management generally, requires top-level management support, acknowledgment that risk is a reality, and a commitment to identify and manage them. One discriminator of a successful organization is the use of credit risk management to anticipate potential negative conditions, problems, and realities. Ineffective projects are forced to react to problems; effective projects anticipate them. An organization will be much better once it moves away from reacting to change, and toward proactive anticipation and management of change. Formal credit risk management must be an integral part of the entire management structure and processes. In fact, it should be the program manager’s number one priority.

This study therefore intends to explore the critical success factors that if adhered to by banks in Kenya, would offer adequate support to the credit risk management procedures already put in place.

1.3. Research Questions

• What are the critical success factors for effective credit risk management procedures by banks in Kenya?
• What credit risk exposures do these banks face?
• Which credit risk management measures have been put in place?
• Are these measures put in place effective in controlling credit risk?

Research Objectives

• To establish the causes of credit risk among banks in Kenya.
• To identify the approaches used to measure credit risk by these banks.
• To find out the credit risk management measures put in place by these financial institutions (banks).
• To establish whether the measures adopted are effective in controlling credit risk.

Scope of the Study

To begin with, the study will only cover a handful of financial institutions especially those within Nairobi. It is not possible to cover all financial institutions in Kenya due to financial and time constraints

The beneficiaries of the study are financial lending institutions and in particular banks which are majorly exposed to credit risk. They will be able to identify the most critical factors for effective credit risk management. Moreover, regulators within the industry such as the central bank of Kenya and the insurance regulatory authority will be in a position to come up with better strategies for adoption by these financial institutions in order that they effectively manage credit risk.

Moreover, future scholars intending to carry out similar research in investigating other risks faced by banks which include but not limited to; market risk, interest rate risk, market risk, foreign exchange risk and operational risk.

The study is only limited to the critical success factors for effective credit risk procedures by banks in Kenya. Future scholars can therefore carry out similar studies on insurance companies and compare for similarity among results acquired with those on banks.

Delimitation of the study

To begin with, the study will only cover a handful of banks especially those within Nairobi. It is not possible to cover all financial institutions in Kenya due to financial and time constraints.

Definition of Key Terms

Credit risk. (Sharma, 2008) Defines credit risk as the possibility of losses associated with diminution of credit quality of borrowers or counterparties.

The Overseas Development Institute (ODI) is one of the leading independent think tanks on international development and humanitarian issues. Based in London, its mission is “to inspire and inform policy and practice which lead to the reduction of poverty, the alleviation of suffering and the achievement of sustainable livelihoods in developing countries.” It does this by “locking together high-quality applied research, practical policy advice, and policy-focused dissemination and debate.”

Basel Committee on Banking Supervision; Wikipedia defines it as an institution created by the central bank Governors of the group of ten nations. It was created in 1974 and meets regularly four times a year. The Basel Committee formulates broad supervisory standards and guidelines and recommends statements of best practice in banking supervision in the expectation that member authorities and other nations’ authorities will take steps to implement them through their own national systems, whether in statutory form or otherwise.

CHAPTER 2: LITERATURE REVIEW

2.1. Introduction

2.1.1. Definition of risk.

The Basel Committee has defined risk as “the probability of the unexpected happening – the probability of suffering a loss”.

The four letters comprising of the word RISK define its features.

R = Rare (unexpected)

I = Incident (outcome)

S = Selection (identification)

K = Knocking (measuring, monitoring, controlling)

RISK, therefore, needs to be looked at from four fundamental aspects:

• Identification
• Measurement
• Monitoring
• Control (including risk audit)

2.1.2. Risk Management

Broadly speaking, risk management can be defined as a discipline for “Living with the possibility that future events may cause adverse effects” (Kloman 1999). In the context of risk management in financial institutions such as banks or insurance companies these adverse effects usually correspond to large losses on a portfolio of assets.

“The importance of risk management for these financial intermediaries especially banks, is magnified by the important place they occupy in a nation’s economy. Their function of intermediation is a source of many of these risks.” (Sharma, 2008) Specific examples include: losses on a portfolio of market-traded securities such as stocks and bonds due to falling market prices (a so-called market risk event); losses on a pool of bonds or loans, caused by the default of some issuers or borrowers (credit risk); losses on a portfolio of insurance contracts due to the occurrence of large claims (insurance- or underwriting risk). An additional risk category is operational risk, which includes losses resulting from inadequate or failed internal processes, fraud or litigation.

(Carey, 2001) Describes that there can be few, if any, parts of the economy in which risk management is more important than the financial sector. Financial institutions account for a sizeable number of the world’s leading companies and have a critical role to play in the economics of every country and thus in world economic order as a whole. Their whole business is centered on taking risks in conditions of uncertainty. The Turnbull Report on risk management and internal control, which is applicable to all listed companies in the UK and which has been widely disseminated internationally, fully recognizes this fundamental point. Its focus is on effective risk management and not the elimination of risk. In a modern competitive market economy, business organizations that are risk averse are unlikely to earn satisfactory returns.

According to a document published by the bank of Pakistan on Risk Management: A guideline for commercial banks and direct finance institutions, risk management as a discipline should be at the core of every financial institution as it encompasses all the activities that affect its risk profile. It involves identification, measurement, monitoring and controlling risks to ensure that;

a) The individuals who take or manage risks clearly understand it.

b) The organization’s Risk exposure is within the limits established by Board of Directors.

c) Risk taking Decisions are in line with the business strategy and objectives set by board.

d) The expected payoffs compensate for the risks taken

e) Risk taking decisions are explicit and clear.

f) Sufficient capital as a buffer is available to take risk

2.1.3. Risk Management framework.

A risk management framework encompasses the scope of risks to be managed, the process/systems and procedures to manage risk and the roles and responsibilities of individuals involved in risk management. The framework should be comprehensive enough to capture all risks a bank is exposed to and have flexibility to accommodate any change in business activities. An effective risk management framework includes;

a) Clearly defined risk management policies and procedures covering risk identification, acceptance, measurement, monitoring, reporting and control.

b) A well constituted organizational structure defining clearly roles and responsibilities of individuals involved in risk taking as well as managing it. Banks, in addition to risk management functions for various risk categories may institute a setup that supervises overall risk management at the bank. Such a setup could be in the form of a separate department or bank’s Risk Management Committee (RMC) could perform such function. The structure should be such that it ensures effective monitoring and control over risks being taken. The individuals responsible for review function (Risk review, internal audit and compliance) should be independent from risk taking units and report directly to board or senior management who are also not involved in risk taking.

c) There should be an effective management information system that ensures flow of information from operational level to top management and a system to address any exceptions observed. There should be an explicit procedure regarding measures to be taken to address such deviations.

d) The framework should have a mechanism to ensure an ongoing review of systems, policies and procedures for risk management and procedure to adopt changes.

Integration of Risk Management

Risks must not be viewed and assessed in isolation, not only because a single transaction might have a number of risks but also one type of risk can trigger other risks. Since interaction of various risks could result in diminution or increase in risk, the risk management process should recognize and reflect risk interactions in all business activities as appropriate. While assessing and managing risk the management should have an overall view of risks the institution is exposed to. This requires having a structure in place to look at risk interrelationships across the organization.

2.2. Theoretical Orientation.

(Committee, 2000) Defines credit risk as “the potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms.” The goal of credit risk management is to maximize a bank’s risk-adjusted rate of return by maintaining credit risk exposure within acceptable parameters. Banks need to manage the credit risk inherent in the entire portfolio as well as the risk in individual credits or transactions. Banks should also consider the relationships between credit risk and other risks. The effective management of credit risk is a critical component of a comprehensive approach to risk management and essential to the long-term success of any banking organization.

For most banks, loans are the largest and most obvious source of credit risk; however, other sources of credit risk exist throughout the activities of a bank, including in the banking book and in the trading book, and both on and off the balance sheet. Banks are increasingly facing credit risk (or counterparty risk) in various financial instruments other than loans, including acceptances, interbank transactions, trade financing, foreign exchange transactions, financial futures, swaps, bonds, equities, options, and in the extension of commitments and guarantees, and the settlement of transactions.

In addition to direct accounting loss, credit risk should be viewed in the context of economic exposures. This encompasses opportunity costs, transaction costs and expenses associated with a non-performing asset over and above the accounting loss. Credit risk can be further sub-categorized on the basis of reasons of default. For instance the default could be due to country in which there is exposure or problems in settlement of a transaction.

Since exposure to credit risk continues to be the leading source of problems in banks world-wide, banks and their supervisors should be able to draw useful lessons from past experiences. Banks should now have a keen awareness of the need to identify, measure, monitor and control credit risk as well as to determine that they hold adequate capital against these risks and that they are adequately compensated for risks incurred. The Basel Committee is issuing this document in order to encourage banking supervisors globally to promote sound practices for managing credit risk. Although the principles contained in this paper are most clearly applicable to the business of lending, they should be applied to all activities where credit risk is present.

2.3.1. Approaches to measuring credit risk

2.3.1.1. Traditional approaches to measuring credit risk

Expert Judgment

This involves the use of an expert such as loan officer based on the 5C’s of credit. These are Character, Capital, Capacity, Condition and Collateral.

Rating Systems

This approach combines accounting ratios and expert judgment to categorize debt into rating categories. Banks use their own internal rating scales to categorize and price loans.

Rating systems can be unidimensional or bidimensional. Unidimensional rating scales combine an assessment of the credit worthiness of the loan and collateral. Bidimensional ratings on the other hand, separately assess the creditworthiness of the loan and the quality of the collateral.

Credit scoring models.

These models combine financial information of borrowers into a credit score. This credit score is either a probability of default or can be used to assign borrowers into rating categories that reflect varying probabilities of default.

2.3.1.2. Other approaches to measuring credit risk.

3The Basel committee proposes to permit banks a choice between two broad methodologies for calculating their capital requirements for credit risk. One alternative will be to measure credit risk in a standardized manner, supported by external credit assessments. The alternative methodology, which is subject to the explicit approval of the bank’s supervisor, would allow banks to use their internal rating systems for credit risk.

Standardized Approach

4“This methodology extends the approach to capital weights used in Basel I to include market-based rating agencies. Sovereign claims, are now discounted according to the credit rating assigned to a sovereign’s debt by an “authorized” rating institution.if debt is rated from AAA to AAA-, it is assigned a 0% weight; if it is rated from A+ to A-, it is assigned a 20% weight; if it is rated from BBB+ to BBB-, it receives a 50% weight; if it is rated from BB+ to BB-, it receives a 100% weight; and if it is rated below B-, it receives a 150% weight. Unrated debt is weighted at 100%. If debt is denominated and funded in local currency, regulators can also assign a lower weight to its relative riskiness. For bank debt, authorities can choose between two risk weighting options.”

b. Internal Ratings Based Approach

5Beyond the “standardized” approach, Basel II proposes—and incentivizes—two alternate approaches toward risk-weighting capital, each known as an Internal Ratings Based Approach, or IRB. These approaches encourage banks to create their own internal systems to rate risk with the help of regulators. By forcing banks to “scale up” their risk-weighted reserves by 6% if they use the standardized approach, the Basel Committee offers banks the possibility of lower reserve holdings and thus higher profitability if they adopt these internal approaches.

The first internal ratings based approach is known as the Foundation IRB. In this approach, banks, with the approval of regulators, can develop probability of default models that provide in-house risk weightings for their loan books. Regulators provide the “assumptions” in these models, namely the probability of loss of each type of asset, the exposure of a bank to an at-risk asset at the time of its default, and the maturity risk associated with each type of asset.

The second internal ratings based approach, Advanced IRB, is essentially the same as Foundation IRB, except for one important difference: the banks themselves—rather than regulators—determine the assumptions of proprietary credit default models. Therefore, only the largest banks with the most complex modes can use this standard.

2.3.1.3. Value at Risk (VaR) approach

Business Line Accountability.

In every banking organization there are people who are dedicated to risk management activities, such as risk review, internal audit etc. It must not be construed that risk management is something to be performed by a few individuals or a department. Business lines are equally responsible for the risks they are taking. Because line personnel, more than anyone else, understand the risks of the business, such a lack of accountability can lead to problems.

Risk Evaluation/Measurement.

Until and unless risks are not assessed and measured it will not be possible to control risks. Further a true assessment of risk gives management a clear view of institution’s standing and helps in deciding future action plan. To adequately capture institutions risk exposure, risk measurement should represent aggregate exposure of institution both risk type and business line and encompass short run as well as long run impact on institution. To the maximum possible extent institutions should establish systems / models that quantify their risk profile, however, in some risk categories such as operational risk, quantification is quite difficult and complex. Wherever it is not possible to quantify risks, qualitative measures should be adopted to capture those risks. Whilst quantitative measurement systems support effective decision-making, better measurement does not obviate the need for well-informed, qualitative judgment. Consequently the importance of staff having relevant knowledge and expertise cannot be undermined. Finally any risk measurement framework, especially those which employ quantitative techniques/model, is only as good as its underlying assumptions, the rigor and robustness of its analytical methodologies, the controls surrounding data inputs and its appropriate application

Independent review.

One of the most important aspects in risk management philosophy is to make sure that those who take or accept risk on behalf of the institution are not the ones who measure, monitor and evaluate the risks. Again the managerial structure and hierarchy of risk review function may vary across banks depending upon their size and nature of the business, the key is independence. To be effective the review functions should have sufficient authority, expertise and corporate stature so that the identification and reporting of their findings could be accomplished without any hindrance. The findings of their reviews should be reported to business units, Senior Management and, where appropriate, the Board.

Contingency planning.

Institutions should have a mechanism to identify stress situations ahead of time and plans to deal with such unusual situations in a timely and effective manner. Stress situations to which this principle applies include all risks of all types. For instance contingency planning activities include disaster recovery planning, public relations damage control, litigation strategy, responding to regulatory criticism etc. Contingency plans should be reviewed regularly to ensure they encompass reasonably probable events that could impact the organization. Plans should be tested as to the appropriateness of responses, escalation and communication channels and the impact on other parts of the institution.

Board and senior Managemzent oversight.

a) To be effective, the concern and tone for risk management must start at the top. While the overall responsibility of risk management rests with the BOD, it is the duty of senior management to transform strategic direction set by board in the shape of policies and procedures and to institute an effective hierarchy to execute and implement those policies. To ensure that the policies are consistent with the risk tolerances of shareholders the same should be approved from board.

b) The formulation of policies relating to risk management only would not solve the purpose unless these are clear and communicated down the line. Senior management has to ensure that these policies are embedded in the culture of organization. Risk tolerances relating to quantifiable risks are generally communicated as limits or sub-limits to those who accept risks on behalf of organization. However not all risks are quantifiable. Qualitative risk measures could be communicated as guidelines and inferred from management business decisions.

c) To ensure that risk taking remains within limits set by senior management/BOD, any material exception to the risk management policies Introduction and tolerances should be reported to the senior management/board who in turn must trigger appropriate corrective measures. These exceptions also serve as an input to judge the appropriateness of systems and procedures relating to risk management.

d) To keep these policies in line with significant changes in internal and external environment, BOD is expected to review these policies and make appropriate changes as and when deemed necessary. While a major change in internal or external factor may require frequent review, in absence of any uneven circumstances it is expected that BOD re-evaluate these policies every year.