Credit Risk Management, Disaster Recovery and Business Continuity in the Nigerian Banking Industry: Implications on Performance

This work reviews the importance of sound credit risk management on performance of Nigerian banks and it was discovered that the efficacy of banking functions relies solely on sound credit risk management which incorporates good plans and strategies to move on if a counterparty in a credit agreement defaults on the agreement. The work also shows the way a bank ensures continued, uninterrupted operation of their activities after disaster must have occurred. Banks should not wait for a disaster to strike before they put in place measures or strategies to ensure that specific tasks can be continued or recovered in a well-timed style in the event of interruption of business activities as they should have the plan written out from inception of their existence. Keywords: Credit Risk Management; Disaster Recovery; Business Continuity; Performance DOI : 10.7176/IKM/9-9-05 Publication date :October 31 st 2019


Introduction
Banks are very important in the economic advancement of a nation due to the financial services they deliver. The credit facilities banks make available to the public helps in speedy development of the economy. The provision of money or resources to the public by banks with an anticipation of being paid back at a later date is what credit facility is all about. Loans are the biggest and apparent source of credit risk alongside other sources like banking book and trading book. The credit given or extended by banks make up the largest proportion of credit in circulation and the interest that accrues to such credit facilities are sources of income generation for a bank. Credit risk is the possibility that a person granted a credit facility (loan) will back-out on the terms and conditions agreed-on when the facility was being granted. Credit risk has been a source of worry to many people because if a business partner fails to pay back the credit sum granted it, it will affect the activities of the other party (Afriye and Akotey, 2011). Default risk, counterparty risk or performance risk are also terms that can be used to denote credit risk. The tendency for a party in a credit agreement failing to pay and how much can be salvaged if the party fails to pay are terms that describe credit risk. In addition to the numerous risks encountered by banks, credit risk performs a major role on banks' revenue generation since a huge portion of banks' revenue accumulates from loans wherein interest is obtained. Credit risk (or counterparty risk) are constantly being faced by banks in various monetary tools other than loans, including acceptances, interbank deals, financing trade, foreign exchange deals, financial futures, swaps, bonds, equities, options, and in the provision of commitments and guarantees, and the settlement of transactions. Credit risk management therefore is the practice of manoeuvring the aftermaths of credit risks by finding out the origin of the risk, assessing the level of the risk and adopting the best method in containing the risk (Gieseche, 2004). The success of bank functioning relies greatly on the efficacy of credit risk management (Drehman,2008). When a bank provides credit, it is actually indebted to itself and if the bank records a large number of credit defaulters, the bank will become bankrupt; having more liabilities than assets. The two main types of credit extended by banks are unsecured credit (no collateral is required to access this credit) such as consumer credit cards and small loans, and secured credit (accessed with collateral) to lessen the banks' exposure to the risk of not getting their money back (credit default). Mortgages used to buy houses, boats etc., and PCP (personal contract plan) credit agreements for vehicle purchases are examples of secured credit. Banks extend huge amount of credit to those they consider credit worthy; but will require the deposit of something equivalent to the credit sum which the bank will possess in the event of credit default. The sale of this collateral helps the bank to reduce liabilities arising from bad credits. Disaster refers to events that surpasses the response abilities of an organization. It could be natural hazards like fire outbreaks, political or social unrest, data security and terrorism. Disasters in addition to being unavoidable are also not predictable and differ in kind and intensity. A business has to put in place measures or strategies to help it get back to normal (business continuity) after a disaster has occurred. For a bank, a disaster simply means a sudden disruption in all or part of its business operations which may result in income loss. Effects of disasters range from small interruptions to total business shutdown for days or months, even fatal damage to the business. Banks were among the initial implementers of information technology in the business realm. They incorporated the Information and Knowledge Management www.iiste.org ISSN 2224-5758 (Paper) ISSN 2224-896X (Online) Vol.9, No.9, 2019 31 benefits of computers almost from the advent of the technological industry. The heavy reliance of the banking industry on technology has been the brain behind the disaster recovery industry. The primary aim of disaster recovery is to avoid problems before they occur that is why planning plays an important role in disaster recovery. Disaster recovery is important specifically for the banks in a locality or settlement hit by crisis more than other businesses because their services are in high demand during times of community disaster. A typical bank is multi-faceted, with multiple locations or branches and diverse operations and computer applications. Mergers and acquisitions, along with increasingly sophisticated technology, have complicated banks' situation by making banks to inherit more diverse applications. Typically, banks run 20 to 30 critical applications at the same time and when organizations merge or are acquired, this number may double. Furthermore, many banks' operations are becoming devolved as financial institutions expand their reach beyond the back office into satellite locations. Yet banks also continue to rely heavily on paper, especially at the branch level. What happens to these decentralized operations and manifold applications if a bank experiences a disaster? What happens to the many paper transactions in branches that have not entered the central system? Whether it's simply a local crisis like boko haram insurgency or herdsmen attack, the reality remains the same -disasters can disrupt important business operations or activities significantly for weeks and sometimes months. Thorough preparation can shorten recovery time dramatically and keep banking operations ongoing. In addition to the above listed facts, Inability to fulfil obligation in loan agreement on the part of the borrower even after the expiration of grace period, bankruptcy and repudiation are also disasters in the banking sector. Disaster recovery process will continue to advance with the banking industry. As banks become more sophisticated, its vulnerability to disaster is increased and so plans for disaster recovery solutions is needed. What happens long before a disaster strikes is important if disaster recovery will be achieved. With a pragmatic recovery strategy, analysed and dedicated to by senior management, operation of banks can efficiently be maintained and at the same time safety of people and assets is guaranteed. The procedure of formulating a disaster recovery plan begins by ascertaining the causes and effects of the disaster, analysing their chances of happening and magnitude of its impact and categorizing them in terms of their business priority. The eventual results are a formal appraisal the of risk, a disaster recovery plan that incorporates all obtainable recovery methods, and a Disaster Recovery Committee that has responsibility for preparing, implementing and improving the disaster recovery plan.

Objectives of the study
The study seeks to ascertain the following a. The implication of credit risk management on bank performance. b. The application of disaster recovery plan to ensure business continuity

Assessment of Credit Risk by a Bank
The likelihood that a counterparty in loan disbursement deal will default is always borne in mind by the party providing such credit facility (bank) (Al-Khouri, 2011).). The banking industry has a prototype for assessing the possibility default by a counterparty. CAMPARI, which is a well-known perspective in credit risk assessment. The word CAMPARI came into play from the first letters of the attributes of a borrower a bank looks into before a credit facility is granted. They are: 1. Character which describes the reliability of the business and the people at the helm of affairs of the firm as it is believed that truthful borrowers have low tendency of defaulting on an agreement 2. Ability refers to the legality or legitimacy of the agreement between the counterparty and the bank.
Company's directors are expected to act within the ambit of the legal authority enshrined in their articles of incorporation. 3. Means refers to the counterparty's financial, technical and managerial means that will ensure that they pay back at the appointed time. 4. Purpose refers to the reason for which a borrower requires the credit being extended, which must be clear and acceptable to the lender. Borrowing to finance rapid growth of a company is an acceptable purpose to a lender. 5. Amount refers to the aggregate of the loan sum which should be enough to cover the aim of the borrowing. 6. Repayment relates to the capacity of the counterparty to pay back the loan. This the bank ascertains by looking into the source of payback. This pay back ability is obviously of significant importance in lending and should be shown not through future profit expected in the business but from sources of revenue generation. Before any decision is taken on the form of lending the bank will undertake, the bank needs to consider the pay back structure the business is proposing which can be either bullet; Information and Knowledge Management www.iiste.org ISSN 2224-5758 (Paper) ISSN 2224-896X (Online) Vol.9, No.9, 2019 paying back the principal in a one lump sum payment or amortisation; instalment repayment of principal amount 7. Insurance refers to the measures taken by banks to ensure that they recoup the loan sum if there is a default. This might be in form of the collateral provided by the counterparty before the loan disbursement or the terms and conditions agreed on before the loan was given out.

Credit Risk Management Structure
Board and Senior management: it is the responsibility of the bank's board to undertake credit risk management plans as follows; a. Ensuring that the credit risk strategy, plan and policies of the bank is efficiently publicized throughout the banking organisation this is to make sure that all germane personnel in the bank clearly understands the bank's approach to credit extension and management so as to be held responsible for either complying with or flouting established policies and procedures b. The board of directors should approve and periodically review the banks 'credit risk strategy and also significant credit risk policies bearing in mind that the strategy(plan) and policies must take into cognizance the numerous actions of bank that will lead to credit exposure. c. Bank's board of directors should approve the bank's strategy for selecting risks and maximising profits. d. The board should periodically review the financial results of the bank and, based on these results, determine if changes need to be made to the strategy. e. The board must also determine if the bank's capital level is adequate for the risks assumed throughout the entire organisation. f. They also make sure that senior management and people saddled with credit risk management task has the necessary skills and knowledge to perform successful risk management functions so as not to fail. g. The board of directors should ensure that the bank's salary and wages policies do not go against the banks credit risk management as it has been proven that if unacceptable behaviour like short term profit generation if rewarded against the credit policies or surpassing established limits, the bank's credit processes are weakened.
Organizational structure: The organizational structure of a bank must be in tandem with bank's size, complexity and activities. Each bank should create a Credit Risk Management Committee which is saddled with the task of effecting policies and procedures ratified by the board and establishing tolerable levels of vulnerability to credit risk (Kithinji, 2010)). Also this committee monitors credit risk, recommends policies and procedures, sets the delegation of competences for loan approval to bank staff (lending limits), define standards for collaterals, risk concentration, risk monitoring and assessment, loan pricing, provisions, rules in compliance with the law. Banks should establish the Department of Credit Risk Management, which ensures that the undertaken risk is within the limits established by Credit Risk Management Committee, ensures that the business line is in accordance with risk parameters. They are also responsible for creating loan loss provisions (Alalade et al., 2014).

CREDIT RISK MANAGEMENT PLAN
These are actions utilized by banks to either circumvent or reduce the unfavourable effects of credit risk (Owojori et al., 2011). Although the strategy or plan should be periodically assessed and amended, it should be viable in the long-run and through various economic cycles. A comprehensive credit risk management outline is pertinent for banks so as to boost profitability and also ensure survival (Psillaki et al., 2010). Lindergren (1987) as cited in Kolapo et al. (2012), enumerated the main principles in credit risk management process as follows; establishment of a clear structure, allocation of responsibility, processes have to be prioritized and disciplined, responsibilities should be clearly communicated and accountability assigned. The strategies for circumventing or evading credit risk comprises of the following listed below amongst others; 1. Credit Derivatives: This provides banks with an approach which does not require them to adjust their loan portfolio (Saunders&Cornett,2008). Credit derivatives provide banks with a new source of fee income and offer banks the opportunity to reduce their regulatory capital (Shao and Yeager, 2007; cited in Kolapo et al., 2012). The commonest type of credit derivative is credit default swap whereby a seller agrees to shift the credit risk of a loan to the protection buyer. Credit derivatives encourage banks to lend more than they would, at lower rates to people who might default. Recent innovations in credit Information and Knowledge Management www.iiste.org ISSN 2224-5758 (Paper) ISSN 2224-896X (Online) Vol.9, No.9, 2019 33 derivatives markets have boosted banks abilities to transmit credit risk to other institutions while maintaining relationship with borrowers (Alshanti, 2015). 2. Credit Securitization: It is the transmission of credit risk to a factor or insurance company and this relieves the bank from monitoring the borrower and fear of the dangerous effects of classified or off the record assets. This approach insures the lending activity of banks. The increasing popularity of credit risk securitization can be pinned to the fact that banks normally use the instrument of securitization to diversify concentrated credit risk exposures and to explore an alternative source of funding by realizing regulatory arbitrage and liquidity improvements when selling securitization transactions (Chen&Pan, 2012). A cash collateralized loan obligation is a form of securitization in which assets (bank loans) are removed from a bank's balance sheet and packaged or enveloped into profitable securities that are sold on to investors through a special purpose vehicle (SPV) (Alshatti, 2015). 3. Compliance to Basel Accord: The Basel Accord are international principles and regulations guiding the operations of banks to safeguard its strength and stability. The Accord was introduced in 1988 in Switzerland. Conformity to the provisions of the Accord means being able to identify, generate, track and report on risk-related data in an integrated manner, with full auditability and transparency and creates the opportunity to improve the risk management processes of banks. The New Basel Capital Accord places clearly the responsibility on banks to employ sound internal credit risk management practices to assess their capital adequacy requirements (Chen and Pan,2012). 4. Adoption of a sound internal lending policy: The lending policy guides banks in giving out loans to clients. Firm observance of the lending policy is by far the most economical and easiest strategy of credit risk management. The lending policy should be in tandem with the overall bank strategy and the factors considered in designing a lending policy should include; the existing credit policy, industry norms, general economic conditions of the country and the current economic climate (Kithinji,2010). 5. Credit Bureau: This is an institution which compiles information and sells this information to banks as regards the lending profile of a borrower. The bureau awards credit score called statistical odd to the borrower which makes it easy for banks to make instantaneous lending decision. In Nigeria, Credit Risk Management System (CRMS) of the Central Bank of Nigeria (CBN) is a typical example of a credit bureau (Epure & Lafuente,2012)).
All banks not minding its size is in business for the sole purpose of making profit and so must determine the suitable risk/reward trade-off for its activities, factoring in the cost of capital (Abiola & Olausi, 2014). In addition to other banking functions, the board of directors has an important role to play in the supervision of the credit-granting and credit risk management task of the bank. Each bank is expected to come up should with a credit risk strategy, approach and plan that asserts the goals and principles guiding the bank's credit-granting activities and espouse the necessary guidelines and techniques for undertaking such activities (Kolapo et al.,2012).

Credit Risk Management System: The Nigerian Story
The late 1980s and early 1990s recorded an increase in the number of non-performing credit portfolios in banks and these greatly contributed to the financial distress in the banking sector. The existence of people known as predatory debtors whose mode of operation was assessing loan in a bank and abandoning payment but will go further to another bank to obtain another credit facility. Also, the use of status enquiries (status enquiries is a form of business courtesy in which a business is supposed to divulge information about a customer to the other business requiring such information) on a customer on bilateral basis between banks was dominated by some problems. In the case of banks, some did not respond to status enquiries or if they replied they do not give out useful information to the other bank requiring such information. In spite of the systemic weakness so recognized, many banks continued to provide fresh credit facilities to customers who already had hard core and unpaid debts with other banks and financial institutions. Dearth of information on credit has been a major impedance on the part of the regulators as with the information, the regulators can come up with a consistent document of credit granted to certain borrowers and companies linked to them. The need for a central database from which consolidated credit information on borrowers could be sourced became very necessary and important in view of all the problems facing credit management system in Nigeria listed above. of principal and interest), for assemblage and dissemination by way of status report to any interested party (i.e. operators or regulators) that may wish to explore status enquiry option. The Act made it mandatory for all financial institutions to render returns to the CRMS in respect of all their customers with total unsettled debit balance of N1,000,000.00 (One million naira) and above. CRMS also mandated banks to update these credits on monthly basis as well as make status enquiry on any intending borrower to determine their eligibility or otherwise. Sanctions are meted out on Banks for non-compliance with the provisions of the Act. Presently, technological advancement has led to the CRMS being web-enabled thus enabling banks and other stakeholders to key directly into the CRMS database for the purpose of effecting the statutory returns or accomplishing status enquiry on borrowers. Also, the CBN is in the process of integrating the CRMS with other systems operating in the bank to make it more efficient. The Regulator which in this case is the CBN will also have first-hand information on a customer's global debt profile thereby eliminating the erroneous classification of a customer's loan as performing in one bank and doubtful or lost in another bank.

1.
Strengthening the Credit Appraisal Procedures of Banks: This is achieved by generating accurate and reliable credit information on bank borrowers from a central database. With such information available, banks will be in a better position to appraise the repayment capabilities of customers seeking new or additional credit facilities from them. This will reduce or eliminate the granting of loans to customers who had no capacity to repay and/or already had non-performing and sometimes abandoned loans in other banks.

2.
Storage and dissemination of Credit Data: The Credit Bureau captures all credits of N1 million (principal and interest) and above from banks' monthly returns on all their customers. Banks are also required to provide all other relevant data on the facilities such as names of borrowers, directors of borrower companies, credit limit, outstanding amount, status of credit, securities pledged, etc. These data are collated in the CRMS database, which are made available to banks through credit status enquiry/report. The CBN Credit Bureau provides objective responses to status enquiries to promote a responsive borrowing culture. The customers who meet their obligations as contracted will consequently continue to have access to credit facilities, while delinquent customers are denied access to new facilities from other banks until they make good their outstanding delinquent credits.

3.
Monitoring of Over-Exposure to Borrowers: The consolidated credit information generated by the Credit Bureau will enable banks to identify borrowers who have contracted debts in excess of their repayment capabilities. Banks are thus put on notice to avoid putting their funds into areas or sectors that are already experiencing a lull or declining prospects. It will also assist banks in the evaluation of the viability or otherwise of proposals on loans from customers.

4.
Facilitating Consistent Classification of Credits: The Credit Bureau will facilitate regulators' consistent classification of credits granted to the same borrower(s) by different banks.

Disaster Recovery and Business Continuity
To ensure the continuation of a business in the event of a disaster occurring, a good Disaster Recovery Plan is important (Chandler & Wallace, 2004). This plan will provide an efficient solution that can be used to recover all vital business processes within the required time frame using vital records that are stored off-site. This Plan or strategy for business continuity is just one of several plans that will make available the best techniques or method to handle emergency situations. These plans can be applied individually but are fashioned in such a way that they complement one another. The most successful Disaster Recovery Strategy is one that will never be implemented; therefore, risk avoidance is a critical element in the disaster recovery process (Epure and Lafuente, 2012)). A Disaster Recovery Management System can be defined as the on-going process of planning, developing, testing and implementing Disaster Recovery management procedures and processes to ensure the efficient and effective resumption of vital business functions in the event of an unscheduled interruption. The Disaster Recovery Plan or strategy provides a state of readiness allowing prompt staff response after a disaster has occurred and also makes available effective and efficient recovery effort. Reducing the level of loss that will occur in a business after an important application experiences interruption, damage assessment, recovery of data and information that are important in the operation business, organised management of the recovery operation and quick response of technology personnel in an event of disaster should be the main aim of disaster recovery plan in order to ensure business continuity (Steinarcher, 2008). Response to disruption of service (be it for a short or long term) is the responsibility of any business. Every business has the responsibility to respond to any short or long term disruption of services. Businesses will be capable of restoring the availability of critical www.iiste.org ISSN 2224-5758 (Paper) ISSN 2224-896X (Online) Vol.9, No.9, 2019 applications in a well-organized and timely manner after a disaster occurrence by developing, documenting, testing as well as implementing this Disaster Recovery Plan. In order to accomplish these objectives, the technology area will depend on support from senior management, end users and staff departments. Disaster Recovery Plan activities are originated by a situation or disaster alert process. After discovery of an incident, technology management will be informed of a potential disaster at the computer centre. The Recovery Management Team will perform an assessment of the situation and determine if there is a need to declare a disaster and activate the Disaster Recovery Plan. When the Plan is activated, assigned recovery personnel will be alerted and directed to activate their recovery procedures (Botha and Solms, 2004).

Disaster Recovery and Business Continuity in the Banking Sector
As most bank security officers know, banks should make the safety of their employees paramount when developing disaster recovery plans. In the advent of a disaster, a bank's employees first and foremost concern will be the safety of families and personal property. Once necessities surrounding these two areas are provided, employees will focus on their employer and customers. For the employer, this may mean providing essentials such as food, shelter, and medical assistance, as well as counselling and information on recovery efforts. Business recovery operations encompasses the protection of the data centre of the establishment but incorporates all the components of the business. Recovery is a corporate wide undertaking. As devolution takes place in banking sector, regional operations centres and branch offices face greater risk or exposure to disaster. Bank workers such as customer service employees serving clients by telephone from remote locations must be part of the overall disaster recovery plan. All the components of the working environment which include office space, personal computer and other important office work tools and equipment must be incorporated in the recovery plan. Business recovery has progressed beyond just recovering computer systems to restoring and recreating business processes for business continuity. The outage of whole departments needs to be considered alongside how work and information will flow from one place to another or from department to department. These are pressing and important issues that need to be incorporated in the disaster recovery plan. When business continuity is at stake, delegation does not work. Senior management needs to be trained about disaster recovery so that they aid the process. If senior management is not dedicated to a disaster recovery process, chances for its success are poor. Once senior management has committed to fashioning out a disaster recovery plan, the first step is addressing where employees will move to in time of disaster. Banks often have the advantage of access to other facilities, including their own branches and regional operations centres, as well as alternate space that can be procured through their real-estate departments. The bank's recovery plan ought to include geographically independent relocation sites for each work-group. Data centre professionals may work in an urban area and be more willing to travel or relocate. The average employee in remote locations, however, may shuttle within an hour's radius of home and be less willing to travel. Recovery locations should be planned both for the data centre environment and satellite locations. An alternative available to banks is to subscribe to a recovery service company, which can offer alternate spaces and equipment. Some disaster recovery often has a "quick ship" sort of program that permits them to ship personal computers and related equipment to a selected recovery site within two days of the declared disaster. Disaster recovery plans should take into consideration any outsourced functions. Most banks out-source data-processing or specialized applications such as trust accounting, credit card operations, and automated teller machine applications. These functions need to be well-defined in a disasterrecovery plan. Most times, outsourced functions provide an untrue sense of security because management assume the contractor will take care of every facet of the product they provide as well as recovery planning -this is rarely obtainable as disaster recovery is not often addressed in the contract with consultants. The final component of a successful recovery planning effort is testing. A well-documented plan is no guarantee for a great execution of the plan -a bank's recovery plan is only as good as the results of coordinated tests. This testing shows readiness at all levels in the event of any adversity. Banking experience has shown that most of the problems arise during disasters occur in areas that have not been tested. The frequency of testing depends on your bank's size and rate of organizational change. Smaller banks may only test annually; larger banks might perform exercises two or three times a year or stretch a yearly test over several days. A complete test must include all stages of the recovery process especially one area overlooked by many banks' relocation back to internal operations. Organizations often try address steps that are likely to occur in the event of any crisis as well as possible outcomes as business processes relocate, but they tend to stop there. Banks are required to have well documented procedures of what will happen during the stage when processes go back into the bank. This comes with its own array of issues, so it's pertinent that banks experiment this phase -even if it's done only on paper. The accurate test, of course, comes during an actual disaster. In the event of a real disaster as well during testing of the disaster recovery process, recovery efforts should be properly documented by the banks also results should be evaluated and then plans can be revised or reviewed to address loop holes. During recovery solution assessment for banks, two key factors that influences banks' decisions are: 1. The recovery window -which simply means the period of time it will take the bank to get back to its feet if a disaster occurs AND 2. The loss that will be incurred by the bank from the point the disaster strikes to the point of disaster recovery. Banks have so much at stake and are usually ready and willing to invest in the most sophisticated and cutting edge solutions to minimize their risk and also trim down recovery window should a disaster occur. Banks can lose a lot of money if it experiences computer shutdown because it will take a long period of recovery and this could be damaging to business. Banks runs many important applications at the same time, therefore data recapture at the point of failure is very important to ensure that lost data are appropriately restored if possible. Electronic vaulting as a recovery solution is what is being adopted by many banks today as it is the fastest recovery process now obtainable in the information systems environment. This is a process that aids a bank maintain duplicate or identical data and systems at a recovery site. The bank exerts its discretion on the importance of data to be safeguarded. Remote shadowing and mirroring are the two technological components of electronic vaulting that helps a bank to duplicate information as it is created, transaction by transaction. The information so gathered concurrently conveyed through high speed fibre optic circuits to a remote site, effectively storing transactions at two locations. Information preserved at a second site can be assessed when a processing interruption occurs at the main site. Remote mirroring ensures that information critical in the smooth running of the banks are continually available. Electronic vaulting came into play as a result of banks embracing technological advancement. Employees should be involved in the disaster recovery plan, strategy and effort of the bank as this will help make sure that recovery process is well planned and executed based on the business need to provide a smooth recovery in the event of a disaster. Senior management should make sure that all employees know whom to contact in an emergency and an outline of what they can do to remain productive during the recovery period should be made available to them.

Implication of Credit Risk Management, Disaster Recovery and Business Continuity on Bank Performance
A bank undertaking a credit provision venture has some underlying rewards accruable to it (Taiwo et al, 2017). This reward is captured under a bank parlance known as ICE simply denoting Interest that the counterparty will pay on the loan sum, Commission paid by the counterparty and Extra cost and hidden charges the bank may charge on the loan sum.
1. Interest refers to a key factor, namely the overall interest cost to the customer. This will comprise two elements: firstly, the underlying cost of funds and, secondly, the margin. It is usually the case that, the higher the risk of a transaction, the greater the interest cost. Note that in bank terms this is simply an application of risk pricing. 2. Commissions refers to all other fees, such as commitment fees, payable to the bank for agreeing to provide a facility for a particular time period. 3. Extras relate to additional hidden costs, such as legal fees, associated with the provision of a loan. Total return to the bank will be the interest margin earned between what it can borrow at and the rate it lends less the extras associated with granting the loan (Nelson & Schwert, 2006). Sound credit risk management strategies enhance the confidence investors and savers has in a bank and this leads to growth in funds for loans and advances which also increases bank profitability. Credible borrowers are attracted to banks whose lending rate is moderate and Banks are to ensure that funds are allocated to borrowers with decent to high credit ratings. It is necessary to state that effective credit risk management allows the banks to source for capital internally from its profits instead of depending heavily on external borrowings and liabilities. To ensure the continued stay in the business of profit making by banks, strict sanctions should be meted out on conspicuous defaulters. Use of quality loan officers who are well schooled in the art of wooing potential borrowers and provision of attractive incentive packages to the borrowers by banks will also help in boosting the revenue generation drive of a bank. Judgment of loan officers with their level of loan recovery performance rather than with their lending targets helps to ensure that a bank does not record too many bad loans. The bank needs to adopt flexible repayment modes as this will help ensure easy repayment of loans by the counterparty. In the event of a disaster that affects the database of a bank, the Business Continuity Plan for systems and communications infrastructure will be invoked with inbound calls being diverted and key production systems reverting to the alternate site that has been so designed for the purpose making it possible for all important applications to be accessed at the alternate site from restored systems or through data centres if applicable. For services provided by third parties such as the central bank, staff may be able to Information and Knowledge Management www.iiste.org ISSN 2224-5758 (Paper) ISSN 2224-896X (Online) Vol.9, No.9, 2019 relocate to third party premises to work from designated systems. Business activities at the alternate site should be reduced to essential activities and then less important functions should be temporarily suspended. If the impact of the disaster is very severe to warrant a prolonged period away from the primary site (generally exceeding two weeks), business activity may be intensified since a prolonged period at survival level operations could aggravate the impact of the incident, affect the ability of the bank to maintain core activities, processes, and systems, and cause unnecessary stress for staff. This includes actions taken to salvage, restore or replace damaged or lost property, facilities and services at the primary site and the process of continuity business at the initial site.

Conclusion
The main concern of banks is to extend credits to their clients. Thus, the creation and execution of sound lending policies are some of important responsibilities of the directors and senior management of banks. If a bank is to implement its credit formulation function appropriately, there must be a well-articulated lending policy by the bank. A bank's lending policy must be specific in regard to how much of loans will be made to whom, when, for what period and for what purpose and the repayment plan and this should be properly documented and made available to lending officers so that they know the area of exclusion and the areas where they can operate. Even when the policies are recognised and well documented, it must be subject to constant review to enable the bank keep up with dynamic nature of the economy and also be able to compete efficiently with other banks in the system. As credit risk management principles demands, it is not right to allow the directors to extend or review loans to customers of the bank. This is because they are not specialists (except executive directors), as they are not specialist they tend to over emphasize on the enormousness of the collaterals pledged as the only basis of extending credit and most times their social relationships with the borrower might weigh up heavily in their decision making process. It is against this background that the responsibility for lending should be delegated to loan officers or credit analyst to limit the event of credit default. Credit review is another important or crucial process which a bank must put into consideration before lending to their clients. This is important because it will go a long way in ensuring that the lending officers have all the important information about a potential borrower so as to reduce credit risk. This credit review should be done by accredit review department using the information available about a borrower to ascertain the borrowers credit worthiness. At the inception of the credit, repayment mode must form part of the loan provision document approved by the bank and agreed on by both parties as this will ensure that the counter party does not default and cause a strain in the relationship the has with the bank. A good disaster recovery plan will help ensure business continuity in the event of a disaster. Every bank and other businesses are confronted with varied disasters and banks that have fashioned, maintained and tested out their disaster recovery plan will succeed if a disaster occurs. A fundamental premise of successful contingency planning by banks is that plans are developed by those who must actually carry them out in the event of an actual disaster and also extend the knowledge of what to do in the event of a disaster to people who are actually not part of the formulation process. All banks should have a hot site or alternate site where all its critical data can be assessed in the event of a disaster to ensure that business continues in the bank. it is important that the banks have business operation critical tools readily available at the alternate site and it must be the same or almost the same as that obtainable in the primary site to cater for the same level of business volume as that which goes on in the primary site. Banks can adopt the use of tape or CDs to duplicate key business data and this should be kept safely at both the primary site and the alternate or secondary site. Bank directors and Senior management should pay more attention to fashioning of disaster recovery plan and provision of all the necessary assistance needed for the planning of the recovery process for their establishment if they hope to continue business operation in the wake of a disaster. Bank staff needs to be educated on what actually disaster recovery plan is all about and this could be achieved if they (the bank staff) are carried along in the disaster recovery planning and also be given list of those to contact in the event of a disaster. Planners of bank disaster recovery plan should make sure that the point or place chosen as the secondary or alternate site where bank operations will be carried out should a disaster occur should be located in a separate geographical area far away from the primary site. Business needs and actual scenarios of disaster should be used in fashioning out disaster recovery plan not just to merely comply with regulatory guidelines. Shut down or interruption in computer or IT services in a bank is also a disaster that a bank needs to fashion out ways to wade through this unforeseen circumstance.

Measures Banks should Employ to Ensure Business Continuity Amidst Credit Risk and Disaster
1. Commercial banks risk management departments where available should be more prudent in identifying and evaluating risks so as to enhance growth and profitability of financial institutions. 2. Effective control measures should be taken also by the risk management department of the banking sector to avoid bankruptcy.