1 international association of deposit insurers (iadi) managing risk more effectively through an...
TRANSCRIPT
1
International Association of Deposit Insurers (IADI)
Managing risk more effectively through an entreprise risk management system
The perspective of the French Banking Commission
Danièle NOUY, Secretary General of the Commission bancaire
2
Introduction
Recent corporate scandals have highlighted the crucial role of effective risk management and corporate governance.
As a result, Basel II -and all other recent banking rules- are committed to enhance financial stability and banking systems resilience by promoting good risk management and governance, this means:
A comprehensive, enterprise-wide assessment of risk;Sophisticated, sensitive, tools to measure risk;Strong risk management and internal controls;Enhanced transparency.
We are confident that Basel II is not just a quantitative capital requirement but will fundamentally change the approach to risk and capital management.
3
Outline
1. Risk management, is a key element of banking supervision1.1 Principles of internal control,1.2 Rationale behind Basel II,1.3 Basel II: a comprehensive approach to risk management covering
both financial and non financial risks. 2. Basel II calls for high quality, comprehensive risk management
systems2.1 Criteria for the IRB approach (credit risk) and the « use test »,2.2 Criteria for AMA (operational risk),2.3 Impact of Pillar II and pillar III in terms of risk management.
3. Current issues and challenges3.1 Cross-border issues raised by Basel II implementation,3.2 Specific issues regarding the implementation of AMA for operational
risks.
4
1. Risk management, at the core of banking supervision
The Commission bancaire and the Basel Committee have for long stressed the importance of sensible, adequate and proactive risk management:
1.1 By developing strong internal control principles, 1.2 By defining risk management objectives for Basel II, 1.3 By making use of Basel II to promote a comprehensive, sophisticated
approach to risk management.
5
In France, the February 1997 regulation related to internal control Banks must set up adequate internal control systems (operations and
procedures, accounting and information processing systems, etc.).
The Basel Committee Core Principles for Effective Banking Supervision, in September 1997 : Principle 14 : « Banking supervisors must determine that banks have in
place internal controls that are adequate for the nature and scale of their business ».
A « Framework for internal control systems in banking organisation », Basel Committee, in September 1998: A system of strong internal controls can help to ensure that the goals and
objectives of a banking organisation will be met, that the bank will achieve long term profitability targets and maintain reliable financial and managerial reporting.
1.1 Internal control principles
6
1.2 Rationale behind Basel II
This was needed because existing rules had been overtaken by the pace of innovation in the banking systems Evolution of banks (more and more large and complex institutions with
increasing cross-border activities), as well as markets and techniques (securitisation, credit derivatives,…);
Need for more sophisticated risk measurement, management and mitigation.
Basel II offers incentives for banks to adopt better risk and capital management Banks are invited to manage their risks appropriately and consistently by
making use of the best tools and practices available Economic incentives for banks to adopt more sophisticated approaches;
Banks should hold adequate levels of capital and so be able to withstand periods of financial distress Capital requirements more risk-sensitive, more closely tailored to banks’ practices.
7
A d va n ce d IR BIR B A
F o u nd a tion IR BIR B F
S ta nd a rd ized ap p ro a chS A
C re dit r isk
A d van cedM e asu rem e nt
A p p ro a chA M A
S ta nd a rd ized ap p ro a chT S A
B a sic In d icato r A pp ro a chB IA
O p e ra tio na l r isk
In tern a l m o d el a pp roa chV a R
S ta nd a rd ized Ap p ro a ch
M a rke t r isk
R isk-w e ig hte d asse ts D e fin itio n o f o w n fu n ds
M in im u m ca p ita l re q u ire m e n ts
N o n fin a nc ia l r isks
F in an c ia l r isks
S u p erv isory re v ie w p roce ss M a rke t d isc ip line
3 P illa rs
Unchanged
1.3 Basel II, a comprehensive framework
8
1.3… with elements to enhance risk management in each Pillar...
Pillar I Measurement of risk Quantitative but also qualitative requirements to be eligible to the IRB
(credit risk) and AMA (operational risk) approaches; Advanced approaches must be fully integrated in the bank’s culture
and risk management (use test).
Pillar II Sophisticated tools to measure, cover, manage risk
Demand for sound and comprehensive internal assessment of risk and capital adequacy
Pillar III Transparency For each risk area (e.g. credit, market, operational, banking book
interest rate risk…) banks must describe their risk management objectives and policies, (including strategies and processes) the structure and organisation of the risk management function, the scope and nature of risk reporting, etc.
9
REPUTATIONAL
STRATEGIC
OPERATIONAL
ENDOGENOUSEXOGENOUS
PROCESS SYSTEMSHUMAN FACTOR
EXT. EVENTS
RISKS
LIQUIDITY CREDIT MARKET OTHERS
INTEREST RATE IN THE BB
COMPLIANCE
OTHERS...
Financial risksNon financial risks
PILLAR 1 PILLAR 2
1.3 …For both financial and non financial risks
10
2. Basel II calls for a comprehensive risk management system
The underlying philosophy of the New Capital Accord
The three pillars together are intended to achieve a level of capital commensurate with a bank’s overall risk profile;
There is a correlation between required capital and effectiveness of a bank’s risk management/risk profile;
But increased capital is not the only way to effectively addressing an increase in risks; Pillar 2 offers different ways of addressing the possible shortcomings, for example: Emphasis on banks’own assessment of their capital needs, Compliance with certain pillar 1 requirements related to: IRB
methodologies, credit risk mitigation techniques, etc. Supervisory treatment of outliers for interest rate risk, management of
collateral (former W factor) concentration, etc.
11
Evolutionary approaches : capital incentives to move to more advanced approaches with increasingly demanding management standards
Sta
nd
ardi
sed
Ap
pro
ach
Fo
und
atio
n I
RB
A
ppr
oa
ch
Ad
van
ced
IRB
Ap
pro
ach
Cre
dit
risk
mo
de
llin
g ?
10% 9.75% (- 2.5 %) 9.5% (- 5 %) ?
2.1 Credit Risk IRB approach
12
IRB approach - adoption process
IRBApproach
All exposure classes
Elements of advanced approach
Cor
pora
te
Ret
ail
Equ
ity
All units (subsidiaries,branches)
LGD
EA
D
13
The IRB approach is an entreprise-wide project.
For a banking group, implementation of an IRB approach across all asset classes and business units at the same time is challenging;
Supervisors may allow banks to adopt a phased rollout within a reasonably short time :
adoption of IRB across asset classes within the same business unit;adoption of IRB across business units within the same banking group;move from the foundation approach to the advanced approach.
IRB approach - an entreprise-wide project
14
IRB - Quantitative and qualitative requirements
To be eligible for an IRB approach, a bank must meet a set of minimum requirements;
IRB systems must notably:
be approved by the board of directors, ...and internal ratings must be an essential part of the reporting to directors;
provide meaningful differentiation of credit risk (for example a minimum of 7 to 9 borrower grades for non-defaulted borrowers and of 1 or 2 borrower grade(s) for defaulted borrowers);
Data sources used by banks must be suitably rich and robust; Ratings should be subject to independent review and, more importantly,
The IRB approach/the ratings must be an integral part of the bank’s culture and management (“The use test”).
15
IRB - The “use test” criteria
The « use test » criteria, which is pretty similar to the « managerial approach » used by the accountants (IASB for IAS), is the most important requirement for the IRB approach.
Internal ratings as well as default and loss estimates and all other parameters must play an essential role in the credit policy of banks using the IRB approach: credit approvals, credit risk management, provisioning and internal capital allocations. This means that it should not be: designed and implemented exclusively for the purpose of qualifying
for the IRB approach, used only to provide IRB inputs.
…Even if banks are making use of supplementary parameters in their on-going management and hedging of credit risk.
16
2.2 Operational risk AMA
In line with the approach to credit risk and market risk, several options are offered to calculate minimum capital requirements for operational risk.
It is an evolutionary approach offering capital incentives to move to the most advanced approaches (AMA).
Basic Indicator Approach (BIA)
The Standardised Approach (SA)
Advanced Measurement
Approach (AMA)
Increasing management standard
Increasing capital charges
17
Operational risk - AMA
Like for credit risk, capital charges are generated by banks ’ internal operational risk models provided that these models meet strong quantitative and qualitative requirements.
The model must incorporate the following quantitative criteria : Internal data a minimum of 5-year observation period (3-year
historical data window acceptable in 2006); External data it should use relevant external data (for benchmarking
and qualitative adjustments, etc.); Scenario analysis expert opinion should be used to evaluate
exposure to low probability / high severity events; Business environment and internal control factors must be
retained as key factors reflecting the quality of risk management practices.
18
Operational risk - AMA
The qualitative criteria focus on: An independent operational risk management function, Integration into the day-to-day risk management processes, Regular reporting (business units management, senior
management, board of directors), Compliance with internal policies, regular controls and adequate
procedures concerning the operational risk system, An internal/external review of the operational management
processes and measurement systems, A validation by supervisory authorities.
19
To demonstrate that they have the necessary operational risk culture, banks should comply with, and supervisors should focus on:
the principles set up in the BCBS paper on « Sound Practices for the Management and Supervision of Operational Risk » (February 2003).
« Sound Practices for the Management and Supervision of Operational Risk »
20
« Sound Practices for the Management and Supervision of Operational Risk »
1. The principles relating to the risk management process of banks are the following:
Involvement of the board of directors, Effective and comprehensive internal audit, Responsibility of the senior management for implementing the
operational risk management policy approved by the board of directors, Identification of the operational risk inherent in all material products,
activities, processes and systems, Implementation of a process to regularly monitor operational risk profiles
and material exposure to losses, Definition of policies, processes and procedures to control or mitigate
material operational risks, Definition of contingency and business continuity plans? Sufficient public disclosure, etc.
21
« Sound Practices for the Management and Supervision of Operational Risk »
2. Regarding the role of bank supervisors, they should: Require that all banks have an effective framework in place to
identify, assess, monitor and control or mitigate material operational risks as part of an overall approach to risk management;
Conduct, directly or indirectly, regular independent evaluation of a bank’s policies, procedures and practices related to operational risks.
22
2.3 Pillar 2 - Supervisory review process
Pillar 2 has been for long the less-commented part of the Accord, but it is seen now as the most challenging part of the New Accord. It is intended :
to achieve a level of capital commensurate with a bank’s overall risk profile; to encourage banks to develop and use better risk management techniques
in monitoring and managing their risks. Supervisors will have to find the right balance between a possible
increase in the capital charge and the use of other means for addressing risks, such as : strengthening risk management, applying internal/ external limits on certain activities, improving internal controls.
23
Pillar 2 - Supervisory review process
Pillar 2 is based on four principles :
1. Banks' own assessment of capital adequacy. It is of crucial importance in terms of risks management: "Banks should have a process for assessing their overall capital adequacy in relation to their risk profile and a strategy for maintaining their capital levels”,
2. Supervisory review process, 3. Capital above regulatory minima, 4. Supervisory intervention.
The BCBS 15 January 2004 press release clarified the respective roles of pillar 1 and pillar 2: Pillar 2 is not intended to lead to automatic capital add-ons for each
specific risk identified; Banks should evaluate their own capital adequacy in light of all risks
they face, not just those mentioned in Pillar 1.
24
2.3 Pillar 3 - Market discipline
Pillar 3 is based on the same philosophy. It is intended to provide investors with reliable and timely information to understand a bank’s risk profile. and therefore enhance the role of market participants in encouraging banks to hold adequate levels of capital and manage their risks properly.
Quite naturally, more demanding disclosure is required from banks willing to make use of the most sophisticated methodologies: the internal ratings-based approach for credit risk and the AMAs for operational risk.
This supplementary qualitative and quantitative disclosure focus on the internal methodologies and the key inputs of the selected approaches, such as information about the structure of the internal rating systems, PD, LGD assumptions, etc.
25
3. Current issues and challenges
To deliver an effective and consistent cross-border implementation of Basel II is a significant challenge. More risk focussed supervision demands extra resources and implies more intensive
supervisory efforts, The increased technical complexity of risk based supervision and the inclusion of more
qualitative standards change the way in which supervisors conduct their work, The New Accord enhances the need for dissemination of the best supervisory practices
around the world, BC members are committed to exchange information on the status of implementation, and
the exercise of national discretion, where it is used, Regarding pillar 2, the industry is especially, but not exclusively, concerned about level
playing field.
26
3.1 Implementation - cross-border issues
The Accord Implementation Group (AIG) has been working for some time to deliver guidance on cross-border implementation of Basel II.
It makes use of case studies designed to gain a better sense of the practical aspects of cross-border implementation.
It has been mainly dealing with : A common understanding of the concept of « supervisory
review »; The development of common methodologies for validating the IRB
(credit risk) and AMA (operational risk) approaches under pillar 1; The share of tasks and responsibilities of home and host
supervisors.
27
3.1 Implementation - cross-border issues
The AIG has published in August 2003 a set of “High-level principles for the cross-border implementation of the New Accord”.
These principles are similar to those existing in the EU framework for consolidated supervision (and are a more detailed and up-to-date version of the BCBS Concordat): Responsibility of the home country supervisor for consolidated
supervision; Responsibility of the host country supervisor for supervision on
an individual or sub-consolidated basis; Mutual recognition and/or closer cooperation between home
country supervisor and host country supervisors.
28
3.2 Cross-border AMA implementation
Operational risk raises some specific cross-border issues. The « Principles for the home/host recognition of AMA
operational risk capital» (January 2004) state that the management of operational risk must be conducted at each level of a banking group.
The board and senior management, at each level of a banking organisation, have an obligation to :
understand the operational risk profile of the entity;ensure that risks are managed appropriately; andensure that the capital held in the specific entity, to cover
operational risk is adequate. As each banking subsidiary within the group must be adequately
capitalized on a stand-alone basis.
29
3.2 Cross-border AMA implementation
The challenge is to find the right balance between sensitivity -the need for adequate and properly allocated capital- and simplicity/practicality -the need for workable principles to govern the relationships between the home and host jurisdictions-.
As a result, introduction of an « hybrid » approach for AMA banks: subject to supervisory approval, banking groups would be permitted to use stand-alone AMA calculations for significant internationally active banking subsidiaries.
In calculating stand-alone requirements, significant internationally active bank subsidiaries may incorporate estimate of diversification benefits of their own operations (but may not take advantage of group-wide diversification benefits).
30
Conclusion
Basel II will offer proper incentives for banks to manage their risks more effectively.
Considered jointly, the three pillars will renew the emphasis on excellence in risk management and corporate governance.
Promoting coordination and consistency between supervisors will provide banks with better certainty about the new rules so that they continue to improve their risk management systems.
The new accord will be of great benefit to banks with first-class risk management systems.