behind basel ii - cir magazine accenture, mercer oliver wyman and software giant sap estimates that...

www.cirmagazine.com CIR May 2005 39

REGULATORY RISK SUPPLEMENT > FINANCIAL SECTOR RISK

systems and overall efficiency andresilience, to strengthening the stability of the financial market as awhole. However, non-compliance hasserious penalties.”

But even with a thoroughunderstanding of the framework, thereare further hurdles to be cleared. Therules, for example, require banks totake a wider view of risk by includingoperational risk as a factor indetermining capital requirements. Thelower the operational risk, the lowerthe capital requirements. “The primaryreason the new regulatory regime isdifferent is that, for the first time,banks that take Basel II to the moreadvanced approaches will be allowed touse their own data and experience ofactual losses as the basis forcalculating their credit and operationalrisk capital,” says Richard Hammell,head of business intelligence atconsultants, Deloitte.

The scope of operational risks underBasel II are huge, covering internal andexternal fraud; employment practiceand workplace safety; businessdisruption and system failures; andexecution, disruption and systemfailures. That means banks will berequired to account for every kind ofthreat in their capital requirementassessments, from an untrustworthyemployee processing credit cardapplications in a fraudulent manner tothe effects of a major terrorist attack.

In order to face that challenge, banksneed to be very sure about the sourceand quality of their data if reliablecalculations are to be achieved. Inshort, they need to understand how toidentify the correct data, integrate andmanage that data and carry outsophisticated analysis in order to createthe reports necessary for compliancewith Basel II.

This involves a tricky and expensivethird hurdle: the requirement for hugeinvestments in IT systems to handleBasel II. A mid-2004 survey fromconsultants Accenture, Mercer OliverWyman and software giant SAPestimates that banks with assets worthless than $100 billion can expect to payup to €50 million for their Basel IIprogram. For banks with assets of

more than $100 billion, the price tag isexpected to be even higher, with the topone-third of banks looking at a finalBasel II bill approaching €100 millioneach.

“The precise impact of Basel II on abank’s internal systems and processesis directly correlated to the systemsand processes in place already.However, it is likely that many bankswill find it challenging to retrieve andprocess appropriately the data requiredto comply with Basel II requirements,”says Jost Hoppermann, an analyst with IT market research companyForrester Research.

The major focus of work for the ITdepartment, he says, will be in theareas of data modelling and datacleansing, as well as establishing Basel II-specific databases or datawarehouses, and systems integrationand improvements to systems andapplications availability and scalability.These efforts, moveover, will need to besupplemented by the implementationof applications and tools for riskmodeling and reporting.

The Banque Populaire Group –France’s sixth largest bank – faced thechallenge in meeting Basel IIcompliance by building an entirely newIT architecture and developing newapplications to meet the requirementsof Basel II. That was because thedecentralised structure of the group’s23 retail banks and its 2,500 branchesran on six different IT platforms,making integration of data a difficult process.

But few banks have been asambitious or as comprehensive in theirapproach as Banque Populaire - andthe results are clear. A recent study byKPMG of 294 banks in 38 countriesrevealed that many banks are fallingbehind schedule on their projects toprepare for Basel II, with 10 per cent ofbanks worldwide still establishing theirBasel teams in 2004, and around half ofbanks still only in the pre-study orassessment phase.

There are plenty of other reasons forthat. These, says Mike O’Connor, alawyer at city legal firm Bird & Bird,include include “lack of time, lack ofdata for operational losses, inflexibility

of existing IT systems and a shortage of Basel experts.”

But time is running out, saysO’Connor: “Data capture, whichenables operational risk factors to beidentified and analysed, needed to befully operational by the end of 2004 ifthe target for implementation at theend of 2006 is to be met. If Basel IItakes effect at the start of 2007, two fullyears’ data will be required,” he says.Clearly, for many companies in thehard-pressed financial servicesindustry, Basel II will be a race to the finish.

The New Basel Capital Accord, or BaselII, is due to take effect during 2006 andwill set demanding new standards onfinancial institutions, and their systemsand processes, with the aim of ensuringthat they can more confidently managecredit and commercial and operationalrisk.

The proposals utilise the 'three pillar'system used in Basel I, which has beenin effect between 1992 and 2005:

PILLAR 1: CAPITAL REQUIREMENTSThis pillar covers the calculation ofminimum capital requirements forcredit, market and operational risk. Anew floor of 8% - down from 20% - hasbeen established.

PILLAR 2: SUPERVISORY REVIEWLargely relating to developing a globallyconsistent supervisory process, thispillar refers to the key principles ofsupervisory review, risk managementguidance and supervisory transparencyand accountability with respect tobanking risks. It includes the termsrelating to the treatment of interest raterisk in the banking book, operational riskand aspects of credit risk (stress testing,definition of default, residual risk, creditconcentration risk and securitisation).

PILLAR 3: MARKET DISCIPLINEThis pillar covers the introduction ofdisclosure requirements for banks usingthe New Accord. Supervisors have anarray of measures that they can use torequire banks to make such disclosures.Some of these disclosures will bequalifying criteria for the use ofparticular methodologies or therecognition of particular instrumentsand transactions.

REGULATORY RISK SUPPLEMENT > FINANCIAL SECTOR RISK

www.cirmagazine.com38 CIR May 2005

or banks worldwide,implementing the NewBasel Capital Accord (or"Basel II”) is likely to be a

long, drawn-out affair. Even JaimeCaruana, chairman of the BaselCommittee on Banking Supervisionand the central bank governorresponsible for the Basel II project,admitted as much at a recentconference held at the London Schoolof Economics. Getting to grips withBasel II, he said, would be “asdifficult and as important” as drawingup the Accord had been – and that, byall accounts, was a five-year battle asfinancial industry leaders squabbled

over revisions and amendments. The end result of that battle,

however, is a demanding butcomprehensive regulatoryframework for the bankingsector, focused on severalaspects of risk and capitaladequacy. Its aim is toregulate the way thatfinancial institutionsaccount for risk and thusavoid a repeat of theBritish & Commonwealth,Barings Bank, BCCI andother major scandals that

littered the banking industryin the 1980s and 1990s.The guiding principles of

Basel II basically emphasise theneed for capital to be more

closely aligned to risk – at anoperational and credit level – and to

encourage banks to improve theirrisk management processes.

There is nothing intrinsically newabout that. Minimum capitalrequirements for banks around theglobe were established as far back as1988, when the G10 central banks agreed on the original BaselCapital Accord.

But since then, much has changed.Throughout the 1990s banksintroduced automated technologies inthe form of global systems that, in

turn, created global – rather than local– risks. The emergence of ecommerceand the Internet, moreover, increasedthe potential for misuse and fraud.Systems integration problems arosefollowing large-scale mergers andburgeoning transaction rates andvolumes rapidly concentrated risksand increased the scale of potentiallosses.

These developments made theexisting Basel framework almostobsolete, say experts. Basel II, bycontrast, attempts to address theseshortcomings by fundamentallychanging the rules about theproportion of a bank’s capital assets

that must be set aside in caseunexpected payments need to be made– for example, if a company defaults ona major loan. While historically thatproportion might have been 20 percent or more, Basel II offers areduction to as little as 8 per cent – aslong as the bank can prove it complieswith a new set of rules.

Appealing prospectReduced capital requirements areextremely attractive to all banks, ofcourse, but many face therequirements placed upon them byBasel II with understandabletrepidation.

The first hurdle is understandingthose requirements and there is plentyof evidence to suggest that, for many,this is proving problematic. Accordingto new research commissioned by PCmanufacturer Dell, over two-thirds (67per cent) of financial servicescompanies are not fully confident thatthey are complying with the legislation.In particular, three-quarters admittedthey were not aware, or had sketchyknowledge, of Basel II.

That is a pity in light of theoperational efficiencies to be gained,says Steve Lewis, enterprise systemsdirector of Dell UK: “Basel II will bringmany benefits to banks – fromimproving their risk management

Avoiding a repeat

of the collapse of

the BCCI and

Barings Bank

requires tough risk

management. Jessica

Twentyman finds out

how it’s being done

Behind Basel II

F