As investors around the world cope with the fallout of the sub-prime mortgage crisis in the United States, financial institutions are getting a stern regulatory reminder of the importance of monitoring operational and credit risk, via the implementation of Basel II.
Named after the Swiss city where it was hatched, Basel II spells out three pillars of risk management for financial companies: establishing minimum capital reserves to offset financial risk; creating a system of supervisory review; and maintaining market discipline to promote greater stability in the world financial system.
Basel II is the successor to a 1988 agreement simply known as the Basel Accords, which only dealt with parts of each pillar. Under the first Basel Accord, for example, only credit risk was deeply analyzed; Basel II expands that to address operational risks.
Gunderson
“Basel II is an attempt at codifying in regulation desired risk management practices and reflects the changes that have occurred in bank risk and risk management since the original Basel accord,” says Cory Gunderson, a managing director at risk consulting firm Protiviti.
U.S. regulators published their final rules for Basel II implementation last month. The rules require qualified banks to adopt the “advanced” approaches for determining capital reserves for credit, market, and operational risks. They go into effect as of April 1, but banks can only do “parallel runs” (that is, demonstrate that they can comply) in 2008. 2009 will be the first year banks must calculate capital reserves under the new rules. That being said, the largest and most internationally active U.S. banks have been working for years to prepare their internal systems, processes, models, and practices to meet the minimum standards of the advanced approaches of Basel II.
The updated accord gives banks the option of using either formula-based or model-driven approaches to calculate their capital reserve levels. It also establishes requirements for sound risk-management practices and appropriate levels of risk infrastructure, so that the capital reserves dictated by the banks’ internal models are adequately supported by the institutions’ risk-management abilities, says Shyam Venkat, a partner and risk-management specialist at PricewaterhouseCoopers.
Liegel
For example, under the old Basel accord, fixed-income investments were generally seen as less risky than equity investments and, therefore, required less capital coverage. Under Basel II, that is no longer the case; the financial industry can be more strategic in how it rates instruments. That means investments in a treasury bill from a developing country such as, say, Ecuador, would no longer rate higher than a common share of General Electric—which is widely considered to be a safer investment than Third World treasury bonds even though it is a stock, says Andrew Liegel of the software firm FRSGlobal, which offers risk-management solutions.
“What a lot of institutions are hoping is that if they do go in and use the metrics that Basel II is putting out there, it will allow them to reduce the regulatory capital that they set aside,” Liegel says. “They don’t have to have billions sitting in a non-revenue-generating account. They can put the capital to work to generate revenue for the firm, or put it into research and development.”
Venkat says the collapse of the sub-prime mortgage market and the subsequent liquidity crunch demonstrate how the confluence of credit, market, and liquidity risks can occur. That, in turn, underscores the need for the robust risk modeling and scenario analysis that Basel II requires.
Venkat
The market is in its current plight precisely because investors made multiple assumptions about the correlated behavior of different sectors of the market and different types of financial instruments—which fell apart once the sub-prime mortgage industry soured, Venkat says.
“What we will see going forward is a rethinking of valuation and risk models and an attempt to look through more clearly to whether the fundamental credit risks are being captured in the models that are used to value and manage the risks of these complex structures,” Venkat says. “Even if Basel II had not been on the horizon, firms would have been forced to do this as a result of the market events that have played out.”
BASEL II
Below is an excerpt of a Federal Reserve memo outlining the basic requirements of Basel II for U.S. banks.
The draft final rule maintains the existing risk-based capital rules’ (referred to as the general risk-based capital rules) minimum tier 1 risk-based capital ratio of 4.0 percent and total risk-based capital ratio of 8.0 percent. The components of tier 1 and total capital in the draft final rule are generally the same as in the general risk-based capital rules, although some adjustments have been made for purposes of the advanced approaches. Under the draft final rule, a banking organization must meet specified infrastructure and risk measurement and management requirements before it may use the advanced approaches to determine its risk-based capital requirements.
Under the advanced approaches, a banking organization calculates its risk-based capital requirements by first identifying whether each of its on- and off-balance sheet exposures is a wholesale, retail, securitization, or equity exposure. Wholesale exposures include most credit exposures to companies, sovereigns, and other governmental entities. For each wholesale exposure, a banking organization must assign four quantitative risk parameters: (i) probability of default (PD, which is an estimate of the probability that the exposure’s obligor will default over a one-year horizon); (ii) loss given default (LGD, which is an estimate of the economic loss rate on the exposure if a default occurs during economic downturn conditions); (iii) exposure at default (EAD, which is an estimate of the amount owed to the banking organization on the exposure at the time of default); and (iv) maturity (M, which reflects the effective remaining maturity of the exposure). Banking organizations may factor into their wholesale risk parameter estimates the risk mitigating impact of collateral, and of credit derivatives and guarantees that meet certain criteria. Banking organizations must input their risk parameter estimates for each wholesale exposure into the appropriate wholesale IRB risk-based capital formula to determine the risk-based capital requirement for the exposure …
Equity exposures generally include ownership interests in the assets and income of a company. Under the draft final rule, banking organizations may use an Internal Models Approach (IMA) for determining risk-based capital requirements for equity exposures, subject to certain qualifying criteria and risk weight floors. If a banking organization does not have a qualifying internal model for equity exposures or chooses not to use such a model, it must use the Simple Risk Weight Approach (SRWA). Under the SRWA, publicly traded equity exposures generally are assigned a 300 percent risk weight and private equity exposures generally are assigned a 400 percent risk weight. Certain equity exposures, such as Federal Reserve stock, Federal Home Loan Bank stock, and community development equity investments, are subject to a zero to 100 percent risk weight.
Operational risk is generally defined as the risk of loss resulting from inadequate or failed internal processes, people, and systems or from external events (including legal risk but excluding strategic and reputational risk). For operational risk, the draft final rule requires a banking organization to develop qualifying AMA systems and to use its own methodology to identify operational loss events, measure its exposure to operational risk, and assess a risk-based capital requirement for that risk. A banking organization may take eligible operational risk offsets and qualifying operational risk mitigants (such as insurance) into account when determining its operational risk capital requirement.
Source
Federal Reserve Bank (Oct. 26, 2007).
Different countries can implement Basel II in different ways, partly because there are multiple approaches a financial institution can take to measure credit and operational risk, Gunderson says. Basel II only offers broad guidelines and a variety of options for how a model can be created, which gives financial institutions flexibility and encourages continued innovation to improve risk-management processes, he says.
“Basel II requires firms to make sure that one’s risk and valuation models are predicated upon a very sound set of assumptions and a robust set of data and also that they are constantly identifying and stressing the vulnerabilities of the models with respect to these assumptions,” Venkat says.
Putting It Into Practice
In the U.S., banks are required to file two reports, known as “FFIEC 101” and “FFIEC 102,” on a quarterly basis to a consortium of regulators known as the Federal Financial Institutions Examination Council.
Both reports offer different schedules that examine the credit worthiness and risk of a bank’s portfolios, both for the retail and wholesale markets. Report 101 focuses mainly on credit and operational risk, while Report 102 focuses on the market risk.
While the FFIEC includes regulators ranging from the Federal Depositors Insurance Corp. to the Office of the Comptroller of the Currency, the agency exerting the most influence over the banks that report to it is the Federal Reserve, Liegel says. (The Securities and Exchange Commission plays no role in Basel II, he adds.)
U.S. banking regulators decided to implement only the advanced approaches of Basel II and make it mandatory for only the largest, internationally active banks: JPMorgan, Wachovia, Citibank, and the like. While the mathematical formulas required under the advanced approaches are complex, the decision to use them reflects today’s sophisticated risk-management practices—and largely are in line with what the banks are already doing anyway.
“Regulators want to make sure that the adoption of a new capital framework reflects current industry practices,” Gunderson says. “As risk-management practices evolve, banks can adopt those and still stay within the spirit of the accord.”
The requirements of Basel II will lead companies to focus hard on the quality of their data and the implementation of internal controls surrounding that. Banks tend to have multiple, and disparate, systems that capture data in similar, but not identical, ways—the result of years of mergers and acquisitions, as well as advances in technology. Achieving a “clean” data-stream requires a lot of reconciliation.
“What Basel II has forced institutions to do is think about data all the way down to the origination level,” Gunderson said. “They are having to look at and understand the processes that create data and that the framework being designed almost immediately makes sure that new data and original information as it comes in is being captured accurately.”
Basel II also should lead to tighter coordination in the management of risk and data systems. While a bank’s chief risk officer will typically oversee the measurement and methodology processes used in analyzing risk levels and establishing capital requirements, he will need to work closely with other departments to achieve his objectives, including legal and compliance, finance, and information technology.
Banks also have to offer more detailed disclosure of their risk-management systems and oversight to comply with Basel II, a practice that may influence other companies in other industries to follow suit even though they aren’t bound by the accord.
“If you have an event that affects disclosure in one industry, you can expect a trickle-down effect to other industries,” Gunderson said. “Analysts will look at a practice and say to other companies, ‘Why don’t you adopt some of this?’”
Standard & Poor’s has already put out for public comment a proposal to incorporate enterprise risk management information into the evaluation of non-financial companies. “Historically, ratings agencies have looked at banks as leaders in risk management and are looking to apply and adopt those practices to non-financial firms as appropriate,” Gunderson said.
No comments yet