The new basel accord: stepping up to the challenge

The new basel accord: stepping up to the challenge

The new basel accord: stepping up to the challenge

Denzil StirkDenzil Stirk is a director in Arthur Andersen's Risk Consulting practice. Stirk specialises in credit risk and Rew in operational risk. Readers will recall Stirk's introduction to the Basel issues in our issue of Balance Sheet, Vol. 8 No. 6, 2000.

Paul RewPaul Rew is a director in Arthur Andersen's Risk Consulting practice. Stirk specialises in credit risk and Rew in operational risk. Readers will recall Stirk's introduction to the Basel issues in our issue of Balance Sheet, Vol. 8 No. 6, 2000.

Keywords: Risk analysis, Accounting standards, Banking industry, Capital markets, Risk management strategiesAbstractThe new Basel Accord will affect the way banks operate, yet few banks have a risk management framework in place to meet all the requirements. Banks will need to consider a range of issues to ensure they have the processes, technology and systems in place – and to use them to their advantage. In this article the authors discuss some of the key issues.

Introduction

The Basel Committee on Banking Supervision issued its proposed new Capital Accord ("the Accord") in January 2001. The aim of the Accord is to enable regulatory capital requirements to be assessed on a more risk sensitive basis. The Accord reflects the market's increasing sophistication in both the understanding and management of risk. It extends the use of internal models from market risk to credit risk and introduces new approaches to operational risk.

Implications for your business

The Accord rests on three pillars – minimum capital requirements, supervisory review and market discipline.

The first pillar – minimum capital requirements – aims to motivate banks into continuously improving their risk management and measurement capabilities in the areas of market, credit and operational risk. It provides incentives for banks to improve their internal processes to manage and measure risk. Few banks today have a complete and integrated framework in place that can meet the requirements of the more advanced approaches for treating operational and credit risk. Banks will need to recognize the challenges in the Accord and should begin preparing for them now. Of chief concern will be the classification, availability and collection of data consistently across business lines and geographies. For many institutions, this will mean changes in processes and technology.

Pillar two introduces an enhanced supervisory review process. This enables supervisors to assess the adequacy of a bank's approach to holding capital against the risks it is facing.

Finally, pillar three requires increased levels of disclosure. This should enable the market to better assess the approach of a bank in managing its risks. It is intended that through this increased level of disclosure, banks will be incentivised to improve their risk management further by virtue of the discipline imposed by external scrutiny.

Timetable to implementation

The Accord's consultation period ends in May 2001, after which the Basel Committee is expected to publish the new Accord around the end of this year. The new Accord should take effect during 2004, but because of the multiple areas that need to be addressed, banks will need to apply a structured approach to ensure compliance ahead of 2004.

Pillar one – minimum capital requirements

The Accord takes an evolutionary approach to treating risk – from basic to advanced – which should motivate banks to continuously improve their risk management and measurement capabilities. This approach will also enable banks to use more risk-sensitive methodologies, leading to more accurate and potentially lower capital requirements, which in turn will affect both the return on capital employed and the pricing.

Credit risk

The new directive will allow banks to take one of three approaches that are characterized by increasing both risk sensitivity and internal data requirements.

Standardized approach

Risk weights for banking book exposures are allocated by credit assessment grades with reference to published tables. Unrated exposures are assigned a 100 percent risk weighting as a floor.

In this approach, the credit risk profile of the banking book must be established by rating grade. An assessment of the overall quality of the unrated corporate exposures in the banking book is required, and higher risk category exposures must be identified. The risk mitigation processes should be reviewed as collateral systems may require revision.

Internal ratings-based approach – foundation

A bank that has met the minimum requirements and is using the internal ratings based (IRB) approach for some exposures must adopt the IRB approach across all exposure classes and across all significant business units within a reasonably short period of time.

For the foundation approach, a bank must internally estimate the probability of default (PD) associated with a borrower grade while relying upon supervisory rules for the estimation of other risk components.

Three techniques are set out and may be used in combination: internal default experience; mapping to external data; and statistical default models.

In the UK, the FSA will probably expect all internationally active banks to reach the foundation IRB approach by 2004.

Internal ratings-based approach – advanced

Rather than supervisory rules, a bank may use internal estimates of three additional risk components:

1. 1.

   loss given default;

2. 2.

   exposure at default;

3. 3.

   treatment of guarantees/credit derivatives.

The more sophisticated approaches rely on extensive management information systems and require significant internal data histories. Banks will need to ensure that they have the data collection and IT systems to provide effective support to the credit risk measurement and management process.

A bank must have a credible track record in the use of an IRB system (either foundation or advanced), that is broadly in line with minimum requirements for at least three years before the implementation of the Accord (2004).

Portfolio credit risk modelling

The Accord stops short of permitting banks to calculate their capital requirements on the basis of their own portfolio credit risk models.

Operational risk

Like the credit risk treatment, the operational risk provisions in the Accord recognize three levels of sophistication, with increasingly advanced qualitative criteria. They range from a basic method (level 1) to a granular approach (level 3), via the so-called standardized approach to calculating capital requirements (level 2). The latter, as its name implies, is expected to be adopted by the majority of regulated financial institutions.

However, the sophistication of the approaches and the actual level of risk sensitivity achieved reflects the relatively early stages of the techniques for quantifying operational risk, when compared to credit and market risk. Accordingly, in the quantification approaches proposed, it is only in the internal measurement approach that the capital figure calculated is affected by the actual individual risk experience of the bank.

The proposals focus on the causes of operational risks and introduce basic quantitative techniques to calculate a minimum capital charge. However, there are still a number of areas where the Basel Committee is seeking further consultation to refine their proposals – in particular, to calibrate the quantitative criteria. It is anticipated that these will be enhanced as the practice of operational risk management in the industry evolves.

The qualitative criteria introduced by the Accord cover key aspects of the operational risk management framework. These should be seen as a positive contribution to the industry. They set out for the banks the risk management practices that a supervisor would expect to see. In addition they contribute a degree of standards that can lead to more consistency in approach across the industry.

Basic indicator approach

Banks are expected to comply with principles of sound practice. Capital is calculated based on gross income. This approach is simple to apply, but is not risk sensitive. Owing to its simplicity it is anticipated that regulators will allow this approach only for smaller institutions that are low risk and engage in only a limited range of activities.

Standardised approach

A bank is split into specified business lines. A risk indicator is set for each which is used to calculate capital based on factors set by the supervisor. From a quantitative aspect this is still not risk sensitive – only a step up from the basic approach in reflecting that the risk proxy should be set separately by business line. The main advance in this approach is in the qualitative aspect. In this approach qualifying criteria are set for a bank to meet, which would constitute the minimum standards in relation to operational risk management for a bank to meet in order to apply this approach. In particular this includes delineation between the management and the controlling of risks. In addition, this approach requires some level of incident data collection.

Internal measurement approach

Internal loss databases are used to calculate expected losses of each business line, by measuring the probability of an event and the loss given that event. Data must be collated on a global basis by business line, and is subject to scenario analysis and stress testing. Some risk sensitivity is introduced by the use of a bank's own internal loss data as a contributor to the calculation of the regulatory capital requirement. Most significantly, to apply this approach will require a bank to have a robust internal loss database containing a number of years of data.

The ability to collect losses on a global basis for a business line will require systems that are capable of global data collection and aggregation, supported by processes and procedures to ensure accuracy and completeness of data. Applying the internal measurement approach from the implementation of the Accord will mean starting to collect data now.

Irrespective of the approach which a bank follows, there are generic matters that need to be considered, as follows.

Operational risk is defined as "the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events". It will be important to be able to categorise risks and losses under the definition of operational risk. Categorisation will need to be flexible enough to meet with future refinements of the definition. In particular, methods will need to be applied in order to distinguish clearly the boundary between credit losses and operational losses.

As certain indirect losses are to be included, it will be necessary to establish processes to be able to collect the relevant costs. The quantification of indirect losses will need to be more robust, as well as quantification of the potential impact of incidents that do not lead to a loss (the so-called "near misses").

The quantification approaches proposed presume a relationship between expected and unexpected losses. This has yet to be established, but will need to be before the calibration factors can be finalised.

The Accord seeks to allow some capital reduction for where risks can be proven to be reduced either in outsourcing arrangements or in the case of risk mitigation/transfer. The details of this still need to be established, but the main principle is that it needs to be proved that there is a clean break or that the risk has been transferred and not replaced by another risk.

Pillar two – supervisory review process

The supervisory review process is critical in ensuring that the requirements of pillars one – minimum capital requirements – and three – market discipline – are properly carried out. Banks will need to demonstrate to their supervisors a robust capital strategy and calculation methodology that links capital with their risk profile. In the UK, this review process reflects the way in which banking regulation has been approached in the past – and complements the thrust of the UK Financial Services Authority's approach to give banks incentive to manage their risks.

The supervisory review process has four key principles:

1. 1.

   Principle 1. Banks should have a process to assess capital adequacy against risk profile and strategy for maintaining capital levels.

2. 2.

   Principle 2. Supervisors should review banks' capital adequacy assessments and strategies, capital monitoring and compliance. If concerns arise, supervisors should take appropriate action.

3. 3.

   Principle 3. Banks should operate above minimum capital ratios – supervisors should be able to require banks to hold more than minimum capital.

4. 4.

   Principle 4. Supervisors should intervene to stop capital falling below minimum levels to support risks – if capital problems remain then supervisors should take remedial action.

Implications

Banks will need to develop a capital methodology to link capital adequacy and quality with risk. The sophistication of the methodology will need to be commensurate with the size and nature of business. It will be crucial to understand how your supervisor will review your capital adequacy, risk management framework and capital strategy, and to communicate to the supervisor how and why your approach meets the requirements.

Pillar three – market discipline

The Basel Committee believes that market discipline should reinforce both capital regulation and other supervisory efforts to promote "safety and soundness" in banks and financial systems. Banks will be required to make mandatory disclosures of both qualitative and quantitative information that should allow a reasonable investor to make an assessment of both the sufficiency of its capital and the effectiveness of its risk management systems.

Implications

To meet these requirements, banks need to have risk management processes in place, supported by internal systems which are capable of providing more extensive qualitative and quantitative information on a timely basis. The additional disclosure requirements will mean that systems and processes will need to be developed to ensure data is collected efficiently and accurately. Examples of the types of information to be provided include:

• •

  detailed analysis of the capital base of the bank including hybrid and subordinated capital;

• •

  discussion of the bank's risk management strategy, including both the definition and content of specific and general provisions;

• •

  the bank's measure of its capital requirements under the new Accord.

Conclusion

By encouraging the adoption of best practices in risk management the Accord will strengthen the industry.

Not only will it align regulatory capital requirements more closely with underlying risks, but also it will result in the better risk management of the business as a whole.

The new requirements will continue to promote much-needed international standards in risk management. While it is true that there are many details to work out, and that the requirements will place a significant burden on some institutions and supervisors, nevertheless the basic philosophy of the Accord is sound and will improve risk management.

Preparing for the Accord's implementation will oblige banks to carry out a careful and detailed assessment of their needs to meet the requirements. They will need to consider the effect on their business model and their economic capital allocation, how they will manage the risks arising from multiple models, whether they have adequate data capture and technology, as well as examining the business case for developing more advanced risk management.

Arthur Andersen provides detailed information on the Accord and what it means for your business in "Basel: are you prepared?" and "Basel and operational risk: new perspectives, new challenges". To obtain a copy of these papers, please contact the authors, or visit www.arthurandersen.com/fsi