Basel II Accord

Presentation to Information Systems Audit and Control Association

Presented by:

Julia Carmichael Operational Risk Officer

Overview
Objective of the original Basel Accord to provide financial stability and minimum prudential standards
to an increasingly international global banking system

 Basle I Accord
Restricted to : Market Risk Basic Measures Of Credit Risk One size fits all

Basle II Accord
New Accords objective Align regulatory requirements with economic principles of risk management How? Three Pillars which includes the measurement of Operational Risk. Overall Goal To provide a measurement for financial institutions to quantify their internal controls, the manner in which in they are managed and the level of regulatory capital that they must maintain.

Timelines
First Consultation Paper QIS 1 Second Consultation Paper QIS 2 QIS 2.5 QIS 3 (Technical guidance) Third Consultation Paper New Accord June 1999 July 2000 January 2001 April 2001 November 2001 October 2002 July 2003 Mid 2004 Thru 2006 End 2006

Dual Running of old & new Implementation of EU Directive

The Three Pillars

Pillar I
Market Risk
Same criteria as Basle I

Credit Risk
Standardised Approach ( Risk Weightings) Internal Ratings (Foundation & Advanced Approach)

Operational Risk
Basic, Standardised and Advanced Approaches

The Three Pillars

CREDIT RISK (80%), MARKET RISK (8%) OPERATIONAL RISK (12%)

WILL DETERMINE THE NEW CAPITAL REQUIREMENT UNDER BASEL II

The Three Pillars

Pillar II
Supervisory Review Four Principles
Banks should have a strategy/process per institution for measuring their overall capital requirements and maintaining those capital levels Supervisors should review and evaluate institutions assessments and strategies for calculating capital requirements ( includes monitoring/compliance with regulatory requirements) Supervisors should expect banks to operate above the minimum regulatory capital ratios and should have the ability to require banks to hold more than the required capital level Supervisors should be expected to intervene at an early stage should capital fall below specific levels

The Three Pillars

Pillar II
Accord Implementation Group (Aug 2003)
Set of principles to promote practical co-operation & information exchange among supervisors To promote consistency through the exchange of information between supervisors on approaches to implementation. Manage home-host implementation issues concerning the advanced approach to Operational Risk

The Three Pillars

Pillar III
Market discipline to ensure controls and soundness of banks Core Disclosures, increasing transparency among banking institutions No change since Basle 1

Effects of Basle II on Financial Institutions

Effects
Implement strategy to align regulatory capital with economic risks Choose the most appropriate credit/operational risk approach for your institution Collect, store and analyse data across each function within your business Embed these new or improved processes within your organisation

Challenges of Basle II on Financial Institutions

Understanding and interpreting the overall effects on each area within your business Change management in relation to creating a risk aware culture in your organisation Recognise the new expectations from regulators such as IFSRA, rating agencies and your customers Review your current products as part of your business risk assessment Outline a strategy to utilise any gains that may be achieved

Others
Customers
New costs relating to disclosures, internal/external ratings/better collaterialisation Ensuring transparency of transactions/processes

Regulators
New costs related to additional resources Set incentives for banks through stress testing and review processes.

Rating Agencies
Provide an increased transparency with regard to rating components Maintain a high quality of ratings Increase competition with entry by other agencies within Europe to the market

Where to Start?
QIS III analysis
350 Banks from 43 Countries participated

Main Result
Lack of data retained by each of the participating organisations

Getting Started
Senior Management Support
Identify and assign responsibilities at all levels All ratings and estimations must be approved by the board of Directors or a designated committee Senior management must have a good understanding of ratings systems designs and processes Internal ratings must be an essential part of the reporting to these parties

Getting Started
Phase I Supervisory Committee
Cross-functional Identify other regulatory concerns that may overlap in relation to the corporate governance, such as Sarbannes Oxley and IAS. Prepare a Gap Analysis Prepare an Impact Analysis Complete an overall risk assessment of your business Complete a cost benefit related to the enhancements or new processes that need to be introduced to ensure compliant

Getting Started
Phase II Corporate Governance Risk Management Credit Risk Operational Risk Market and Other Risks Capital Planning Disclosure Supervisory Review Process

Risk Database and Management Review

Collation, Storage and Analysis
How? Criteria? When

Concerns
LIBA & BBA August 2003 The new accord , as currently proposed , is unduly complex and will be difficult for our members to implement and for national regulators, even in the G10, to supervise

Why implement?
The top ten banks in US are complying
Control 95% of all foreign capital held in the US Using the AMA approach and Internal Ratings Approach Along with other 10 banks control 66% of total US capital

Why Implement?
Rating Agencies
Even with Basel II in mind, operational risk management should first and foremost be an effort to measure and control operational risk, rather than an exercise in efficient capital allocation Moodys believe that well calibrated quantitative tools can effectively measure a large segment of operational risk, notably the high-frequency low impact events Many banks have begun in earnest to collect loss data and to build internal loss models A bank with good risk management systems is not necessarily a bank that will be invariably successful in avoiding risks. But good and reliable risk-management systems and processes are nevertheless a very good start.

Data Management
Technology
Based on your institutions requirements May incorporate all three pillars in one May involve a series of manual workarounds until system is developed

Data Management
Credit Risk
Historical Data Integrity of data Analysis re comparison to current portfolios and lending policies Assessment of capital allocation per loan, per credit portfolio and overall credit risk exposure Create behavioural score models, which provide the likehood of the customer to default

Data Management
Requirement to segment the portfolio by; Product Type Borrower Risk Delinquency Status Vintage Analysis The IRB methodology requires the calculation of ; Probability of Default (PD)
The likelihood that a loan will default.

Exposure at Default (EAD)

Value of the gross Exposure. (ie. Balance outstanding + 75% of revolving credit facilities)

Loss Given Default (LGD)

The loss on a loan after the borrower has defaulted.

Data Management
Credit Risk Gradings are required; Minimum 6 to 9 grades for performing borrowers Minimum 2 grades for non-performing borrowers No more than 30% of gross exposures should fall in any single borrower grade Credit risk is derived from the analysis of historical data. Requirement to have five years of historical data for validation and calibration in models Banks back test their models over an economic cycle Stress testing every six months going forward Models must be used in normal business decisions

Operational Risk
Initially
May be manual reporting of events Logging of risks Technology Could incorporate this into the overall credit risk system

Data Management
Advanced Measurement Approaches There are three potential approaches under Advanced Measurement Models are based on a banks own internal rating systems and operational loss data 1. Internal Measurement Approach (IMA) Business lines sub-divided by risk type The models are generally based on the following information: Operational Risk is a function of (EI * PE * LGE) EI Exposure Indicator PE Probability of Loss LGE Loss Given Event

Data Management
Loss Distribution Approach
Estimate future operational risk losses by each business line or risk type Forecasting Models are required Dependent on banks foreseeing the unforeseeable

3. Scorecard Approach
Scorecards are developed to rate the risk profile of each business line

COLLECTION OF OPERATIONAL LOSS DATA IS KEY TO BUILDING INTERNAL RISK MODELS

Risk Of Not Implementing Basle II

Competitive nature of your institution Ratings and margins Confidence and Integrity based on best practices Standard Setting over time

Who has begun?

Most institutions have begun or some already have systems in place
Where are you?

Questions and Answers