Gabriel Habib, principal consultant at business management consultancy Molten, offers a revised framework
Since inception, financial institutions have had to be aware of and mitigate the risks they faced as a result of the commodity they dealt with and the nature of the business they were in. Early generation banks provided loans and, therefore, had to deal with credit risk; the potential of customers not paying back their debts. With time, banks started trading equities, bonds, and derivative products which gave rise to market risk; price volatility, interest rate fluctuations, and foreign currency exchange variations.
Such risks have raised the potential of actual losses that could be incurred by financial institutions. To protect against such risks, financial institutions have instituted risk policies and procedures, as well as compliance and audit functions that help monitor and regulate financial transactions and operations. In addition, such institutions provided for, as they saw fit, sufficient capital to offset any risks they may face.
As a result of such risks and in order to secure international convergence of supervisory regulations governing the capital adequacy of international banks, the Basle Committee on Banking Supervision (BCBS) established in 1988 in Basle, Switzerland what is known as the Basle Capital Accord.
The complexities of financial institutions' products and services as well as the prevalent competition among them however, have since raised the level of risks. The financial institutions' geographic spread and cross-border operations have also added to the level of risks. In addition, recent corporate scandals or 'blow-ups' across the sector, such as those of WorldCom and Enron, have shaken the confidence of both investors and customers.
As a result, the banks and bank supervisors of 13 countries that make up the BCBS created the Basle II accord, aimed at establishing international standards for measuring banks' adequacy of capital and creating consistency in the manner in which banks and banking regulators approach risk management across national borders. In addition to revising the framework as it relates to credit and market risks, operational risk was added to the Basle II framework.
Basle II is also known as 'The New Basle Capital Accord'. The correct full name of the Basle II accord is the 'International Convergence of Capital Measurement and Capital Standards - A Revised Framework'.
Basle II Framework
Compliance with Basle II requires all banking institutions to hold capital to offset any risks they may face in terms of credit, market and operational risks, equivalent to at least 8% of their risk-weighted assets.
The Basle II framework comprises three pillars that banks need to address:
Pillar I: Minimum capital requirements
Pillar II: Supervisory review
Pillar III: Market discipline
Pillar I
This pillar is concerned with calculating the banks' total minimum capital requirements for credit, market, and operational risks.
Pillar II
This pillar is concerned with ensuring that banks have adequate capital to support all the risks in their business, and to encourage banks to develop and use better risk management techniques in monitoring and managing their risks.
Pillar III
This pillar is concerned with encouraging market discipline by developing a set of disclosure requirements which will allow market participants to assess key pieces of information on capital, risk exposure, risk assessment processes, and hence, the capital adequacy of banks.
Pillar I: Minimum capital requirements
Despite the fact that European banks initiated their Basle II programmes three or four years ago, Middle Eastern central banks and other regulatory authorities have not issued any directives yet relating to Basle II's minimum capital requirements. Middle Eastern banks however, have taken the initiative and have either started such programmes or are in their early preparatory stages. The reason for such initiatives is not only to achieve compliance, but also lies in the fact that it is simply good business practice, which results in improved business performance.
The BCBS has recognised the difficulty banks face in implementing Basle II programmes as well as the associated high costs. As a result, the BCBS has devised several approaches for each of the credit, operational, and market risks from which banks could choose, ranging from simple and easy to implement approaches to advanced and complex ones.
The idea is that banks can start with the simple approaches that would suit their current ability to adopt and implement Basle II in terms of skills and resources. This would give banks two or three years to build up their knowledge, skills, and resources and hence, would position them later to move to the more advanced compliance approaches.
Middle Eastern banks recognise the importance Basle II will play in strengthening their financial systems. All Middle Eastern countries intend to start implementing Basle II in the period 2007-2009. However, the majority are not decided on the scope of the implementation programme. Statistics of Middle Eastern banks show that only 13% of total banking assets will move to Basle II at the end 2006. However, this figure increases dramatically for the period 2007-09 where 89% of banking assets in the Middle East are expected to be covered by Basle II. The figure then mildly increases to 92% in the period 2010-15.
Calculating the total Minimum Capital Requirement (MCR) consists of determining the MCR for each of the credit, operational, and market risks. The selected approach for each risk type will affect the method by which such MCR is determined.
Credit Risk
Credit risk is the risk of loss due to a counterparty defaulting on a contract, or more generally the risk of loss due to some 'credit event'.
Under Basle II, banks should compute the minimum capital requirement and hold the capital to offset any credit risk they may face.
Banks can select any of the three approaches to calculating the minimum capital requirement, namely:
Standard Approach (SA)
Internal-Based Rating Approach (IRB)
Foundation IRB
Advanced IRB
The bulk of the banking assets in the Middle East will fall under either the Standard Approach (36%) or the Foundation IRB Approach (37%) for the period up to 2009. None of region's banks are expected to adopt the Advanced IRB Approach in the near future.
The Standard Approach to calculating the capital requirement for credit risk is supported by external credit assessments supplied by external credit assessment institutions such as Standard & Poor's and Moody's.
Banks have to obtain supervisory approval to adopt the IRB approach, which would then allow them to rely on their own internal estimates of risk components in determining the capital requirement for a given risk exposure. The risk components include measures of the Probability of Default (PD), Loss Given Default (LGD), Exposure At Default (EAD), and effective Maturity (M).
Operational Risk
There are several definitions pertaining to operational risk however, the most commonly accepted definition is the one provided by the Basle Committee:
"Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This includes legal risk but excludes strategic and reputational risk."
The extent of possible losses that companies could suffer is in the thousands or even millions of dollars per day.
The prime reasons for such losses could be any or a combination of:
People (internal fraud, external fraud, unauthorised or insider trading)
Processes (loss of client assets, incorrect transaction capture/execution/settlement, Inadequate record keeping)
Systems (hardware failure, unauthorised access to information/systems/security, computer hacking, spoofing, phishing)
External events (operational failure at suppliers/outsourced operations, fire or natural disaster, terrorism)
Clearly, robust operational risk management plays an important role in compliance with international capital adequacy standards and can lead to an improved return on equity. The business benefits, however, are far more wide reaching than getting the regulatory 'tick'.
The successful identification, monitoring, measurement and control of operational risk can generate a number of tangible business benefits. In Molten's consulting experience to banks the following benefits can be achieved as a result of good risk management, and as illustrated in the diagram below.
There are three different approaches to operational risk compliance with increasing sophistication. The Basic Indicator Approach (BIA), The Standardised Approach (TSA), and the Advanced Measurement Approach (AMA). Banks adopting the AMA should obtain supervisory approval, which would then allow them to rely on their own internal estimates of risk.
Most banks in the Middle East are expected to use the Basic Indicator Approach (36%) or the Standardized Approach (37%) for calculating the capital charge for operational risk. The Advanced Measurement Approach will not be adopted in the medium term.
It has been argued that complying with Basle II is a matter of implementing a risk software and that operational issues would be resolved. The fact of the matter is that implementing a system is the last step on the route to Basle II compliance. Financial institutions should take a step back before they acquire a software package and start with defining an operational framework. Such frameworks would put in place all the necessary processes, policies and procedures based on which the software would be implemented.
In addition, compliance is a knowledge issue, and begins with the acquisition of an in-depth understanding of qualitative measures of event losses and quantitative data capture, storage, monitoring, and reporting.
Market Risk
Market risk is the risk that the value of an investment will decrease due to moves in market factors. The four standard market risk factors are i) equity (price) risk, ii) interest rate risk, iii) currency risk, and iv) commodity (price) risk.
Market risk is typically measured using a Value at Risk (VaR) methodology. Market risk can also be contrasted with Specific risk, which measures the risk of a decrease in one's investment due to a change in a specific industry or sector, as opposed to a market-wide move.
There are two compliance approaches for market risk namely, the Standardised Approach (TSA) and the Internal Models Approach (IMA). Banks adopting the IMA should obtain supervisory approval, which would then allow them to rely on their own internal estimates of risk.
Challenges Faced by Organisations
Some of the typical challenges in complying with Basle II as observed by Molten are common to all organisations, such as i) securing and maintaining board and senior management sponsorship and buy-in, ii) building a robust business case for change, iii) availability of appropriately skilled resource, iv) integration with other existing initiatives e.g. process improvement projects.
Another challenge is in the determination and designing of the risk compliance approaches such as i) understanding the range of options available and the associated costs / benefits, ii) determining the level of change, business requirements, and sophistication of solutions required, iii) avoidance of gaps / overlaps in risk management approaches.
A challenge familiar to all organisations is in the implementation of risk management approaches.
Organisations could struggle with the diversity and availability of underlying data, as well as in the automation of data collation, aggregation, transformation, and reporting. Organisations should embed new and enhanced practices into a wider business environment and establish a consistent implementation method for change across the entire organization.
Regulations could pose a challenge to financial institutions that are not familiar with the Basle II accord and its framework. Interpreting regulatory requirements, understanding the impact of such regulatory requirements on existing business practices, and keeping abreast of changes in the regulatory environment could prove to be a daunting task.
© Banker Middle East 2006
