Learning Center
Plans & pricing Sign in
Sign Out

Risky Business FRM - Where to from here


  • pg 1
									Risk Management for Banks:
Challenges and Opportunities

Corporate Governance Program for
Directors of Indian Banks
Mumbai, India
December 16, 2005

Mark Lawrence, Ph.D.
Former Chief Risk Officer, Australia and New Zealand
Banking Group, Melbourne, Australia
•   Established in 1835
•   Strong positions:
     •   Australian “Bank of the Year” six years in a row
     •   New Zealand‟s largest bank
     •   The leading Australian bank in Asia
     •   The leading bank in the South Pacific
•   31,000 people serving more than 5 million customers across 27
•   Strong performance:
     •   Assets exceed US$210 billion (Sept 2005), Cost/Income ratio 45.6%
     •   10 year average total shareholder return 24% (2005: 33%)
     •   2005 Profit After Tax US$2.3 billion, Return on Equity 17.5%
     •   Non-Performing Loans/Avge. Net Advances 0.26% (2005)
     •   Net Specific Provisions/Avge. Net Advances 0.15% (2005)
     •   Overall staff satisfaction 85% positive
     •   Market capitalization exceeds US$32 billion today
•   Rated AA-

Example: the Risk Management “journey” – ANZ built its
risk management capability over more than a decade
     Prior to 1994    No formal combined “Risk Management” function, but ANZ had a credit
                       “workout” area, separate Retail and Corporate Credit Risk Management
                       functions, and an operational risk function; Rudimentary risk grading and
                       pricing processes; no risk-based capital allocation
     1995             Credit risk unit formed, with a particular emphasis on handling actual and
                       prospective property portfolio. First credit risk grading models built –
                       Probability of Default, Loss Given Default
     1996–97          Board Risk Management Committee supersedes the Credit Committee;
                       Regulatory Compliance framework implemented; Economic Capital for credit
                       risk; Economic Value Added (“EVA”) models implemented for compensation
     1999             Market and Operational Risk capability strengthened
     2000             Operational Risk economic capital model developed and implemented;
                       Creation of dedicated Retail Risk function
     2001             Basel II project commenced
     2002             Substantial Risk Management capability embedded in consumer businesses
     2003             Increased focus on the management of project risks;
                       Formal Risk Management involvement in Strategy
     2004             Specialised Technology Risk function created;
                       Group Compliance framework enhanced
  Source: “The ANZ Risk Management Framework”, CRO presentation to investors, 27 July 2004
Agenda (I): Risk Management Best Practices

    •   The Importance of Risk Management for Banks

    •   Risk Management Objectives and Fundamentals

    •   Principal Risk Categories: Credit, Market, Operational Risk

    •   Risk Governance and Functional Risk Management Organisation

    •   Risk Measurement:

         • Expected and Unexpected Loss

         • The Role of “Economic” or “Risk” Capital

    •   Balancing Risk and Return

    •   Role of the Chief Risk Officer

    •   Risk Management For Competitive Advantage

 The Need for Risk Management

         The Drivers               The Consequences

Performance, Losses, Competition   • Increased Complexity

                                   • Increased Governance

                                   • Increased Transparency

                                   • Globalising Standards

                                   • New Regulation: Basel II (2004)

                                   • Risk Management for
  Market Scrutiny, Technology        Competitive Advantage

The “Vicious Cycle” of Risk

                    Take Uneconomic

    Drive Growth                         Incur Large
    Aggressively                           Losses

    Lose Market                         Clamp Down on
    Share/Profits                     Lending/Risk Taking

                    Forego Economic

Some principles about banking and risk
      Since the future is uncertain, you can’t generate returns
      without taking risk:

  • Capital and expenses come first, and are certain – revenues
  come later (and are uncertain)

  • You can‟t divorce the level of risk from the expected level of
  return - the higher the desired return, the more risk you must be
  willing to take

  • Half the time you can expect the mean return or more, and half
  the time, the mean return or less

  •   Diversification is necessary to lower the average total risk

Some principles about banking and risk (Cont.)
          That said, banks need to be low-risk:

•   Society relies on the effective functioning of the banking system

•   The system is based on confidence and trust

•   The main source of funding is customer deposits

•   Banks are the main mechanism for domestic and international payments

•   Main vehicle for storing non-real estate wealth

•   (Australian banks raise most of the country‟s external debt)

•   … hence the importance of reputation and confidence

    * Reputation follows behaviour; thus need to build and sustain trust
Some principles about banking and risk (Cont.)
         There is a limit to the level of risk a commercial bank can take

• Fundamentally, businesses depend on their ability to fund themselves
and generate cash
• Companies go bust when they run out of cash. They run out of cash
when they are not viable economically, or lose confidence
• Failure usually happens when you get the basics wrong, not the
• The amount of risk that is acceptable is fundamentally determined by
the need to raise funding (and, where applicable, to preserve credit ratings)
•   Banking is a cyclical business:
         Leveraged to the economic cycle
         High operating leverage – fixed costs around 50% of revenues (Australia)
      In Australia, average margins on assets and liabilities are very low – less
     than 2.50%, so financial risk tolerance must also be low – 97.5%, 99.97%
     confidence levels are used in risk measurement                                  8
Some principles about banking and risk (Cont.)
    To be successful, banks must remain successful and viable at
       every point on the economic cycle…

  • If you take all the opportunities on the way up…
     … you get all the losses on the way down!

  • History shows that banks periodically get it materially wrong
  (eg early 1990‟s in USA, UK, Australia and elsewhere)

  • … but recent advances in risk management (especially
  credit risk) have borne fruit, e.g. very few bank failures in
  the USA, UK and Europe during the recent economic downturn
  of 2001 - 2002

Some principles about banking and risk (Cont.)
     Fundamentally the level of risk is determined by:

     • the decision to be in a business,
     • the extent to which you participate,
     • the capability and culture of the organisation, and
     • the quality of the people you put in charge of the business

        This governs 80% of the outcome
        The balance is in how this is executed

  Note: Culture is a dominant factor in risk outcomes,
  including incentives/compensation
  *** Strong leadership from the top on risk matters is
  essential, to ensure a strong “risk culture”
Core Objectives of Risk Management

      Maintenance of solvency: constrain losses to within
       acceptable levels at all points through the economic cycle

      Ensure risks are transparent and well understood, both
       internally and externally (owners and shareholders must
       understand the risks they are investing in)

      Ensure risks taken are consistent with organisational
       capability and appetite

      Today: Risk Management as a foundation for sustainable
       growth and a source of competitive advantage

Components of an Effective Risk Management Process

         Risk Governance

         Risk Identification

         Risk Measurement

         Risk Management: Policy and Process

         Risk Reporting

         Policy and Process Compliance (Internal Audit)

Specific Risk Types

      Credit Risk

            The risk that a financial institution makes a loss as a
             result of less than full payment of an obligation

      Market Risk

            Risk of loss due to changes in market prices or

      Operational Risk

            Historically: “Other risks”

            More precisely (Basel II definition): “the risk of loss
             resulting from inadequate or failed internal processes,
             people and systems, or from external events”
Typical “Economic” or “Risk” Capital Allocation

                                   Market Risk
                                    5 - 25%

   Credit Risk
    50 - 65%

                          Operational and Business Risks
                                     10 - 30%

Fundamental Importance of Credit Risk

      The largest risk for most banks (operational risk largest risk for some)

      Assessing and managing credit risk is a core competency of banks,
       and a key driver of bank performance

      Very significant advances in credit risk measurement have occurred
       over the past ten years, including development of sophisticated
       models for estimation of “Probability of Default” (PD) and “Loss Given
       Default” (LGD), for corporate, banks, small business and consumers

           Significantly improved ability to manage credit risk on a
             portfolio basis by more sophisticated banks

           But data limitations are significant in many markets

      These models actually work: most successful Australian banks now
       have non-performing loans (90 days in arrears) less than 0.5% of
       lending assets (ANZ less than 0.3%)
Market Risk
      Market Risk is the risk of loss due to changes in market prices or
       variables, eg:
            Interest Rates
            Exchange Rates
            Equity Prices
            Option “Implied Volatilities” (for derivatives)
            Credit Spreads
            Commodity Prices

      Principal points of Impact:
            Balance Sheet – managing the interest rate mismatch
             between assets and liabilities
            Traded Market Risk
            Currency translation risk for offshore operations              16
Operational Risks - the oldest risks?

 The Importance of Operational Risks
           Deregulation &
           globalisation of
                                                         Activities of Banks
                                                            (& their risk
              Growing                                      profiles) more
            sophistication                               diverse & complex
             of financial

• Recent experience in advanced banking markets makes it clear that risks other than
  credit and market risks can be substantial:
         Barings
         Enron/Worldcom
         9/11
         Allfirst (Allied Irish - Baltimore)
         Life insurance & pension mis-selling in UK
         “Spitzer” issues - Underwriting/research conflicts + Mutual fund scandals (etc)
         Environmental (e.g. New Orleans)
Whichever way you look, operationally we are
becoming more complex and inter-dependent….

                       Statutory, Regulatory
                           & Contractual

  Economic, Cultural                           Business strategy
      & Political

                                                 Partnering, alliances,
  Diversification                                outsourcing & JVs

       Globalisation                           Technology


…resulting in greater focus on Operational Risk by
financial services providers, government & others…

Financial Services (Banks, Insurance Companies, Fund Managers)

 •   Specialist Operational Risk functions
 •   Framework, policy, measurement and monitoring
 •   Capital allocation for operational risk – now happening
 •   Loss, event and near-miss data collection & analysis
 •   Extensive, „what if‟ scenario analysis
 •   Business continuity testing and crisis management training
 •   Executive and Board Risk Committees

Government                                   Others

 •   Consumer protection                       • Sustainability
 •   Corporate Governance                      • Reputation indices
 •   Basel II                                  • Rating Agencies
 •   Sarbanes Oxley
 •   Standards & Guidelines                                           20
…and a consensus definition of Operational Risk
    “the risk of loss resulting from inadequate or failed internal
       processes, people and systems or from external events“

  • This (Basel II) definition includes legal risk but excludes strategic and
    reputational risk

  • More specifically, losses may result from:
        fraud or forgery
        failure to comply with policies, procedures, laws and regulations
        a breakdown in the availability or integrity of services, systems and
        reputational damage

Risk Governance Example:
Board and Executive Risk Committee Structure


                                                                       Board Audit
                Board Risk Management Committee

                                     Principal Executive Risk Committees

     Credit & Trading         Asset & Liability            Operational Risk          Project & Initiative
     Risk Committee             Committee                     Executive              Review Committee
          (CTC)                  (GALCO)                  Committee (OREC)                 (PIRC)

 •    Policy                   •   Balance Sheet            •   Payments/             •   Project risk
 •    Major Lending Decisions      and Liquidity Risk           operational risks
                                                                                      •   Project
 •    Asset Writing Strategies                              •   Physical and              governance
 •    Portfolio                                                 Information
                                                                                      •   Project priorities
 •    Trading Risk                                              Security
                                                            •   Compliance

Risk Governance Example (Cont.)

    The Board is responsible for setting the overall corporate governance strategy
    The Risk Management Committee ("RMC") is a Board committee focused on
     the review of risks in the business. Comprised of Non-Executive Directors, it is
     responsible for overseeing, monitoring and reviewing the Group‟s risk
     management principles, policies, strategies, processes and controls including
     those for credit, market, operational, liquidity and reputational risks. The RMC
     authorizes the Group‟s limits frameworks, and delegates limits to the Executive
     Risk Committees*.
    The Executive Risk Committees are the senior executive management
     committees responsible for the oversight of various risks. Their role is to oversee
     the management of significant risks and support the RMC in respect of its duties.
     Members include CEO, CFO, Chief Risk Officer (CRO), Business Unit Heads and
     Risk Management staff
    The Internal Audit function is independent from the Risk Management function,
     and provides independent assurance regarding the effectiveness of the risk
     management framework and controls.
 * See example RMC Charter at:   23
      Risk Management Functional Model (Example)
                Group Centre                                                   Business Units

Central Risk Governance                                             Specific BU Risk Functions
• Governance & Framework                                            • Operational Risk mgmt & compliance
     • Risk and Compliance Strategy and Policy                      • Credit Process support
     • Risk Measurement methodology & models (development,
                                                                    • Asset writing strategies
        validation and approval)
           - Internal Credit Rating Tools                           • BU-specific risks
           - Expected Loss + Economic Capital models (all risks)    • BU risk reporting
     • Risk and Compliance systems design & assurance               • Transaction Approval < risk threshold
     • Risk and Compliance Reporting for Board/Market/              • Risk data entry and quality assurance
        Regulatory/Rating Agency and other requirements
• Portfolio Analysis and Response                                   ** Key Q: where should Risk “Shared
• Emerging risk identification and response                         Services” be located?
• Market Risk reporting and limit compliance
• Risk and Compliance Review                                        ** Cultural considerations will drive the
• Transaction approval > risk threshold (fn of size & complexity)   outcome here!

Risk “Shared Services”                                              Why go to the Centre?
• Asset Recovery
                                                                    - Centre of Excellence
• Risk systems development and operations
• Divisional asset quality reporting                                - Efficiency/avoid duplication
• Compliance Review and Support
• Group Investigations                                              Why go to the Business Units?
• Payments Risk, Information Security                               - BU Ownership and Accountability
• Business Continuity & Crisis Mgmt                                 - BU control over Cost? (vs cost allocation
• Insurance
                                                                              from centre)                      24
       Example: Central Risk Management Structure
                                                Chief Executive

                                                     Chief Risk

Wholesale Credit   Retail Credit    Operational &                                      Basel II      RM Chief
     Risk                                                Market Risk   Compliance
                       Risk        Technology Risk                                  Implementation   Operating

How is this effective?

         • Strong “risk culture” across the Group, driven by the Board and CEO
         • Partnership between Group Risk Management (GRM) and the Business Units
         • Clarity of roles and accountabilities for risk management, with a clear
           separation of duties
         • Open and transparent communication and escalation of risk issues
                • “bad news must travel quickly”

        Group Risk Management                                 Business Units
• Independent group                            • Fully accountable for risk outcomes in their
• Global accountability to the CEO and Board     business
  for the effectiveness of the Group's risk    • Within the central framework set by GRM,
  management framework, including risk           BUs are accountable to the Group for the
  policy, and for the risk governance of the     realisation of returns, whilst delivering these
  total group portfolio                          within the articulated risk appetite
                                               • Dual reporting of Business Unit Risk Heads to
                                                 BU Managing Director and CRO

    Banks hold Economic Capital for “Unexpected Loss”

              Conceptual Framework:

•   Risk models employed to quantify economic risk        Probability
                                                          of loss
    are used to allocate “economic” or “risk” capital -
    the amount of capital needed to support an
    organisation‟s risk-taking activities
•   Risk capital allocation systems are typically
    based on institutional estimates of their loss
    distributions for the relevant risk types
•   Economic capital allocated to a particular activity                                                Potential catastrophic
                                                           Zero     Expected level of                    „unexpected loss‟
    reflects that activity‟s marginal risk contribution   losses   loss (cost of doing                 against which it is too
                                                                       business)                         expensive to hold
    to the organisation, taking into account                                                                  capital

    diversification (where possible).
                                                                                  „Unexpected loss‟

Applications:                                                                      for which capital
                                                                                    should be held

•   Measure risk-adjusted profitability and ensure
    efficient usage of shareholder funds
•   Portfolio risk management in the setting of
    limits & reporting of portfolio credit quality                                                                               27
The “risk spectrum”
                        Modelled                              Not Modelled

  Market                            Operational                Business/Strategic
         Credit                                                                  Reputational
                Liquidity                       Tax
                                                                       Enterprise Value

   Downside Risk is mostly here                             Upside rewards are here
 • Regulators & Debt Holders focus on this side       • Equity Holders (& Managers with Equity
 because concerned about protection from default      stakes) very concerned about these
 and systemic risk
                                                      • Executives often manage these themselves!
 • Executives often delegate management of
 these to Risk Managers, who try to quantify them

  “RAROC” Method of Pricing Loans for Risk
       Component             Example            Source

Cost of Funds                 6.00%    Funds Transfer Pricing Systems
Loan Loss
Provision                     0.53%    Credit Risk Models
Direct Expense                0.15%
Indirect Expense              0.15%    Product Cost Accounting Systems
Overhead                      0.10%
                                       Capital calculation
Total charges before                   Allocated equity/loan = 6.7%
capital charge                6.93%    Opportunity cost of equity = 12% (“hurdle rate”)
                                       FTP Benefit = 6%
Capital Charge                0.45%
                                       After tax capital charge = 0.067x (0.12 - 0.06) =
Total Required “Breakeven”             Tax Rate (imputation-adjusted) = 0.108
Loan Rate                     7.38%    Pre-tax capital charge = 0.4%/0.892 = 0.45%

    Balancing Risk and Return
            The key is to find the right balance between
            risk and return:

•    This is one of the key responsibilities of the Board and CEO
• Fundamentally the taking and management of risk for a return is a business
line function
• The mission is to stay within the “expected” loss rate, which is built into
business plans, pricing and margins
• However, invariably businessmen, including bankers are on balance,
• Since uncertainty and business “fade” increases with time, higher discount
rates are needed for future cash flows, and this rarely happens…
• Therefore need for Board, CEO and Chief Risk Officer to maintain a balanced
•    Supported by objective advice and control by professional risk managers
•    Governed by the Board, and its Risk Management and Audit Committees        30
The Role of the Chief Risk Officer (CRO)

   •   Understand the business!

   •   Understand the risks:

         Identification, assessment, measurement, mitigation/response,
        policy, monitoring, reporting…

   •   Understand (and shape) the risk strategy and appetite of the

   •   Understand the needs of all stakeholders: Board, CEO, Executive
       Management, Regulators, Rating Agencies, Investors, Staff,
       Customers, Community

   •   Ensure agreement re: expectations of the CRO role, and how risk
       management performance will be measured

   •   CRO is “Chief Transparency Officer” – need to ensure “bad news
       travels” – high level of integrity required                        31
The Opportunity…

   To create and position Risk Management in
   our organisations as a source of distinction
    and competitive advantage, underpinning
      sustainable performance and growth

Agenda (II): Basel II

     •   Basel II – What is it?

     •   Impact of Basel I

     •   Key Changes in Basel II

     •   Implementation Challenges

     •   Operational Risk Capital

     •   Pillar 3

     •   Home/Host Issues and Challenges

     •   Basel II Implementation: Key Next Steps For India

     •   Conclusion

    Basel II - what is it?

•   The method for determining the minimum amount of regulatory capital a bank
    should hold is set by the “Basel Committee”, a sub-committee of the Bank for
    International Settlements, and is known as the “Basel Capital Accord”,
    implemented in 1988.

•   A new framework has been developed over the past 6 years that is commonly
    known as Basel II. These new proposals are designed to replace the 1988 Accord
    with a more “risk sensitive” regulatory capital framework.

•   The key objective of Basel II is to improve stability of the global financial
    system by encouraging improved risk management practices and requiring
    banks to hold a level of capital which is commensurate with their risk profile.

   The 1988 Basel Accord – “Basel I”

Two main objectives lay behind the adoption of a single capital standard for
internationally active banks:
  • To help strengthen the soundness and stability of the Banking system by
      encouraging banking organisations to boost their capital positions
  • By adopting a standard approach across banks in different countries it
      would act to reduce competitive inequalities

The structure was intended to:
  • Make regulatory capital more sensitive to risk profiles among banking
  • Take off-balance sheet exposures into account when assessing capital
  • Lower the disincentives to hold liquid, low risk assets.

     The Impact of Basel I

The Basel Committee Study of 1999 into the impact of Basel I, suggests that:

•   Relatively weakly capitalised banks improved their capital ratios, and
    overall capital levels increased in most countries.

•   Bank regulatory capital pressures during cyclical downturns in the US and
    Japan may have limited bank lending in these periods and contributed to
    economic weakness in some sectors

•   Banks have learnt to exploit the broad-brush nature of the Basel I
    requirements – in particular the limited relationship between actual risk
    and the regulatory capital charge. For a number of banks this has started to
    undermine the meaningfulness of the requirements.

•   Mixed conclusions as to whether the uniform nature of the regulatory
    capital charge within asset class may induce banks to substitute towards
    riskier assets in the class – thus leading to a rise in the riskiness of the banks‟
    portfolios. (There are clearly other considerations that may influence this position
    eg. bank risk appetite, market disciplines, regulatory and rating agency influences
    etc.)                                                                                36
     Basel II: The Three Pillars

         Basel II consists of three mutually reinforcing pillars:

Pillar 1: Minimum Capital Requirements

Pillar 1 provides the calculation methods that will be used to determine the
minimum amount of regulatory capital a bank must hold in the three major
types of risks a banking operation faces - credit risk, market risk and
operational risk.

A menu of approaches is available to measure:

  Credit Risk (Standardised, Foundation internal ratings based approach and
  Advanced internal ratings based approach - the latter two requiring the application
  of sophisticated and rigorous credit risk modelling capabilities)
  Operational Risk (Basic Indicator, Standardised and Advanced measurement
  approaches). The requirement to hold regulatory capital for operational risk is a
  material new requirement.
  Market Risk (Standardised and Internal models approach). This element is almost
  completely unchanged in the new framework following its overhaul in 1996.       37
  Basel II: The three Basel Pillars (cont.)

      Pillar 2: The Supervisory Review Process

Pillar 2 requires regulators to ensure each bank has sound internal processes in
place to assess the adequacy of its capital (based on a thorough evaluation of the
risks), with the supervisor placing considerable emphasis on the
effectiveness and robustness of a bank’s internal risk management

Pillar 3: Market Discipline

Pillar 3 aims to bolster market discipline through enhanced disclosure of
risk information to the market. More detail will be disclosed to the market on the
types of loans a bank carries, the rate at which loans default and how well credit
rating tools predict these defaults.

Market participants will have more information to better understand bank risk
profiles and the adequacy of bank capital positions.

The Basel II Approaches to Credit and Operational Risk Capital

                Credit Risk Capital
                               Internal Ratings Based (IRB)        Internal Rating Based (IRB) -
                                       - Foundation                          Advanced

Minor modifications to the      Allows application of internally   Internally determined default
current (Basel I) Accord,       developed rating systems           probabilities, loss given default
allowing the use of external    (default probabilities) with       and exposure at default factors
ratings and some collateral     greater recognition of physical    can be used, subject to very
recognition.                    collateral.                        stringent criteria.

                Operational Risk Capital

                                Standardised Approach for            Advanced Measurement
Basic Indicator Approach
                                    Operational Risk                      Approaches

A coarse calculation based     A similar calculation based on a    A range of advanced capital
upon a straight percentage     % of gross income using             assessment techniques will be
(15%) of gross income.         distribution factors across eight   allowed, subject to a set of
                               Basel-defined business lines.       stringent qualifying criteria.

Key changes in Basel II

•   The risk-weighting functions used to determine credit risk capital in
    the advanced approaches under Basel II provide a much more
    accurate measure of risk compared to the crude risk weights used in
    Basel I. However, concentration and diversification are not taken
    into account in the Pillar 1 formulae

•   Addresses the principal weaknesses of Basel I, in particular
    removing incentives to arbitrage the capital requirements through

•   Inclusion of a regulatory capital charge for operational risk

•   Advanced approaches require the embedding of risk management
    tools and systems in day-to-day bank management

•   Framework matches the entity in terms of its level of sophistication
    resulting in a more tailored approach commensurate with a bank‟s
    risk profile
Key changes in Basel II (cont.)

  • Pillar 2 provides supervisors with a framework that enables a better
    understanding of the risks associated with a bank‟s businesses –
    the new Accord places a far greater emphasis on assessing the
    appropriateness of internal risk management processes including
    risk management practices, governance frameworks, risk
    measurement philosophies and bank risk profiles.

  • Greater disclosure will help ensure banks maintain prudent lending
    standards and focus on improving and keeping pace with evolving
    risk management practices

  • While many of these changes are positive, “procyclicality” is an
    issue of material concern to many.

                      Basel I Risk Weights versus Basel II

                     Basel I                                                      Basel II
                                              Remainder eg
               120%                            Personal/                    600%
               100%                                                         100%

                                                             Risk Weights
Risk Weights

               80%                                                          80%
               60%                  50%                                     60%

               40%                                                          40%
                               Banks                                                            Risk weight sensitive to
                               20%                                                           borrower’s credit risk
               20%                                                          20%
               0%       0%                                                  0%
                                                                                                 Increasing default risk

                • The blunt risk weights and capital attribution of Basel I have been
                considerably refined (using complex formulae) in the IRB approaches
                in Basel II

Challenges faced by banks in implementing Basel II

    Basel II is far more complex than its predecessor – the current Basel Accord -
    and considerably more comprehensive in its coverage. Some of the key issues
    Banks and regulators are facing as part of its implementation are:

     • Rigorous credit rating tool validation requirements

     • Insufficient data in certain products or geographic segments to meet the
       long-run “through the economic cycle” needs of Basel II

     • Obtaining business buy-in to Basel II – are the benefits worth the cost?

     • Managing the change process

     • Board involvement and Risk Governance requirements

     • IT systems developments, enhancements and integration

     • Implementation challenges for the new operational risk framework

     • Pillar 3 reporting under Basel II

     • Inconsistent application of Basel II across jurisdictions

Operational Risk Capital

    Regulatory Capital for Operational Risk:

    •   Basel I (1988 - now)

        - zero

    •   Basel II (2008 onwards)

        - substantial!

Capital for Operational Risk: The Big Controversy!

•   How much capital should be held for Operational Risk?
          ~20%?      (Basel CP2, January 2001)
          ~12%?      (Final Basel Accord, June 2004)
          (Other?)

* The magnitude of this shift illustrates the difficulty of the
   measurement challenge!

Operational Risk: The Difficulty of Measurement
      In recent years, we have seen the first serious attempts to
      measure operational risk… the birth of a new discipline!

  •   The industry has made great progress, but difficult questions

      1.   What are the principal determinants of the level of Operational

      2.   What are the key differences between Operational, Credit and
           Market Risks? Which statistical methods used to measure Credit
           and Market Risk are applicable to Op Risk?

      3.   When is historical loss experience a reliable guide to Operational
           Risk in the future? More generally, how can Operational Risk
           measures be made forward-looking?

      4.   What is the role of historical information, including loss data?

The Difficulty of Measurement (cont.)
    The industry has made great progress, but difficult questions

    5.   When is external information (including loss data) relevant? How
         should it be used?

    6.   How should specific operational scenarios be incorporated in the
         measurement of Operational Risk?

    7.   What about “Key Risk Indicators”?

    8.   How can we incorporate an assessment of the quality of operational
         processes and internal controls into the Op. Risk measurement
         process? How important is this?

    9.   What is the role of Senior Executive judgment in the Operational
         Risk measurement process? Where is the “right” balance between
         quantitative and qualitative factors?

    10. How can unexpected loss and capital be measured?
The Difficulty of Measurement (cont.)

 •   A great deal of effort has been expended on these issues…

 •    … and Basel II (AMA) is providing strong impetus to these

 •   However, there is as yet NO consensus about the answers to
     these questions…

                 “Let a thousand flowers bloom…”!!

The Difficulty of Measurement (cont.)

Key Question: What is the “right” way to measure Operational Risk?

     How shall we recognise the answer to this question?

     What criteria should we use?

A related question: How can Operational Risk measures be
“validated”? (What does this mean, exactly?)

     How do we satisfy Basel‟s requirement for 99.9% confidence?

Industry Approaches to Measuring Operational Risk
     Although “1,000 flowers are blooming”, there are 3 principle
     methods in use in leading banks today:
 •   Loss Distribution Approach (statistical, based primarily upon historical loss
     data, akin to “VaR for Operational Risk”)

 •   “Scorecard” or “Risk Drivers and Controls” Approaches (more qualitative,
     not based primarily on historical loss data - see Risk Magazine article, November
     2000 + Risk Management seminar presentation: “Key Elements of an Effective
     Operational Risk Framework”, Amman, 7 March 2005)

 •   Scenario-driven methods (employing expert business judgment)

  Regardless of which method is chosen, to qualify for AMA
     accreditation under Basel II, a bank must clearly specify how its
     method makes use of the 4 required elements:

            Internal data
            External data
            Quality control assessments
            Scenarios                                                               50
Basel II: Pillar 3 requirements

•    Pillar 3 imposes considerable reporting requirements on Banks
    seeking to use the advanced approaches – these are in addition to
    accounting standards (and listing rules)

•    The disclosure regime in Pillar 3 is tied to the sophistication of the
    capital approach adopted. Indeed, the use of more sophisticated
    approaches is conditional on making the required disclosures, which are
    quite voluminous and prescriptive in nature

•    In simple terms, the greater the reliance on internal models (as
    opposed to supervisor estimates), the more risk information that has
    to be disclosed

•    The principal intention of the disclosure requirements is to enable
    the market to better understand the risk profile of the bank, and to
    provide a basis for comparison of risk profiles between banks.
Pillar 3 - Summary

    Table   Subject
     1      Scope of application
     2      Capital structure
     3      Capital adequacy
     4      Credit risk – general
     5      Credit risk – Standardised and FIRB
     6      Credit risk – IRB
     7      Credit risk mitigation – Standardised & IRB
     8      Securitisation – Standardised & IRB
     9      Market risk – Standardised
     10     Market risk – internal models
     11     Operational risk
     12     Equities
     13     Interest rate risk in banking book
    Example of what is required

        Table 6: Credit risk – disclosures for portfolios subject to
        IRB approaches

Requirements include:

•   Explanation and review of the:
     • Structure of internal rating systems and relation between internal
         and external ratings;
     • Use of internal estimates other than for IRB capital purposes;
     • Process for managing and recognising credit risk mitigation; and
     • Control mechanisms for the rating system including discussion of
         independence, accountability, and rating systems review.
•   Description of the internal ratings process (provided for five asset
    classes), including (for each class):
      • Types of exposures in the classes
      • Definitions, methods and data used for the estimation and
         validation of PD, LGD (and) EAD for Advanced IRB banks

•   Comparison of actual losses for the preceding period and how this
    differs from past experience and estimated losses.
Home/Host issues: Basel‟s perspective
   •   Closer cooperation between supervisors will assist in the the
       implementation efforts of both supervisors and banking groups and is
       essential in the effective implementation of Basel II.
   •   This level of cooperation will differ across the various activities required in
       the new Accord, eg
         - Pillar 1 approval and validation of rating models and processes
         - Pillar 2 supervisory review processes and ongoing assessments to verify
           that banking groups are applying the new accord properly and that
           conditions for advanced approaches continue to be met.
   •   Banks have an important role to play in assisting the effective cross-border
       implementation efforts of supervisors
   •   The Basel Committee does not mandate a common approach across all
       jurisdictions, but a set of Principles for Home/Host supervision have been
       published to assist supervisors in their work in this area.
           “We have to recognise that there will always be differences in
           interpretation and application which are inevitable and even desirable to
           accommodate the many differences among the world’s banking
          Chair of Basel’s Accord Implementation Group, Nick Le Pan quote from “Global Risk
          Regulator” February 2003
Supervisory Challenges for Home/Host Supervision

    •   The Basel Committee principles for Home/Host supervision, while
        conceptually sound, fall short of providing workable solutions in practice
    •   Regulatory Capacity: challenge of overcoming a shortage of
        appropriately skilled resources to be able to review banks‟ level of
        compliance with the new Accord (esp. Pillar II) and administer the more
        advanced requirements of Basel II
    •   Statutory and legal obstacles to closer cooperation amongst supervisors
    •   Need to develop processes and techniques to allow regulators to
        collaborate effectively, particularly when international banking
        conglomerates cover multiple countries (eg Citigroup operates in over
        100 countries)
    •   Concerns have been expressed publicly by some regulators and banks
        that there is a potential for some national supervisors to be more
        conservative in their interpretation and application of the new Accord,
        whilst others may operate on a more lenient approach, creating unlevel
        playing fields across countries

Bank Challenges for Home/Host Supervision
   •   Banks are concerned that having to accommodate differing supervisory
       implementation frameworks will result in an over burden of reporting
       regimes and repetitive review of their Basel II frameworks. While banks
       appreciate that in some jurisdictions the peculiarities of the banking
       system may require subtle differences in the application of Basel II, in the
       main there is considerable scope for consistency in the application of the
   •   International banks are faced with developing systems to cope with and
       run multiple reporting requirements:
          Basel I
          Basel II Standardised Approach
          Basel II Foundation IRB
          Basel II Advanced IRB

   •   The development, testing, implementation and maintenance of parallel
       systems and processes to accommodate different regulatory approaches
       has the potential to result in a substantial diversion of risk resources and
       cost - away from the improved management of risk that Basel is designed
       to achieve
Basel II Implementation: Key Steps
          Effective dialogue between the industry and supervisor is
          essential for success!

• Finalise choice of Pillar I options + Pillar II approach:
    Decisions must be made re: national discretions within Standardised
    Approach for Credit Risk (understanding of approaches used in other emerging
    market countries and elsewhere within the region will assist)
     Assess infrastructure requirements
     Assess requirements for potential future availability of advanced approaches
    (IRB and AMA) and determine strategy and timeframes, as appropriate
     Assess resource deficiencies, incl. industry and supervisory capacity

• Establish/enhance effective dialogue between RBI and relevant
foreign supervisors re: Home/Host issues & cross-border supervision

• Consider Indian participation in international working groups, as
   • Industry groups, e.g. IIF Committees
   • Supervisory working groups re: Basel II implementation
        Risk Management and Basel II – Inextricably Linked!

        The way forward for India?

• Continue to deepen the collaborative dialogue between industry and regulators, to
deepen shared understanding of the challenges and opportunities for strengthening
risk management capability in Indian banks

• Acceptance of pragmatic solutions to the challenges of Basel II implementation
     Work to ensure that bureaucracy and costs are minimised, & business benefits

• The main goal is improved risk management, not regulatory compliance!

• This is a journey that will take some time… begin as soon as possible!


To top