Risk Management for Banks:
Challenges and Opportunities
Corporate Governance Program for
Directors of Indian Banks
Mumbai, India
December 16, 2005
Mark Lawrence, Ph.D.
Former Chief Risk Officer, Australia and New Zealand
Banking Group, Melbourne, Australia
mark@lawrence.net
0
ANZ
•
Established in 1835
•
Strong positions:
•
Australian “Bank of the Year” six years in a row
•
New Zealand’s largest bank
•
The leading Australian bank in Asia
•
The leading bank in the South Pacific
•
31,000 people serving more than 5 million customers across 27
countries
•
Strong performance:
•
•
Assets exceed US$210 billion (Sept 2005), Cost/Income ratio 45.6%
•
10 year average total shareholder return 24% (2005: 33%)
•
2005 Profit After Tax US$2.3 billion, Return on Equity 17.5%
•
Non-Performing Loans/Avge. Net Advances 0.26% (2005)
•
Net Specific Provisions/Avge. Net Advances 0.15% (2005)
•
Overall staff satisfaction 85% positive
•
Market capitalization exceeds US$32 billion today
Rated AA1
Example: the Risk Management “journey” – ANZ built its
risk management capability over more than a decade

Prior to 1994
No formal combined “Risk Management” function, but ANZ had a credit
“workout” area, separate Retail and Corporate Credit Risk Management
functions, and an operational risk function; Rudimentary risk grading and
pricing processes; no risk-based capital allocation

1995
Credit risk unit formed, with a particular emphasis on handling actual and
prospective property portfolio. First credit risk grading models built –
Probability of Default, Loss Given Default

1996–97
Board Risk Management Committee supersedes the Credit Committee;
Regulatory Compliance framework implemented; Economic Capital for credit
risk; Economic Value Added (“EVA”) models implemented for compensation

1999
Market and Operational Risk capability strengthened

2000
Operational Risk economic capital model developed and implemented;
Creation of dedicated Retail Risk function

2001
Basel II project commenced

2002
Substantial Risk Management capability embedded in consumer businesses

2003
Increased focus on the management of project risks;
Formal Risk Management involvement in Strategy

2004
Specialised Technology Risk function created;
Group Compliance framework enhanced
Source: “The ANZ Risk Management Framework”, CRO presentation to investors, 27 July 2004
http://www.anz.com/aus/shares/presentations/speeches/2004.asp
2
Agenda (I): Risk Management Best Practices
•
The Importance of Risk Management for Banks
•
Risk Management Objectives and Fundamentals
•
Principal Risk Categories: Credit, Market, Operational Risk
•
Risk Governance and Functional Risk Management Organisation
•
Risk Measurement:
• Expected and Unexpected Loss
• The Role of “Economic” or “Risk” Capital
•
Balancing Risk and Return
•
Role of the Chief Risk Officer
•
Risk Management For Competitive Advantage
3
The Need for Risk Management
The Drivers
Performance, Losses, Competition
The Consequences
• Increased Complexity
• Increased Governance
• Increased Transparency
• Globalising Standards
• New Regulation: Basel II (2004)
Market Scrutiny, Technology
• Risk Management for
Competitive Advantage
4
The “Vicious Cycle” of Risk
Take Uneconomic
Risks
Drive Growth
Aggressively
Incur Large
Losses
Lose Market
Share/Profits
Clamp Down on
Lending/Risk Taking
Forego Economic
Risks
5
Some principles about banking and risk
Since the future is uncertain, you can’t generate returns
without taking risk:
• Capital and expenses come first, and are certain – revenues
come later (and are uncertain)
• You can’t divorce the level of risk from the expected level of
return - the higher the desired return, the more risk you must be
willing to take
• Half the time you can expect the mean return or more, and half
the time, the mean return or less
•
Diversification is necessary to lower the average total risk
6
Some principles about banking and risk (Cont.)
That said, banks need to be low-risk:
•
Society relies on the effective functioning of the banking system
•
The system is based on confidence and trust
•
The main source of funding is customer deposits
•
Banks are the main mechanism for domestic and international payments
•
Main vehicle for storing non-real estate wealth
•
(Australian banks raise most of the country’s external debt)
•
… hence the importance of reputation and confidence
* Reputation follows behaviour; thus need to build and sustain trust
7
Some principles about banking and risk (Cont.)
There is a limit to the level of risk a commercial bank can take
• Fundamentally, businesses depend on their ability to fund themselves
and generate cash
• Companies go bust when they run out of cash. They run out of cash
when they are not viable economically, or lose confidence
• Failure usually happens when you get the basics wrong, not the
subtleties
• The amount of risk that is acceptable is fundamentally determined by
the need to raise funding (and, where applicable, to preserve credit ratings)
•
Banking is a cyclical business:

Leveraged to the economic cycle

High operating leverage – fixed costs around 50% of revenues (Australia)
 In Australia, average margins on assets and liabilities are very low – less
than 2.50%, so financial risk tolerance must also be low – 97.5%, 99.97%
confidence levels are used in risk measurement
8
Some principles about banking and risk (Cont.)
To be successful, banks must remain successful and viable at
every point on the economic cycle…
• If you take all the opportunities on the way up…
… you get all the losses on the way down!
• History shows that banks periodically get it materially wrong
(eg early 1990’s in USA, UK, Australia and elsewhere)
• … but recent advances in risk management (especially
credit risk) have borne fruit, e.g. very few bank failures in
the USA, UK and Europe during the recent economic downturn
of 2001 - 2002
9
Some principles about banking and risk (Cont.)
Fundamentally the level of risk is determined by:
• the decision to be in a business,
• the extent to which you participate,
• the capability and culture of the organisation, and
• the quality of the people you put in charge of the business

This governs 80% of the outcome

The balance is in how this is executed
Note: Culture is a dominant factor in risk outcomes,
including incentives/compensation
*** Strong leadership from the top on risk matters is
essential, to ensure a strong “risk culture”
10
Core Objectives of Risk Management

Maintenance of solvency: constrain losses to within
acceptable levels at all points through the economic cycle

Ensure risks are transparent and well understood, both
internally and externally (owners and shareholders must
understand the risks they are investing in)

Ensure risks taken are consistent with organisational
capability and appetite

Today: Risk Management as a foundation for sustainable
growth and a source of competitive advantage
11
Components of an Effective Risk Management Process

Risk Governance

Risk Identification

Risk Measurement

Risk Management: Policy and Process

Risk Reporting

Policy and Process Compliance (Internal Audit)
12
Specific Risk Types

Credit Risk


Market Risk


The risk that a financial institution makes a loss as a
result of less than full payment of an obligation
Risk of loss due to changes in market prices or
variables
Operational Risk

Historically: “Other risks”

More precisely (Basel II definition): “the risk of loss
resulting from inadequate or failed internal processes,
people and systems, or from external events”
13
Typical “Economic” or “Risk” Capital Allocation
Market Risk
5 - 25%
Credit Risk
50 - 65%
Operational and Business Risks
10 - 30%
14
Fundamental Importance of Credit Risk

The largest risk for most banks (operational risk largest risk for some)

Assessing and managing credit risk is a core competency of banks,
and a key driver of bank performance

Very significant advances in credit risk measurement have occurred
over the past ten years, including development of sophisticated
models for estimation of “Probability of Default” (PD) and “Loss Given
Default” (LGD), for corporate, banks, small business and consumers
 Significantly improved ability to manage credit risk on a
portfolio basis by more sophisticated banks
 But data limitations are significant in many markets

These models actually work: most successful Australian banks now
have non-performing loans (90 days in arrears) less than 0.5% of
lending assets (ANZ less than 0.3%)
15
Market Risk


Market Risk is the risk of loss due to changes in market prices or
variables, eg:

Interest Rates

Exchange Rates

Equity Prices

Option “Implied Volatilities” (for derivatives)

Credit Spreads

Commodity Prices
Principal points of Impact:

Balance Sheet – managing the interest rate mismatch
between assets and liabilities

Traded Market Risk

Currency translation risk for offshore operations
16
Operational Risks - the oldest risks?
17
The Importance of Operational Risks
Deregulation &
globalisation of
financial
services
Growing
sophistication
of financial
technology
Activities of Banks
(& their risk
profiles) more
diverse & complex
• Recent experience in advanced banking markets makes it clear that risks other than
credit and market risks can be substantial:







Barings
Enron/Worldcom
9/11
Allfirst (Allied Irish - Baltimore)
Life insurance & pension mis-selling in UK
“Spitzer” issues - Underwriting/research conflicts + Mutual fund scandals (etc)
Environmental (e.g. New Orleans)
18
Whichever way you look, operationally we are
becoming more complex and inter-dependent….
Statutory, Regulatory
& Contractual
Business strategy
Economic, Cultural
& Political
Partnering, alliances,
outsourcing & JVs
Diversification
Globalisation
Technology
Concentration
19
…resulting in greater focus on Operational Risk by
financial services providers, government & others…
Financial Services (Banks, Insurance Companies, Fund Managers)
•
•
•
•
•
•
•
Specialist Operational Risk functions
Framework, policy, measurement and monitoring
Capital allocation for operational risk – now happening
Loss, event and near-miss data collection & analysis
Extensive, ‘what if’ scenario analysis
Business continuity testing and crisis management training
Executive and Board Risk Committees
Government
•
•
•
•
•
Consumer protection
Corporate Governance
Basel II
Sarbanes Oxley
Standards & Guidelines
Others
• Sustainability
• Reputation indices
• Rating Agencies
20
…and a consensus definition of Operational Risk
“the risk of loss resulting from inadequate or failed internal
processes, people and systems or from external events“
• This (Basel II) definition includes legal risk but excludes strategic and
reputational risk
• More specifically, losses may result from:
 fraud or forgery
 failure to comply with policies, procedures, laws and regulations
 a breakdown in the availability or integrity of services, systems and
information
 reputational damage
21
Risk Governance Example:
Board and Executive Risk Committee Structure
Board
Board Audit
Committee
Board Risk Management Committee
Principal Executive Risk Committees
Credit & Trading
Risk Committee
(CTC)
•
•
•
•
•
Asset & Liability
Committee
(GALCO)
Policy
•
Major Lending Decisions
Asset Writing Strategies
Portfolio
Trading Risk
Balance Sheet
and Liquidity Risk
Operational Risk
Executive
Committee (OREC)
•
•
•
Payments/
operational risks
Physical and
Information
Security
Project & Initiative
Review Committee
(PIRC)
•
Project risk
•
Project
governance
•
Project priorities
Compliance
22
Risk Governance Example (Cont.)




The Board is responsible for setting the overall corporate governance strategy
The Risk Management Committee ("RMC") is a Board committee focused on
the review of risks in the business. Comprised of Non-Executive Directors, it is
responsible for overseeing, monitoring and reviewing the Group’s risk
management principles, policies, strategies, processes and controls including
those for credit, market, operational, liquidity and reputational risks. The RMC
authorizes the Group’s limits frameworks, and delegates limits to the Executive
Risk Committees*.
The Executive Risk Committees are the senior executive management
committees responsible for the oversight of various risks. Their role is to oversee
the management of significant risks and support the RMC in respect of its duties.
Members include CEO, CFO, Chief Risk Officer (CRO), Business Unit Heads and
Risk Management staff
The Internal Audit function is independent from the Risk Management function,
and provides independent assurance regarding the effectiveness of the risk
management framework and controls.
* See example RMC Charter at:
http://www.anz.com/australia/aboutanz/corporateinformation/corpgovpolicy/
23
Risk Management Functional Model (Example)
Group Centre
Central Risk Governance
• Governance & Framework
• Risk and Compliance Strategy and Policy
• Risk Measurement methodology & models (development,
validation and approval)
- Internal Credit Rating Tools
- Expected Loss + Economic Capital models (all risks)
• Risk and Compliance systems design & assurance
• Risk and Compliance Reporting for Board/Market/
Regulatory/Rating Agency and other requirements
• Portfolio Analysis and Response
• Emerging risk identification and response
• Market Risk reporting and limit compliance
• Risk and Compliance Review
• Transaction approval > risk threshold (fn of size & complexity)
Risk “Shared Services”
• Asset Recovery
• Risk systems development and operations
• Divisional asset quality reporting
• Compliance Review and Support
• Group Investigations
• Payments Risk, Information Security
• Business Continuity & Crisis Mgmt
• Insurance
Business Units
Specific BU Risk Functions
• Operational Risk mgmt & compliance
• Credit Process support
• Asset writing strategies
• BU-specific risks
• BU risk reporting
• Transaction Approval < risk threshold
• Risk data entry and quality assurance
** Key Q: where should Risk “Shared
Services” be located?
** Cultural considerations will drive the
outcome here!
Why go to the Centre?
- Centre of Excellence
- Efficiency/avoid duplication
Why go to the Business Units?
- BU Ownership and Accountability
- BU control over Cost? (vs cost allocation
24
from centre)
Example: Central Risk Management Structure
Chief Executive
Officer
Chief Risk
Officer
Wholesale Credit
Risk
Retail Credit
Risk
Operational &
Technology Risk
Market Risk
Compliance
Basel II
Implementation
RM Chief
Operating
Officer
25
How is this effective?
• Strong “risk culture” across the Group, driven by the Board and CEO
• Partnership between Group Risk Management (GRM) and the Business Units
• Clarity of roles and accountabilities for risk management, with a clear
separation of duties
• Open and transparent communication and escalation of risk issues
• “bad news must travel quickly”
Group Risk Management
• Independent group
• Global accountability to the CEO and Board
for the effectiveness of the Group's risk
management framework, including risk
policy, and for the risk governance of the
total group portfolio
Business Units
• Fully accountable for risk outcomes in their
business
• Within the central framework set by GRM,
BUs are accountable to the Group for the
realisation of returns, whilst delivering these
within the articulated risk appetite
• Dual reporting of Business Unit Risk Heads to
BU Managing Director and CRO
26
Banks hold Economic Capital for “Unexpected Loss”
Conceptual Framework:
•
•
•
Risk models employed to quantify economic risk
are used to allocate “economic” or “risk” capital the amount of capital needed to support an
organisation’s risk-taking activities
Risk capital allocation systems are typically
based on institutional estimates of their loss
distributions for the relevant risk types
Economic capital allocated to a particular activity
reflects that activity’s marginal risk contribution
to the organisation, taking into account
diversification (where possible).
Applications:
•
•
Measure risk-adjusted profitability and ensure
efficient usage of shareholder funds
Portfolio risk management in the setting of
limits & reporting of portfolio credit quality
Probability
of loss
Zero
losses
Expected level of
loss (cost of doing
business)
Potential catastrophic
‘unexpected loss’
against which it is too
expensive to hold
capital
‘Unexpected loss’
for which capital
should be held
27
The “risk spectrum”
RISKS
Not Modelled
Modelled
Market
Operational
Business/Strategic
Reputational
Credit
Liquidity
Tax
Underwriting
Enterprise Value
Downside Risk is mostly here
• Regulators & Debt Holders focus on this side
because concerned about protection from default
and systemic risk
• Executives often delegate management of
these to Risk Managers, who try to quantify them
Upside rewards are here
• Equity Holders (& Managers with Equity
stakes) very concerned about these
• Executives often manage these themselves!
28
“RAROC” Method of Pricing Loans for Risk
Component
Cost of Funds
Loan Loss
Provision
Direct Expense
Indirect Expense
Overhead
Example
Source
6.00%
Funds Transfer Pricing Systems
0.53%
0.15%
0.15%
0.10%
Credit Risk Models
Product Cost Accounting Systems
Capital calculation
Total charges before
capital charge
6.93%
Capital Charge
0.45%
Total Required “Breakeven”
Loan Rate
7.38%
Allocated equity/loan = 6.7%
Opportunity cost of equity = 12% (“hurdle rate”)
FTP Benefit = 6%
After tax capital charge = 0.067x (0.12 - 0.06) =
0.4%
Tax Rate (imputation-adjusted) = 0.108
Pre-tax capital charge = 0.4%/0.892 = 0.45%
29
Balancing Risk and Return
The key is to find the right balance between
risk and return:
•
This is one of the key responsibilities of the Board and CEO
• Fundamentally the taking and management of risk for a return is a business
line function
• The mission is to stay within the “expected” loss rate, which is built into
business plans, pricing and margins
• However, invariably businessmen, including bankers are on balance,
optimistic…
• Since uncertainty and business “fade” increases with time, higher discount
rates are needed for future cash flows, and this rarely happens…
• Therefore need for Board, CEO and Chief Risk Officer to maintain a balanced
perspective
•
Supported by objective advice and control by professional risk managers
•
Governed by the Board, and its Risk Management and Audit Committees
30
The Role of the Chief Risk Officer (CRO)
•
Understand the business!
•
Understand the risks:
 Identification, assessment, measurement, mitigation/response,
policy, monitoring, reporting…
•
Understand (and shape) the risk strategy and appetite of the
organisation
•
Understand the needs of all stakeholders: Board, CEO, Executive
Management, Regulators, Rating Agencies, Investors, Staff,
Customers, Community
•
Ensure agreement re: expectations of the CRO role, and how risk
management performance will be measured
•
CRO is “Chief Transparency Officer” – need to ensure “bad news
travels” – high level of integrity required
31
The Opportunity…
To create and position Risk Management in
our organisations as a source of distinction
and competitive advantage, underpinning
sustainable performance and growth
32
Agenda (II): Basel II
•
Basel II – What is it?
•
Impact of Basel I
•
Key Changes in Basel II
•
Implementation Challenges
•
Operational Risk Capital
•
Pillar 3
•
Home/Host Issues and Challenges
•
Basel II Implementation: Key Next Steps For India
•
Conclusion
33
Basel II - what is it?
•
The method for determining the minimum amount of regulatory capital a bank
should hold is set by the “Basel Committee”, a sub-committee of the Bank for
International Settlements, and is known as the “Basel Capital Accord”,
implemented in 1988.
•
A new framework has been developed over the past 6 years that is commonly
known as Basel II. These new proposals are designed to replace the 1988 Accord
with a more “risk sensitive” regulatory capital framework.
•
The key objective of Basel II is to improve stability of the global financial
system by encouraging improved risk management practices and requiring
banks to hold a level of capital which is commensurate with their risk profile.
34
The 1988 Basel Accord – “Basel I”
Two main objectives lay behind the adoption of a single capital standard for
internationally active banks:
• To help strengthen the soundness and stability of the Banking system by
encouraging banking organisations to boost their capital positions
• By adopting a standard approach across banks in different countries it
would act to reduce competitive inequalities
The structure was intended to:
• Make regulatory capital more sensitive to risk profiles among banking
organisations
• Take off-balance sheet exposures into account when assessing capital
adequacy
• Lower the disincentives to hold liquid, low risk assets.
35
The Impact of Basel I
The Basel Committee Study of 1999 into the impact of Basel I, suggests that:
•
Relatively weakly capitalised banks improved their capital ratios, and
overall capital levels increased in most countries.
•
Bank regulatory capital pressures during cyclical downturns in the US and
Japan may have limited bank lending in these periods and contributed to
economic weakness in some sectors
•
Banks have learnt to exploit the broad-brush nature of the Basel I
requirements – in particular the limited relationship between actual risk
and the regulatory capital charge. For a number of banks this has started to
undermine the meaningfulness of the requirements.
•
Mixed conclusions as to whether the uniform nature of the regulatory
capital charge within asset class may induce banks to substitute towards
riskier assets in the class – thus leading to a rise in the riskiness of the banks’
portfolios. (There are clearly other considerations that may influence this position
eg. bank risk appetite, market disciplines, regulatory and rating agency influences
etc.)
36
Basel II: The Three Pillars
Basel II consists of three mutually reinforcing pillars:
Pillar 1: Minimum Capital Requirements
Pillar 1 provides the calculation methods that will be used to determine the
minimum amount of regulatory capital a bank must hold in the three major
types of risks a banking operation faces - credit risk, market risk and
operational risk.
A menu of approaches is available to measure:
Credit Risk (Standardised, Foundation internal ratings based approach and
Advanced internal ratings based approach - the latter two requiring the application
of sophisticated and rigorous credit risk modelling capabilities)
Operational Risk (Basic Indicator, Standardised and Advanced measurement
approaches). The requirement to hold regulatory capital for operational risk is a
material new requirement.
Market Risk (Standardised and Internal models approach). This element is almost
37
completely unchanged in the new framework following its overhaul in 1996.
Basel II: The three Basel Pillars (cont.)
Pillar 2: The Supervisory Review Process
Pillar 2 requires regulators to ensure each bank has sound internal processes in
place to assess the adequacy of its capital (based on a thorough evaluation of the
risks), with the supervisor placing considerable emphasis on the
effectiveness and robustness of a bank’s internal risk management
capability.
Pillar 3: Market Discipline
Pillar 3 aims to bolster market discipline through enhanced disclosure of
risk information to the market. More detail will be disclosed to the market on the
types of loans a bank carries, the rate at which loans default and how well credit
rating tools predict these defaults.
Market participants will have more information to better understand bank risk
profiles and the adequacy of bank capital positions.
38
The Basel II Approaches to Credit and Operational Risk Capital
Credit Risk Capital
Standardised
Internal Ratings Based (IRB)
- Foundation
Internal Rating Based (IRB) Advanced
Minor modifications to the
current (Basel I) Accord,
allowing the use of external
ratings and some collateral
recognition.
Allows application of internally
developed rating systems
(default probabilities) with
greater recognition of physical
collateral.
Internally determined default
probabilities, loss given default
and exposure at default factors
can be used, subject to very
stringent criteria.
Operational Risk Capital
Basic Indicator Approach
A coarse calculation based
upon a straight percentage
(15%) of gross income.
Standardised Approach for
Operational Risk
A similar calculation based on a
% of gross income using
distribution factors across eight
Basel-defined business lines.
Advanced Measurement
Approaches
A range of advanced capital
assessment techniques will be
allowed, subject to a set of
stringent qualifying criteria.
39
Key changes in Basel II
•
The risk-weighting functions used to determine credit risk capital in
the advanced approaches under Basel II provide a much more
accurate measure of risk compared to the crude risk weights used in
Basel I. However, concentration and diversification are not taken
into account in the Pillar 1 formulae
•
Addresses the principal weaknesses of Basel I, in particular
removing incentives to arbitrage the capital requirements through
securitisation
•
Inclusion of a regulatory capital charge for operational risk
•
Advanced approaches require the embedding of risk management
tools and systems in day-to-day bank management
•
Framework matches the entity in terms of its level of sophistication
resulting in a more tailored approach commensurate with a bank’s
risk profile
40
Key changes in Basel II (cont.)
• Pillar 2 provides supervisors with a framework that enables a better
understanding of the risks associated with a bank’s businesses –
the new Accord places a far greater emphasis on assessing the
appropriateness of internal risk management processes including
risk management practices, governance frameworks, risk
measurement philosophies and bank risk profiles.
• Greater disclosure will help ensure banks maintain prudent lending
standards and focus on improving and keeping pace with evolving
risk management practices
• While many of these changes are positive, “procyclicality” is an
issue of material concern to many.
41
Basel I Risk Weights versus Basel II
Basel I
Risk Weights
100%
80%
Mortgages
50%
40%
20%
0%
Banks
20%
Govt
0%
600%
100%
Risk Weights
120%
60%
Basel II
Remainder eg
Personal/
Corporates
100%
80%
60%
40%
20%
Risk weight sensitive to
borrower’s credit risk
0%
Increasing default risk
• The blunt risk weights and capital attribution of Basel I have been
considerably refined (using complex formulae) in the IRB approaches
in Basel II
42
Challenges faced by banks in implementing Basel II
Basel II is far more complex than its predecessor – the current Basel Accord and considerably more comprehensive in its coverage. Some of the key issues
Banks and regulators are facing as part of its implementation are:
• Rigorous credit rating tool validation requirements
• Insufficient data in certain products or geographic segments to meet the
long-run “through the economic cycle” needs of Basel II
• Obtaining business buy-in to Basel II – are the benefits worth the cost?
• Managing the change process
• Board involvement and Risk Governance requirements
• IT systems developments, enhancements and integration
• Implementation challenges for the new operational risk framework
• Pillar 3 reporting under Basel II
• Inconsistent application of Basel II across jurisdictions
43
Operational Risk Capital
Regulatory Capital for Operational Risk:
•
Basel I (1988 - now)
- zero
•
Basel II (2008 onwards)
- substantial!
44
Capital for Operational Risk: The Big Controversy!
•
How much capital should be held for Operational Risk?

~20%?
(Basel CP2, January 2001)

~12%?
(Final Basel Accord, June 2004)

(Other?)
* The magnitude of this shift illustrates the difficulty of the
measurement challenge!
45
Operational Risk: The Difficulty of Measurement
In recent years, we have seen the first serious attempts to
measure operational risk… the birth of a new discipline!
•
The industry has made great progress, but difficult questions
remain:
1.
What are the principal determinants of the level of Operational
Risk?
2.
What are the key differences between Operational, Credit and
Market Risks? Which statistical methods used to measure Credit
and Market Risk are applicable to Op Risk?
3.
When is historical loss experience a reliable guide to Operational
Risk in the future? More generally, how can Operational Risk
measures be made forward-looking?
4.
What is the role of historical information, including loss data?
46
The Difficulty of Measurement (cont.)
The industry has made great progress, but difficult questions
remain:
5.
When is external information (including loss data) relevant? How
should it be used?
6.
How should specific operational scenarios be incorporated in the
measurement of Operational Risk?
7.
What about “Key Risk Indicators”?
8.
How can we incorporate an assessment of the quality of operational
processes and internal controls into the Op. Risk measurement
process? How important is this?
9.
What is the role of Senior Executive judgment in the Operational
Risk measurement process? Where is the “right” balance between
quantitative and qualitative factors?
10. How can unexpected loss and capital be measured?
47
The Difficulty of Measurement (cont.)
•
A great deal of effort has been expended on these issues…
•
… and Basel II (AMA) is providing strong impetus to these
efforts
•
However, there is as yet NO consensus about the answers to
these questions…
“Let a thousand flowers bloom…”!!
48
The Difficulty of Measurement (cont.)
Key Question: What is the “right” way to measure Operational Risk?
 How shall we recognise the answer to this question?
 What criteria should we use?
A related question: How can Operational Risk measures be
“validated”? (What does this mean, exactly?)
 How do we satisfy Basel’s requirement for 99.9% confidence?
49
Industry Approaches to Measuring Operational Risk
Although “1,000 flowers are blooming”, there are 3 principle
methods in use in leading banks today:
•
Loss Distribution Approach (statistical, based primarily upon historical loss
data, akin to “VaR for Operational Risk”)
•
“Scorecard” or “Risk Drivers and Controls” Approaches (more qualitative,
not based primarily on historical loss data - see Risk Magazine article, November
2000 + Risk Management seminar presentation: “Key Elements of an Effective
Operational Risk Framework”, Amman, 7 March 2005)
•
Scenario-driven methods (employing expert business judgment)
 Regardless of which method is chosen, to qualify for AMA
accreditation under Basel II, a bank must clearly specify how its
method makes use of the 4 required elements:

Internal data

External data

Quality control assessments

Scenarios
50
Basel II: Pillar 3 requirements
•
Pillar 3 imposes considerable reporting requirements on Banks
seeking to use the advanced approaches – these are in addition to
accounting standards (and listing rules)
•
The disclosure regime in Pillar 3 is tied to the sophistication of the
capital approach adopted. Indeed, the use of more sophisticated
approaches is conditional on making the required disclosures, which are
quite voluminous and prescriptive in nature
•
In simple terms, the greater the reliance on internal models (as
opposed to supervisor estimates), the more risk information that has
to be disclosed
•
The principal intention of the disclosure requirements is to enable
the market to better understand the risk profile of the bank, and to
provide a basis for comparison of risk profiles between banks.
51
Pillar 3 - Summary
Table
Subject
1
Scope of application
2
Capital structure
3
Capital adequacy
4
Credit risk – general
5
Credit risk – Standardised and FIRB
6
Credit risk – IRB
7
Credit risk mitigation – Standardised & IRB
8
Securitisation – Standardised & IRB
9
Market risk – Standardised
10
Market risk – internal models
11
Operational risk
12
Equities
13
Interest rate risk in banking book
52
Example of what is required
Table 6: Credit risk – disclosures for portfolios subject to
IRB approaches
Requirements include:
•
Explanation and review of the:
• Structure of internal rating systems and relation between internal
and external ratings;
• Use of internal estimates other than for IRB capital purposes;
• Process for managing and recognising credit risk mitigation; and
• Control mechanisms for the rating system including discussion of
independence, accountability, and rating systems review.
•
Description of the internal ratings process (provided for five asset
classes), including (for each class):
• Types of exposures in the classes
• Definitions, methods and data used for the estimation and
validation of PD, LGD (and) EAD for Advanced IRB banks
•
Comparison of actual losses for the preceding period and how this
differs from past experience and estimated losses.
53
Home/Host issues: Basel’s perspective
•
•
•
•
Closer cooperation between supervisors will assist in the the
implementation efforts of both supervisors and banking groups and is
essential in the effective implementation of Basel II.
This level of cooperation will differ across the various activities required in
the new Accord, eg
- Pillar 1 approval and validation of rating models and processes
- Pillar 2 supervisory review processes and ongoing assessments to verify
that banking groups are applying the new accord properly and that
conditions for advanced approaches continue to be met.
Banks have an important role to play in assisting the effective cross-border
implementation efforts of supervisors
The Basel Committee does not mandate a common approach across all
jurisdictions, but a set of Principles for Home/Host supervision have been
published to assist supervisors in their work in this area.
“We have to recognise that there will always be differences in
interpretation and application which are inevitable and even desirable to
accommodate the many differences among the world’s banking
systems.”
Chair of Basel’s Accord Implementation Group, Nick Le Pan quote from “Global Risk
Regulator” February 2003
54
Supervisory Challenges for Home/Host Supervision
•
The Basel Committee principles for Home/Host supervision, while
conceptually sound, fall short of providing workable solutions in practice
•
Regulatory Capacity: challenge of overcoming a shortage of
appropriately skilled resources to be able to review banks’ level of
compliance with the new Accord (esp. Pillar II) and administer the more
advanced requirements of Basel II
•
Statutory and legal obstacles to closer cooperation amongst supervisors
•
Need to develop processes and techniques to allow regulators to
collaborate effectively, particularly when international banking
conglomerates cover multiple countries (eg Citigroup operates in over
100 countries)
•
Concerns have been expressed publicly by some regulators and banks
that there is a potential for some national supervisors to be more
conservative in their interpretation and application of the new Accord,
whilst others may operate on a more lenient approach, creating unlevel
playing fields across countries
55
Bank Challenges for Home/Host Supervision
•
Banks are concerned that having to accommodate differing supervisory
implementation frameworks will result in an over burden of reporting
regimes and repetitive review of their Basel II frameworks. While banks
appreciate that in some jurisdictions the peculiarities of the banking
system may require subtle differences in the application of Basel II, in the
main there is considerable scope for consistency in the application of the
Accord
•
International banks are faced with developing systems to cope with and
run multiple reporting requirements:
 Basel I
 Basel II Standardised Approach
 Basel II Foundation IRB
 Basel II Advanced IRB
•
The development, testing, implementation and maintenance of parallel
systems and processes to accommodate different regulatory approaches
has the potential to result in a substantial diversion of risk resources and
cost - away from the improved management of risk that Basel is designed
to achieve
56
Basel II Implementation: Key Steps
Effective dialogue between the industry and supervisor is
essential for success!
• Finalise choice of Pillar I options + Pillar II approach:
 Decisions must be made re: national discretions within Standardised
Approach for Credit Risk (understanding of approaches used in other emerging
market countries and elsewhere within the region will assist)
 Assess infrastructure requirements
 Assess requirements for potential future availability of advanced approaches
(IRB and AMA) and determine strategy and timeframes, as appropriate
 Assess resource deficiencies, incl. industry and supervisory capacity
• Establish/enhance effective dialogue between RBI and relevant
foreign supervisors re: Home/Host issues & cross-border supervision
• Consider Indian participation in international working groups, as
appropriate:
• Industry groups, e.g. IIF Committees
• Supervisory working groups re: Basel II implementation
57
Conclusion
Risk Management and Basel II – Inextricably Linked!
The way forward for India?
• Continue to deepen the collaborative dialogue between industry and regulators, to
deepen shared understanding of the challenges and opportunities for strengthening
risk management capability in Indian banks
• Acceptance of pragmatic solutions to the challenges of Basel II implementation
 Work to ensure that bureaucracy and costs are minimised, & business benefits
maximised
• The main goal is improved risk management, not regulatory compliance!
• This is a journey that will take some time… begin as soon as possible!
58