Data management is key to the biggest challenges facing the financial services industry today, more specifically the need to improve risk and regulatory management processes and systems. Following a period of hesitancy, banks are coming to grips with the broad implications of the Basel II Accord. What was a “wait-and-see” attitude has given way to the realization that Basel II readiness must become a priority.
Unlike Y2K, this will not be a once-and-done effort, compliance is an ongoing process. Basel II implementation at the largest banks is exposing significant issues with regards to the risk infrastructure, including policy, processes, systems and data management. Most organizations are managing to come to grips with their policy, process and systems requirements, however data management still remains a significant road block. Complying with Basel II requires a significant history of consistent, accurate and granular data within the information systems.
What needs to be realized is that if the challenges are faced up to, and banks and other financial services resource their Basel II projects properly in terms of money, time and people, there will be significant benefits beyond the ability to demonstrate compliance.
Before dissecting the challenges and benefits presented by Basel II, it is important to understand the drivers behind this regulatory regime and how regulators and practitioners are expected to interpret it. In a world of increasingly complex interconnected financial systems, recent operational risk failures, such as the concealed trading losses at Enron, have highlighted the dangers of poor risk management.
At the same time, international regulatory organizations are increasingly seeking to regulate the banking and financial services industry. The two drivers of risk and regulation are provoking a serious review of existing IT systems. This article introduces Basel II, compares the current compliance timelines on the International scene, lays out the challenges and presents an initial roadmap to help banks get started with the process along with the ways banks can profit from investing in Basel II compliance.
What is Basel II? A Quick Primer
In June 2004, Central bank governors and the heads of bank supervisory authorities in the Group of Ten (G10) countries formally endorsed Basel II, the International Convergence of Capital Measurement and Capital Standards: a Revised Framework. Basel II provides guidelines for institutions to assess their capital adequacy, for regulators to review such assessments and for the investment community to improve market discipline as a result of increased financial institution transparency. Basel II includes three mutually reinforcing pillars, which together should contribute to safety and soundness in the financial system:
Pillar 1: Minimum Capital Requirement: this covers market, credit and operational risk.
Pillar 2: Supervisory Review Process: this sets the framework for supervision. Supervisors will be able to hold additional capital against risks not covered by Pillar 1.
Pillar 3: Market Discipline: this sets out the framework for market disclosures by banks and financial institutions.
Basel II provides for three compliance frameworks based on the business model of the bank. Smaller, less-complex banks will be encouraged to follow the Standardized Approach that is very similar to the existing Basel I rules. Larger and more complex banks will be encouraged to adopt an Internal Ratings Based (IRB) Approach that directly links a bank’s risk ratings with its regulatory capital requirements. The IRB Approach is further sub-divided into Foundation and Advanced approaches.
International Differences in Basel II Readiness
Banks pursuing IRB compliance will need to have at least two years of loan-level risk rating and loan performance data available, as well as methods to keep the data collection going, by this time. However, the majority of banks and financial institutions are behind schedule in their preparations and are having to face numerous obstacles in order to meet this latest regulatory challenge. The Accord allows regulators in each country to enforce the rules as they see fit. Inevitably, there will be variations in capital requirements from country to country:
US: in the United States, New York Federal Reserve Board officials may inform the nation´s 20 largest banks that they are expected to implement the advanced IRB approach, while smaller players may decide whether to operate under Basel II at all. The US banking Agencies recently delayed the date by which large US banks must complete initial Basel II implementations to January 2008. This delay does not apply to securities broker-dealers regulated by the US Securities Exchange Commission (SEC) as Consolidated Supervised Entities (CSEs). Because Basel II will only apply to the largest US banks, Agencies and smaller US banks were concerned that Basel II would unfairly provide large US banks with the advantage of reduced capital requirements. This concern was addressed by proposing modifications to the current capital rules (Basel I): Basel 1A.
Europe: the EU (European Union) is taking a very rigid stance and is proposing to apply the new rules to the majority of investment firms as well as banks. Basel II will be implemented in the EU by way of the The Capital Requirements Directive (also known as the CRD, the Risk Based Capital Directive, or CAD 3). Germany´s Bundesbank believes “the majority of banks will adopt the IRB approach as of 2007,” with the largest banks aiming for the advanced IRB approach.
Asia: Japanese banks are currently struggling with a number of pressing issues, most notably non-performing loans, which have pushed Basel II initiatives to the back of executives´ minds. Southeast Asian banks are facing two major problems: finding funds to implement Basel II systems and coping with increased risk weightings. More broadly, the assimilation of robust data will be a serious challenge given the pace of change in the Asian banking industry over the past decade.
Cost: the cost of compliance is proving to be the biggest barrier. Estimates vary but the cost of compliance for the global industry is likely to be above Ј100 billion.
Lack of Time: the bottom line requirement is that data capture, which enables operational risk factors to be identified and analyzed, requires two full years´ data to be fully operational. For example data capture needed to be fully operational by the end of 2005 if the target for implementation at the end of 2007 is to be met.
Data management: the most pressing issue facing banks in relation to Basel II is data. The data management requirements will involve upgrading and aligning IT systems to facilitate data handling and ensure consistency and integrity across the organization. The lack of data for operational losses, and a shortage of Basel experts (particularly in the Asia Pacific region) are posing to be real issues for Basel II compliance along with the difficulty of identifying the correct data, integrating and managing the data, carrying out sophisticated analysis and creating the required reports.
Inflexibility of Existing IT Systems: Systems must be compatible with the existing IT architecture, provide a suitable reporting facility and support internal credit risk ratings analysis. Banks must start implementing these systems now, especially if their objective is to achieve the advanced IRB and measurement approaches for credit and operational risk, respectively.
Setting the Foundations for Compliance
Setting the building blocks for compliance will be necessary and the trick will be to attain sufficient compliance in a cost-effective way. The liability cost of non-compliance will be high, but there is equally a potential cost of attaining compliance in the wrong way, so what needs to be done?
Step 1: Get the Main Stakeholders on board: Executive-level Basel II champions must seize the initiative and lead the way to Basel II compliance. The roles and duties of individuals and departments need to be defined to avoid the confusion of responsibilities between finance and risk management, a certain amount of organizational restructuring may be necessary. This is especially important for operational risk, as staff across all levels at many institutions are not yet convinced of the need to install operational risk systems sooner rather than later.
Step 2: Perform an impact assessment: what do these new laws and regulations require your organisation to do to its existing IT systems in order to achieve compliance?
Step 3: Perform the IT Systems Audit: the information management demands of Basel II will require banks and financial institutions to look closely at the adequacy of their current IT systems.
Step 4: Analyse the reporting and data retention obligations: what reporting and data retention obligations regarding risk management are applicable to your organisation (to regulators, for instance) and how efficient and effective are your systems and controls in evidencing compliance?
Step 5: Evaluate the Risks of Non-Compliance: what happens if you are not compliant? What are the consequences for your organisation, its officers and stakeholders if the required changes are not achieved on time?
Step 6: Integrate Enterprise-wide risk management principles: far from being a one-dimensional issue confined to Bank IT systems, Basel II will impact all areas, from business processes and operations to organizational structure and strategy. Banks must be aware of the need to establish a risk management methodology, a senior management audit and overview process, data collection and IT systems and disclosure processes, all underpinned by the overall integration of risk into core business processes. The integration of enterprise-wide risk management principles is particularly pertinent to tackling operational risk management.
Transforming your Data Management into a Strategic Advantage
The biggest hurdle for most banks seeking IRB compliance revolves around data management. Better decisions are only possible with useful data driving the analyses. To effectively turn the data management challenge into a competitive advantage, note the following key recommendations:
Collect the right data: many banks will admit they do not collect enough information for effective risk management. This is why data is a cornerstone of the IRB Approach. Banks require a technology solution that allows flexibility and customization.
Select a Data warehouse: the key to validating risk rating models over time is to centrally collect, retain, and make easily available all rating-related information over the life of the borrower’s bank relationship. It is very difficult to fill in this data if was not adequately stored over time. Moving forward, how will the bank capture this data, in what format, and where will it be stored?
Store the right data: beyond the compliance issues of Basel II, storing this information enables bank management to track and handle events more effectively as well as to understand the potential drivers behind any credit migration. Over time, this data gives the bank the ability to forensically examine their data via a complete audit trail.
Make data accessible: data is not valuable if it is not accessible. To address this issue, the IRB approach requires not only that banks record all the drivers in the risk rating process, but that this data is also stored and made accessible. This allows the bank to go back and monitor the effectiveness of the risk rating process.
Reap the Rewards of Early Basel II Compliance
Banks have much to gain from investments in Basel II compliance. There are significant benefits to be had from proper compliance with the provisions of Basel II. The advantages of implementing Basel II systems sooner rather than later are clear, and banks´ stakeholders are increasing the pressure on them to do so.
Competitive Advantages: organizations that become Basel II-compliant early will gain real competitive advantages through superior capital efficiency, data and risk management uniformity, enhanced credit ratings, reduced operational losses and an improved credit risk/return profile.
Improved Decision Making: in turn, the improvement in financial reporting capabilities will facilitate more informed decision-making.
Increase Organization’s Brand Value: increase the organization´s brand value in the eyes of stakeholders, investors and industry analysts. Improved credit rating systems and improved management of operational risk will also be of benefit. Organizations that address compliance effectively will see the up-side to Basel II as significant improvements in customer service, risk management, decision-making, operational efficiency and cost reduction. All such improvements build consumer confidence and enhance brand and reputation.
Reduction in Capital Requirements: if banks and financial institutions develop sophisticated internal risk-measurement processes and can prove them to be sufficiently accurate, they will be allowed to use these to calculate the capital they must hold against their exposures. This is likely to lead to a reduction in capital requirements.
Basel II data management compliance should not be seen in isolation and indeed should be combined with the myriad of competing regulatory challenges. Furthermore, legislation such as Sarbanes-Oxley will impact upon global organizations operating in the US and in European companies that have securities publicly traded on various US securities exchanges. While the data management challenges are not to be underestimated, Basel II should be seen not as an onerous burden on resources but rather as an opportunity to consolidate market position, enhance data management and gain a few steps on competitors who are dragging their feet.