Basel II is changing the way financial institutions look at operational risk, according to a report by McLean, Va.-based business consulting firm BearingPoint. By formally introducing operational risk into risk management and capital calculation, Basel II is moving top-tier institutions to clearly identify, measure and report information related to operational risk. Bjorn Pettersen, managing director at BearingPoint and author of the report, believes that in order to maintain a competitive edge, smaller banks will choose to follow suit.
"The Federal Reserve is ... requiring several of the large banks - those with greater than $250 billion in assets or more than $10 billion in international assets - to comply with Basel II," he explains. "That's only 10 banks, but all the other banks are assuming they have to comply [in anticipation of] mergers or further legislation, so they're opting in."
Calyon Americas, the corporate and investment division of French bank Credit Agricole, had Basel II in mind when it decided to implement RiskResolve 4.0, an operational risk management (ORM) solution by Nashua, N.H.-based software provider Providus. "Clearly, with regard to Basel II ... financial institutions need to be very closely monitoring their operational risk and the losses associated with control deficiencies," says Bob Angarola, Calyon Americas' managing director and chief internal control officer. He adds that although top-tier banks are the only ones required, from a statutory perspective, to incorporate Basel II components into their operations, it's apparent that other major banks like Calyon are gearing themselves up for a total Basel implementation.
Behind Basel II
Basel II - or the International Convergence of Capital Measurement and Capital Standards: A Revised Framework - was approved by the Bank for International Settlements, the governing body of worldwide bank regulators, in June 2004. The new framework was created by the Basel Committee on Banking Supervision in an effort to update its original 1988 Basel Capital Accord, which laid out the first internationally accepted definition of (and minimum measure for) bank capital.
The revised accord is composed of three pillars: Pillar 1 outlines the different approaches for calculating the minimum capital requirements; Pillar 2 gives regulators detailed guidelines regarding the evaluation of the processes and controls a financial institution uses for calculating its capital and measuring risk; and Pillar 3 addresses the disclosure of information - particularly regarding capital and risk exposures - to the marketplace by financial institutions.
Although European regulators are requiring Basel II compliance by all banks regardless of asset size or foreign exchange exposure, U.S. regulators are taking a more gradual approach toward the accord by requiring only banks with greater than $250 billion in assets or greater than $10 billion in foreign exchange exposure to calculate their capital using the "advanced internal ratings-based" approach and the "advanced measurement" approach. While compliance requirements for American banks seem less stringent than those for their foreign counterparts, Basel II is still expected to have a large impact throughout the U.S. financial services industry.
Forthcoming 2007 compliance deadlines will require the aforementioned financial institutions to show five years of loss data, captured along Basel-defined categories, along with potential causal factors for loss events - no small feat for the majority of firms that are new to the collection and identification of loss information. Moreover, a recent report by Framingham, Mass.-based research firm Financial Insights confirms that Basel II will raise the bar for standard risk practice throughout the industry. Basel II's standardization of risk management will have a "trickle-down" effect, and smaller institutions will feel pressure from both peers and regulators to improve their risk practices, the report says.
According to Deborah Williams, Financial Insights' group vice president of capital markets and risk management and coauthor of the report, when it comes to operational risk, the immediate concern of most firms will be to implement the proper policies and technologies to identify key risk indicators, complete a risk and control self-assessment process, and collect and identify loss information. "What you're essentially trying to do is take operational processes that are already in existence and understand where they might fail and where those failures might cost you money," Williams says.