Risk Management for Banks: Challenges and Opportunities
1 / 59

- PowerPoint PPT Presentation

  • Uploaded on

Risk Management for Banks: Challenges and Opportunities Corporate Governance Program for Directors of Indian Banks Mumbai, India December 16, 2005. Mark Lawrence, Ph.D. Former Chief Risk Officer, Australia and New Zealand Banking Group, Melbourne, Australia [email protected] ANZ.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - jefferson

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Risk Management for Banks: Challenges and Opportunities

Corporate Governance Program for

Directors of Indian Banks

Mumbai, India

December 16, 2005

Mark Lawrence, Ph.D.

Former Chief Risk Officer, Australia and New Zealand Banking Group, Melbourne, Australia

[email protected]

Slide2 l.jpg

  • Established in 1835

  • Strong positions:

    • Australian “Bank of the Year” six years in a row

    • New Zealand’s largest bank

    • The leading Australian bank in Asia

    • The leading bank in the South Pacific

  • 31,000 people serving more than 5 million customers across 27 countries

  • Strong performance:

    • Assets exceed US$210 billion (Sept 2005), Cost/Income ratio 45.6%

    • 10 year average total shareholder return 24% (2005: 33%)

    • 2005 Profit After Tax US$2.3 billion, Return on Equity 17.5%

    • Non-Performing Loans/Avge. Net Advances 0.26% (2005)

    • Net Specific Provisions/Avge. Net Advances 0.15% (2005)

    • Overall staff satisfaction 85% positive

    • Market capitalization exceeds US$32 billion today

  • Rated AA-

Slide3 l.jpg
Example: the Risk Management “journey” – ANZ built its risk management capability over more than a decade

  • Prior to 1994 No formal combined “Risk Management” function, but ANZ had a credit “workout” area, separate Retail and Corporate Credit Risk Management functions, and an operational risk function; Rudimentary risk grading and pricing processes; no risk-based capital allocation

  • 1995 Credit risk unit formed, with a particular emphasis on handling actual and prospective property portfolio. First credit risk grading models built – Probability of Default, Loss Given Default

  • 1996–97 Board Risk Management Committee supersedes the Credit Committee; Regulatory Compliance framework implemented; Economic Capital for credit risk; Economic Value Added (“EVA”) models implemented for compensation

  • 1999 Market and Operational Risk capability strengthened

  • 2000 Operational Risk economic capital model developed and implemented; Creation of dedicated Retail Risk function

  • 2001 Basel II project commenced

  • 2002 Substantial Risk Management capability embedded in consumer businesses

  • 2003 Increased focus on the management of project risks; Formal Risk Management involvement in Strategy

  • 2004 Specialised Technology Risk function created; Group Compliance framework enhanced

    Source:“The ANZ Risk Management Framework”, CRO presentation to investors, 27 July 2004 http://www.anz.com/aus/shares/presentations/speeches/2004.asp

Slide4 l.jpg

Agenda (I): Risk Management Best Practices

  • The Importance of Risk Management for Banks

  • Risk Management Objectives and Fundamentals

  • Principal Risk Categories: Credit, Market, Operational Risk

  • Risk Governance and Functional Risk Management Organisation

  • Risk Measurement:

    • Expected and Unexpected Loss

    • The Role of “Economic” or “Risk” Capital

  • Balancing Risk and Return

  • Role of the Chief Risk Officer

  • Risk Management For Competitive Advantage

Slide5 l.jpg

The Need for Risk Management

The Consequences

The Drivers

  • Increased Complexity

  • Increased Governance

  • Increased Transparency

  • Globalising Standards

  • New Regulation: Basel II (2004)

  • Risk Management for

  • Competitive Advantage

Performance, Losses, Competition

Market Scrutiny, Technology

The vicious cycle of risk l.jpg
The “Vicious Cycle” of Risk

Take Uneconomic Risks

Drive Growth Aggressively

Incur Large Losses

Lose Market Share/Profits

Clamp Down on Lending/Risk Taking

Forego Economic Risks

Slide7 l.jpg

Some principles about banking and risk

Since the future is uncertain, you can’t generate returns

without taking risk:

  • Capital and expenses come first, and are certain – revenues come later (and are uncertain)

  • You can’t divorce the level of risk from the expected level of return - the higher the desired return, the more risk you must be willing to take

  • Half the time you can expect the mean return or more, and half the time, the mean return or less

  • Diversification is necessary to lower the average total risk

Slide8 l.jpg

Some principles about banking and risk (Cont.)

  • That said, banks need to be low-risk:

  • Society relies on the effective functioning of the banking system

  • The system is based on confidence and trust

  • The main source of funding is customer deposits

  • Banks are the main mechanism for domestic and international payments

  • Main vehicle for storing non-real estate wealth

  • (Australian banks raise most of the country’s external debt)

  • … hence the importance of reputation and confidence

  • * Reputation follows behaviour; thus need to build and sustain trust

Slide9 l.jpg

Some principles about banking and risk (Cont.)

There is a limit to the level of risk a commercial bank can take

  • Fundamentally, businesses depend on their ability to fund themselves and generate cash

  • Companies go bust when they run out of cash. They run out of cash when they are not viable economically, or lose confidence

  • Failure usually happens when you get the basics wrong, not the subtleties

  • The amount of risk that is acceptable is fundamentally determined by the need to raise funding (and, where applicable, to preserve credit ratings)

  • Banking is a cyclical business:

    • Leveraged to the economic cycle

    • High operating leverage – fixed costs around 50% of revenues (Australia)

    • In Australia, average margins on assets and liabilities are very low – less than 2.50%, so financial risk tolerance must also be low – 97.5%, 99.97% confidence levels are used in risk measurement

Slide10 l.jpg

Some principles about banking and risk (Cont.)

To be successful, banks must remain successful and viable at every point on the economic cycle…

  • If you take all the opportunities on the way up…

  • … you get all the losses on the way down!

  • History shows that banks periodically get it materially wrong (eg early 1990’s in USA, UK, Australia and elsewhere)

  • … but recent advances in risk management (especially credit risk) have borne fruit, e.g. very few bank failures in the USA, UK and Europe during the recent economic downturn of 2001 - 2002

Slide11 l.jpg

Some principles about banking and risk (Cont.)

  • Fundamentally the level of risk is determined by:

  • the decision to be in a business,

  • the extent to which you participate,

  • the capability and culture of the organisation, and

  • the quality of the people you put in charge of the business

  • This governs 80% of the outcome

  • The balance is in how this is executed

    Note:Culture is a dominant factor in risk outcomes, including incentives/compensation

    *** Strong leadership from the top on risk matters is essential, to ensure a strong “risk culture”

Slide12 l.jpg

Core Objectives of Risk Management

  • Maintenance of solvency: constrain losses to within acceptable levels at all points through the economic cycle

  • Ensure risks are transparent and well understood, both internally and externally (owners and shareholders must understand the risks they are investing in)

  • Ensure risks taken are consistent with organisational capability and appetite

  • Today:Risk Management as a foundation for sustainable growth and a source of competitive advantage

Slide13 l.jpg

Components of an Effective Risk Management Process

  • Risk Governance

  • Risk Identification

  • Risk Measurement

  • Risk Management: Policy and Process

  • Risk Reporting

  • Policy and Process Compliance (Internal Audit)

Slide14 l.jpg

Specific Risk Types

  • Credit Risk

    • The risk that a financial institution makes a loss as a result of less than full payment of an obligation

  • Market Risk

    • Risk of loss due to changes in market prices or variables

  • Operational Risk

    • Historically: “Other risks”

    • More precisely (Basel II definition): “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events”

Slide15 l.jpg

Typical “Economic” or “Risk” Capital Allocation

Market Risk

5 - 25%

Credit Risk

50 - 65%

Operational and Business Risks

10 - 30%

Slide16 l.jpg

Fundamental Importance of Credit Risk

  • The largest risk for most banks (operational risk largest risk for some)

  • Assessing and managing credit risk is a core competency of banks, and a key driver of bank performance

  • Very significant advances in credit risk measurement have occurred over the past ten years, including development of sophisticated models for estimation of “Probability of Default” (PD) and “Loss Given Default” (LGD), for corporate, banks, small business and consumers

     Significantlyimproved ability to manage credit risk on a portfolio basis by more sophisticated banks

     But data limitations are significant in many markets

  • These models actually work: most successful Australian banks now have non-performing loans (90 days in arrears) less than 0.5% of lending assets (ANZ less than 0.3%)

Slide17 l.jpg

Market Risk

  • Market Risk is the risk of loss due to changes in market prices or variables, eg:

    • Interest Rates

    • Exchange Rates

    • Equity Prices

    • Option “Implied Volatilities” (for derivatives)

    • Credit Spreads

    • Commodity Prices

  • Principal points of Impact:

    • Balance Sheet – managing the interest rate mismatch between assets and liabilities

    • Traded Market Risk

    • Currency translation risk for offshore operations

Slide19 l.jpg

The Importance of Operational Risks

Deregulation & globalisation of financial services

Activities of Banks (& their risk profiles) more diverse & complex

Growing sophistication of financial technology

  • Recent experience in advanced banking markets makes it clear that risks other than credit and market risks can be substantial:

    • Barings

    • Enron/Worldcom

    • 9/11

    • Allfirst (Allied Irish - Baltimore)

    • Life insurance & pension mis-selling in UK

    • “Spitzer” issues - Underwriting/research conflicts + Mutual fund scandals (etc)

    • Environmental (e.g. New Orleans)

Slide20 l.jpg

Whichever way you look, operationally we are becoming more complex and inter-dependent….

Statutory, Regulatory

& Contractual

Business strategy

Economic, Cultural & Political

Partnering, alliances, outsourcing & JVs





Slide21 l.jpg

…resulting in greater focus on Operational Risk by financial services providers, government & others…

  • Financial Services (Banks, Insurance Companies, Fund Managers)

    • Specialist Operational Risk functions

    • Framework, policy, measurement and monitoring

    • Capital allocation for operational risk – now happening

    • Loss, event and near-miss data collection & analysis

    • Extensive, ‘what if’ scenario analysis

    • Business continuity testing and crisis management training

    • Executive and Board Risk Committees

  • Government

    • Consumer protection

    • Corporate Governance

    • Basel II

    • Sarbanes Oxley

    • Standards & Guidelines

  • Others

    • Sustainability

    • Reputation indices

    • Rating Agencies

Slide22 l.jpg

…and a consensus definition of Operational Risk financial services providers, government & others…

  • “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events“

  • This (Basel II) definition includes legal risk but excludes strategic and reputational risk

  • More specifically, losses may result from:

    • fraud or forgery

    • failure to comply with policies, procedures, laws and regulations

    • a breakdown in the availability or integrity of services, systems and information

    • reputational damage

Slide23 l.jpg

Risk Governance Example: financial services providers, government & others…Board and Executive Risk Committee Structure


Board Risk Management Committee

Board Audit


Principal Executive Risk Committees

Credit & Trading

Risk Committee


Asset & Liability



Operational Risk


Committee (OREC)

Project & Initiative

Review Committee


  • Policy

  • Major Lending Decisions

  • Asset Writing Strategies

  • Portfolio

  • Trading Risk

  • Balance Sheet and Liquidity Risk

  • Payments/ operational risks

  • Physical and Information Security

  • Compliance

  • Project risk

  • Project governance

  • Project priorities

Slide24 l.jpg

Risk Governance Example ( financial services providers, government & others…Cont.)

  • The Board is responsible for setting the overall corporate governance strategy

  • The Risk Management Committee ("RMC") is a Board committee focused on the review of risks in the business. Comprised of Non-Executive Directors, it is responsible for overseeing, monitoring and reviewing the Group’s risk management principles, policies, strategies, processes and controls including those for credit, market, operational, liquidity and reputational risks. The RMC authorizes the Group’s limits frameworks, and delegates limits to the Executive Risk Committees*.

  • The Executive Risk Committees are the senior executive management committees responsible for the oversight of various risks. Their role is to oversee the management of significant risks and support the RMC in respect of its duties. Members include CEO, CFO, Chief Risk Officer (CRO), Business Unit Heads and Risk Management staff

  • The Internal Audit function is independent from the Risk Management function, and provides independent assurance regarding the effectiveness of the risk management framework and controls.

    * See example RMC Charter at:http://www.anz.com/australia/aboutanz/corporateinformation/corpgovpolicy/

Slide25 l.jpg

Risk Management Functional Model financial services providers, government & others…(Example)

Group Centre

Business Units

  • Central Risk Governance

  • Governance & Framework

    • Risk and Compliance Strategy and Policy

    • Risk Measurement methodology & models (development, validation and approval)

      - Internal Credit Rating Tools

      - Expected Loss + Economic Capital models (all risks)

    • Risk and Compliance systems design & assurance

    • Risk and Compliance Reporting for Board/Market/ Regulatory/Rating Agency and other requirements

  • Portfolio Analysis and Response

  • Emerging risk identification and response

  • Market Risk reporting and limit compliance

  • Risk and Compliance Review

  • Transaction approval > risk threshold (fn of size & complexity)

  • Specific BU Risk Functions

  • Operational Risk mgmt & compliance

  • Credit Process support

  • Asset writing strategies

  • BU-specific risks

  • BU risk reporting

  • Transaction Approval < risk threshold

  • Risk data entry and quality assurance

** Key Q: where should Risk “Shared Services” be located?** Cultural considerations will drive the outcome here! Why go to the Centre?- Centre of Excellence- Efficiency/avoid duplicationWhy go to the Business Units?- BU Ownership and Accountability- BU control over Cost? (vs cost allocation from centre)

  • Risk “Shared Services”

  • Asset Recovery

  • Risk systems development and operations

  • Divisional asset quality reporting

  • Compliance Review and Support

  • Group Investigations

  • Payments Risk, Information Security

  • Business Continuity & Crisis Mgmt

  • Insurance

Slide26 l.jpg

Example: financial services providers, government & others… Central Risk Management Structure

Chief Executive


Chief Risk


Wholesale Credit


Retail Credit


Operational &

Technology Risk

Market Risk


Basel II


RM Chief



Slide27 l.jpg

How is this effective? financial services providers, government & others…

  • Strong “risk culture” across the Group, driven by the Board and CEO

  • Partnership between Group Risk Management (GRM) and the Business Units

  • Clarity of roles and accountabilities for risk management, with a clear separation of duties

  • Open and transparent communication and escalation of risk issues

    • “bad news must travel quickly”

Business Units

Group Risk Management

  • Fully accountable for risk outcomes in their business

  • Within the central framework set by GRM, BUs are accountable to the Group for the realisation of returns, whilst delivering these within the articulated risk appetite

  • Dual reporting of Business Unit Risk Heads to BU Managing Director and CRO

  • Independent group

  • Global accountability to the CEO and Board for the effectiveness of the Group's risk management framework, including risk policy, and for the risk governance of the total group portfolio

Slide28 l.jpg

Banks hold Economic Capital for “Unexpected Loss” financial services providers, government & others…

Conceptual Framework:

  • Risk models employed to quantify economic risk are used to allocate “economic” or “risk” capital - the amount of capital needed to support an organisation’s risk-taking activities

  • Risk capital allocation systems are typically based on institutional estimates of their loss distributions for the relevant risk types

  • Economic capital allocated to a particular activityreflects that activity’s marginal risk contribution to the organisation, taking into account diversification (where possible).


of loss

Potential catastrophic ‘unexpected loss’

against which it is too expensive to hold capital

Expected level of loss (cost of doing business)



‘Unexpected loss’

for which capital

should be held


  • Measure risk-adjusted profitability and ensure efficient usage of shareholder funds

  • Portfolio risk management in the setting of limits & reporting of portfolio credit quality

Slide29 l.jpg

The “risk spectrum” financial services providers, government & others…


Not Modelled











Enterprise Value

  • Downside Risk is mostly here

  • Regulators & Debt Holders focus on this side because concerned about protection from default and systemic risk

  • Executives often delegate management of these to Risk Managers, who try to quantify them

  • Upside rewards are here

  • Equity Holders (& Managers with Equity stakes) very concerned about these

  • Executives often manage these themselves!

Raroc method of pricing loans for risk l.jpg
“RAROC” Method of Pricing Loans for Risk financial services providers, government & others…


Cost of Funds 6.00% Funds Transfer Pricing Systems

Loan Loss

Provision 0.53% Credit Risk Models

Direct Expense 0.15%

Indirect Expense 0.15% Product Cost Accounting Systems

Overhead 0.10%

Total charges beforecapital charge 6.93%Capital Charge 0.45%

Total Required “Breakeven”

Loan Rate 7.38%

Capital calculation

Allocated equity/loan = 6.7%

Opportunity cost of equity = 12% (“hurdle rate”)

FTP Benefit = 6%

After tax capital charge = 0.067x (0.12 - 0.06) = 0.4%

Tax Rate (imputation-adjusted) = 0.108

Pre-tax capital charge = 0.4%/0.892 = 0.45%

Slide31 l.jpg

Balancing Risk and Return financial services providers, government & others…

The key is to find the right balance between

risk and return:

  • This is one of the key responsibilities of the Board and CEO

  • Fundamentally the taking and management of risk for a return is a business line function

  • The mission is to stay within the “expected” loss rate, which is built into business plans, pricing and margins

  • However, invariably businessmen, including bankers are on balance, optimistic…

  • Since uncertainty and business “fade” increases with time, higher discount rates are needed for future cash flows, and this rarely happens…

  • Therefore need for Board, CEO and Chief Risk Officer to maintain a balanced perspective

  • Supported by objective advice and control by professional risk managers

  • Governed by the Board, and its Risk Management and Audit Committees

Slide32 l.jpg

The Role of the Chief Risk Officer (CRO) financial services providers, government & others…

  • Understand the business!

  • Understand the risks:

    • Identification, assessment, measurement, mitigation/response, policy, monitoring, reporting…

  • Understand (and shape) the risk strategy and appetite of the organisation

  • Understand the needs of all stakeholders: Board, CEO, Executive Management, Regulators, Rating Agencies, Investors, Staff, Customers, Community

  • Ensure agreement re: expectations of the CRO role, and how risk management performance will be measured

  • CRO is “Chief Transparency Officer” – need to ensure “bad news travels” – high level of integrity required

Slide33 l.jpg

The Opportunity… financial services providers, government & others…

To create and position Risk Management in our organisations as a source of distinction and competitive advantage, underpinning sustainable performance and growth

Slide34 l.jpg

Agenda (II): Basel II financial services providers, government & others…

  • Basel II – What is it?

  • Impact of Basel I

  • Key Changes in Basel II

  • Implementation Challenges

  • Operational Risk Capital

  • Pillar 3

  • Home/Host Issues and Challenges

  • Basel II Implementation: Key Next Steps For India

  • Conclusion

Slide35 l.jpg

Basel II - what is it? financial services providers, government & others…

  • The method for determining the minimum amount of regulatory capital a bank should hold is set by the “Basel Committee”, a sub-committee of the Bank for International Settlements, and is known as the “Basel Capital Accord”, implemented in 1988.

  • A new framework has been developed over the past 6 years that is commonly known as Basel II. These new proposals are designed to replace the 1988 Accord with a more “risk sensitive” regulatory capital framework.

  • The key objective of Basel II is to improve stability of the global financial system by encouraging improved risk management practices and requiring banks to hold a level of capital which is commensurate with their risk profile.

Slide36 l.jpg

The 1988 Basel Accord – “Basel I” financial services providers, government & others…

  • Two main objectives lay behind the adoption of a single capital standard for internationally active banks:

    • To help strengthen the soundness and stability of the Banking system by encouraging banking organisations to boost their capital positions

    • By adopting a standard approach across banks in different countries it would act to reduce competitive inequalities

  • The structure was intended to:

    • Make regulatory capital more sensitive to risk profiles among banking organisations

    • Take off-balance sheet exposures into account when assessing capital adequacy

    • Lower the disincentives to hold liquid, low risk assets.

Slide37 l.jpg

The Impact of Basel I financial services providers, government & others…

  • The Basel Committee Study of 1999 into the impact of Basel I, suggests that:

  • Relatively weakly capitalised banks improved their capital ratios, and overall capital levels increased in most countries.

  • Bank regulatory capital pressures during cyclical downturns in the US and Japan may have limited bank lending in these periods and contributed to economic weakness in some sectors

  • Banks have learnt to exploit the broad-brush nature of the Basel I requirements – in particular the limited relationship between actual risk and the regulatory capital charge. For a number of banks this has started to undermine the meaningfulness of the requirements.

  • Mixed conclusions as to whether the uniform nature of the regulatory capital charge within asset class may induce banks to substitute towards riskier assets in the class – thus leading to a rise in the riskiness of the banks’ portfolios. (There are clearly other considerations that may influence this position eg. bank risk appetite, market disciplines, regulatory and rating agency influences etc.)

Slide38 l.jpg

Basel II: The Three Pillars financial services providers, government & others…

Basel II consists of three mutually reinforcing pillars:

Pillar 1: Minimum Capital Requirements

Pillar 1 provides the calculation methods that will be used to determine the minimum amount of regulatory capital a bank must hold in the three major types of risks a banking operation faces - credit risk, market risk and operational risk.

A menu of approaches is available to measure:

Credit Risk (Standardised, Foundation internal ratings based approach and Advanced internal ratings based approach - the latter two requiring the application of sophisticated and rigorous credit risk modelling capabilities)

Operational Risk (Basic Indicator, Standardised and Advanced measurement approaches). The requirement to hold regulatory capital for operational risk is a material new requirement.

Market Risk (Standardised and Internal models approach). This element is almost completely unchanged in the new framework following its overhaul in 1996.

Slide39 l.jpg

Basel II: The three Basel Pillars (cont.) financial services providers, government & others…

Pillar 2: The Supervisory Review Process

Pillar 2 requires regulators to ensure each bank has sound internal processes in place to assess the adequacy of its capital (based on a thorough evaluation of the risks), with the supervisor placing considerable emphasis on the effectiveness and robustness of a bank’s internal risk management capability.

Pillar 3: Market Discipline

Pillar 3 aims to bolster market discipline through enhanced disclosure of risk information to the market. More detail will be disclosed to the market on the types of loans a bank carries, the rate at which loans default and how well credit rating tools predict these defaults.

Market participants will have more information to better understand bank risk profiles and the adequacy of bank capital positions.

Slide40 l.jpg

The Basel II Approaches to Credit and Operational Risk Capital

Credit Risk Capital


Internal Rating Based (IRB) - Advanced

Internal Ratings Based (IRB) - Foundation

Allows application of internally developed rating systems (default probabilities) with greater recognition of physical collateral.

Minor modifications to the current (Basel I) Accord, allowing the use of external ratings and some collateral recognition.

Internally determined default probabilities, loss given default and exposure at default factors can be used, subject to very stringent criteria.

Operational Risk Capital

Basic Indicator Approach

Standardised Approach for Operational Risk

Advanced Measurement Approaches

A range of advanced capital assessment techniques will be allowed, subject to a set of stringent qualifying criteria.

A similar calculation based on a % of gross income using distribution factors across eight Basel-defined business lines.

A coarse calculation based upon a straight percentage (15%) of gross income.

Slide41 l.jpg

Key changes in Basel II Capital

  • The risk-weighting functions used to determine credit risk capital in the advanced approaches under Basel II provide a much more accurate measure of risk compared to the crude risk weights used in Basel I. However, concentration and diversification are not taken into account in the Pillar 1 formulae

  • Addresses the principal weaknesses of Basel I, in particular removing incentives to arbitrage the capital requirements through securitisation

  • Inclusion of a regulatory capital charge for operational risk

  • Advanced approaches require the embedding of risk management tools and systems in day-to-day bank management

  • Framework matches the entity in terms of its level of sophistication resulting in a more tailored approach commensurate with a bank’s risk profile

Key changes in basel ii cont l.jpg
Key changes in Basel II (cont.) Capital

  • Pillar 2 provides supervisors with a framework that enables a better understanding of the risks associated with a bank’s businesses – the new Accord places a far greater emphasis on assessing the appropriateness of internal risk management processes including risk management practices, governance frameworks, risk measurement philosophies and bank risk profiles.

  • Greater disclosure will help ensure banks maintain prudent lending standards and focus on improving and keeping pace with evolving risk management practices

  • While many of these changes are positive, “procyclicality” is an issue of material concern to many.

Slide43 l.jpg

Basel I Risk Weights versus Basel II Capital

Basel I

Basel II

Remainder eg Personal/ Corporates


















Risk Weights

Risk Weights

Risk weight sensitive to borrower’s credit risk





Increasing default risk

  • The blunt risk weights and capital attribution of Basel I have been considerably refined (using complex formulae) in the IRB approaches in Basel II

Slide44 l.jpg

Challenges faced by banks in implementing Basel II Capital

  • Basel II is far more complex than its predecessor – the current Basel Accord - and considerably more comprehensive in its coverage. Some of the key issues Banks and regulators are facing as part of its implementation are:

    • Rigorous credit rating tool validation requirements

    • Insufficient data in certain products or geographic segments to meet the long-run “through the economic cycle” needs of Basel II

    • Obtaining business buy-in to Basel II – are the benefits worth the cost?

    • Managing the change process

    • Board involvement and Risk Governance requirements

    • IT systems developments, enhancements and integration

    • Implementation challenges for the new operational risk framework

    • Pillar 3 reporting under Basel II

    • Inconsistent application of Basel II across jurisdictions

Slide45 l.jpg

Operational Risk Capital Capital

  • Regulatory Capital for Operational Risk:

  • Basel I (1988 - now)- zero

  • Basel II (2008 onwards) - substantial!

Slide46 l.jpg

Capital for Operational Risk: The Big Controversy! Capital

  • How much capital should be held for Operational Risk?

    • ~20%? (Basel CP2, January 2001)

    • ~12%? (Final Basel Accord, June 2004)

    • (Other?)

      * The magnitude of this shift illustrates the difficulty of the measurement challenge!

Slide47 l.jpg

Operational Risk: The Difficulty of Measurement Capital

  • In recent years, we have seen the first serious attempts to measure operational risk… the birth of a new discipline!

  • The industry has made great progress, but difficult questions remain:

    • What are the principal determinants of the level of Operational Risk?

    • What are the key differences between Operational, Credit and Market Risks? Which statistical methods used to measure Credit and Market Risk are applicable to Op Risk?

    • When is historical loss experience a reliable guide to Operational Risk in the future? More generally, how can Operational Risk measures be made forward-looking?

    • What is the role of historical information, including loss data?

Slide48 l.jpg

The Difficulty of Measurement (cont.) Capital

  • The industry has made great progress, but difficult questions remain:

    • When is external information (including loss data) relevant? How should it be used?

    • How should specific operational scenarios be incorporated in the measurement of Operational Risk?

    • What about “Key Risk Indicators”?

    • How can we incorporate an assessment of the quality of operational processes and internal controls into the Op. Risk measurement process? How important is this?

    • What is the role of Senior Executive judgment in the Operational Risk measurement process? Where is the “right” balance between quantitative and qualitative factors?

    • How can unexpected loss and capital be measured?

Slide49 l.jpg

The Difficulty of Measurement (cont.) Capital

  • A great deal of effort has been expended on these issues…

  • … and Basel II (AMA) is providing strong impetus to these efforts

  • However, there is as yet NO consensus about the answers to these questions…

“Let a thousand flowers bloom…”!!

Slide50 l.jpg

The Difficulty of Measurement (cont.) Capital

  • Key Question: What is the “right” way to measure Operational Risk?

    • How shall we recognise the answer to this question?

    • What criteria should we use?

  • A related question: How can Operational Risk measures be “validated”?(What does this mean, exactly?)

    • How do we satisfy Basel’s requirement for 99.9% confidence?

Slide51 l.jpg

Industry Approaches to Measuring Operational Risk Capital

  • Although “1,000 flowers are blooming”, there are 3 principle methods in use in leading banks today:

  • Loss Distribution Approach (statistical, based primarily upon historical loss data, akin to “VaR for Operational Risk”)

  • “Scorecard” or “Risk Drivers and Controls” Approaches(more qualitative, not based primarily on historical loss data - see Risk Magazine article, November 2000 + Risk Management seminar presentation: “Key Elements of an Effective Operational Risk Framework”, Amman, 7 March 2005)

  • Scenario-driven methods(employing expert business judgment)

  • Regardless of which method is chosen, to qualify for AMA accreditation under Basel II, a bank must clearly specify how its method makes use of the 4 required elements:

    • Internal data

    • External data

    • Quality control assessments

    • Scenarios

Slide52 l.jpg

Basel II: Pillar 3 requirements Capital

  • Pillar 3 imposes considerable reporting requirements on Banks seeking to use the advanced approaches – these are in addition to accounting standards (and listing rules)

  • The disclosure regime in Pillar 3 is tied to the sophistication of the capital approach adopted. Indeed, the use of more sophisticated approaches is conditional on making the required disclosures, which are quite voluminous and prescriptive in nature

  • In simple terms, the greater the reliance on internal models (as opposed to supervisor estimates), the more risk information that has to be disclosed

  • The principal intention of the disclosure requirements is to enable the market to better understand the risk profile of the bank, and to provide a basis for comparison of risk profiles between banks.

Example of what is required l.jpg
Example of what is required Capital

Table 6: Credit risk – disclosures for portfolios subject to IRB approaches

Requirements include:

  • Explanation and review of the:

    • Structure of internal rating systems and relation between internal and external ratings;

    • Use of internal estimates other than for IRB capital purposes;

    • Process for managing and recognising credit risk mitigation; and

    • Control mechanisms for the rating system including discussion of independence, accountability, and rating systems review.

  • Description of the internal ratings process (provided for five asset classes), including (for each class):

    • Types of exposures in the classes

    • Definitions, methods and data used for the estimation and validation of PD, LGD (and) EAD for Advanced IRB banks

  • Comparison of actual losses for the preceding period and how this differs from past experience and estimated losses.

Slide55 l.jpg

Home/Host issues: Basel’s perspective Capital

  • Closer cooperation between supervisors will assist in the the implementation efforts of both supervisors and banking groups and is essential in the effective implementation of Basel II.

  • This level of cooperation will differ across the various activities required in the new Accord, eg

    • Pillar 1 approval and validation of rating models and processes

    • Pillar 2 supervisory review processes and ongoing assessments to verify that banking groups are applying the new accord properly and that conditions for advanced approaches continue to be met.

  • Banks have an important role to play in assisting the effective cross-border implementation efforts of supervisors

  • The Basel Committee does not mandate a common approach across all jurisdictions, but a set of Principles for Home/Host supervision have been published to assist supervisors in their work in this area.

    • “We have to recognise that there will always be differences in interpretation and application which are inevitable and even desirable to accommodate the many differences among the world’s banking systems.”

  • Chair of Basel’s Accord Implementation Group, Nick Le Pan quote from “Global Risk Regulator” February 2003

  • Slide56 l.jpg

    Supervisory Challenges for Home/Host Supervision Capital

    • The Basel Committee principles for Home/Host supervision, while conceptually sound, fall short of providing workable solutions in practice

    • Regulatory Capacity: challenge of overcoming a shortage of appropriately skilled resources to be able to review banks’ level of compliance with the new Accord (esp. Pillar II) and administer the more advanced requirements of Basel II

    • Statutory and legal obstacles to closer cooperation amongst supervisors

    • Need to develop processes and techniques to allow regulators to collaborate effectively, particularly when international banking conglomerates cover multiple countries (eg Citigroup operates in over 100 countries)

    • Concerns have been expressed publicly by some regulators and banks that there is a potential for some national supervisors to be more conservative in their interpretation and application of the new Accord, whilst others may operate on a more lenient approach, creating unlevel playing fields across countries

    Slide57 l.jpg

    Bank Challenges for Home/Host Supervision Capital

    • Banks are concerned that having to accommodate differing supervisory implementation frameworks will result in an over burden of reporting regimes and repetitive review of their Basel II frameworks. While banks appreciate that in some jurisdictions the peculiarities of the banking system may require subtle differences in the application of Basel II, in the main there is considerable scope for consistency in the application of the Accord

    • International banks are faced with developing systems to cope with and run multiple reporting requirements:

      • Basel I

      • Basel II Standardised Approach

      • Basel II Foundation IRB

      • Basel II Advanced IRB

    • The development, testing, implementation and maintenance of parallel systems and processes to accommodate different regulatory approaches has the potential to result in a substantial diversion of risk resources and cost - away from the improved management of risk that Basel is designed to achieve

    Basel ii implementation key steps l.jpg
    Basel II Implementation: Key Steps Capital

    Effective dialogue between the industry and supervisor is essential for success!

    • Finalise choice of Pillar I options + Pillar II approach:

      • Decisions must be made re: national discretions within Standardised Approach for Credit Risk (understanding of approaches used in other emerging market countries and elsewhere within the region will assist)

      • Assess infrastructure requirements

      • Assess requirements for potential future availability of advanced approaches (IRB and AMA) and determine strategy and timeframes, as appropriate

      • Assess resource deficiencies, incl. industry and supervisory capacity

    • Establish/enhance effective dialogue between RBI and relevant foreign supervisors re: Home/Host issues & cross-border supervision

    • Consider Indian participation in international working groups, as appropriate:

      • Industry groups, e.g. IIF Committees

      • Supervisory working groups re: Basel II implementation

    Conclusion l.jpg
    Conclusion Capital

    • Risk Management and Basel II – Inextricably Linked!

    • The way forward for India?

    • Continue to deepen the collaborative dialogue between industry and regulators, to deepen shared understanding of the challenges and opportunities for strengthening risk management capability in Indian banks

    • Acceptance of pragmatic solutions to the challenges of Basel II implementation

      • Work to ensure that bureaucracy and costs are minimised, & business benefits maximised

    • The main goal is improved risk management, not regulatory compliance!

    • This is a journey that will take some time… begin as soon as possible!