Professional Documents
Culture Documents
Basel II Overview
Table of Contents
Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities
Basel II Overview
Risk Based Capital Standards: Advanced Capital Adequacy Framework - Basel II; Final Rule (Effective Date:
April 8, 2008) Basel II is a highly complex set of guidelines and regulations related to measurement, management and monitoring of capital Promotes more sophisticated capital framework intended to accommodate the banking industry's risk diversity. Closely aligns regulatory capital requirements with the industrys risk measurement & management practices and more comprehensive view of banks risks through inclusion of operational risk. More flexible and risk-sensitive capital requirements. Better and more integrated risk and capital management practices and more formalized risk management programs.
Basel II Overview
Objectives of Basel II
To align the bank regulatory capital measurement framework with sound contemporary practices in economic capital allocation, promote improvements in risk management, and enhance financial stability
Rudimentary Rudimentary risk-based risk-based regulatory capital regulatory capital (Basel I) (Basel I)
Enhanced Enhanced Risk-based Risk-based regulatory capital regulatory capital (Basel II) (Basel II)
Economic Capital Economic Capital Stimulate convergence of regulatory driven risk management towards economic driven risk management
Basel II Overview
Basel II Framework Summary of the Three Pillars
Designed to align the bank regulatory capital measurement framework with sound contemporary practices in economic capital allocation, promote improvements in risk management, and enhance financial stability
Basel II Overview
Table of Contents
Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities
Basel II Overview
Pillar 1 Minimum Capital Requirements
Basel II Pillar 1 requires all banks subject to the Final Rule to calculate capital requirements for exposure to Credit Risk and Operational Risk. Capital requirements for market risk remain largely unchanged. It sets forth:
Basel II Overview
Table of Contents
Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities
Basel II Overview
Pillar I Wholesale Credit Risk
Basel II Credit Risk Measurement Approaches
Standard Internal Ratings Based (IRB) IRB Foundation IRB Advanced
Basel II Overview
Pillar I Wholesale Credit Risk
Exposures
Under the A-IRB approach, banks will assign risk These parameters will then be used for the determination IRB will require a rigorous framework of advanced credit
risk quantification, data maintenance, control and oversight mechanisms that is characterized by independence, transparency, and accountability.
Basel II Overview
Pillar I Wholesale Credit Risk - Corporate and Sovereign
Exposures
Qualifying banks will be expected to have an A-IRB system consisting of five interdependent
components for Corporate/Sovereign exposures:
1. 2. 3. 4. 5.
A system that assigns ratings to individual wholesale obligors and exposures. A quantification system that translates risk ratings into IRB parameters that are used as inputs to the IRB risk-based capital formula PD, LGD, EAD and Maturity. A data maintenance system that supports the A-IRB system. Oversight and control mechanisms that ensure that the A-IRB system is functioning effectively and producing accurate ratings. An ongoing process that validates the accuracy of the rating assignments, segmentations, and risk parameters.
The regulators will expect that corporate credit rating systems operate dynamically.
As ratings are assigned, quantified and used, estimates will be compared with actual results (back-testing) Data will need to be maintained to support oversight and validation efforts and to better inform future estimates
The Rating System Review and Internal Audit functions will serve as control mechanisms that
ensure the process of ratings assignment and quantification function according to policy and design and that noncompliance is identified and reported.
Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameters & Requirements
Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameters
Expected Loss = PD x (LGD RC) x EAD RC represents realizable collateral Maturity (M) is used in calculating Risk Weighted assets
These parameters are used for all types of credit risk exposures
Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameters & Calculation
EL Paramete rs and Data EL Modeling Capital Calculatio ns
Nominal PD LGD
U.S. mandatory banks must use advanced Internal Ratings Based (IRB)
Expected Loss
$2m
$0.018m
$0.008m
Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameters & Calculation
EL Parameter s and Data EL Modeling Capital Calculation s
PD Estimation LGD Estimation and/or Exposure Assessment Maturity Consideration Bank Passes Approval Process
PD
Own estimations connected with Internal Rating Systems
LGD
Own estimations if certain criteria are met
EAD
Own estimations if certain criteria are met
Maturity M
Recognition obligatory (max. five years)
Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameter: Probability of
Default (PD)
EL Parameter s and Data EL Modeling Capital Calculation s
RISK LEVEL Minimal Modest Average Acceptable Acceptable with Care Management Attention Special Mention Substandard Doubtful Loss
PD (bp) 01 24 510 1150 51200 2011,000 1000 Interest Suspense Provision Default/Loss
Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameter:
by Grade
EL Parameter s and Data EL Modeling Capital Calculation s
Probability of Default
Note how the differences between the grades increases, the worse the ratings
Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameter: Data Requirements
EL Parameter s and Data EL Modeling Capital Calculation s
Historical loss database estimate LGD (7 years) Historical exposure database estimate EAD (7 years) Full risk data warehouse Rating data Data on default events Historical data (timelines) estimate PDs (5 years) Collateral data
Note: Basel II measures capital requirements at the facility level
Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameter:
Loss Given Default/ Recovery Rates
EL Parameter s and Data EL Modeling Capital Calculation s
Facility Grades -
Borrower has one PD, but different facility grades Facility grades based on LGD
Example: One borrower, 2 facilities: a secured wholesale mortgage on a factory and an unsecured overdraft. The property mortgage would have a lower EL because the LGD would be lower due to the value in the property whereas there is no security supporting the unsecured overdraft.
Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameter:
Recovery Rates
EL Parameter s and Data EL Modeling Capital Calculation s
Examples of S & P
Seniority Class
Mean
Standard Deviation %
Senior Secured Debt Senior Unsecured Debt Senior Subordinated Debt Subordinated Debt Junior Subordinated Debt
Basel II Overview
Pillar I Wholesale Credit Risk - Challenges
Challenge due to multiple platforms (M&A, etc) Organizational Changes overtime New products and changes to existing products Changes in the rating scheme over time Potential differences in definition of credit default between Basel II and the bank
The Goldilocks solution: do not use models slavishly (All models are wrong; some are useful) Nor ignore or continually override them
Where senior executives understand the quantitative and qualitative requirements of Basel (required under Pillar II)
In line with the more sensitive risk-based capital requirements from Basel II
Basel II Overview
Pillar I Wholesale Credit Risk - Quantification and Risk Management
Quantification is central element of approach to credit risk management. However, as recent events have shown that effective management of credit risk requires a holistic approach including non-quantitative elements such as management oversight and qualitative judgment.
Senior managements responsibilities include: Reviewing portfolios risk profile, changing portfolio trends, risk parameter accuracy, economic and regulatory capital, and stress testing results Confirming activities conducted across multiple legal entities meet the following criteria: Products managed centrally using consistent policy Segments have homogeneous risk characteristics Exposure outside U.S. not grouped with domestic exposures Validation and back-testing activities for each entity are accurate Independent risk management function provides oversight of lending activities Responsible for setting credit policies Ensuring credit standards are followed Effective and independent loan review function
Internal Audit function must be independent of business-line management and must at least annually assesses the effectiveness of the controls supporting the banks advanced systems and reports its findings to the banks board of directors (or a committee thereof). The full board or a designated committee of the board: Must have access to high-level reports summarizing the performance of the credit risk system Is responsible for reviewing and approving key elements of the IRB system
Basel II Overview
Pillar I Wholesale Credit Risk - Quantification and Risk Management
Establishment of quality controls and confirmation that lending activities follow
established policies
Basel II Overview
Pillar I Wholesale Credit Risk - Regulatory Expectations
US Regulators have stated that they will focus on the following issues during their quantification reviews:
classification purposes What type of data exists describing the reference credit event?
This is the reference data set Includes a balance of internal and external data
How is the data being used to estimate a loss? Mapping describes the credit portfolio risk in terms of these characteristics - this is where banks are weak Estimated relationship is applied to the portfolio using mapping to produce IRB parameters Capital for the portfolio is computed using these parameters
The draft IRB supervisory guidance is built around this process, and the gaps and plans should clearly address these areas specifically:
The quantification process is no stronger than the weakest part of the process noted above Institutions are expected to perform an annual review, to ensure that the process is logical LGD and EAD are linear, but the effects from slight differences in PD can result in significant differences in capital. Institutions will need to indicate that they have reviewed the quality of the PD calculation process Retail segmentation should be clearly defined and may not be the same as segments created for other
Basel II Overview
Table of Contents
Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities
Basel II Overview
Pillar I Retail Credit - What is Included? Individual consumer or small business exposures Similar types of loans are grouped into pools Risk Assessment at the loan pool or segment level Segment risk aggregated to portfolio level Securitized assets also evaluated
Basel II Overview
Pillar I Retail Credit Requirements
Credit Card
Small Business
Basel II Overview
Pillar I Retail Credit - Retail Portfolio Segmentation
Residential Mortgages
Segment 1
Segment 2
Segment 3
Segment 4
QRE's
Segment 1
Segment 2
Segment 3
Segment 4
segmentation Defaulted assets segmented separately Guarantees recognized and included Schemes validated on ongoing basis Documentation required for:
Segment 1
Segment 2
Segment 3
Segment 4
Basel II Overview
Pillar I Retail Credit: Quantification Under Loan Sale or Securitization
Identify detailed risk characteristics Long-run performance data available Construct appropriate reference data sets
Basel II Overview
Pillar I Retail Credit: Advanced IRB Data Requirement Guideline
Storage
Reports
Basel II Overview
Pillar I Retail Credit: Data Management Policy
Data Architecture
Format of stored data allows timely retrieval Unified management systems
Data Gaps
Use of internal/external reference data
Basel II Overview
Pillar I Retail Credit: Retail Credit Risk Quantification
Core banks must follow advanced IRB guidelines Compute own risk parameters from internal/external data Consider PD, LGD, and EAD Three asset categories estimated separately Unique asset correlation (r)
Asset Category Residential Mortgage Qualifying Revolving Exposures Other Retail r =0.15 r =0.04 r =0.03 plus/minus an adjustment Correlation
Basel II Overview
Pillar I Retail Credit: Proposed Retail Credit Validation Process
Step 1 Review Data Maintenance Practice Step 2 Review Asset Categorization Step 3 Review Segmentation Process Step 4 Review Risk Parameters Quantification Process Step 5 Review Control and Governance Mechanism
Apply specialist knowledge and experience Benchmark against leading practice and regulatory requirements
Assessment and analysis of validation for end-to-end process Practical recommendations for improvement that reflect Basel II requirements
Basel II Overview
Pillar I Retail Credit: Challenges
Data integrity and the availability of historical data Ensuring models developed are used appropriately (Bulletin OCC
2000-16):
Developing the right corporate culture Instilling corporate discipline to price assets properly Setting consistent asset categorization and segmentation criteria
Basel II Overview
Table of Contents
Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities
Basel II Overview
Pillar I Securitization: Quantification One of the regulatory arbitrage opportunities the global regulatory community wanted to remove was the distinction between economic and regulatory breaks with the current securitization framework. With large banks bringing Structured Investment Vehicles (SIVs) onto their balance sheet (e.g. Citibank) and the resulting losses, we understand why. As a result the capital treatment is harsh (e.g. deductions of first loss from capital).
Basel II Overview
Pillar I Securitization: Quantification
Basel I Type of Exposure Generall y First loss Unfunde d < one year Risk Weight 100 % Deduct 0% Standardized banks
Risk weights based on rating of position. If exposure unrated, then deduct from capital except in case of: Most senior exposure (look-through to average risk weight of pool) Second loss position or better (lookthrough to higher of 100% and highest risk weight of pool) Liquidity facilities (credit conversion factors depending on type and length of liquidity commitment)
Basel II Overview
Pillar I Securitization: Quantification Capital Charges
Options
IRB bank must calculate capital on basis of: 1. External ratings pursuant to ratings based approach (RBA) 2. Inputs into supervisory formula (SF) approach 3. Internal assessments approach (IAA) Cap: If IRB would require more capital for securitization exposure than had the position not been securitized, bank may use IRB capital requirement for underlying exposures
Hierarchy
Under Credit Risk A-IRB, a bank must use ratings based approach (RBA) to calculate capital if external rating or inferred rating available Where RBA not available, bank may use SF or IAA if available Where neither RBA nor SF or IAA are available, bank may use lookthrough approach, otherwise, the position must be deducted
Source:
Text
Basel II Overview
Table of Contents
Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities
Basel II Overview Pillar I Operational Risk AMA: Why Is Operational Risk Important?
Significant Losses
Billions of $ lost to operational loss events Common causes include:
Weaknesses in business practices lack of ownership of risk inadequate reporting of risk absence of methodologies need for improvement in controls
Regulatory Pressures
Regulators, risk-based approach to supervision Corporate governance and SarbanesOxley Basel Committee, capital adequacy framework Globalization resulting in increased international exposure
Changing Environment
Infrastructure and technology Speed of new products to and exit from market Greater distribution of control responsibility Cost and expense base pressures
Basel II Overview
Pillar I Operational Risk AMA: Quantification Options
Measurement Options
Basic Indicator Standardized Advanced Measurement (AMA)
Qualifying Criteria
Data Requirements/Complexity
Basel II Overview
Pillar I Operational Risk AMA: What Is Operational Risk?
The Basel II Accord definition of operational risk is:
The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The definition includes legal risk, but excludes strategic or reputational.
The
New Basel Capital Accord April 2003: Basel Committee on Banking Supervision
nclude Operational Risk in Pillar I? tial operational risks are significant and rising due to reliance on technology, people and processes tional risk has been a major contributor to depletion of capital and failure of banks operational risk is included as an explicit component of the firm-wide risk management system and economic al allocation process
Basel II Overview
Pillar I - Operational Risk AMA: U.S. Approach
Basic Indicator
Standardized
Advanced Measurement
senior management involvement management function management system of charge per eight business lines calculated as a fixed % of Annual Gross Income (12%, 15%, or 18%
- again averaged over the most recent 3 years)
Standardized, plus: Risk management and measurement Risk management and measurement process review Quantitative standards Capital charge = a banks internal Operational Risk measurements system of calculation
Basel II Overview
Pillar I Operational Risk AMA - Risk Management Assessment
Integrated Operational Risk Management
People Processes
Operational Risk Management (ORM) Encompasses all processes shown here Integrated management of ORM involves: - Consistent methodology for risk identification, risk assessment and Risk measurement - A process to develop And report risk indicators - A process to aggregate risk across all these functions to have a holistic view of Operational Risk across the Bank Risk quantification/ OR losses policy for Basel II should cover covers all these areas
SOX
Business continuit y
Privacy & Information Security Change Risk Management Documentation / Records Mgmt Event/Issu e Mgmt
Systems
External Events
Overview of Basel II
Pillar I - Operational Risk AMA: Core Components and Associated Considerations
Four AMA Components:
Other Considerations:
4.Scenario Analysis
3.Definitions, Linkages, and 4.Risk & Control Self-Assessments 5.Key Risk Indicators (KRIs) 6.Mitigation 7.Capital Modeling 8.Reporting 9.Information & Technology
Basel II Overview
Pillar I Operational Risk AMA: Core Component - Internal Loss Data
Operational loss event means an event that results in loss and is associated
with any of the seven operational loss event type categories
Basel II Overview
Pillar I Operational Risk AMA: Core Component - Internal Loss Data
Bank must track internal loss data according to following criteria:
Must have written policies and procedures related to collection of losses that will be used
consistently across a bank.
Must collect the loss data using Basel II defined loss event categories as well as Basel II defined
business lines shown on next slide.
(A bank is not required to organize the company along Basel II business lines nor it is required report its operational losses along Basel II loss event categories. However, it must be able to map its own business lines and loss event categories to supervisory definitions per the Final Rule).
Must have documented procedure for assessing the on-going relevance of historical loss data. Must be comprehensive and complete. Must have documented justification for any excluded
activities, losses, or business line. support functions.
Must have documented criteria with supporting rationale to show allocation of losses from Must have documented criteria with supporting rationale to show allocation of losses from a
single loss event to multiple business units.
Basel II Overview
Pillar I Operational Risk AMA: Core Component - Internal Loss Data: Boundary Losses
A banks must treat operational losses that are related to market risk
as operational losses for purposes of calculating risk-based capital requirements under this final rule. For example, losses incurred from a failure of bank personnel to properly execute a stop loss order, from trading fraud, or from a bank selling a security when a purchase was intended, must be treated as operational losses.
Under the proposed rule, banks would treat losses that are related to
both operational risk and credit risk as credit losses for purposes of calculating risk-based capital requirements. However, a bank must include credit risk boundary losses in its operational risk loss data base to understand and perform root cause analysis and implement steps to reduce such losses.
Basel II Overview
Pillar I Operational Risk AMA: Core Component - Internal Loss Data: Comprehensiveness
The internal loss database must include all business lines, geographic locations, and bank activities. A bank should also collect near miss events into its database. However, it is a challenge to define a near miss
event and collect it consistently across the entire company.
AMA data maintenance requires significant up-front investment & far reaching enterprise-wide process changes To use internal estimates for regulatory capital, banks must:
Collect & analyze essential OpR loss data inputs consistently Perform front end validation & back testing Make ongoing refinements to the AMA data capture system Maintain data over long timeframes
Systems to fully implement AMA do not exist today at most banks Mergers & acquisitions will need to be integrated
Basel II Overview
Pillar I Operational Risk AMA: Core Component - Internal Loss Data
Seven Level I Loss Event Categories
Eight Basel II Defined Business Lines*
1. Corporate Finance 2. Trading & Sales 3. Wholesale Banking 4. Retail Banking 5. Payment & Settlement 6. Agency Services 7. Asset Management 8. Retail Brokerage 9. Other / Corporate
(* Support functions such as HR, Finance, etc. are allocated to business lines for the purpose of capital calculation.)
Basel II Overview
Pillar I - Operational Risk AMA: Core Component - External Loss Data
The final rules define external operational loss event data for a bank as gross operational loss amounts, dates, recoveries, and relevant causal information for operational loss events occurring at organizations other than the bank.
A bank must establish a systematic process to determine its methodologies for incorporating
external operational loss event data into its operational risk data and assessment systems.
Basel II Overview
Pillar I - Operational Risk AMA: Core Element - Scenario Analysis
A bank must have a systematic process for determining its methodologies for
incorporating scenario analysis into its operational risk data and assessment systems.
It is especially relevant for business lines or operational loss event types where internal
data, external data, and assessments of the business environment and internal control factors do not provide a sufficiently robust estimate of the banks exposure to operational risk events with high severity.
Scenario analysis should draw upon knowledge and experience of business managers as
well as risk experts.
Basel II Overview
Pillar I - Operational Risk AMA: Core Components
incorporate forward-looking elements into its operational risk data and assessment systems.
Internal and external operational loss event data provide a historical perspective on operational risk. It is also important that a bank
Risk and Control Self Assessment (RCSA) / Business Environment & Internal Control Factors (BE&CIF)
A bank must incorporate business environment and internal control factors into its operational risk data and assessment systems to
assess fully its exposure to operational risk.
A bank must prepare a composite Operational Risk Profiles. Based on the composite risk profile, a qualitative adjustment factor is calculated to adjust capital exposure calculated based on
internal and external loss data.
Process and outcome should be periodically validated through comparison to actual internal loss experience (known as backtesting).
Basel II Overview
Pillar I - Operational Risk AMA: Core Components - Risk Quantification and Capital Modeling
U.S. banks are given significant flexibility in operational risk model design. A bank must have an operational risk
quantification system that generates estimates of its operational risk exposure using its operational risk data and assessment systems.
The final rule defines operational risk exposure as the 99.9th percentile of the distribution of potential aggregate
operational losses, as generated by the banks operational risk quantification system over a one-year horizon (and not incorporating eligible operational risk offsets or qualifying operational risk mitigants).
The banks analytical framework must use the combination of internal operational loss data, relevant external data,
business environment and control assessments, and scenario analysis.
The capital requirement is sum of EL and UL unless the institution can demonstrate, consistent with supervisory
standards, the EL offset. The mean of such a total loss distribution is the banks EOL. The final rule defines EOL as the expected value of the distribution of potential aggregate operational losses, as generated by the banks operational risk quantification system using a one year horizon.
The banks UOL is the difference between the banks operational risk exposure and the banks EOL. Risk mitigation for operational risk, via insurance, subject to regulatory approval. Banks measurement approach must meet both qualitative and quantitative standards. Expectation is that the
approach will be granular Need as many data points as possible in order to increase statistical precision Fewer data points will lead to more focus on qualitative processes
Pillar I - Operational Risk AMA Core Components - Risk Quantification and Capital Modeling
Banks have considerable flexibility in developing operational risk management, data and assessment, and
quantification processes that are appropriate for the nature of their activities, business environment, and internal controls.
Banks are expected to uniquely tailor the framework to its organizational structure and culture. A banks operational risk capital charge will be an internally generated measure using the banks own operational
risk measurement systems
Key elements that must be incorporated into an AMA measurement system are:
Internal Loss Data External Loss Data Scenario Analysis Business Environment and Internal Control Factors
A bank may develop and use Key Risk Indicators (KRIs) to:
Monitor its operational risk Support its risk assessment process Provide additional information for its operational risk capital model
Basel II Overview
Pillar I - Operational Risk AMA: Core Components - Risk Quantification and Capital Modeling
Economic Capital Calculatio n
Scenario Analysis
Risks, Controls, KRIs, Mitigants, Severity, Frequency
KRIs
Basel II Overview
Pillar I - Operational Risk AMA: Core Components - Risk Quantification and Capital Modeling
Basel II Overview
Pillar I - Operational Risk AMA: Core Components of an Operational Risk Framework
Identification
Assessment
REPORTING
Loss Data
BUILDING BLOCKS
Monitoring
Mitigation
Reporting
INFORMATION TECHNOLOGY
Management
Basel II Overview
Table of Contents
Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities
Basel II Overview
Pillar II Supervisory Review and Internal Capital Adequacy Assessment Process (ICAAP)
Close link required between Pillar I regulatory parameters and parameters used in risk management framework
Basel II Overview
Pillar II Supervisory Review and Internal Capital Adequacy Assessment Process (ICAAP): Risk Types Beyond Pillar I
Counterparty risks
Operational risks
Business risk
Concentration risks
Basel II Overview
Pillar II Supervisory Review and Internal Capital Adequacy Assessment Process (ICAAP): Role of Supervisors Pillar 2 Main Goals
Bridge gap between capital requirement and remaining risks Risk management enhancement Regulator assessment
Basel II Overview
Pillar II Supervisory Review and Internal Capital Adequacy Assessment Process (ICAAP): Capital Planning Process (ICCAP)
Basel II Overview
Pillar II Supervisory Review and Internal Capital Adequacy Assessment Process (ICAAP): Open Questions for Implementation
and Qualification How will the supervisor provide necessary resources and how will costs be covered? Will principles be applied across the board?
Basel II Overview
Table of Contents
Basel II Overview
Pillar III Disclosure: Market Discipline
Goals
Higher transparency of business and risk structures Strengthened risk management and internal control systems
Consequences
Investors distinguish between well and badly managed banks Well managed banks benefit from better market conditions Badly managed banks penalized by the market
Basel II Overview
Pillar III Disclosure: Basic Considerations
Frequency Base Case: (6 mo) Qualitative and stable information (12 mo) Quantitative and volatile information (3 mo) Banks with low risk profile (12 mo)
Confidentiality Restricted Disclosure No detailed information required to public Full set of information to regulatory body Large degree of national discretion
Materiality Materiality definition dependent on information disclosed Dialogue with accounting bodies necessary
Basel II Overview
Pillar III Disclosure: Scope of Disclosure
Subject of Disclosure Scope of application Capital Details Group of consolidation Structure Adequacy Risk positions and risk assessment Credit risk Market risk Operational risk Interest rate risk in the banking book
Basel II Overview
Table of Contents
What is Basel II Pillar I Minimum Capital Requirements Pillar I Wholesale Credit Risk Pillar I Retail Credit Pillar I - Securitization Pillar I Operational Risk Pillar II Supervisory Review and Internal Capital
Adequacy Assessment Process (ICAAP)
Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities
Basel II Overview
Qualification Process: Regulatory Expectations
1. Written Basel II Implementation Plan Mandatory U.S. banks must adopt a written Basel II implementation plan
no later than 6 months after the effective date of Final Rule. The plan must incorporate an explicit first floor period start date no later then 36 months after the effective date of the Final Rule The banks implementation plan must address in detail how the bank complies, or intends to comply, with the qualification requirements (including data, models, systems, resources) The bank also must maintain a comprehensive and sound planning and governance process to oversee the implementation efforts. At a minimum, the Basel II implementation plan must:
Comprehensively address the qualification requirements for the bank and each consolidated subsidiary (U.S. and foreign-based) of the bank with respect to all portfolios and exposures of the bank and each of its consolidated subsidiaries
Basel II Overview
Qualification Process: Regulatory Expectations
1.
Written Basel II Implementation Plan (continued)
(continued)
Justify and support any proposed temporary or permanent exclusion of immaterial business
lines, portfolios or exposures from application of the advanced approaches
Include the banks self-assessment of its current status in meeting the qualification
requirements; and the consistency of its current practices with the supervisory guidance for the advanced approaches
Based on the self-assessment, the bank must identify areas in which it needs to undertake
additional work to comply with the qualification requirements (gap analysis)
Describe the specific actions the bank will take to address the areas identified in the gap
analysis
Identify objective, measurable milestones, including delivery dates and the date when the
banks implementation of the methodologies will be fully operational
Describe resources that have been budgeted and are available to implement the plan Receive Board of Directors approval
Basel II Overview
Qualification Process: Regulatory Expectations
2.
Parallel Run
(continued)
Before determining its risk-based capital requirements under the advanced methodologies, the bank must conduct a successful parallel run. A satisfactory parallel run is a period of no less than 4 consecutive calendar quarters during which the bank complies with all of the qualification requirements to the satisfaction of its primary U.S. supervisor
Comprehensively address the qualification requirements for the bank and each consolidated subsidiary (U.S. and foreign-based) of the bank with respect to all portfolios and exposures of the bank and each of its consolidated subsidiaries
2. 2.
The bank must have an adequate process to ensure ongoing compliance with the qualification requirements 1st floor year 95% transitional floor percentage 2nd floor year 90% transitional floor percentage 3rd floor year 85% transitional floor percentage
Basel II Overview
Qualification Process: Regulatory Expectations
5.
Supervisory Review Process (Pillar 2)
(continued)
U.S. Regulators must perform a more comprehensive assessment of capital adequacy that considers risk specific to the bank, conducting analyses that go beyond minimum regulatory capital requirements Each bank applying the U.S. advanced framework must have appropriate risk measurement and management processes and systems that meet the rules qualification requirements The bank must have a rigorous internal process, the ICAAP, for assessing its overall capital adequacy in relation to its risk profile and a comprehensive strategy for maintaining an appropriate level of capital The fundamental objectives of a sound ICAAP are:
Identifying and measuring all material risks (including credit, market, operational, interest rate, liquidity, reputational, strategic, country and concentration risks) Setting and assessing internal capital adequacy goals that relate directly to risk Ensuring the integrity of internal capital adequacy assessments
Basel II Overview
Qualification Process: Comparison of EU and US Basel II Implementation Timelines
Basel Accord Implementation Timeline U.S. Basel II Implementation Timeline *
From YE 2006: First Possible Year for Parallel Calculation and Impact Studies on Advanced Approaches; and Standardized and Foundation approaches to be implemented From YE 2007: Second Parallel Calculation Year for Advanced Approaches From YE 2008: First Possible Year for Implementation of Advanced Apporaches -- Transitional Floor of 90%. From YE 2009: Second Possible Year for Implementation of Advanced Approaches -- Transitional Floor of 80%.
27 March 2007: Comments Due on Basel II NPR and Basel IA NPR 29 May 2007: Comments Due on Proposed Supervisory Guidance for Advanced Approaches and Pillar 2 01 January 2008: First Possible Year for Parallel Run of Basel II Advanced Approaches 01 January 2009: First Possible Year for 1st Transitional Floor of 95% 01 January 2010: First Possible Year for 2nd Transitional Floor of 90% 01 January 2011: First Possible Year for 3rd Transitional Floor of 85%. July 2009: Enhanced guidance on Basel II
2009
Basel II Overview
Table of Contents
What is Basel II Pillar I Minimum Capital Requirements Pillar I Wholesale Credit Risk Pillar I Retail Credit Pillar I - Securitization Pillar I Operational Risk Pillar II Supervisory Review and Internal
Capital Adequacy Assessment Process (ICAAP)
Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities
Basel II Overview
Board and Internal Audit Responsibilities
Governance
According to The Final Rule (Part III, Section 22(j)(5) a bank must have an Internal Audit function that is independent of businessline management and at least annually assesses the effectiveness of the controls supporting the banks advanced systems and reports its findings to the banks board of directors (or a committee thereof).
Basel II Overview
Board and Internal Audit Responsibilities
Credit IRB
controls supporting the IRB system and report its findings to the board of directors (or a committee thereof).
Further, Internal Audit should evaluate the depth, scope, and quality
of the independent review processes and conduct appropriate testing to ensure that the conclusions of these reviews are well founded.
Basel II Overview
Board and Internal Audit Responsibilities
Credit IRB (continued)
Basel II Overview
Board and Internal Audit Responsibilities
Operational Risk
The banks validation process must be independent of the AMA Systems development, implementation, and operation, or the validation process must be subject to an independent review of its adequacy and effectiveness.
Banks may use independent and qualified internal (for example, Internal
Audit, and quality assurance) or external parties to perform verification and validation. The verification and validation functions should annually assess and report to the board of directors on the adequacy of the overall AMA System. accuracy and integrity of the AMA System, control elements, as well as the scope and effectiveness of operational risk reporting. The verification and validation functions should also review reporting processes to ensure the timeliness, accuracy, and comprehensiveness of operational risk reporting systems, both at the firm-wide and the line of business levels.
Basel II Overview
Board and Internal Audit Responsibilities
Operational Risk (continued)
Other areas of assessment include, but are not limited to: - Organizational structure, governance, and oversight; - Internal and external data sources, collection processes, and
repositories;
Scenario analysis; Reporting and MIS; Business environment and internal control factor assessments
measure, monitor, and control operational risk, and to accurately compute the banks operational risk component of the banks risk-based capital requirement. The board of directors must at least annually evaluate the effectiveness of, and approve, the banks AMA System, including the strength of the banks control infrastructure. (Note: this requirement underscores the role and responsibility of Internal Audit)
Basel II Overview
Board and Internal Audit Responsibilities
Operational Risk (continued) The board of directors and management should ensure that the banks operational risk management, data and assessment, and quantification processes are appropriately integrated into the banks existing risk management and decisionmaking processes and that there are adequate resources to support these processes throughout the bank.
- Internal Audits annual review of the effectiveness of operational risk - The results of the validation functions testing of model results and
assessment of quantification processes ICAAP
controls and the independent verification functions annual assessment of the adequacy of the overall operational risk framework, and
Additionally, internal audit should play a key role in the controls and governance surrounding an ICAAP on an ongoing basis.
Basel II Overview
Summary of Internal Audits Responsibilities for Basel II Implementation
Ensure Appropriate Audit Program & Structure Testing & Verifying Accuracy & Appropriateness of Risk Management Framework Data Inputs & Economic Capital allocation Support Board of Directors Oversight
Basel II requires more of a Internal Audit must Internal Audit (*) must Internal Audit must continuous audit approach independently test & independently test & validate summarize its findings & aligned with risk areas verify: the data collection & economic regularly report to Board or and categories Key risk management capital allocation its delegated committee Effective Internal Audit processes & systems methodologies, including: regarding both qualitative & data gathering, systems & for credit risk, Data feeds & processes quantitative Basel II factors, reporting processes operational risk, associated with credit risk, including: Testing & model validation market risk; and operational risk, market risk; Internal audit validation capabilities securitization: and securitization exposures work Appropriate allocation of Sufficient & qualified audit Adherence to policies Adjustments to staff resources, & procedures managements empirical resources considering banks Quarterly Reporting credit and operational risk Regularly verify adequacy business lines / risk profile requirements estimates of internal control system Succession planning, Accuracy of Periodic certification of & risk governance turnover & continuity disclosures under credit, operational and processes issues Pillar 3 market risk models and their Internal Audit also must Independence & access assumptions alert Board to identified to Board Data integrity and risk issues that may comprehensiveness impact the bank horizontally, across all units
(*) Or technically competent individuals who are independent of the development, implementation, or operation of the model
should perform validation. These individuals may or may not be a part of the internal audit function. If validation is done by internal audit, staff performing the validation of bank models should not participate in the verification of the validation process.