You are on page 1of 83

Basel II Overview

Basel II Overview
Table of Contents

What is Basel II Pillar I Minimum Capital Requirements



Pillar Pillar Pillar Pillar I I I I Wholesale Credit Risk Retail Credit - Securitization Operational Risk

Pillar II Supervisory Review and Internal Capital


Adequacy Assessment Process (ICAAP)

Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities

Basel II Overview

What Is Basel II in the US

Risk Based Capital Standards: Advanced Capital Adequacy Framework - Basel II; Final Rule (Effective Date:
April 8, 2008) Basel II is a highly complex set of guidelines and regulations related to measurement, management and monitoring of capital Promotes more sophisticated capital framework intended to accommodate the banking industry's risk diversity. Closely aligns regulatory capital requirements with the industrys risk measurement & management practices and more comprehensive view of banks risks through inclusion of operational risk. More flexible and risk-sensitive capital requirements. Better and more integrated risk and capital management practices and more formalized risk management programs.

Basel II Overview
Objectives of Basel II
To align the bank regulatory capital measurement framework with sound contemporary practices in economic capital allocation, promote improvements in risk management, and enhance financial stability

Rudimentary Rudimentary risk-based risk-based regulatory capital regulatory capital (Basel I) (Basel I)

Enhanced Enhanced Risk-based Risk-based regulatory capital regulatory capital (Basel II) (Basel II)

Economic Capital Economic Capital Stimulate convergence of regulatory driven risk management towards economic driven risk management

Risk Management Risk Management

Basel II Overview
Basel II Framework Summary of the Three Pillars

Designed to align the bank regulatory capital measurement framework with sound contemporary practices in economic capital allocation, promote improvements in risk management, and enhance financial stability

Basel IIs Three Pillars


Pillar I: Minimum Capital Requirements Calculation of Risk Measures to Determine Requirements Pillar II: Supervisory Review Internal Control Structure, Processes, and Methods Pillar III: Market Discipline Increased Risk Disclosure For U.S. banks, adoption of Advanced Credit IRB and Operational Risk AMA required Focus on Adequacy of Governance Process and Other Risks: Liquidity, IRR Concentrations etc Disclosure requirements depending on yet-to-be-developed guidance and market demands

Basel II Overview
Table of Contents

What is Basel II Pillar I Minimum Capital Requirements



Pillar Pillar Pillar Pillar I I I I Wholesale Credit Risk Retail Credit - Securitization Operational Risk

Review Pillar II Supervisory(ICAAP) and Internal Capital Adequacy Assessment Process

Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities

Basel II Overview
Pillar 1 Minimum Capital Requirements

Basel II Pillar 1 requires all banks subject to the Final Rule to calculate capital requirements for exposure to Credit Risk and Operational Risk. Capital requirements for market risk remain largely unchanged. It sets forth:

Three approaches to calculating the Credit Risk capital


requirement;

Three approaches to calculating Operational Risk


capital requirement.

Basel II Overview
Table of Contents

What is Basel II Pillar I Minimum Capital Requirements



Pillar I Wholesale Credit Risk Pillar I Retail Credit Pillar I - Securitization Pillar I Operational Risk

Review Pillar II Supervisory(ICAAP) and Internal Capital Adequacy Assessment Process

Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities

Basel II Overview
Pillar I Wholesale Credit Risk
Basel II Credit Risk Measurement Approaches
Standard Internal Ratings Based (IRB) IRB Foundation IRB Advanced

Credit Risk Measurement and Management Techniques

Prospective need of capital Data requirements/complexity


Note: the US bank regulatory agencies only allow US banks to use the Advanced IRB approach in order to promote enhanced risk measurement

Basel II Overview
Pillar I Wholesale Credit Risk
Exposures

Corporate and Sovereign

Primary objective of Advanced Internal Rating Based (A-IRB)


approach is to enhance the sensitivity of the minimum regulatory capital requirements for credit risk for Corporate and Sovereign Credit Exposures. parameters to individual exposures. of minimum regulatory capital.

Under the A-IRB approach, banks will assign risk These parameters will then be used for the determination IRB will require a rigorous framework of advanced credit
risk quantification, data maintenance, control and oversight mechanisms that is characterized by independence, transparency, and accountability.

Basel II Overview
Pillar I Wholesale Credit Risk - Corporate and Sovereign
Exposures
Qualifying banks will be expected to have an A-IRB system consisting of five interdependent
components for Corporate/Sovereign exposures:

1. 2. 3. 4. 5.

A system that assigns ratings to individual wholesale obligors and exposures. A quantification system that translates risk ratings into IRB parameters that are used as inputs to the IRB risk-based capital formula PD, LGD, EAD and Maturity. A data maintenance system that supports the A-IRB system. Oversight and control mechanisms that ensure that the A-IRB system is functioning effectively and producing accurate ratings. An ongoing process that validates the accuracy of the rating assignments, segmentations, and risk parameters.

The regulators will expect that corporate credit rating systems operate dynamically.

As ratings are assigned, quantified and used, estimates will be compared with actual results (back-testing) Data will need to be maintained to support oversight and validation efforts and to better inform future estimates

The Rating System Review and Internal Audit functions will serve as control mechanisms that
ensure the process of ratings assignment and quantification function according to policy and design and that noncompliance is identified and reported.

Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameters & Requirements

A bank needs to address three essential questions:

Expected Loss (EL): Parameters and Data


What parameters and data do I use?

Expected Loss (EL): Modeling

Capital Calculations: Mapping and Formulas


How does this link to my capital requirements?

What are my inputs, processes, and outputs?

Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameters
Expected Loss = PD x (LGD RC) x EAD RC represents realizable collateral Maturity (M) is used in calculating Risk Weighted assets

Probability Probability of Default of Default (PD) (PD)


Probability of Probability of default of the default of the borrowers in borrowers in each risk each risk grade (rating) grade (rating) on a one year on a one year time horizon time horizon Expressed as Expressed as a% a% Regulatory Regulatory definition of definition of default event default event

Loss Loss Given Default Given Default (LGD) (LGD)


Loss after the Loss after the event of a event of a default default Magnitude of Magnitude of loss, loss, expressed as a expressed as a % %

Exposure Exposure at Default at Default (EAD) (EAD)


Outstanding Outstanding amount at amount at time of default time of default Banks Banks exposure exposure amount in amount in dollar terms dollar terms

Maturity Maturity (M) (M)


Remaining Remaining effective effective maturity of the maturity of the EAD EAD

These parameters are used for all types of credit risk exposures

Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameters & Calculation
EL Paramete rs and Data EL Modeling Capital Calculatio ns

Advanced Approach Equals Lower Expected Loss

Standardized $10m AA (20%)

Foundation IRB $10m 0.4% 45% (fixedpara 256)

Advanced IRB $10m 0.4% 20%

Nominal PD LGD

U.S. mandatory banks must use advanced Internal Ratings Based (IRB)

Expected Loss

$2m

$0.018m

$0.008m

Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameters & Calculation
EL Parameter s and Data EL Modeling Capital Calculation s

PD Estimation LGD Estimation and/or Exposure Assessment Maturity Consideration Bank Passes Approval Process

PD
Own estimations connected with Internal Rating Systems

LGD
Own estimations if certain criteria are met

EAD
Own estimations if certain criteria are met

Maturity M
Recognition obligatory (max. five years)

Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameter: Probability of
Default (PD)
EL Parameter s and Data EL Modeling Capital Calculation s

CREDIT GRADE Performing Substandard 1 2 3 4 5 6 7 8 9 10

RISK LEVEL Minimal Modest Average Acceptable Acceptable with Care Management Attention Special Mention Substandard Doubtful Loss

PD (bp) 01 24 510 1150 51200 2011,000 1000 Interest Suspense Provision Default/Loss

S&P AAA AA A BBB BB B CCC CCC/CC CC/C D

Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameter:
by Grade
EL Parameter s and Data EL Modeling Capital Calculation s

Probability of Default

Note how the differences between the grades increases, the worse the ratings

Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameter: Data Requirements
EL Parameter s and Data EL Modeling Capital Calculation s

Historical loss database estimate LGD (7 years) Historical exposure database estimate EAD (7 years) Full risk data warehouse Rating data Data on default events Historical data (timelines) estimate PDs (5 years) Collateral data
Note: Basel II measures capital requirements at the facility level

Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameter:
Loss Given Default/ Recovery Rates
EL Parameter s and Data EL Modeling Capital Calculation s

Facility Grades -

Borrower has one PD, but different facility grades Facility grades based on LGD

Example: One borrower, 2 facilities: a secured wholesale mortgage on a factory and an unsecured overdraft. The property mortgage would have a lower EL because the LGD would be lower due to the value in the property whereas there is no security supporting the unsecured overdraft.

Lower facility rating Shortage of data

Note: Basel measures capital requirements at a facility level

Basel II Overview
Pillar I Wholesale Credit Risk - Key Parameter:
Recovery Rates
EL Parameter s and Data EL Modeling Capital Calculation s

Examples of S & P

Seniority Class

Mean

Standard Deviation %

Senior Secured Debt Senior Unsecured Debt Senior Subordinated Debt Subordinated Debt Junior Subordinated Debt

58.30 51.13 38.52 32.74 17.09

26.86 25.54 21.81 20.18 10.90

This demonstrates the wide range for LGD values.

Basel II Overview
Pillar I Wholesale Credit Risk - Challenges

Having the right data is a major challenge: PD, LGD, EAD

Challenge due to multiple platforms (M&A, etc) Organizational Changes overtime New products and changes to existing products Changes in the rating scheme over time Potential differences in definition of credit default between Basel II and the bank

Ensuring models developed are used appropriately (Bulletin OCC 2000-16):

The Goldilocks solution: do not use models slavishly (All models are wrong; some are useful) Nor ignore or continually override them

Developing the right corporate culture

Where senior executives understand the quantitative and qualitative requirements of Basel (required under Pillar II)

Instilling corporate discipline to price assets properly

In line with the more sensitive risk-based capital requirements from Basel II

Basel II Overview
Pillar I Wholesale Credit Risk - Quantification and Risk Management

Quantification is central element of approach to credit risk management. However, as recent events have shown that effective management of credit risk requires a holistic approach including non-quantitative elements such as management oversight and qualitative judgment.

Senior managements responsibilities include: Reviewing portfolios risk profile, changing portfolio trends, risk parameter accuracy, economic and regulatory capital, and stress testing results Confirming activities conducted across multiple legal entities meet the following criteria: Products managed centrally using consistent policy Segments have homogeneous risk characteristics Exposure outside U.S. not grouped with domestic exposures Validation and back-testing activities for each entity are accurate Independent risk management function provides oversight of lending activities Responsible for setting credit policies Ensuring credit standards are followed Effective and independent loan review function

Internal Audit function must be independent of business-line management and must at least annually assesses the effectiveness of the controls supporting the banks advanced systems and reports its findings to the banks board of directors (or a committee thereof). The full board or a designated committee of the board: Must have access to high-level reports summarizing the performance of the credit risk system Is responsible for reviewing and approving key elements of the IRB system

Basel II Overview
Pillar I Wholesale Credit Risk - Quantification and Risk Management
Establishment of quality controls and confirmation that lending activities follow
established policies

Quality control function should operate independently of loan production process,


collections, and servicing functions

Quality control function should generate monthly reports

Management information systems (MIS)


Monitor and measure credit quality and performance Allow proactive and effective risk management

Adoption and documentation of a sound loan loss methodology


Addressing credit risk assessment policies, procedures, and controls for assessing credit
risk, identifying problem loans, and determining loan provisions in a timely manner

Controls and monitoring systems in place to supervise all third parties

Basel II Overview
Pillar I Wholesale Credit Risk - Regulatory Expectations
US Regulators have stated that they will focus on the following issues during their quantification reviews:

classification purposes What type of data exists describing the reference credit event?

This is the reference data set Includes a balance of internal and external data

How is the data being used to estimate a loss? Mapping describes the credit portfolio risk in terms of these characteristics - this is where banks are weak Estimated relationship is applied to the portfolio using mapping to produce IRB parameters Capital for the portfolio is computed using these parameters

The draft IRB supervisory guidance is built around this process, and the gaps and plans should clearly address these areas specifically:

The quantification process is no stronger than the weakest part of the process noted above Institutions are expected to perform an annual review, to ensure that the process is logical LGD and EAD are linear, but the effects from slight differences in PD can result in significant differences in capital. Institutions will need to indicate that they have reviewed the quality of the PD calculation process Retail segmentation should be clearly defined and may not be the same as segments created for other

Basel II Overview
Table of Contents

What is Basel II Pillar I Minimum Capital Requirements



Pillar I Wholesale Credit Risk Pillar I Retail Credit Pillar I - Securitization Pillar I Operational Risk

Review Pillar II Supervisory(ICAAP) and Internal Capital Adequacy Assessment Process

Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities

Basel II Overview
Pillar I Retail Credit - What is Included? Individual consumer or small business exposures Similar types of loans are grouped into pools Risk Assessment at the loan pool or segment level Segment risk aggregated to portfolio level Securitized assets also evaluated

Basel II Overview
Pillar I Retail Credit Requirements

Advanced IRB approach for retail exposures requires


Manage retail exposures at segment level Estimated loss computation at segment level Derive capital requirements for each asset class

Collect and maintain historical performance data Documentation and validation

Basel II Overview Pillar I Retail Credit - Retail Assets Categories


Residential Mortgage Loans Qualifying Revolving Exposures Other Retail Loans

Credit Card

Small Business

Basel II Overview
Pillar I Retail Credit - Retail Portfolio Segmentation
Residential Mortgages

Risk drivers used in

Segment 1

Segment 2

Segment 3

Segment 4

QRE's

Segment 1

Segment 2

Segment 3

Segment 4

segmentation Defaulted assets segmented separately Guarantees recognized and included Schemes validated on ongoing basis Documentation required for:

Other Retail Loans

Segmentation methodologies Validation techniques/

Segment 1

Segment 2

Segment 3

Segment 4

procedures Updates to segments and risk drivers

Basel II Overview
Pillar I Retail Credit: Quantification Under Loan Sale or Securitization

Identify detailed risk characteristics Long-run performance data available Construct appropriate reference data sets

Basel II Overview
Pillar I Retail Credit: Advanced IRB Data Requirement Guideline

Loan Servicing System Loan Data

Credit Data Repository

Credit Analysis Queries

Data Credit Data

Storage

Reports

Basel II Overview
Pillar I Retail Credit: Data Management Policy

Data Architecture
Format of stored data allows timely retrieval Unified management systems

Data Gaps
Use of internal/external reference data

Documentation and Validation


Develop and maintain comprehensive documentation Validate logical and data-related processes

Basel II Overview
Pillar I Retail Credit: Retail Credit Risk Quantification

Core banks must follow advanced IRB guidelines Compute own risk parameters from internal/external data Consider PD, LGD, and EAD Three asset categories estimated separately Unique asset correlation (r)
Asset Category Residential Mortgage Qualifying Revolving Exposures Other Retail r =0.15 r =0.04 r =0.03 plus/minus an adjustment Correlation

Basel II Overview
Pillar I Retail Credit: Proposed Retail Credit Validation Process
Step 1 Review Data Maintenance Practice Step 2 Review Asset Categorization Step 3 Review Segmentation Process Step 4 Review Risk Parameters Quantification Process Step 5 Review Control and Governance Mechanism

Apply specialist knowledge and experience Benchmark against leading practice and regulatory requirements

Assessment and analysis of validation for end-to-end process Practical recommendations for improvement that reflect Basel II requirements

Basel II Overview
Pillar I Retail Credit: Challenges

Data integrity and the availability of historical data Ensuring models developed are used appropriately (Bulletin OCC
2000-16):

Developing the right corporate culture Instilling corporate discipline to price assets properly Setting consistent asset categorization and segmentation criteria

Basel II Overview
Table of Contents

What is Basel II Pillar I Minimum Capital Requirements



Pillar I Wholesale Credit Risk Pillar I Retail Credit Pillar I - Securitization Pillar I Operational Risk

Pillar II Supervisory Review and Internal Capital


Adequacy Assessment Process (ICAAP)

Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities

Basel II Overview
Pillar I Securitization: Quantification One of the regulatory arbitrage opportunities the global regulatory community wanted to remove was the distinction between economic and regulatory breaks with the current securitization framework. With large banks bringing Structured Investment Vehicles (SIVs) onto their balance sheet (e.g. Citibank) and the resulting losses, we understand why. As a result the capital treatment is harsh (e.g. deductions of first loss from capital).

Basel II Overview
Pillar I Securitization: Quantification

Basel I Type of Exposure Generall y First loss Unfunde d < one year Risk Weight 100 % Deduct 0% Standardized banks

Basel II A-IRB banks


Hierarchy of approach: If exposure rated must determine risk weight based on ratings based approach (RBA) If unrated exposure to ABCP conduit may use internal assessments approach (IAA) if conditions met If unrated exposure may use supervisory formula approach (SFA) if can determine inputs (including using top down methodology) If unrated exposure and RBA, IAA and SFA unavailable, may use exceptional look through approach with regulator consent on temporary basis for liquidity facilities Otherwise, must deduct unrated exposure from capital

Risk weights based on rating of position. If exposure unrated, then deduct from capital except in case of: Most senior exposure (look-through to average risk weight of pool) Second loss position or better (lookthrough to higher of 100% and highest risk weight of pool) Liquidity facilities (credit conversion factors depending on type and length of liquidity commitment)

Basel II Overview
Pillar I Securitization: Quantification Capital Charges
Options
IRB bank must calculate capital on basis of: 1. External ratings pursuant to ratings based approach (RBA) 2. Inputs into supervisory formula (SF) approach 3. Internal assessments approach (IAA) Cap: If IRB would require more capital for securitization exposure than had the position not been securitized, bank may use IRB capital requirement for underlying exposures

Hierarchy
Under Credit Risk A-IRB, a bank must use ratings based approach (RBA) to calculate capital if external rating or inferred rating available Where RBA not available, bank may use SF or IAA if available Where neither RBA nor SF or IAA are available, bank may use lookthrough approach, otherwise, the position must be deducted

Source:

Text

Basel II Overview
Table of Contents

What is Basel II Pillar I Minimum Capital Requirements



Pillar I Wholesale Credit Risk Pillar I Retail Credit Pillar I - Securitization Pillar I Operational Risk AMA

Pillar II Supervisory Review and Internal Capital


Adequacy Assessment Process (ICAAP)

Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities

Basel II Overview Pillar I Operational Risk AMA: Why Is Operational Risk Important?
Significant Losses
Billions of $ lost to operational loss events Common causes include:
Weaknesses in business practices lack of ownership of risk inadequate reporting of risk absence of methodologies need for improvement in controls

Regulatory Pressures
Regulators, risk-based approach to supervision Corporate governance and SarbanesOxley Basel Committee, capital adequacy framework Globalization resulting in increased international exposure

Changing Environment
Infrastructure and technology Speed of new products to and exit from market Greater distribution of control responsibility Cost and expense base pressures

Basel II Overview
Pillar I Operational Risk AMA: Quantification Options

Measurement Options
Basic Indicator Standardized Advanced Measurement (AMA)

Qualifying Criteria

Prospective Need of Capital

Data Requirements/Complexity

Basel II Overview
Pillar I Operational Risk AMA: What Is Operational Risk?
The Basel II Accord definition of operational risk is:

The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The definition includes legal risk, but excludes strategic or reputational.
The

New Basel Capital Accord April 2003: Basel Committee on Banking Supervision

nclude Operational Risk in Pillar I? tial operational risks are significant and rising due to reliance on technology, people and processes tional risk has been a major contributor to depletion of capital and failure of banks operational risk is included as an explicit component of the firm-wide risk management system and economic al allocation process

Basel II Overview
Pillar I - Operational Risk AMA: U.S. Approach

Basic Indicator

Standardized

Advanced Measurement

No Specific Criteria Capital charge = 15%


of Annual Gross Income (averaged over
most recent 3 years)

Board of Directors / Operational Risk Operational Risk

senior management involvement management function management system of charge per eight business lines calculated as a fixed % of Annual Gross Income (12%, 15%, or 18%
- again averaged over the most recent 3 years)

Standardized, plus: Risk management and measurement Risk management and measurement process review Quantitative standards Capital charge = a banks internal Operational Risk measurements system of calculation

Capital charge = sum

Basel II Overview
Pillar I Operational Risk AMA - Risk Management Assessment
Integrated Operational Risk Management
People Processes

Operational Risk Management (ORM) Encompasses all processes shown here Integrated management of ORM involves: - Consistent methodology for risk identification, risk assessment and Risk measurement - A process to develop And report risk indicators - A process to aggregate risk across all these functions to have a holistic view of Operational Risk across the Bank Risk quantification/ OR losses policy for Basel II should cover covers all these areas

Operational Risk Framework*

Model Validation & Governance

Product Risk Managemen t AML**

SOX

Operational Risk Management

Business continuit y

Privacy & Information Security Change Risk Management Documentation / Records Mgmt Event/Issu e Mgmt

Third Party Risk Management

Systems

External Events

Indicates various activities/processes that are part of Operational Risk Management.


*Operational risk management Basel II AMA - ( to include Risk assessment/profiling, Economic capital allocation, Loss data, Key risk indicators, Scorecard management, Scenario analysis, Business line risk data analysis, etc.) **AML Anti-money laundering requirements, Bank Secrecy Act, USA Patriot Act etc.

Overview of Basel II
Pillar I - Operational Risk AMA: Core Components and Associated Considerations
Four AMA Components:
Other Considerations:

1.Internal Loss Data 2.External Loss Data 3.Business Environment and


Control Factors

1.Risk Strategy 2.Firm-wide Operational Risk


Management Function Structures (RCSA)

4.Scenario Analysis

3.Definitions, Linkages, and 4.Risk & Control Self-Assessments 5.Key Risk Indicators (KRIs) 6.Mitigation 7.Capital Modeling 8.Reporting 9.Information & Technology

Basel II Overview
Pillar I Operational Risk AMA: Core Component - Internal Loss Data

Operational loss means a loss (excluding insurance or tax effects) resulting


from an operational loss event. Operational loss includes all expenses associated with an operational loss event except for opportunity costs, forgone revenue, and costs related to risk management and control enhancements implemented to prevent future operational losses.

Operational loss event means an event that results in loss and is associated
with any of the seven operational loss event type categories

A minimum of five years of historical data is required

Basel II Overview
Pillar I Operational Risk AMA: Core Component - Internal Loss Data
Bank must track internal loss data according to following criteria:

Must have written policies and procedures related to collection of losses that will be used
consistently across a bank.

Must collect the loss data using Basel II defined loss event categories as well as Basel II defined
business lines shown on next slide.
(A bank is not required to organize the company along Basel II business lines nor it is required report its operational losses along Basel II loss event categories. However, it must be able to map its own business lines and loss event categories to supervisory definitions per the Final Rule).

Must have documented procedure for assessing the on-going relevance of historical loss data. Must be comprehensive and complete. Must have documented justification for any excluded
activities, losses, or business line. support functions.

Must have documented criteria with supporting rationale to show allocation of losses from Must have documented criteria with supporting rationale to show allocation of losses from a
single loss event to multiple business units.

Basel II Overview
Pillar I Operational Risk AMA: Core Component - Internal Loss Data: Boundary Losses

A bank must incorporate proper treatment of operational losses that


also could be attributed to either credit risk or market risk.

A banks must treat operational losses that are related to market risk

as operational losses for purposes of calculating risk-based capital requirements under this final rule. For example, losses incurred from a failure of bank personnel to properly execute a stop loss order, from trading fraud, or from a bank selling a security when a purchase was intended, must be treated as operational losses.

Under the proposed rule, banks would treat losses that are related to
both operational risk and credit risk as credit losses for purposes of calculating risk-based capital requirements. However, a bank must include credit risk boundary losses in its operational risk loss data base to understand and perform root cause analysis and implement steps to reduce such losses.

Basel II Overview
Pillar I Operational Risk AMA: Core Component - Internal Loss Data: Comprehensiveness
The internal loss database must include all business lines, geographic locations, and bank activities. A bank should also collect near miss events into its database. However, it is a challenge to define a near miss
event and collect it consistently across the entire company.

AMA data maintenance requires significant up-front investment & far reaching enterprise-wide process changes To use internal estimates for regulatory capital, banks must:

Collect & analyze essential OpR loss data inputs consistently Perform front end validation & back testing Make ongoing refinements to the AMA data capture system Maintain data over long timeframes

Systems to fully implement AMA do not exist today at most banks Mergers & acquisitions will need to be integrated

Basel II Overview
Pillar I Operational Risk AMA: Core Component - Internal Loss Data
Seven Level I Loss Event Categories
Eight Basel II Defined Business Lines*

1. Internal Fraud 2. External Fraud 3. Employment practices and


workplace safety

1. Corporate Finance 2. Trading & Sales 3. Wholesale Banking 4. Retail Banking 5. Payment & Settlement 6. Agency Services 7. Asset Management 8. Retail Brokerage 9. Other / Corporate
(* Support functions such as HR, Finance, etc. are allocated to business lines for the purpose of capital calculation.)

4. Clients, products and business


practices

5. Damage to physical assets 6. Business disruption and system


failures

7. Execution, delivery and process


management

Basel II Overview
Pillar I - Operational Risk AMA: Core Component - External Loss Data
The final rules define external operational loss event data for a bank as gross operational loss amounts, dates, recoveries, and relevant causal information for operational loss events occurring at organizations other than the bank.
A bank must establish a systematic process to determine its methodologies for incorporating
external operational loss event data into its operational risk data and assessment systems.

The external loss data is required for the following reasons:


Limited internal operational loss event data; Need to understand industry loss experience; A measure to assess the adequacy of a banks own internal loss event data

Two major sources of External Loss Event data


Vendor provided data (Fitch Algo OpVantage) Industry Consortium (ORX, ABA)

Basel II Overview
Pillar I - Operational Risk AMA: Core Element - Scenario Analysis
A bank must have a systematic process for determining its methodologies for
incorporating scenario analysis into its operational risk data and assessment systems.

It is especially relevant for business lines or operational loss event types where internal

data, external data, and assessments of the business environment and internal control factors do not provide a sufficiently robust estimate of the banks exposure to operational risk events with high severity.

Scenario analysis provide a means for a bank to incorporate a forward-looking element


into its operational risk data and assessment systems.

Scenario analysis should draw upon knowledge and experience of business managers as
well as risk experts.

Basel II Overview
Pillar I - Operational Risk AMA: Core Components
incorporate forward-looking elements into its operational risk data and assessment systems.

Internal and external operational loss event data provide a historical perspective on operational risk. It is also important that a bank

Risk and Control Self Assessment (RCSA) / Business Environment & Internal Control Factors (BE&CIF)

A bank must incorporate business environment and internal control factors into its operational risk data and assessment systems to
assess fully its exposure to operational risk.

Key Elements of BE&IC are:



Inherent Risk Current Control Environment Residual Risk Direction of Risk

A bank must prepare a composite Operational Risk Profiles. Based on the composite risk profile, a qualitative adjustment factor is calculated to adjust capital exposure calculated based on
internal and external loss data.

Process and outcome should be periodically validated through comparison to actual internal loss experience (known as backtesting).

Basel II Overview
Pillar I - Operational Risk AMA: Core Components - Risk Quantification and Capital Modeling
U.S. banks are given significant flexibility in operational risk model design. A bank must have an operational risk
quantification system that generates estimates of its operational risk exposure using its operational risk data and assessment systems.

The final rule defines operational risk exposure as the 99.9th percentile of the distribution of potential aggregate

operational losses, as generated by the banks operational risk quantification system over a one-year horizon (and not incorporating eligible operational risk offsets or qualifying operational risk mitigants).

The banks analytical framework must use the combination of internal operational loss data, relevant external data,
business environment and control assessments, and scenario analysis.

The capital requirement is sum of EL and UL unless the institution can demonstrate, consistent with supervisory

standards, the EL offset. The mean of such a total loss distribution is the banks EOL. The final rule defines EOL as the expected value of the distribution of potential aggregate operational losses, as generated by the banks operational risk quantification system using a one year horizon.

The banks UOL is the difference between the banks operational risk exposure and the banks EOL. Risk mitigation for operational risk, via insurance, subject to regulatory approval. Banks measurement approach must meet both qualitative and quantitative standards. Expectation is that the
approach will be granular Need as many data points as possible in order to increase statistical precision Fewer data points will lead to more focus on qualitative processes

Pillar I - Operational Risk AMA Core Components - Risk Quantification and Capital Modeling
Banks have considerable flexibility in developing operational risk management, data and assessment, and
quantification processes that are appropriate for the nature of their activities, business environment, and internal controls.

Banks are expected to uniquely tailor the framework to its organizational structure and culture. A banks operational risk capital charge will be an internally generated measure using the banks own operational
risk measurement systems

Key elements that must be incorporated into an AMA measurement system are:

Internal Loss Data External Loss Data Scenario Analysis Business Environment and Internal Control Factors

A bank may develop and use Key Risk Indicators (KRIs) to:
Monitor its operational risk Support its risk assessment process Provide additional information for its operational risk capital model

Basel II Overview
Pillar I - Operational Risk AMA: Core Components - Risk Quantification and Capital Modeling
Economic Capital Calculatio n

Scenario Analysis
Risks, Controls, KRIs, Mitigants, Severity, Frequency

RCSA Loss Event Data External Data Managemen t Reporting


Scoring information Loss summary Emerging risk Potential exposure

KRIs

Basel II Overview
Pillar I - Operational Risk AMA: Core Components - Risk Quantification and Capital Modeling

Basel II Overview
Pillar I - Operational Risk AMA: Core Components of an Operational Risk Framework

Identification

Assessment

RISK STRATEGY ORGANIZATIONAL STRUCTURE

REPORTING

Definitions, Linkages and Structures Key Risk Indicators

Loss Data

Risk Assessment Capital Modeling

BUILDING BLOCKS

Monitoring

Mitigation

Reporting

INFORMATION TECHNOLOGY

Management

Basel II Overview
Table of Contents

What is Basel II Pillar I Minimum Capital Requirements



Pillar Pillar Pillar Pillar I I I I Wholesale Credit Risk Retail Credit - Securitization Operational Risk

Pillar II Supervisory Review and Internal

Capital Adequacy Assessment Process (ICAAP)

Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities

Basel II Overview
Pillar II Supervisory Review and Internal Capital Adequacy Assessment Process (ICAAP)

Sophistication of Pillar I approaches requires comparable sophistication in risk management framework

Close link required between Pillar I regulatory parameters and parameters used in risk management framework

Basel II Overview
Pillar II Supervisory Review and Internal Capital Adequacy Assessment Process (ICAAP): Risk Types Beyond Pillar I

Pillar 1 Risk Types

Capital Requirement Interest rate risks in the banking book

No Capital Requirement Liquidity risks

Counterparty risks

Operational risks

Real estate valuation risks

Strategic risks Reputation risks

Market risks in the trading book

Business risk

Concentration risks

Basel II Overview
Pillar II Supervisory Review and Internal Capital Adequacy Assessment Process (ICAAP): Role of Supervisors Pillar 2 Main Goals

Bridge gap between capital requirement and remaining risks Risk management enhancement Regulator assessment

Consequence 1 Banks and regulator dialogue

Consequence 2 Quantitative, as well as existing qualitative orientation

Consequence 3 Structuring of regulatory supervision

Basel II Overview
Pillar II Supervisory Review and Internal Capital Adequacy Assessment Process (ICAAP): Capital Planning Process (ICCAP)

Comprehensive Risk Assessment

Sound Capital Assessment

Risk-Adjusted Business Performance Evaluation

Monitoring and Reporting

Internal Controls Review

Basel II Overview
Pillar II Supervisory Review and Internal Capital Adequacy Assessment Process (ICAAP): Open Questions for Implementation
and Qualification How will the supervisor provide necessary resources and how will costs be covered? Will principles be applied across the board?

Impact of benchmarking effect industry practices and Interagency influence?

How should the Basel II implementation be harmonized? (Home Host Issue)

Basel II Overview
Table of Contents

What is Basel II Pillar I Minimum Capital Requirements


Pillar I Wholesale Credit Risk Pillar I Retail Credit Pillar I - Securitization Pillar I Operational Risk

Pillar II Supervisory Review and Internal Capital


Adequacy Assessment Process (ICAAP)

Pillar III - Disclosure

Board and Internal Audit Responsibilities

Basel II Overview
Pillar III Disclosure: Market Discipline

Goals

Higher transparency of business and risk structures Strengthened risk management and internal control systems

Consequences

Investors distinguish between well and badly managed banks Well managed banks benefit from better market conditions Badly managed banks penalized by the market

Basel II Overview
Pillar III Disclosure: Basic Considerations

Frequency Base Case: (6 mo) Qualitative and stable information (12 mo) Quantitative and volatile information (3 mo) Banks with low risk profile (12 mo)

Confidentiality Restricted Disclosure No detailed information required to public Full set of information to regulatory body Large degree of national discretion

Materiality Materiality definition dependent on information disclosed Dialogue with accounting bodies necessary

Basel II Overview
Pillar III Disclosure: Scope of Disclosure
Subject of Disclosure Scope of application Capital Details Group of consolidation Structure Adequacy Risk positions and risk assessment Credit risk Market risk Operational risk Interest rate risk in the banking book

Basel II Overview
Table of Contents

What is Basel II Pillar I Minimum Capital Requirements Pillar I Wholesale Credit Risk Pillar I Retail Credit Pillar I - Securitization Pillar I Operational Risk Pillar II Supervisory Review and Internal Capital
Adequacy Assessment Process (ICAAP)

Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities

Basel II Overview
Qualification Process: Regulatory Expectations

1. Written Basel II Implementation Plan Mandatory U.S. banks must adopt a written Basel II implementation plan
no later than 6 months after the effective date of Final Rule. The plan must incorporate an explicit first floor period start date no later then 36 months after the effective date of the Final Rule The banks implementation plan must address in detail how the bank complies, or intends to comply, with the qualification requirements (including data, models, systems, resources) The bank also must maintain a comprehensive and sound planning and governance process to oversee the implementation efforts. At a minimum, the Basel II implementation plan must:

Comprehensively address the qualification requirements for the bank and each consolidated subsidiary (U.S. and foreign-based) of the bank with respect to all portfolios and exposures of the bank and each of its consolidated subsidiaries

Basel II Overview
Qualification Process: Regulatory Expectations
1.
Written Basel II Implementation Plan (continued)
(continued)

Justify and support any proposed temporary or permanent exclusion of immaterial business
lines, portfolios or exposures from application of the advanced approaches

Include the banks self-assessment of its current status in meeting the qualification
requirements; and the consistency of its current practices with the supervisory guidance for the advanced approaches

Based on the self-assessment, the bank must identify areas in which it needs to undertake
additional work to comply with the qualification requirements (gap analysis)

Describe the specific actions the bank will take to address the areas identified in the gap
analysis

Identify objective, measurable milestones, including delivery dates and the date when the
banks implementation of the methodologies will be fully operational

Describe resources that have been budgeted and are available to implement the plan Receive Board of Directors approval

Basel II Overview
Qualification Process: Regulatory Expectations
2.
Parallel Run
(continued)

Before determining its risk-based capital requirements under the advanced methodologies, the bank must conduct a successful parallel run. A satisfactory parallel run is a period of no less than 4 consecutive calendar quarters during which the bank complies with all of the qualification requirements to the satisfaction of its primary U.S. supervisor

Comprehensively address the qualification requirements for the bank and each consolidated subsidiary (U.S. and foreign-based) of the bank with respect to all portfolios and exposures of the bank and each of its consolidated subsidiaries

2. 2.

Ongoing Compliance Process

The bank must have an adequate process to ensure ongoing compliance with the qualification requirements 1st floor year 95% transitional floor percentage 2nd floor year 90% transitional floor percentage 3rd floor year 85% transitional floor percentage

Transitional Floor Period

Basel II Overview
Qualification Process: Regulatory Expectations
5.
Supervisory Review Process (Pillar 2)
(continued)

Comprehensive supervisory assessment of capital adequacy

U.S. Regulators must perform a more comprehensive assessment of capital adequacy that considers risk specific to the bank, conducting analyses that go beyond minimum regulatory capital requirements Each bank applying the U.S. advanced framework must have appropriate risk measurement and management processes and systems that meet the rules qualification requirements The bank must have a rigorous internal process, the ICAAP, for assessing its overall capital adequacy in relation to its risk profile and a comprehensive strategy for maintaining an appropriate level of capital The fundamental objectives of a sound ICAAP are:

Compliance with regulatory capital requirements

Internal capital adequacy assessment process (ICAAP)

Identifying and measuring all material risks (including credit, market, operational, interest rate, liquidity, reputational, strategic, country and concentration risks) Setting and assessing internal capital adequacy goals that relate directly to risk Ensuring the integrity of internal capital adequacy assessments

Basel II Overview
Qualification Process: Comparison of EU and US Basel II Implementation Timelines
Basel Accord Implementation Timeline U.S. Basel II Implementation Timeline *

From YE 2006: First Possible Year for Parallel Calculation and Impact Studies on Advanced Approaches; and Standardized and Foundation approaches to be implemented From YE 2007: Second Parallel Calculation Year for Advanced Approaches From YE 2008: First Possible Year for Implementation of Advanced Apporaches -- Transitional Floor of 90%. From YE 2009: Second Possible Year for Implementation of Advanced Approaches -- Transitional Floor of 80%.

27 March 2007: Comments Due on Basel II NPR and Basel IA NPR 29 May 2007: Comments Due on Proposed Supervisory Guidance for Advanced Approaches and Pillar 2 01 January 2008: First Possible Year for Parallel Run of Basel II Advanced Approaches 01 January 2009: First Possible Year for 1st Transitional Floor of 95% 01 January 2010: First Possible Year for 2nd Transitional Floor of 90% 01 January 2011: First Possible Year for 3rd Transitional Floor of 85%. July 2009: Enhanced guidance on Basel II
2009

* Delayed with first initial parallel run now in

Basel II Overview
Table of Contents

What is Basel II Pillar I Minimum Capital Requirements Pillar I Wholesale Credit Risk Pillar I Retail Credit Pillar I - Securitization Pillar I Operational Risk Pillar II Supervisory Review and Internal
Capital Adequacy Assessment Process (ICAAP)

Pillar III Disclosure Qualification Process Board and Internal Audit Responsibilities

Basel II Overview
Board and Internal Audit Responsibilities

Governance

According to The Final Rule (Part III, Section 22(j)(5) a bank must have an Internal Audit function that is independent of businessline management and at least annually assesses the effectiveness of the controls supporting the banks advanced systems and reports its findings to the banks board of directors (or a committee thereof).

Basel II Overview
Board and Internal Audit Responsibilities
Credit IRB

Internal audit must, at least annually, assess the effectiveness of the

controls supporting the IRB system and report its findings to the board of directors (or a committee thereof).

A bank must have an Internal Audit function that is independent of


business line management and that assesses at least annually the effectiveness of the controls supporting the IRB system and reports its findings to the board of directors (or its designated committee).

At least annually, Internal Audit should review the validation


process including procedures, responsibilities, appropriateness of results, timeliness, and responsiveness to findings.

Further, Internal Audit should evaluate the depth, scope, and quality
of the independent review processes and conduct appropriate testing to ensure that the conclusions of these reviews are well founded.

Basel II Overview
Board and Internal Audit Responsibilities
Credit IRB (continued)

Banks internal credit assessment processes should be comprehensive,


transparent, independent, well-defined, and fully documented.

The bank must have an Internal Audit function independent from


the ABCP program business line and internal credit assessment process that assesses at least annually whether the controls over the internal credit assessment process function as intended.

Basel II Overview
Board and Internal Audit Responsibilities
Operational Risk

The bank must validate, on an ongoing basis, its AMA system.

The banks validation process must be independent of the AMA Systems development, implementation, and operation, or the validation process must be subject to an independent review of its adequacy and effectiveness.

Banks may use independent and qualified internal (for example, Internal

Audit, and quality assurance) or external parties to perform verification and validation. The verification and validation functions should annually assess and report to the board of directors on the adequacy of the overall AMA System. accuracy and integrity of the AMA System, control elements, as well as the scope and effectiveness of operational risk reporting. The verification and validation functions should also review reporting processes to ensure the timeliness, accuracy, and comprehensiveness of operational risk reporting systems, both at the firm-wide and the line of business levels.

The independent assessment should include the review of both the

Basel II Overview
Board and Internal Audit Responsibilities
Operational Risk (continued)

Other areas of assessment include, but are not limited to: - Organizational structure, governance, and oversight; - Internal and external data sources, collection processes, and
repositories;

Scenario analysis; Reporting and MIS; Business environment and internal control factor assessments

The bank must ensure that an effective framework is in place to identify,

measure, monitor, and control operational risk, and to accurately compute the banks operational risk component of the banks risk-based capital requirement. The board of directors must at least annually evaluate the effectiveness of, and approve, the banks AMA System, including the strength of the banks control infrastructure. (Note: this requirement underscores the role and responsibility of Internal Audit)

Basel II Overview
Board and Internal Audit Responsibilities
Operational Risk (continued) The board of directors and management should ensure that the banks operational risk management, data and assessment, and quantification processes are appropriately integrated into the banks existing risk management and decisionmaking processes and that there are adequate resources to support these processes throughout the bank.

Important sources of information about the effectiveness of the AMA System


include:

- Internal Audits annual review of the effectiveness of operational risk - The results of the validation functions testing of model results and
assessment of quantification processes ICAAP

controls and the independent verification functions annual assessment of the adequacy of the overall operational risk framework, and

Additionally, internal audit should play a key role in the controls and governance surrounding an ICAAP on an ongoing basis.

Basel II Overview
Summary of Internal Audits Responsibilities for Basel II Implementation
Ensure Appropriate Audit Program & Structure Testing & Verifying Accuracy & Appropriateness of Risk Management Framework Data Inputs & Economic Capital allocation Support Board of Directors Oversight

Basel II requires more of a Internal Audit must Internal Audit (*) must Internal Audit must continuous audit approach independently test & independently test & validate summarize its findings & aligned with risk areas verify: the data collection & economic regularly report to Board or and categories Key risk management capital allocation its delegated committee Effective Internal Audit processes & systems methodologies, including: regarding both qualitative & data gathering, systems & for credit risk, Data feeds & processes quantitative Basel II factors, reporting processes operational risk, associated with credit risk, including: Testing & model validation market risk; and operational risk, market risk; Internal audit validation capabilities securitization: and securitization exposures work Appropriate allocation of Sufficient & qualified audit Adherence to policies Adjustments to staff resources, & procedures managements empirical resources considering banks Quarterly Reporting credit and operational risk Regularly verify adequacy business lines / risk profile requirements estimates of internal control system Succession planning, Accuracy of Periodic certification of & risk governance turnover & continuity disclosures under credit, operational and processes issues Pillar 3 market risk models and their Internal Audit also must Independence & access assumptions alert Board to identified to Board Data integrity and risk issues that may comprehensiveness impact the bank horizontally, across all units
(*) Or technically competent individuals who are independent of the development, implementation, or operation of the model
should perform validation. These individuals may or may not be a part of the internal audit function. If validation is done by internal audit, staff performing the validation of bank models should not participate in the verification of the validation process.

You might also like