Risk Management and Basel II: Time to Start Thinking About a Solution

Over the last several years, governments around the world have been passing regulations to ensure the integrity of the global financial system. One such regulation is Basel II.

The Basel II Accord is actually a set of concrete recommendations from the Bank for International Settlements, and its goal is to set global standards for capital adequacy and risk management practices for banks and other financial institutions. The recommendations are designed to ensure that financial institutions produce and report transparent, consistent, and auditable data that will allow them and others (such as regulators and investors) to address potential problems earlier than they have been able to do in the past.

In the United States, regulators have made compliance with Basel II compulsory for only the largest financial institutions; further, they have postponed the 2006 deadline for implementing Basel II by a year. However, there is substantial momentum in the marketplace that is driving many financial institutions to implement Basel II practices even before they are required to do so by regulators.

With the exception of the 10 to 20 leading banks, U.S. financial institutions are behind others ' especially the Europeans ' in implementing Basel II risk management and reporting practices.

However, in general the global U.S. banks have fairly established risk management practices, even without Basel II, and many midsize U.S. financial institutions also have relatively sophisticated risk control tools and processes, especially since Sarbanes-Oxley.

The Basel II regulations consist of three 'pillars':

Pillar 1 sets minimum capital requirements for financial institutions. These requirements are based on a firm's level of credit risk, operational risk, and market risk.

Basel II recognizes the difficulty and expense involved in tracking the data needed to calculate these types of risks and allows banks to calculate these risks in varying ways with varying levels of sophistication. Typically, the more sophisticated a bank is in tracking and measuring its risks, the more tightly it can control its capital requirements.

Key measures for Pillar 1 include value at risk ('VAR'), probability of default ('PD'), exposure at default ('EAD'), and loss given default ('LGD').

Pillar 2 mandates regulatory oversight and gives regulators better data and tools to monitor the exposure that its institutions have.

Pillar 3 requires that financial institutions be more transparent in what they report out to the markets.

While uncertainty about the final format and timing of the U.S. regulation has certainly slowed implementation by U.S. institutions, behind the scenes, many U.S. institutions are doing the necessary groundwork (such as ensuring that they have the depth and breadth of data required) to comply with the new Basel Accord. This is driven by several concerns, key among them:

• Many banks need to implement Basel II in their non-U.S. subsidiaries, so they are leveraging that investment in their U.S. operations.
• Ratings agencies are increasingly taking Basel II controls and banks' overall risk profile into account when assigning ratings; thus certain banks must come close to Basel II compliance to satisfy the agencies.

What to Think About When Contemplating a Basel II Solution

1) Check the Box or Go the Distance? The first question that a financial institution needs to ask itself, which will set the stage for all of its subsequent decisions, is whether to comply with Basel II in the least expensive and most basic way or to implement sophisticated risk practices that allow the firm to proactively manage economic capital as a competitive tool.

In general, banks that want to simply do the minimum are choosing vendor solutions that are the least expensive to implement and run. Typically they will choose a one-vendor solution.

However, a growing number of institutions of all sizes are opting to implement tailor-made solutions that will allow them to manage their economic capital.

We have seen the more sophisticated banks in Europe choose a best-of-breed implementation rather than a single-vendor solution. In certain cases, best-of-breed selection has been aligned by line of business and portfolio specializations (retail, wholesale, securitization, treasury), or by functional component (risk-weighting calculators, credit scoring, local regulatory reporting).

2) How Can We Optimize Cost and Maximize ROI? Banks are actively looking to leverage their Basel II investment because they do not feel that they can justify such large expenditures purely for regulatory compliance. Thus, institutions need to look for other applications that can leverage the data and tools being implemented to meet Basel II requirements. It also means that firms are focusing on finding solutions that are compatible with their existing technology infrastructure.

Even those firms that choose to 'check the box' will want to leave themselves a cost-effective path to upgrade their risk management approaches to allow them to manage their economic capital. To accomplish this, firms should seek Basel II solutions that at least begin to harmonize the taxonomy of data across business units, risk categories, and risk/financial applications.

3) Don't Forget About Pillar 2. Two years into the Basel II implementation process, many banks that thought that they could meet Basel II requirements with the simple purchase and implementation of a Pillar 1 'capital calculator' solution are now back into the market to fill gaps that their initial investments failed to address.

Any financial institution planning to manage economic capital and to apply sophisticated risk management practices needs to spend a significant amount of time understanding the complexities of meeting Pillar 2 requirements.

As a whole, Pillar 2 is about ensuring capture of risks not reflected in
regulatory ratios (eg, concentration risks) and demonstrating that risk estimates, measurement, and management are appropriate to the underlying risk; this should include stress scenarios and potential peaks in exposure.

Regulators will look to gain assurance that financial firms have confidence in the outputs of their credit and operational risk models. This is the principle underlying the so-called 'use test,' where risk assessment and measurement systems must be closely integrated into the risk management practices of a credit institution.

While the U.S. guidelines are not yet as clear as the European guidelines, it is fair to anticipate that regulators will want to see data both at a very granular level (eg, stress tests done by guarantors and collaterals, then applied to multiple jurisdictions; reports by rating bands, business units, and countries in order to generate weighted averages by combinations of PDs, maturities, and LGDs) and at a macro level.

Hence, flexibility, reporting capability, and the level of completeness of any pre-built data models are key factors in any Basel II decision.

4) Is There Time Pressure? U.S. banks are free ' for now ' from the pressures that are being experienced in areas where Basel II regulation is coming into effect at the end of this year. Institutions in these jurisdictions that haven't begun a Basel II implementation are under intense pressure to move quickly. For these companies, time to compliance is critical, and money becomes less important than time (within reason, of course).

In general these companies must purchase a solution with a predefined data model to more effectively guide them and reduce time to market. Most solution vendors have pre-built data models, though with different degrees of sophistication.

Companies in this situation should strongly consider leveraging a vendor that can implement all components of a Basel II solution. They should ask the vendor to demonstrate proof (by example) of ability to meet aggressive timelines.

5) Is There Pressure from the Ratings Agencies? Ratings agencies are starting to look at the risk management practices of financial companies across the board; they are taking this into account more and more in the ratings process. The quest for an improved credit rating may make it financially worthwhile for a company to invest in Basel II-type risk management practices, because a higher or lower rating has a true value/price in the markets.

6) What Is the State of Data Quality in My Institution? Data quality is a continuing challenge, and even in cases where the 'main' regulatory capital calculation and risk analytics applications have been put in place, the processes and infrastructure for effective data management may not necessarily be sustainable, even though a Basel II project may have completed one cycle of a data migration and consolidation exercise.

Although 'data management practices' is a clich', firms that have begun Basel II implementations are under significant pressure to create a sustainable data management architecture and to apply appropriate technology to the development of data management practices and policies, as well as to control access to the change and use of data as determined by governmental regulation and corporate policy.

In general, financial institutions must explore more advanced data mapping, migration, cleansing, and ongoing data quality monitoring tools, which cover not only business unit data but also groupwide entities.

The Basel II Ecosystem

When evaluating a Basel II implementation, firms must look, at a minimum, at the components listed in Table 1.

[IMGCAP(1)]

Leading Basel II Solution Vendors

While there are many products that are used in any Basel II implementation, and many firms that sell a Basel II product, there are only a handful of firms that truly provide an end-to-end Basel II solution. These firms have a broad offering that includes all the key components for a Basel II implementation, and they have clients that are already using at least their credit risk management products. These firms are highlighted in Table 2.

[IMGCAP(2)]

Conclusion

Compliance with Basel II is a big undertaking that will touch many, if not all, of a firm's major systems. However, in implementing Basel II, firms have the chance to improve the quality of their underlying data and enhance data transparency. This allows firms to implement product and pricing strategies that reflect the true risk of a transaction, giving them a strong advantage over competitors that do not have access to both a granular and a holistic view of their product and customer data.

Lauren Bender is the manager of the Retail Securities & Investments group of Celent, LLC and is based in the firm's New York and Paris offices. Her expertise lies in retail brokerage and emerging technologies. Before joining Celent, she co-founded Reactive Network Solutions, an Internet security firm where she developed a product strategy plan targeting financial services firms. Bender may be reached at [email protected].

Over the last several years, governments around the world have been passing regulations to ensure the integrity of the global financial system. One such regulation is Basel II.

The Basel II Accord is actually a set of concrete recommendations from the Bank for International Settlements, and its goal is to set global standards for capital adequacy and risk management practices for banks and other financial institutions. The recommendations are designed to ensure that financial institutions produce and report transparent, consistent, and auditable data that will allow them and others (such as regulators and investors) to address potential problems earlier than they have been able to do in the past.

In the United States, regulators have made compliance with Basel II compulsory for only the largest financial institutions; further, they have postponed the 2006 deadline for implementing Basel II by a year. However, there is substantial momentum in the marketplace that is driving many financial institutions to implement Basel II practices even before they are required to do so by regulators.

With the exception of the 10 to 20 leading banks, U.S. financial institutions are behind others ' especially the Europeans ' in implementing Basel II risk management and reporting practices.

However, in general the global U.S. banks have fairly established risk management practices, even without Basel II, and many midsize U.S. financial institutions also have relatively sophisticated risk control tools and processes, especially since Sarbanes-Oxley.

The Basel II regulations consist of three 'pillars':

Pillar 1 sets minimum capital requirements for financial institutions. These requirements are based on a firm's level of credit risk, operational risk, and market risk.

Basel II recognizes the difficulty and expense involved in tracking the data needed to calculate these types of risks and allows banks to calculate these risks in varying ways with varying levels of sophistication. Typically, the more sophisticated a bank is in tracking and measuring its risks, the more tightly it can control its capital requirements.

Key measures for Pillar 1 include value at risk ('VAR'), probability of default ('PD'), exposure at default ('EAD'), and loss given default ('LGD').

Pillar 2 mandates regulatory oversight and gives regulators better data and tools to monitor the exposure that its institutions have.

Pillar 3 requires that financial institutions be more transparent in what they report out to the markets.

While uncertainty about the final format and timing of the U.S. regulation has certainly slowed implementation by U.S. institutions, behind the scenes, many U.S. institutions are doing the necessary groundwork (such as ensuring that they have the depth and breadth of data required) to comply with the new Basel Accord. This is driven by several concerns, key among them:

• Many banks need to implement Basel II in their non-U.S. subsidiaries, so they are leveraging that investment in their U.S. operations.
• Ratings agencies are increasingly taking Basel II controls and banks' overall risk profile into account when assigning ratings; thus certain banks must come close to Basel II compliance to satisfy the agencies.

What to Think About When Contemplating a Basel II Solution

1) Check the Box or Go the Distance? The first question that a financial institution needs to ask itself, which will set the stage for all of its subsequent decisions, is whether to comply with Basel II in the least expensive and most basic way or to implement sophisticated risk practices that allow the firm to proactively manage economic capital as a competitive tool.

In general, banks that want to simply do the minimum are choosing vendor solutions that are the least expensive to implement and run. Typically they will choose a one-vendor solution.

However, a growing number of institutions of all sizes are opting to implement tailor-made solutions that will allow them to manage their economic capital.

We have seen the more sophisticated banks in Europe choose a best-of-breed implementation rather than a single-vendor solution. In certain cases, best-of-breed selection has been aligned by line of business and portfolio specializations (retail, wholesale, securitization, treasury), or by functional component (risk-weighting calculators, credit scoring, local regulatory reporting).

2) How Can We Optimize Cost and Maximize ROI? Banks are actively looking to leverage their Basel II investment because they do not feel that they can justify such large expenditures purely for regulatory compliance. Thus, institutions need to look for other applications that can leverage the data and tools being implemented to meet Basel II requirements. It also means that firms are focusing on finding solutions that are compatible with their existing technology infrastructure.

Even those firms that choose to 'check the box' will want to leave themselves a cost-effective path to upgrade their risk management approaches to allow them to manage their economic capital. To accomplish this, firms should seek Basel II solutions that at least begin to harmonize the taxonomy of data across business units, risk categories, and risk/financial applications.

3) Don't Forget About Pillar 2. Two years into the Basel II implementation process, many banks that thought that they could meet Basel II requirements with the simple purchase and implementation of a Pillar 1 'capital calculator' solution are now back into the market to fill gaps that their initial investments failed to address.

Any financial institution planning to manage economic capital and to apply sophisticated risk management practices needs to spend a significant amount of time understanding the complexities of meeting Pillar 2 requirements.

As a whole, Pillar 2 is about ensuring capture of risks not reflected in
regulatory ratios (eg, concentration risks) and demonstrating that risk estimates, measurement, and management are appropriate to the underlying risk; this should include stress scenarios and potential peaks in exposure.

Regulators will look to gain assurance that financial firms have confidence in the outputs of their credit and operational risk models. This is the principle underlying the so-called 'use test,' where risk assessment and measurement systems must be closely integrated into the risk management practices of a credit institution.

While the U.S. guidelines are not yet as clear as the European guidelines, it is fair to anticipate that regulators will want to see data both at a very granular level (eg, stress tests done by guarantors and collaterals, then applied to multiple jurisdictions; reports by rating bands, business units, and countries in order to generate weighted averages by combinations of PDs, maturities, and LGDs) and at a macro level.

Hence, flexibility, reporting capability, and the level of completeness of any pre-built data models are key factors in any Basel II decision.

4) Is There Time Pressure? U.S. banks are free ' for now ' from the pressures that are being experienced in areas where Basel II regulation is coming into effect at the end of this year. Institutions in these jurisdictions that haven't begun a Basel II implementation are under intense pressure to move quickly. For these companies, time to compliance is critical, and money becomes less important than time (within reason, of course).

In general these companies must purchase a solution with a predefined data model to more effectively guide them and reduce time to market. Most solution vendors have pre-built data models, though with different degrees of sophistication.

Companies in this situation should strongly consider leveraging a vendor that can implement all components of a Basel II solution. They should ask the vendor to demonstrate proof (by example) of ability to meet aggressive timelines.

5) Is There Pressure from the Ratings Agencies? Ratings agencies are starting to look at the risk management practices of financial companies across the board; they are taking this into account more and more in the ratings process. The quest for an improved credit rating may make it financially worthwhile for a company to invest in Basel II-type risk management practices, because a higher or lower rating has a true value/price in the markets.

6) What Is the State of Data Quality in My Institution? Data quality is a continuing challenge, and even in cases where the 'main' regulatory capital calculation and risk analytics applications have been put in place, the processes and infrastructure for effective data management may not necessarily be sustainable, even though a Basel II project may have completed one cycle of a data migration and consolidation exercise.

Although 'data management practices' is a clich', firms that have begun Basel II implementations are under significant pressure to create a sustainable data management architecture and to apply appropriate technology to the development of data management practices and policies, as well as to control access to the change and use of data as determined by governmental regulation and corporate policy.

In general, financial institutions must explore more advanced data mapping, migration, cleansing, and ongoing data quality monitoring tools, which cover not only business unit data but also groupwide entities.

The Basel II Ecosystem

When evaluating a Basel II implementation, firms must look, at a minimum, at the components listed in Table 1.

[IMGCAP(1)]

Leading Basel II Solution Vendors

While there are many products that are used in any Basel II implementation, and many firms that sell a Basel II product, there are only a handful of firms that truly provide an end-to-end Basel II solution. These firms have a broad offering that includes all the key components for a Basel II implementation, and they have clients that are already using at least their credit risk management products. These firms are highlighted in Table 2.

[IMGCAP(2)]

Conclusion

Compliance with Basel II is a big undertaking that will touch many, if not all, of a firm's major systems. However, in implementing Basel II, firms have the chance to improve the quality of their underlying data and enhance data transparency. This allows firms to implement product and pricing strategies that reflect the true risk of a transaction, giving them a strong advantage over competitors that do not have access to both a granular and a holistic view of their product and customer data.

Lauren Bender is the manager of the Retail Securities & Investments group of Celent, LLC and is based in the firm's New York and Paris offices. Her expertise lies in retail brokerage and emerging technologies. Before joining Celent, she co-founded Reactive Network Solutions, an Internet security firm where she developed a product strategy plan targeting financial services firms. Bender may be reached at [email protected].