Tuesday, November 20, 2007

Buzz around Basel II

There is a lot of buzz around Basel II system implementation. Several initiatives are being made to implement software that will help companies track for and report to national regulators. Some seem to follow the COSO framework. I wrote this blog while investigating the capital ratios that make up the “capital regulation”. This topic is related to capturing loss events for the purporse of being Basel II compliant.

Initiatives are revealed from software companies that develop systems to help companies meet Basel II requirements:

· IBM
· Bearing Point
· Optial
· Methodware
· Vertica
There are many others.

I am writing this more for myself to shelf an abbreviated explanation of Basel II. My research revealed to me some reasons why Basel II compliance efforts are overseas more than in the United States and other countries. I learned that the U.S. currently implements only Basel I. Basel I began in 1988 as a published set of minimal capital requirements for banks. The committee meets in Basel, Switzerland. Basel I is viewed as outdated (and not very effective). Basel II is being implemented in several countries.

Basel II provides more robust banking laws and regulations. Currently the recommendations on banking laws are enforced by national regulatory organizations such as the FSA (UK), BAFIN (Germany), and OSFI (Canada). The U.S. is still implementing Basel I perhaps because *Sarbanes-Oxley overlaps requirements, metrics, and processes in Basel II and is sufficient.

The Basel II accord in operation uses “three pillars” to promote greater stability in the financial system in a more global economy.

-First Pillar – deals with maintenance of regulatory capital calculated for three major components of risk that a bank faces: credit risk, operational risk, and market risk. A series of approaches to the address the risk are beyond this set of Basel II facts.

-Second Pillar – deals with regulator response to the first pillar, giving regulators improved ‘tools” over those available in Basel I. It also provides a framework for dealing with other bank related risks; system risk, pension risk, concentration risk, strategic risk, reputation risk, liquidity risk, and legal risk.

-Third Pillar – Increases the disclosures that the bank must make. This is designed to allow the market to have a better picture of the overall risk position of the bank.

There is some discussion (on the Internet) about how to implement an Operational Risk Management (ORM) system because the Basel II committee “backed away from dictating explicit methodologies for calculating operational risk capital charges towards a more qualitative approach to the management of Operational Risk.” See http://www.continuitycentral.com/measuringORMsystems.pdf

Additionally, Basel II offers little direction (but some clues) as to what an ORM system must do to comply. Vague directives such as ‘actively involved’, ‘conceptually sound’, ‘implemented with integrity’, ‘well documented’, ‘transparent’ or ‘accessible’ have been led to questions on how to create a set of (reasonably) objective criteria to measure the ‘quality of compliance’.

To address the ambiguity in direction, banks are asking practical questions similar to these:
-What would a ‘conceptually sound’ ORM system look like?

-How can regulators compare one bank’s ORM system with another and, by implication, how can Operational Risk capital charges be compared – i.e. what constitutes a regulatory level playing field?

-Internally, what criteria can a bank use to allocate economic capital across its business units to satisfy the Basel qualitative standards for being “integrated into the day-to-day risk management processes of the bank”?

To address these questions, the above mentioned paper suggests a some best practices for developing an ORM system.

-Companies are successfully implementing the COSO framework which include a set of “Key Principles” for creating an effective ‘risk management process’ in an organization.

-The concept of a ‘Maturity Model’ used in the IT industry “where a particular organization stands relative to its peers in the quality of its ‘software development processes’. The concept has been extended from the original CMM (Capability Maturity Model) to measure the maturity of other management practices, such as development of staff (People Maturity Model – PMM) and Project Risk Management (PRMM)” (http://www.continuitycentral.com/measuringORMsystems.pdf ).

I better make this brief…In short:

-Basel II is a risk driven approach to overseeing and regulating the world’s financial businesses.

-Large software companies are getting on board to provide solutions that will help companies deal with the pain involved with meeting regulations (sometimes overlapping regulations as is the case with Sarbanes-Oxley & Basel II). ORM is an important part of the picture while companies are searching for solutions. There are some suggested best practices for implementing a solid ORM system.


--------------------------------
*Sarbanes-Oxley - The Sarbanes-Oxley Act of 2002 (Pub. L. No. 107-204, 116 Stat. 745), also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOX or Sarbox; is a United States federal law signed into law on July 30, 2002 in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Peregrine Systems and WorldCom. These scandals resulted in a decline of public trust in accounting and reporting practices. The legislation is wide-ranging and establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. Source: http://en.wikipedia.org/wiki/Sarbanes_oxley