300 likes | 581 Views
International Association of Deposit Insurers (IADI). Managing risk more effectively through an entreprise risk management system The perspective of the French Banking Commission. Danièle NOUY , Secretary General of the Commission bancaire. Introduction.
E N D
International Association of Deposit Insurers (IADI) Managing risk more effectively through an entreprise risk management system The perspective of the French Banking Commission Danièle NOUY, Secretary General of the Commission bancaire
Introduction • Recent corporate scandals have highlighted the crucial role of effective risk management and corporate governance. • As a result, Basel II -and all other recent banking rules- are committed to enhance financial stability and banking systems resilience by promoting good risk management and governance, this means: • A comprehensive, enterprise-wide assessment of risk; • Sophisticated, sensitive, tools to measure risk; • Strong risk management and internal controls; • Enhanced transparency. • We are confident that Basel II is not just a quantitative capital requirement but will fundamentally change the approach to risk and capital management.
Outline • 1. Risk management, is a key element of banking supervision • 1.1 Principles of internal control, • 1.2 Rationale behind Basel II, • 1.3 Basel II: a comprehensive approach to risk management covering both financial and non financial risks. • 2. Basel II calls for high quality, comprehensive risk management systems • 2.1 Criteria for the IRB approach (credit risk) and the « use test », • 2.2 Criteria for AMA (operational risk), • 2.3 Impact of Pillar II and pillar III in terms of risk management. • 3. Current issues and challenges • 3.1 Cross-border issues raised by Basel II implementation, • 3.2 Specific issues regarding the implementation of AMA for operational risks.
1. Risk management, at the core of banking supervision The Commission bancaire and the Basel Committee have for long stressed the importance of sensible, adequate and proactive risk management: • 1.1 By developing strong internal control principles, • 1.2 By defining risk management objectives for Basel II, • 1.3 By making use of Basel II to promote a comprehensive, sophisticated approach to risk management.
1.1 Internal control principles • In France, the February 1997 regulation related to internal control • Banks must set up adequate internal control systems (operations and procedures, accounting and information processing systems, etc.). • The Basel Committee Core Principles for Effective Banking Supervision, in September 1997 : • Principle 14 : « Banking supervisors must determine that banks have in place internal controls that are adequate for the nature and scale of their business ». • A « Framework for internal control systems in banking organisation », Basel Committee, in September 1998: • A system of strong internal controls can help to ensure that the goals and objectives of a banking organisation will be met, that the bank will achieve long term profitability targets and maintain reliable financial and managerial reporting.
1.2 Rationale behind Basel II • This was needed because existing rules had been overtaken by the pace of innovation in the banking systems • Evolution of banks (more and more large and complex institutions with increasing cross-border activities), as well as markets and techniques (securitisation, credit derivatives,…); • Need for more sophisticated risk measurement, management and mitigation. • Basel II offers incentives for banks to adopt better risk and capital management • Banks are invited to manage their risks appropriately and consistently by making use of the best tools and practices available Economic incentives for banks to adopt more sophisticated approaches; • Banks should hold adequate levels of capital and so be able to withstand periods of financial distress Capital requirements more risk-sensitive, more closely tailored to banks’ practices.
1.3 Basel II, a comprehensive framework Unchanged
1.3… with elements to enhance risk management in each Pillar... • Pillar I Measurement of risk • Quantitative but also qualitative requirements to be eligible to the IRB (credit risk) and AMA (operational risk) approaches; • Advanced approaches must be fully integrated in the bank’s culture and risk management (use test). • Pillar II Sophisticated tools to measure, cover, manage risk • Demand for sound and comprehensive internal assessment of risk and capital adequacy • Pillar III Transparency • For each risk area (e.g. credit, market, operational, banking book interest rate risk…) banks must describe their risk management objectives and policies, (including strategies and processes) the structure and organisation of the risk management function, the scope and nature of risk reporting, etc.
1.3 …For both financial and non financial risks PILLAR 2 PILLAR 1 Financial risks Non financial risks RISKS OPERATIONAL OTHERS LIQUIDITY CREDIT MARKET REPUTATIONAL INTEREST RATE IN THE BB STRATEGIC ENDOGENOUS EXOGENOUS COMPLIANCE OTHERS... HUMAN FACTOR PROCESS SYSTEMS EXT. EVENTS
2. Basel II calls for a comprehensive risk management system The underlying philosophy of the New Capital Accord • The three pillars together are intended to achieve a level of capital commensurate with a bank’s overall risk profile; • There is a correlation between required capital and effectiveness of a bank’s risk management/risk profile; • But increased capital is not the only way to effectively addressing an increase in risks; Pillar 2 offers different ways of addressing the possible shortcomings, for example: • Emphasis on banks’own assessment of their capital needs, • Compliance with certain pillar 1 requirements related to: IRB methodologies, credit risk mitigation techniques, etc. • Supervisory treatment of outliers for interest rate risk, management of collateral (former W factor) concentration, etc.
Credit risk modelling ? Advanced IRB Approach Foundation IRB Approach Standardised Approach 2.1 Credit Risk IRB approach • Evolutionary approaches : capital incentives to move to more advanced approaches with increasingly demanding management standards 10% 9.75% (- 2.5 %) 9.5% (- 5 %) ?
All exposure classes Equity Retail Corporate IRB Approach All units (subsidiaries, branches) LGD EAD Elements of advanced approach IRB approach - adoption process
IRB approach - an entreprise-wide project • The IRB approach is an entreprise-wide project. • For a banking group, implementation of an IRB approach across all asset classes and business units at the same time is challenging; • Supervisors may allow banks to adopt a phased rollout within a reasonably short time : • adoption of IRB across asset classes within the same business unit; • adoption of IRB across business units within the same banking group; • move from the foundation approach to the advanced approach.
IRB - Quantitative and qualitative requirements • To be eligible for an IRB approach, a bank must meet a set of minimum requirements; • IRB systems must notably: • be approved by the board of directors, ...and internal ratings must be an essential part of the reporting to directors; • provide meaningful differentiation of credit risk (for example a minimum of 7 to 9 borrower grades for non-defaulted borrowers and of 1 or 2 borrower grade(s) for defaulted borrowers); • Data sources used by banks must be suitably rich and robust; • Ratings should be subject to independent review and, more importantly, • The IRB approach/the ratings must be an integral part of the bank’s culture and management (“The use test”).
IRB - The “use test” criteria • The « use test » criteria, which is pretty similar to the « managerial approach » used by the accountants (IASB for IAS), is the most important requirement for the IRB approach. • Internal ratings as well as default and loss estimates and all other parameters must play an essential role in the credit policy of banks using the IRB approach: credit approvals, credit risk management, provisioning and internal capital allocations. This means that it should not be: • designed and implemented exclusively for the purpose of qualifying for the IRB approach, • used only to provide IRB inputs. • …Even if banks are making use of supplementary parameters in their on-going management and hedging of credit risk.
2.2 Operational risk AMA • In line with the approach to credit risk and market risk, several options are offered to calculate minimum capital requirements for operational risk. • It is an evolutionary approach offering capital incentives to move to the most advanced approaches (AMA). Increasing management standard Advanced Measurement Approach (AMA) Basic Indicator Approach (BIA) The Standardised Approach (SA) Increasing capital charges
Operational risk - AMA • Like for credit risk, capital charges are generated by banks ’ internal operational risk models provided that these models meet strong quantitative and qualitative requirements. • The model must incorporate the following quantitative criteria : • Internal data a minimum of 5-year observation period (3-year historical data window acceptable in 2006); • External data it should use relevant external data (for benchmarking and qualitative adjustments, etc.); • Scenario analysis expert opinion should be used to evaluate exposure to low probability / high severity events; • Business environment and internal control factors must be retained as key factors reflecting the quality of risk management practices.
Operational risk - AMA • The qualitativecriteria focus on: • An independent operational risk management function, • Integration into the day-to-day risk management processes, • Regular reporting (business units management, senior management, board of directors), • Compliance with internal policies, regular controls and adequate procedures concerning the operational risk system, • An internal/external review of the operational management processes and measurement systems, • A validation by supervisory authorities.
« Sound Practices for the Management and Supervision of Operational Risk » • To demonstrate that they have the necessary operational risk culture, • banks should comply with, and • supervisors should focus on: • the principles set up in the BCBS paper on « Sound Practices for the Management and Supervision of Operational Risk » (February 2003).
« Sound Practices for the Management and Supervision of Operational Risk » • 1. The principles relating to the risk management process of banks are the following: • Involvement of theboard of directors, • Effective and comprehensive internal audit, • Responsibility of the senior management for implementing the operational risk management policy approved by the board of directors, • Identification of the operational risk inherent in all material products, activities, processes and systems, • Implementation of a process to regularly monitor operational risk profiles and material exposure to losses, • Definition of policies, processes and procedures to control or mitigate material operational risks, • Definition of contingency and business continuity plans? • Sufficient public disclosure, etc.
« Sound Practices for the Management and Supervision of Operational Risk » • 2.Regarding the role of bank supervisors, they should: • Require that all banks have an effective framework in place to identify, assess, monitor and control or mitigate material operational risks as part of an overall approach to risk management; • Conduct, directly or indirectly, regular independent evaluation of a bank’s policies, procedures and practices related to operational risks.
2.3 Pillar 2 - Supervisory review process • Pillar 2 has been for long the less-commented part of the Accord, but it is seen now as the most challenging part of the New Accord. It is intended : • to achieve a level of capital commensurate with a bank’s overall risk profile; • to encourage banks to develop and use better risk management techniques in monitoring and managing their risks. • Supervisors will have to find the right balance between a possible increase in the capital charge and the use of other means for addressing risks, such as : • strengthening risk management, • applying internal/ external limits on certain activities, • improving internal controls.
Pillar 2 - Supervisory review process • Pillar 2 is based on four principles : • 1. Banks' own assessment of capital adequacy. It is of crucial importance in terms of risks management: "Banks should have a process for assessing their overall capital adequacy in relation to their risk profile and a strategy for maintaining their capital levels”, • 2. Supervisory review process, • 3. Capital above regulatory minima, • 4. Supervisory intervention. • The BCBS 15 January 2004 press release clarified the respective roles of pillar 1 and pillar 2: • Pillar 2 is not intended to lead to automatic capital add-ons for each specific risk identified; • Banks should evaluate their own capital adequacy in light of all risks they face, not just those mentioned in Pillar 1.
2.3 Pillar 3 - Market discipline • Pillar 3 is based on the same philosophy. It is intended to provide investors with reliable and timely information to understand a bank’s risk profile. and therefore enhance the role of market participants in encouraging banks to hold adequate levels of capital and manage their risks properly. • Quite naturally, more demanding disclosure is required from banks willing to make use of the most sophisticated methodologies: the internal ratings-based approach for credit risk and the AMAs for operational risk. • This supplementary qualitative and quantitative disclosure focus on the internal methodologies and the key inputs of the selected approaches, such as information about the structure of the internal rating systems, PD, LGD assumptions, etc.
3. Current issues and challenges • To deliver an effective and consistent cross-border implementation of Basel II is a significant challenge. • More risk focussed supervision demands extra resources and implies more intensive supervisory efforts, • The increased technical complexity of risk based supervision and the inclusion of more qualitative standards change the way in which supervisors conduct their work, • The New Accord enhances the need for dissemination of the best supervisory practices around the world, • BC members are committed to exchange information on the status of implementation, and the exercise of national discretion, where it is used, • Regarding pillar 2, the industry is especially, but not exclusively, concerned about level playing field.
3.1 Implementation - cross-border issues • The Accord Implementation Group (AIG) has been working for some time to deliver guidance on cross-border implementation of Basel II. • It makes use of case studies designed to gain a better sense of the practical aspects of cross-border implementation. • It has been mainly dealing with : • A common understanding of the concept of « supervisory review »; • The development of common methodologies for validating the IRB (credit risk) and AMA (operational risk) approaches under pillar 1; • The share of tasks and responsibilities of home and host supervisors.
3.1 Implementation - cross-border issues • The AIG has published in August 2003 a set of “High-level principles for the cross-border implementation of the New Accord”. • These principles are similar to those existing in the EU framework for consolidated supervision (and are a more detailed and up-to-date version of the BCBS Concordat): • Responsibility of the home country supervisor for consolidated supervision; • Responsibility of the host country supervisor for supervision on an individual or sub-consolidated basis; • Mutual recognition and/or closer cooperation between home country supervisor and host country supervisors.
3.2 Cross-border AMA implementation • Operational risk raises some specific cross-border issues. • The « Principles for the home/host recognition of AMA operational risk capital» (January 2004) state that the management of operational risk must be conducted at each level of a banking group. • The board and senior management, at each level of a banking organisation, have an obligation to : • understand the operational risk profile of the entity; • ensure that risks are managed appropriately; and • ensure that the capital held in the specific entity, to cover operational risk is adequate. • As each banking subsidiary within the group must be adequately capitalized on a stand-alone basis.
3.2 Cross-border AMA implementation • The challenge is to find the right balance between sensitivity -the need for adequate and properly allocated capital- and simplicity/practicality -the need for workable principles to govern the relationships between the home and host jurisdictions-. • As a result, introduction of an « hybrid » approach for AMA banks: subject to supervisory approval, banking groups would be permitted to use stand-alone AMA calculations for significant internationally active banking subsidiaries. • In calculating stand-alone requirements, significant internationally active bank subsidiaries may incorporate estimate of diversification benefits of their own operations (but may not take advantage of group-wide diversification benefits).
Conclusion • Basel II will offer proper incentives for banks to manage their risks more effectively. • Considered jointly, the three pillars will renew the emphasis on excellence in risk management and corporate governance. • Promoting coordination and consistency between supervisors will provide banks with better certainty about the new rules so that they continue to improve their risk management systems. • The new accord will be of great benefit to banks with first-class risk management systems.