Skip Ribbon Commands
Skip to main content
 
ARCHIVED CONTENT

Monitoring risk in the financial system

Bernie Egan
02 Sep 2003

Introduction
This afternoon I have been asked to talk about monitoring risk in the financial system and the role of APRA in the New Basel Capital Accord, or Basel II as it is commonly known. During the Plenary we heard from Geoff Bell about taking risk out of the IT component of your Basel II initiative. Later today we will hear a number of Australian bankers talking about bank risk management practices under the influence of Basel II. The underlying theme in all this, of course, is risk, something that banks are in the business of taking.
 
A company that poorly manages risk will suffer the consequence, but in most industries there will be little contagion. Banking however, is different. Banks play a crucial role in the financial system such that problems in one can be quickly transmitted to other institutions and changes in banks’ capacity to lend lead to broader macroeconomic effects. Also much of banks’ funding is derived from depositors, many of whom are not sophisticated investors. As a consequence, governments have long felt obligated to minimise the risks in banks by regulating them and protecting their depositors. Initially they did this by regulating the activities of, and imposing lending controls on, the various banks. More recently, heavy handed regulation has given way to prudential supervision. That has allowed banks much greater latitude in how they conduct their businesses and how they manage risk. But it has also meant that supervisors, counterparties and owners must take far greater responsibility in monitoring the financial health of banks.
 
Banks use capital as a buffer against risk and it is a tool that has been embraced by the other stakeholders in banks. A bank funds itself from equity and debt. If its customer defaults, the bank’s capital absorbs the loss, assuming there is sufficient capital. Reflecting the risk reward equation, debt is cheaper for banks than equity. The challenge for bankers is getting the right mix of capital and debt; ensuring that there is adequate protection against default while achieving the optimum level of gearing.
 
Capital provides a cushion to ensure banks’ safety and soundness and it provides a benchmark by which the financial condition of banks can be measured.
 
Initially, the various bank supervisors developed their own capital standards. But many banks compete in the global marketplace. Basel I, developed by the Basel Committee at the Bank for International Settlements, was borne out of a desire to align the capital requirements of banks that competed across national boundaries. As we know, bank supervisors in developed countries, and many less developed ones, adopted Basel I for all their banks.
 
Basel I provided a global methodology and capital ratio. The methodology defined eligible capital, on-balance sheet credit risk, off-balance sheet credit risk and, in a later version, market risk. It also set a minimum capital ratio of 8 per cent and required supervisors to have the ability to apply a higher ratio to specific institutions.
 
Basel II
The world of banking has continued to develop since Basel I was released in 1988 and its “one size fits all” approach has been unable to deal with the increasing innovation and sophistication of the marketplace. Internally, banks have been addressing this and have developed models for calculating economic capital. Supervisors, for their part, have been seeking to develop a better regulatory solution while remaining true to the aims of Basel I in seeking a level playing field for banks operating across national boundaries. Basel II seeks to harness into the supervisory process best practices in risk management in banking and market discipline. By providing a spectrum of approaches, it seeks to provide approaches that are both more comprehensive and more sensitive to risks. In being more sensitive to risk, Basel II rewards stronger and more accurate risk management, while aligning the capital requirements of banks to their risk appetite. But let us be very clear that the intention of the Basel Committee is not to reduce the overall level of regulatory capital. Rather, the intention is to leave the total capital requirement for an average risk portfolio broadly unchanged.
 
Before going into the detail of Basel II, I wish to put a caveat on what I am about to say and to make a general comment. The caveat is that the Basel Committee, although five years into the process, is still to finalise its new capital accord. We believe there will be some fine tuning, but otherwise little difference from Consultative Paper 3, issued in April 2003. My talk today is based on that assumption. However, in preparing for the implementation of Basel II APRA, and indeed the Australian deposit-taking institutions (ADIs), must tread a fine line between meeting what will be a tight schedule and not getting too far ahead of the Basel Committee.
 
The general comment I wish to make is that APRA believes that the Australian banking system will be made safer and more efficient by all ADIs adopting Basel II, even if only in its standardised guises. Safer, because ADIs, their supervisors and market participants will have available capital measures that better reflect their risk profile and therefore true financial condition. And more efficient because banks’ business decisions will be more closely based on the underlying economics of transactions rather than the regulatory distortions created by the existing rules. As we know some countries, such as the United States, are initially requiring only their largest banks to adopt Basel II. While I don’t wish to dwell for too long on that, there are a number of points worth making:
  • the US regulators are not precluding other banks in the United States making the transition to Basel II;
  • most US banks operate with a large Basel I capital buffer, a buffer that effectively addresses those risks not specifically included in Basel I;
  • the US supervisors believe their existing supervisory review process and the existing US disclosure regime is effective; and
  • the large US banking population means that a common adoption of Basel II is not feasible at this time.
 
The three pillars of Basel II
Basel II is based on three mutually reinforcing pillars. The first sets out the minimum regulatory capital charge, the second is about banks assessing their own capital adequacy positions and supervisory review and the third is about market discipline.
 
Pillar 1
 
Pillar 1 includes the definition of eligible capital, off-balance sheet credit risk and market risk, all of which generally remain unchanged from Basel I. Pillar 1 also includes credit risk, but with several changes to the Basel I treatment, which weighted credit risk according to four “buckets” designed to reflect the perceived risk of default. Although more risk-sensitive than earlier capital guidelines, Basel I is now seen to have too few buckets to adequately reflect credit-risk differentiation (there is only one bucket for corporate credits) and it provides too much scope for credit arbitrage, such as through securitisation and credit derivative markets.
 
Basel II provides three options for measuring credit risk. The first - the standardised approach – significantly increases the number of risk buckets, thereby providing greater risk sensitivity, and uses ratings agencies to help determine risk. For corporate exposures, this approach will result in a (minimum) capital charge within the range of 1.6% to 12%, compared to 8% under Basel I.
 
The second option - the foundation internal ratings based (IRB) approach – allows banks to use internal estimates as inputs into the determination of the amount of capital needed to support the credit risks each holds. Basel II provides the methodology for combining those inputs. The first input is banks’ own assessment of the probability that a borrower will default over a one-year period (PD) and that is based on historical data. The second input is how much the bank expects to lose if the customer does default; the loss given default (LGD), which is set under the New Accord. The third input is the expected gross exposure of the facility upon the default of the obligation; the exposure at default (EAD). The EAD generally consists of the drawn exposure and undrawn commitments to which a credit conversion factor (CCF), again set by the Accord, is applied. The fourth input is the maturity (M). Our preliminary thinking is that banks will have to use their own estimates of M. The Foundation IRB approach expands the range of possible capital charges; using some realistic assumptions, for corporate exposures the range would be from around 1.2% to around 18%.
 
The third option - advanced IRB – is similar to the foundation IRB, but the banks themselves use their own estimates for all the inputs. Estimating the impact this option would have on possible capital charges is more difficult. APRA’s preliminary calculations suggest the range for Australian banks will be similar to that for the foundation IRB. However, other supervisors modelling more extreme inputs have calculated a range of 0.15% to a little over 40%.
 
To state the obvious, the more advanced the approach used for measuring credit risk, the more sensitive is the measure to the amount of risk. It is not possible, therefore, to draw conclusions about whether individual ADIs will require more or less capital under a particular approach without having full details of their asset mix.
 
Pillar 1 also includes operational risk, a risk that was not specifically addressed in Basel I. Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. It includes fraud, damage to physical assets, business disruption and legal risk. It does not, however, include reputational and business/strategic risk. The Basel Committee has proposed three options for the calculation of operational risk. The first option is the basic indicator approach which is 0.15 times a bank’s average annual gross income over the previous three years. The second option, the standardised approach, is similar except that banks must calculate a capital requirement for each business line, multiplying gross income by supervisory factors determined by the Basel Committee.
 
Simulations by APRA of both these options produce wide variations in outcomes amongst Australian ADIs, outcomes that can’t readily be tied to differences in operational risk. The Basel Committee concedes such an outcome in some instances and provides a variant of the standardised approach, the alternative standardised approach (ASA). The ASA provides scope for gross income to be replaced by a volume indicator. In Australia, the ASA produces a more consistent and fairer outcome and APRA is considering adopting it rather than the basic indicator or the standardised approach.
 
The third option for dealing with operational risk is the advanced measurement approach (AMA). The capital requirement using the AMA is based on banks’ internal operational risk systems, which must both measure and manage operational risk. Subject to certain conditions, the Basel Committee has ruled that the AMA can factor in risk mitigation, such as insurance, and correlations.
 
Even from this high level discussion of the Basel II treatment of credit and operational risk, it is clear that the more advanced approaches require banks to have extensive historical data, sophisticated systems for capturing and analysing that data and the ability to understand what the outcome of that analysis is saying. Logic says that such systems cannot operate in isolation, but rather they must be an integral part of a suite of sophisticated systems. For that reason, APRA will require banks that use the IRB approach for credit to also use AMA for operational risk and vice versa. The United States has taken the same approach.
 
In the same vein, APRA has indicated that it intends to require the more sophisticated banks to also include interest rate risk on the banking book (IRR) in the calculation of their Pillar 1 capital.
 
I wish to mention two other Pillar 1 matters. The default experience for housing lending in Australia, where the loan to valuation ratios have not been aggressive, is relatively benign and APRA has argued that that should be reflected in a lower housing risk weight for those banks using the standardised approach to credit risk. The Basel Committee has now set a standardised housing risk weight of 35% and APRA will be adopting that. APRA is also considering the appropriate risk weight for other retail exposures.
 
Pillar 2
 
Much of the focus, by both supervisors and banks, on Basel II to date has been on Pillar 1. Nevertheless, Pillar 2 is an integral part of the Basel II framework. It aims to encourage banks to develop and use better risk management techniques in monitoring and managing the risks to which they are exposed and to ensure they hold appropriate capital against:
  • risks not fully captured by the Pillar 1 process, such as credit concentration risk;
  • risks not taken into account by the Pillar 1 process, such as business and strategic risk; and
  • factors external to the bank, such as business cycle effects.
There are four principles to Pillar 2. The first is that banks should have a process for assessing their overall capital adequacy in relation to their risk profile and a strategy for maintaining their capital levels. The Basel Committee has identified five features of a rigorous process: board and senior management oversight; ensuring the integrity of the capital assessment and management process; a comprehensive assessment of risks; monitoring and reporting; and internal control review.
 
Pillar 2 contains three other principles, the responsibility for which fall on supervisors. Firstly, supervisors should review and evaluate banks’ internal capital adequacy assessments and strategies, as well as their ability to monitor and ensure their compliance with regulatory capital ratios. Secondly, supervisors should expect banks to operate with a capital buffer to protect against bank specific risks or broader economic risks. Many banks themselves see such a buffer as necessary for competitive reasons, including those associated with how ratings agencies view them. They also consider a buffer as protection against the possible need to raise capital in times of difficult market conditions. Finally, supervisors should seek to intervene at an early stage if there is a risk of a bank’s capital falling below the regulatory minimum.
 
As is clear from the above brief outline of Pillar 2, much of it is subjective and the detail of its implementation will reflect the complexity and risk profile of individual ADIs. This is particularly evident, for example, in the Pillar 2 requirement that banks identify, measure and report material risks and address them in the capital assessment process. A large global bank, by its nature, is exposed to the full spectrum of risk. In the case of credit risk, the Pillar 1 internal ratings-based approach will capture most, but not all, of this risk. The remaining credit risk, for example concentration, will be captured under Pillar 2. In contrast, the standardised approach is generally acknowledged to contain a buffer for risks against which banks using the more sophisticated approaches will explicitly hold capital under Pillar 2. But there is also an alignment between sophisticated risk management and Pillar 2 expectations. Banks initially using the standardised approach but which have a longer term aim of becoming internal-ratings based banks would be expected to move along Pillar 2 as they strive towards their objective. However, for those ADIs whose business plan is based on offering only “plain vanilla” products, it is partly in the implementation of Pillar 2 that APRA will be able to meet its commitment to simplify the standardised approach in order to avoid unnecessary complexity and cost.
 
Pillar 3
 
In a word, Pillar 3 is all about “transparency”. Its aim is to make banks’ risk and capital positions more transparent so that market discipline can reinforce the regulatory process. ADIs will be encouraged to make all the public information disclosures that market participants need to monitor deposit taking institutions, although whether or not the disclosure has to be included in banks’ annual reports is still an open issue. There is not a great deal more that needs to be said about Pillar 3 at this time and it is very much still work-in-progress. Pillar 3 is clearly though, an aspect of the Basel II arrangements that will require close co-operation with the accounting bodies.
 
The flexibility of Basel II
Consistent with the move away from the “one size fits all” approach, Basel II is designed to be flexible and to be able to reflect the complexity of the business undertaken by specific banks. In a small bank, for example, lending decisions may be made largely on the judgement of the lending officer. That of course raises the risk that the officer’s judgement will be faulty; let’s call that “judgement” risk. So the bank may introduce credit scoring. That will reduce “judgement” risk, but a new risk is introduced; the risk that there are flaws in the credit scoring methodology and its application. While total risk may have been reduced, the remaining risk is more complex. Basel II aims to match the level of capital to the amount of risk, while ensuring that all the components of the risk are provided against. The more complex the risk, the more complex is the Basel II solution.
 
Banks can decide where on the complexity scale they wish to operate. A small ADI, such as a credit union, can happily exist with a small number of simple products. Operating in its own market it can be competitive and innovative, while maintaining a simple risk profile that can be adequately protected against with simple risk management strategies and practices. At the other extreme, a sophisticated global bank providing a broad suite of products will require complex risk measurement practices and strategies. Basel II makes available a capital solution for the small banks offering a small number of uncomplicated products, a solution for the most complex banks and a solution for those banks in between.
 
A bank unnecessarily applying a complex capital regime will pay the substantial cost of implementing and operating that regime but will receive a poor return on that investment in terms of capital reduction and cost of funding. On the other hand, a sophisticated global bank not investing in the systems appropriate to its business will pay the cost of holding more capital, and in all probability face the risk of suffering more losses, than its competitors.
 
Banks using the more sophisticated approaches to calculate regulatory capital for credit and operational risk will also be expected to hold capital for interest rate risk in the banking book and will have to take into account the full range of risks, including business/strategic, credit concentration and business cycle effects, in their own capital allocation models. In saying this APRA acknowledges the difficulty in measuring some of these risks, such as business/strategic, and will be working closely with the banks to ensure sensible outcomes.
 
APRA expects the four major banks, as large internationally operating banks, to seek to implement one of the internal-ratings based approaches for credit risk.
 
Some other Australian banks may wish to use the more sophisticated approaches. If they do so, they will need to meet the high level requirements that will apply in regard to the qualitative and quantitative criteria necessary for internal ratings-based approval.
 
No connotation should be drawn from ADIs that choose not to implement the internal ratings-based approach. As I noted earlier, Basel II is a deliberate move away from the “one-size-fits-all” approach. There is no generically “right” answer across the deposit-taking sector and whether an approach is appropriate for a particular institution will depend on the circumstances.
 
It should also be borne in mind that banks that are using the standardised approach at the time of the Basel II implementation date of end 2006 will not be prevented from subsequently moving to the more advanced approaches in line with changes to their internal processes and business.
 
Cross-border issues 
I noted earlier that Basel II seeks a level playing field for banks operating across national boundaries. The flexibility inherent with the Basel II arrangements and a number of national discretions will, however, create issues for globally operating banks and their supervisors. For example, some banks using the more advanced approaches in their home jurisdiction may be required to use the standardised approach by host supervisors. Alternatively, they may wish to use the standardised approach but the host supervisor may wish them to use a more advanced approach. Another issue to be resolved relates to the AMA capital charge for operational risk. Where such a charge is calculated using a top-down approach, supervisors have to agree how to apply the charge calculated at the group level to the constituent parts of the group, especially to those constituents that are offshore and subject to a different supervisor.
 
The Basel Committee has already clarified some high level supervisory matters. Home supervisors will set the Basel II “rules” for the consolidated banking group and the domestic subsidiaries and host country supervisors will apply their own Basel II arrangements. That said, globally, home and host country supervisors are seeking ways of achieving enhanced and pragmatic co-operation. But again, this is an area of work-in-progress and much will have to be decided on a case-by-case basis.
 
Levels of capital 
There is a market perception that advanced IRB banks will require significantly less capital. It is appropriate that banks that have introduced sophisticated and effective risk management practices should, other things being equal, have a lower regulatory capital requirement, although as we noted in the discussion of Pillar 1, the capital required will in part reflect the mix of assets. In any event, banks should not view a reduced capital charge as the only offset against the substantial investment required to be an internal ratings-based bank. At least in part, the investment is a necessary tool to properly manage a sophisticated bank. And there will be funding offsets. The markets, both equity and debt, used by a sophisticated bank to fund itself will factor into their pricing the appropriateness of the bank’s risk management and capital models.
 
To return to Basel II, APRA, and indeed most other bank supervisors, is still to fully assess the impact that Pillar 2 will have on regulatory capital. At this time, only moderate reductions in capital for banks using the internal risk-based methodologies are anticipated. As for ADIs using the standardised approaches, they will benefit from the lower capital requirements attached to conventional home lending, although they will have to hold additional capital for operational risk. On balance though, they are likely to experience a small decline in average levels of capital.
 
Outsourcing and consultants
I wish to address one other issue. It is appropriate that banks have the option of being able to outsource some of the work required to implement Basel II; to use consultants and possibly share historic data. In doing so, however, it is important that banks understand what it is they are outsourcing and understand the information that is returned. As would be clear from the Basel II emphasis on managing and reducing risk, a “black box” response is not acceptable.
 
Irrespective of any outsourcing arrangements used, APRA’s responsibilities always lie with the individual banking institutions. In meeting those responsibilities, APRA is always happy to talk to individual banks and it encourages banks that have concerns about Basel II to discuss them with us.
 
APRA is also prepared to discuss Basel II issues with consultants, but it does not, nor will it, endorse any particular consultants or providers of outsourced services. Nor will it enter into direct relations with such consultants or providers.