BASEL II FRAMEWORK AND OPERATIONAL RISK

 

 

In the recent years, Reuters has been surveying the market to identify the hidden trends that will impact our customers in the way they are working. Among, the various buzz-words and fashionable subjects (T+1, STP, ...) that we have seen flying around, Basle II is probably the one that will impact the most the banking market. Basle II intends to follow a fast moving world and evaluate before hand what can impact the banks capital. It is obviously a difficult task aligning capital requirements with ever changing underlying risk. This New Accord is burdensome, it is going to be a costly mandate and implementing the related changes is a challenge. Basle II will turn the banking sector into an industry like car making. Bankers will have to become a lot more process oriented and better review the cost of capital.

 

Basle II is articulated around 3 pillars. Those are:

-Capital requirements - The intention is to move away from recognition of risk isolated from the others into some sort of integrated view of credit and market risks.

-Supervisory process will have to be implemented locally and this will take time for the supervisors to be both trained and aware of what they need to review and how often.

-Transparency which will turn enhance the annual report with risk adjusted values, if internationally agreed publishing format ever come to reality.

 

The biggest innovation of the Basle II accord is the introduction of a new class of risk: operational risk. Operational risk is defined as the risk of direct or indirect loss resulting

-From inadequate or failed internal processes, people and systems

-From external events

 

Beyond the definition, what are the necessary steps needed to implement a credible operational risk framework. We have identified 4 phases. Firstly, banks will have to update their procedure guides i.e. review and document all processes. Secondly, for each procedure a search for all potential point failure has to be conducted with identification of metrics that could apply. Then each time an incident happen the nature and the related loss impact has to be recorded. Last, the system needs to be monitored against limits.

 

Moreover, while market & credit risk are part of a bank's core business - without taking on risk, a bank cannot make money - operational risk is not. Operational risks are inherent to any company. In the recent years the car making industry has to re-call hundreds of cars because of default. For a bank, missing a deal because of an incorrect price entry is like a default in a factory production line. Banks will have to implement a total quality culture.

 

Most of the banks are still in the preliminary phases of implementing an operational risk framework. Every bank is facing major issues while implementing a quantitative methodology. The first one being the lack of skilled people able to understand the underlying hypothesis of the mathematical formulas. But more important is the non-existence of historical series recording the loss event data within the financial institutions. If implementing a quantitative operational risk methodology seems so difficult what can be done to prepare for the happening of Basle II. A good first could be to track the incident at the procedure and processing level. We suggest that you implement a scorecard type of system to track the operational errors on a regular basis. After completion of Phase I and II, it is easy to produce a simple table with a color-coding scheme identifying potential area of risk exposure. The frequency of any mistake will be recorded in the system with the associated loss per business unit, financial product and department. The scorecard will represent the number of mistakes compare to a target numbers for each business line/product and department. The target number represents the maximum amount of capital allocated to this activity divided by the frequency of the event.

 

Even though, this first can be easily implemented banks will have to undertake the necessary staffs skill set and competencies adjustments. Bank will have to make sure that staff are properly trained and experienced to handle all events that are happening within their organization. The management team has to enforce the role of each department, F/O dealers' trades they do not record transactions; Recording transaction is the B/O role. Each group should be independent from the other to produce an independent valuation. Recent examples show that these rules tend to be forgotten.

 

AIB lost 700 m USD because the rogue was providing the back-office its own portfolio valuation, as the back-office did not have any access to data feed to produce its own independent valuation.

 

As a consequence Basle II will impact financial institutions staff in their daily practice. Not only because the financial methodologies are changing but also because the processes and the way they are doing their job will change.       

      

As for any other business process reengineering, the involvement and support of the senior and board members is the key to successfully implement an operational risk framework. Banks culture will evolve toward a zero default culture and a culture closer to the car making industry. None of us will accept to get a car that is not safe or has any technical problems. The same level of intolerance is hidden behind Basle II. Financial institutions will have to increase their efficiency by adopting the best management practices, to achieve this the current decentralized structure of managing quality will be re-centralized. New type of department will emerge in the banks organization like quality/process department with an inflow of expert coming from other industries. The main task of these new departments will be to maintain data consistency across the organization but also awareness of people on the way they should do their work (procedure guides updated and maintained...). The aim of the whole organization will be to achieve zero default.

 

Do not underestimate the impact of your own corporate culture of reporting and way of doing things. The tight link between this culture and operating model and the workflow model will require each bank to customize the system to fit their unique needs.

 

As a matter of conclusion, here are the 10 rules to successfully implement and run an operational risk system.

Rule 1:    Keep systems up to date and problem free

Rule 2:    Get the best people and keep them trained & motivated

Rule 3:    Clearly set the individuals & groups & firm responsibilities

Rule 4:    Build a self-motivated organization in finding new ways to improve efficiency

Rule 5:    When finding new efficiency do not wait till the next audit

Rule 6:    Aim for total quality and zero default approach

Rule 7:    Review processes regularly with senior management involvement

Rule 8:    Segregation of duties between front, middle and back offices is not negotiable

Rule 9:    Regulatory & compliances requirements are part of the process not an option

Rule 10: Detect and fix as early as possible