BASEL II CHANGES AND OPERATIONAL RISK



Similar documents
Capital Adequacy: Advanced Measurement Approaches to Operational Risk

An Overview of Basel II s Pillar 2

Measurement of Banks Exposure to Interest Rate Risk and Principles for the Management of Interest Rate Risk respectively.

Risk Concentrations Principles

Risk management systems of responsible entities

Guidelines. ADI Authorisation Guidelines. Australian Prudential Regulation Authority. April 2008

Key functions in the system of governance Responsibilities, interfaces and outsourcing under Solvency II

Bank Capital Adequacy under Basel III

Supervisor of Banks: Proper Conduct of Banking Business [9] (4/13) Sound Credit Risk Assessment and Valuation for Loans Page 314-1

Application for a Banking Authority Foreign Bank Branches Prudential Statement J2

The APRA Supervision Blueprint

Supervisory Guidance on Operational Risk Advanced Measurement Approaches for Regulatory Capital

1. promoting an efficient and effective financial system that adequately finances economic growth, and

Guidance on the management of interest rate risk arising from nontrading

CONSULTATION PAPER P October Proposed Regulatory Framework on Mortgage Insurance Business

Australian Prudential Regulation Authority. Protecting Australia s depositors, insurance policyholders and superannuation fund members

INTERNAL CAPITAL ADEQUACY ASSESSMENT

1. Introduction Process for determining the solvency need Definitions of main risk types... 9

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)

Risk management systems of responsible entities: Further proposals

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Bank of Queensland Limited

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Risk Management Programme Guidelines

RISK BASED INTERNAL AUDIT

Basel Committee on Banking Supervision. Net Stable Funding Ratio disclosure standards

Basel Committee on Banking Supervision. Frequently asked questions on the Basel III Countercyclical Capital Buffer

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

Risk appetite How hungry are you?

Basel III Pillar 3 CAPITAL ADEQUACY AND RISK DISCLOSURES AS AT 30 SEPTEMBER 2014

Internal Loss Data A Regulator s Perspective

1. INTRODUCTION AND PURPOSE

Operational risk capital modelling. John Jarratt National Australia Bank

BASEL III PILLAR 3 CAPITAL ADEQUACY AND RISKS DISCLOSURES AS AT 30 SEPTEMBER 2015

RISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012)

Basel Committee on Banking Supervision. Consultative Document. Operational Risk. Supporting Document to the New Basel Capital Accord

STRESS TESTING GUIDELINE

Principles for An. Effective Risk Appetite Framework

Consultation Document: Review of the Treatment of Charitable and Religious Organisations under the Non-bank Deposit Takers Regime

The Role of Mortgage Insurance under the New Global Regulatory Frameworks

1. This Prudential Standard is made under paragraph 230A(1)(a) of the Life Insurance Act 1995 (the Act).

This section outlines the Solvency II requirements for a syndicate s own risk and solvency assessment (ORSA).

CONTACT(S) Riana Wiesner +44(0) Jana Streckenbach +44(0)

Adequacy of risk management systems of responsible entities

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

Terms of Reference - Board Risk Committee

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012.

Basel III Liquidity Risk Monitoring and IT Infrastructure impacts

PILLAR 3 DISCLOSURES 2009

6/8/2016 OVERVIEW. Page 1 of 9

Consultation Paper. Draft Guidelines on credit institutions credit risk management practices and accounting for expected credit losses EBA/CP/2016/10

Over-the-counter contracts for difference: Improving disclosure for retail investors

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

Basel Committee on Banking Supervision

INTERAGENCY GUIDANCE ON THE ADVANCED MEASUREMENT APPROACHES FOR OPERATIONAL RISK. Date: June 3, 2011

NORGES BANK TOWARDS 2016

Pictet Asset Management Ltd

Basel Committee on Banking Supervision. Consultative Document. Net Stable Funding Ratio disclosure standards. Issued for comment by 6 March 2015

Capital adequacy ratios for banks - simplified explanation and

BERMUDA MONETARY AUTHORITY

Sound Practices for the Management of Operational Risk

DTZ Corporate Finance Limited Pillar 3 Disclosures as at 30 April 2009

CHALLENGES FOR BASEL II IMPLEMENTATION IN CHILE

APRA S FIT AND PROPER REQUIREMENTS

ASIC Consultation Paper 204 Risk management systems of responsible entities

Regulatory and Economic Capital

Risk Management Framework

Policy on the Management of Country Risk by Credit Institutions

Basel Committee on Banking Supervision. Consultative Document. TLAC Holdings. Issued for comment by 12 February 2016

BASEL II AND THE AUSTRALIAN RESIDENTIAL MORTGAGE MARKET

Insurance Groups under Solvency II

Principles for the supervision of financial conglomerates

There are three specific matters that we particularly wish to bring to the Panel's attention:

STANDARDS OF BEST PRACTICE ON COUNTRY AND TRANSFER RISK

DECLARATION ON STRENGTHENING THE FINANCIAL SYSTEM LONDON SUMMIT, 2 APRIL 2009

Basel Committee on Banking Supervision. Working Paper No. 17

POLICY POSITION PAPER ON THE PRUDENTIAL TREATMENT OF CAPITALISED EXPENSES

Statement of Principles

China International Capital Corporation (UK) Limited Pillar 3 Disclosure

Building a framework for operational risk management: the FSA s observations

Statement of Guidance

National Consumer Credit Protection Amendment (Credit Reform Phase 2) Bill 2012

Information Paper. Pandemic Planning October Australian Prudential Regulation Authority

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION CONTENTS

PRINCIPLES FOR THE MANAGEMENT OF CONCENTRATION RISK

The Role of Exchange Settlement Accounts

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Internal Audit and supervisory expectations building on progress

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2

INSPRU overview. Paul Edmondson T: E: November 2013

COMPLIANCE GUIDELINE April 2009

Central Bank of Ireland Guidelines on Preparing for Solvency II Pre-application for Internal Models

ZAG BANK BASEL II & III PILLAR 3 DISCLOSURES. December 31, 2014

System of Governance

Framework for Cooperative Market Conduct Supervision in Canada

The Internal Capital Adequacy Assessment Process (ICAAP) and the Supervisory Review and Evaluation Process (SREP)

Financial Stability Forum Recommends Actions to Enhance Market and Institutional Resilience

Fundamental Principles of Financial Auditing

Implementation of Solvency II: The dos and the don ts

Transcription:

BASEL II CHANGES AND OPERATIONAL RISK ENTERPRISE-WIDE RISK MANAGEMENT CONFERENCE MAY 2005 BERNIE EGAN Program Director, Basel II Australian Prudential Regulation Authority

2 BASEL II CHANGES AND OPERATIONAL RISK This afternoon s focus on operational risk is timely. Conferences such as this are important in fostering discussion on the implementation of the Basel II Capital Framework (Basel II). To date, much of the discussion has been on credit risk, and lately on Pillar 2. While they are important issues and I certainly encourage such discussion, we should not lose sight of the importance of operational risk, which for many banks comprises around a fifth of their economic capital. However, I am cognizant of the many people attending this conference who are not bankers and have no knowledge of Basel II. So allow me to provide a brief overview. The business of banking is about taking and managing risks and banks use capital as a buffer against risk. Nevertheless, because of the crucial role that banks play in the financial system and because much of their funding is from unsophisticated depositors, it has long been considered appropriate that the activities of banks be prudentially supervised. The process of prudential supervision has evolved over the years, but supervisors now place great store on the capital held by banks. Initially, the various bank supervisors developed their own capital standards, but many banks compete in the global marketplace. The 1988 Basel Capital Accord (Basel I), developed by the Basel Committee on Banking Supervision at the Bank for International Settlements, was borne out of a desire to align the capital requirements of banks that competed across national boundaries. Bank supervisors in developed countries, and many less developed ones, have implemented Basel I for all their banks. The world of banking has continued to develop since Basel I was released and its one size fits all approach has been unable to deal with the increasing innovation and sophistication of the marketplace. Internally, banks have been addressing this and have developed models for calculating economic capital. Supervisors, for their part, have been seeking to develop a better regulatory solution. Basel II seeks to harness into the supervisory process best practices in risk management in banking and market discipline. It provides a spectrum of approaches for determining regulatory capital that are more comprehensive, including for the first time operational risk, and are more sensitive to risks. Basel II is built around three mutually reinforcing pillars, consisting of minimum capital requirements, supervisory review and market discipline. Against that background, I now wish to return to this afternoon s topic and to start with the Basel Committee s definition of operational risk the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The definition includes legal risk but excludes strategic and reputational risk. Some operational risk events are high frequency and low value and while they cannot be eradicated, banks are generally good at minimising their impact. Other events are low frequency and high value and as we know, there are examples of them being fatal, for example Barings. Other banks have survived significant operational risk events but the events have been quite damaging to the bank, as well as resulting in significant loss to shareholders, for example National Australia Bank. Operational risks have, of course, always been present in banking. But they have not always been well recognised and to the extent that they have been recognised, they have largely been addressed through insurance. In addition, many banks have moved into non-traditional banking products, which often involve increased 2

3 operational risk. With the passage of time banks have become much better at identifying operational risks and improvements in technology have allowed banks to better measure and manage them. For both bankers and supervisors, operational risk management has now emerged as a discipline in its own right. From the Basel Committee s definition of operational risk, it is clear that much operational risk centres around breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial loss through error and fraud, or cause the interests of the bank to be compromised, such as through staff exceeding their authority. The first line of defence then must always be sound and robust operational risk management, including internal controls. However, in the event that proves to be inadequate, a bank should hold sufficient capital so that it can survive all but the most catastrophic operational risk events. Banks have less control over external events and in many cases capital provides the sole defence. Basel II contains two standardised approaches to calculating a capital requirement. Both use income as a proxy for operational risk. Alternatively, banks can take an analytical approach the so called advanced measurement approaches (AMA), but they must be able to demonstrate a soundness that is comparable to a one year holding period and a 99.9 th percentile confidence interval. It should be stressed that in introducing operational risk capital requirements, supervisors are not necessarily increasing total regulatory capital. Basel II adds greater precision into the calculation of capital held against credit risk, which for many Australian ADIs will result in a decrease in credit risk capital. Income, which is used in the standardised approaches, is not always a perfect proxy for operational risk. For example, the risk profile of a business centred on clearing payments is dominated by operational risk. For a given volume of business, that risk profile is the same irrespective of the income that the bank derives from the business, so it is less than ideal to calculate operational risk capital on the basis of income. However, at this time, no one has been able to identify a better proxy. One of the standardised approaches to operational risk requires banks to map their business to one of eight business lines. This requirement adds considerable complexity. For the smaller deposit-taking institutions (ADIs), most of whom have business concentrated in one or two of the eight Basel II business lines, there is arguably minimal benefit to offset the complexity. While it makes sense to attempt to differentiate between operational risk profiles on the basis of lines of business, this really only works well when there are risk proxies that appropriately mirror, and are accepted as mirroring, the operational risk inherent in those lines of business. In Australia s case, however, it may be possible to tailor a standardised approach that better meets our needs. That is because APRA s requirement that all banks adopting one of the sophisticated, or internal ratings based approaches, for credit risk must also adopt the AMA for operational risk. As a consequence, all Australia s larger banks, and certainly those that are internationally active, will adopt the AMA. Thus, without breaching the spirit of Basel II, APRA is able to explore implementing a standardised approach to operational risk that is less complex and more appropriate for Australia s smaller ADIs. For many of these ADIs, the bulk of their business is retail and commercial banking and their assets consist primarily of retail and commercial loans and advances for which Basel II provides scope for assuming a consistent income stream of 3.5 per cent. One possibility APRA is 3

4 looking at is to calculate operational risk capital on the basis of a much reduced number of business lines with one being retail and commercial banking assets. We expect to shortly issue a discussion paper on a simplified approach to operational risk. For all Australian ADIs adopting the standardised approaches, there will, then, be a capital requirement against operational risk. But, as I have discussed there is limited science in that capital calculation, so the importance of ADIs having robust risk management processes in place can t be over-emphasised. I now wish to turn to the AMA, where the issues are different. For many years banks have been modelling credit risk and there is broad agreement on the methodologies and inputs, such as probabilities of default. Unfortunately there is neither a history, nor broad agreement on the methodologies, for modelling operational risk. The Basel Committee recognises this and does not specify the modelling approach to use when determining how much capital is required for operational risk. It does, however, require banks to: track internal loss data and to use that data to directly build loss measures or to validate them; use relevant external data and to have a systematic process for determining the situations for which external data must be used and the methodologies used to incorporate the data; use scenario analysis or expert opinion in conjunction with external data to evaluate exposures to high-severity events; and capture key business environment and internal control factors that can change a bank s operational risk profile. A bank s AMA must take into account each of the four elements in deriving a total operational risk capital amount. The extent to which each of the four elements is used will vary from bank to bank, and possibly across business lines within each bank. Having modelled its operational risk capital, a bank is able to allocate the capital to its various business units. Through that allocation process the business units will have the incentive to better manage and to reduce their operational risk, and therefore reduce the capital allocated to them. However, to ensure that there is symmetry around this process, APRA will require banks to continuously review the operational risks to which they are exposed and to regularly update their modelling. APRA acknowledges the appropriateness of the flexibility and subjectiveness inherent in the AMA, but it does believe it is essential that there be some broad guidelines around the process. Irrespective of how the four elements are used, each bank will be required to have a well documented and verifiable approach for weighting each of the elements in its AMA and for ensuring that the operational risk capital model draws on the elements as appropriate, such that the data or scenarios that are being used reflect adequately the operational risks across the bank. Further, the rationale for all assumptions made in the operational risk capital model must be documented, including the choice of data inputs (or 4

5 elements), any distributional or other assumptions made, and the weighting of quantitative and qualitative modelling components. That brings us back to my earlier comment about a sound and robust operational risk management system being the first line of defence. Basel II contains a hierarchy of operational risk qualitative requirements, depending on the methodology used to calculate regulatory capital. As a minimum, it encourages banks to comply with the Basel Committee s guidance on Sound Practices for the Management and Supervision of Operational Risk, which was issued in 2003. That document contains 10 principles within four broad categories. 1. Developing an appropriate risk management environment; that the board of directors must be actively involved in the oversight of operational risk, that the operational risk framework should be subject to effective review, and that senior management be responsible for implementing the approved framework. 2. Risk management, identification, assessment, monitoring and mitigation/control; that banks should identify and assess the operational risk to which they are exposed, monitor it, have processes for mitigating it, and have business continuity plans. 3. Role of supervisors; banking supervisors should require all banks to have an effective operational risk framework in place and should regularly evaluate banks operational risk policies, procedures and practices. 4. Role of disclosure; that banks should have in place arrangements for adequate disclosure of their operational risk approach. Before a bank can use an AMA approach, Basel II requires it to have in place qualitative standards on the independence of the operational risk management function, integration of the risk measurement system into the day-to-day risk management processes, regular reporting, documentation, independent review, and validation. For those of you whose job does not require you to live and breathe Basel II, I apologise for burdening you with so much detail. But I think that is a necessary process to understand the changes that Basel II has made to the way Australian ADIs will approach operational risk. This afternoon I have not attempted to discuss all the operational risk qualitative requirements of Basel II, but rather to give you a flavour of them. And we have seen that there is a hierarchy of requirements depending on the business mix and the sophistication of the ADI. Hopefully your sense is that that the requirements are neither unreasonable nor onerous. If you have concluded that the requirements are a sensible way of minimising and managing a known risk, you will have no argument from me. I suggest that what Basel II does do is to mandate what prudent bankers are already doing. As we have seen, Basel II also imposes a specific operational risk regulatory capital charge. For the smaller Australian ADIs this capital charge is calculated using a regulatory formula. Within the confines of its existing business there is nothing an individual ADI can do to reduce the capital requirement. On the other hand, for those larger ADIs that have the resources to model their risks, 5

6 Basel II provides a mechanism and an incentive to better manage and to minimise their operational risks. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information