Daniele Nouy - Presentation
Download
Report
Transcript Daniele Nouy - Presentation
International Association of Deposit Insurers
(IADI)
Managing risk more effectively through
an entreprise risk management system
The perspective of the French Banking
Commission
Danièle NOUY, Secretary General of the
Commission bancaire
1
Introduction
Recent corporate scandals have highlighted the crucial role of
effective risk management and corporate governance.
As a result, Basel II -and all other recent banking rules- are committed
to enhance financial stability and banking systems resilience by
promoting good risk management and governance, this means:
A comprehensive, enterprise-wide assessment of risk;
Sophisticated, sensitive, tools to measure risk;
Strong risk management and internal controls;
Enhanced transparency.
We are confident that Basel II is not just a quantitative capital
requirement but will fundamentally change the approach to risk and
capital management.
2
Outline
1. Risk management, is a key element of banking supervision
1.1 Principles of internal control,
1.2 Rationale behind Basel II,
1.3 Basel II: a comprehensive approach to risk management
covering both financial and non financial risks.
2. Basel II calls for high quality, comprehensive risk management
systems
2.1 Criteria for the IRB approach (credit risk) and the « use test »,
2.2 Criteria for AMA (operational risk),
2.3 Impact of Pillar II and pillar III in terms of risk management.
3. Current issues and challenges
3.1 Cross-border issues raised by Basel II implementation,
3.2 Specific issues regarding the implementation of AMA for
operational risks.
3
1. Risk management, at the core of banking
supervision
The Commission bancaire and the Basel Committee have
for long stressed the importance of sensible, adequate
and proactive risk management:
1.1 By developing strong internal control principles,
1.2 By defining risk management objectives for Basel II,
1.3 By making use of Basel II to promote a comprehensive,
sophisticated approach to risk management.
4
1.1 Internal control principles
In France, the February 1997 regulation related to internal control
Banks must set up adequate internal control systems (operations and
procedures, accounting and information processing systems, etc.).
The Basel Committee Core Principles for Effective Banking
Supervision, in September 1997 :
Principle 14 : « Banking supervisors must determine that banks have in
place internal controls that are adequate for the nature and scale of their
business ».
A « Framework for internal control systems in banking
organisation », Basel Committee, in September 1998:
A system of strong internal controls can help to ensure that the goals and
objectives of a banking organisation will be met, that the bank will achieve
long term profitability targets and maintain reliable financial and
managerial reporting.
5
1.2 Rationale behind Basel II
This was needed because existing rules had been overtaken by
the pace of innovation in the banking systems
Evolution of banks (more and more large and complex institutions with
increasing cross-border activities), as well as markets and techniques
(securitisation, credit derivatives,…);
Need for more sophisticated risk measurement, management and
mitigation.
Basel II offers incentives for banks to adopt better risk and
capital management
Banks are invited to manage their risks appropriately and consistently
by making use of the best tools and practices available Economic
incentives for banks to adopt more sophisticated approaches;
Banks should hold adequate levels of capital and so be able to
withstand periods of financial distress Capital requirements more
risk-sensitive, more closely tailored to banks’ practices.
6
1.3 Basel II, a comprehensive framework
3 Pillars
Minimum capital requirements
Credit risk
Supervisory review process
Risk-weighted assets
Definition of own funds
Financial risks
Operational risk
Market risk
Non financial risks
Market discipline
Standardized approach Basic Indicator Approach Standardized Approach
SA
BIA
Foundation IRB
IRBF
Standardized approach
TSA
Advanced IRB
IRBA
Advanced
Measurement
Approach
AMA
Internal model approach
VaR
Unchanged
7
1.3… with elements to enhance risk
management in each Pillar...
Pillar I Measurement of risk
Quantitative but also qualitative requirements to be eligible to
the IRB (credit risk) and AMA (operational risk) approaches;
Advanced approaches must be fully integrated in the bank’s
culture and risk management (use test).
Pillar II Sophisticated tools to measure, cover, manage risk
Demand for sound and comprehensive internal assessment of
risk and capital adequacy
Pillar III Transparency
For each risk area (e.g. credit, market, operational, banking
book interest rate risk…) banks must describe their risk
management objectives and policies, (including strategies and
processes) the structure and organisation of the risk
management function, the scope and nature of risk reporting,
8
etc.
1.3 …For both financial and non financial risks
Financial risks
RISKS
LIQUIDITY
CREDIT
PILLAR 2
PILLAR 1
MARKET
Non financial risks
OPERATIONAL
OTHERS
REPUTATIONAL
INTEREST RATE IN
THE BB
STRATEGIC
ENDOGENOUS
EXOGENOUS
COMPLIANCE
OTHERS...
HUMAN
FACTOR
PROCESS
SYSTEMS
EXT. EVENTS
9
2. Basel II calls for a comprehensive risk
management system
The underlying philosophy of the New Capital Accord
The three pillars together are intended to achieve a level of capital
commensurate with a bank’s overall risk profile;
There is a correlation between required capital and effectiveness
of a bank’s risk management/risk profile;
But increased capital is not the only way to effectively addressing an
increase in risks; Pillar 2 offers different ways of addressing the
possible shortcomings, for example:
Emphasis on banks’own assessment of their capital needs,
Compliance with certain pillar 1 requirements related to: IRB
methodologies, credit risk mitigation techniques, etc.
Supervisory treatment of outliers for interest rate risk,
management of collateral (former W factor) concentration, etc.
10
2.1 Credit Risk IRB approach
10%
9.75% (- 2.5 %)
9.5% (- 5 %)
Credit risk
modelling ?
Advanced IRB
Approach
Foundation IRB
Approach
Standardised
Approach
Evolutionary approaches : capital incentives to move to more
advanced approaches with increasingly demanding
management standards
?
11
IRB approach - adoption process
All exposure classes
IRB
Approach
All units (subsidiaries,
branches)
Elements of advanced
approach
12
IRB approach - an entreprise-wide project
The IRB approach is an entreprise-wide project.
For a banking group, implementation of an IRB approach
across all asset classes and business units at the same time
is challenging;
Supervisors may allow banks to adopt a phased rollout within
a reasonably short time :
adoption of IRB across asset classes within the same business
unit;
adoption of IRB across business units within the same banking
group;
move from the foundation approach to the advanced approach.
13
IRB - Quantitative and qualitative
requirements
To be eligible for an IRB approach, a bank must meet a set of
minimum requirements;
IRB systems must notably:
be approved by the board of directors, ...and internal ratings must
be an essential part of the reporting to directors;
provide meaningful differentiation of credit risk (for example a
minimum of 7 to 9 borrower grades for non-defaulted borrowers and
of 1 or 2 borrower grade(s) for defaulted borrowers);
Data sources used by banks must be suitably rich and robust;
Ratings should be subject to independent review and, more
importantly,
The IRB approach/the ratings must be an integral part of the
bank’s culture and management (“The use test”).
14
IRB - The “use test” criteria
The « use test » criteria, which is pretty similar to the « managerial
approach » used by the accountants (IASB for IAS), is the most
important requirement for the IRB approach.
Internal ratings as well as default and loss estimates and all other
parameters must play an essential role in the credit policy of banks
using the IRB approach: credit approvals, credit risk management,
provisioning and internal capital allocations. This means that it should
not be:
designed and implemented exclusively for the purpose of qualifying
for the IRB approach,
used only to provide IRB inputs.
…Even if banks are making use of supplementary parameters in
their on-going management and hedging of credit risk.
15
2.2 Operational risk AMA
In line with the approach to credit risk and market risk,
several options are offered to calculate minimum capital
requirements for operational risk.
Increasing management standard
Basic Indicator
Approach (BIA)
The Standardised
Approach (SA)
Advanced
Measurement
Approach (AMA)
Increasing capital charges
It is an evolutionary approach offering capital incentives to
16
move to the most advanced approaches (AMA).
Operational risk - AMA
Like for credit risk, capital charges are generated by
banks ’ internal operational risk models provided that
these models meet strong quantitative and qualitative
requirements.
The model must incorporate the following quantitative
criteria :
Internal data a minimum of 5-year observation period (3-year
historical data window acceptable in 2006);
External data it should use relevant external data (for
benchmarking and qualitative adjustments, etc.);
Scenario analysis expert opinion should be used to evaluate
exposure to low probability / high severity events;
Business environment and internal control factors must
be retained as key factors reflecting the quality of risk
17
management practices.
Operational risk - AMA
The qualitative criteria focus on:
An independent operational risk management function,
Integration into the day-to-day risk management processes,
Regular reporting (business units management, senior
management, board of directors),
Compliance with internal policies, regular controls and adequate
procedures concerning the operational risk system,
An internal/external review of the operational management
processes and measurement systems,
A validation by supervisory authorities.
18
« Sound Practices for the Management and
Supervision of Operational Risk »
To demonstrate that they have the necessary operational risk
culture,
banks should comply with, and
supervisors should focus on:
the principles set up in the BCBS paper on « Sound Practices for
the Management and Supervision of Operational Risk »
(February 2003).
19
« Sound Practices for the Management
and Supervision of Operational Risk »
1. The principles relating to the risk management process of
banks are the following:
Involvement of the board of directors,
Effective and comprehensive internal audit,
Responsibility of the senior management for implementing the
operational risk management policy approved by the board of directors,
Identification of the operational risk inherent in all material products,
activities, processes and systems,
Implementation of a process to regularly monitor operational risk
profiles and material exposure to losses,
Definition of policies, processes and procedures to control or
mitigate material operational risks,
Definition of contingency and business continuity plans?
Sufficient public disclosure, etc.
20
« Sound Practices for the Management
and Supervision of Operational Risk »
2. Regarding the role of bank supervisors, they should:
Require that all banks have an effective framework in place to
identify, assess, monitor and control or mitigate material
operational risks as part of an overall approach to risk
management;
Conduct, directly or indirectly, regular independent evaluation of
a bank’s policies, procedures and practices related to
operational risks.
21
2.3 Pillar 2 - Supervisory review process
Pillar 2 has been for long the less-commented part of the
Accord, but it is seen now as the most challenging part of
the New Accord. It is intended :
to achieve a level of capital commensurate with a bank’s
overall risk profile;
to encourage banks to develop and use better risk
management techniques in monitoring and managing their
risks.
Supervisors will have to find the right balance between a
possible increase in the capital charge and the use of other
means for addressing risks, such as :
strengthening risk management,
applying internal/ external limits on certain activities,
improving internal controls.
22
Pillar 2 - Supervisory review process
Pillar 2 is based on four principles :
1. Banks' own assessment of capital adequacy. It is of crucial
importance in terms of risks management: "Banks should have a
process for assessing their overall capital adequacy in
relation to their risk profile and a strategy for maintaining their
capital levels”,
2. Supervisory review process,
3. Capital above regulatory minima,
4. Supervisory intervention.
The BCBS 15 January 2004 press release clarified the respective
roles of pillar 1 and pillar 2:
Pillar 2 is not intended to lead to automatic capital add-ons for
each specific risk identified;
Banks should evaluate their own capital adequacy in light of all
23
risks they face, not just those mentioned in Pillar 1.
2.3 Pillar 3 - Market discipline
Pillar 3 is based on the same philosophy. It is intended to provide
investors with reliable and timely information to understand a bank’s
risk profile. and therefore enhance the role of market participants in
encouraging banks to hold adequate levels of capital and manage
their risks properly.
Quite naturally, more demanding disclosure is required from banks
willing to make use of the most sophisticated methodologies: the
internal ratings-based approach for credit risk and the AMAs for
operational risk.
This supplementary qualitative and quantitative disclosure focus on
the internal methodologies and the key inputs of the selected
approaches, such as information about the structure of the internal
rating systems, PD, LGD assumptions, etc.
24
3. Current issues and challenges
To deliver an effective and consistent cross-border
implementation of Basel II is a significant challenge.
More risk focussed supervision demands extra resources and
implies more intensive supervisory efforts,
The increased technical complexity of risk based supervision and
the inclusion of more qualitative standards change the way in
which supervisors conduct their work,
The New Accord enhances the need for dissemination of the
best supervisory practices around the world,
BC members are committed to exchange information on the
status of implementation, and the exercise of national
discretion, where it is used,
Regarding pillar 2, the industry is especially, but not exclusively,
concerned about level playing field.
25
3.1 Implementation - cross-border issues
The Accord Implementation Group (AIG) has been working for
some time to deliver guidance on cross-border implementation
of Basel II.
It makes use of case studies designed to gain a better sense of
the practical aspects of cross-border implementation.
It has been mainly dealing with :
A common understanding of the concept of « supervisory
review »;
The development of common methodologies for validating the IRB
(credit risk) and AMA (operational risk) approaches under pillar 1;
The share of tasks and responsibilities of home and host
supervisors.
26
3.1 Implementation - cross-border issues
The AIG has published in August 2003 a set of “High-level
principles for the cross-border implementation of the New
Accord”.
These principles are similar to those existing in the EU
framework for consolidated supervision (and are a more
detailed and up-to-date version of the BCBS Concordat):
Responsibility of the home country supervisor for consolidated
supervision;
Responsibility of the host country supervisor for supervision on
an individual or sub-consolidated basis;
Mutual recognition and/or closer cooperation between home
country supervisor and host country supervisors.
27
3.2 Cross-border AMA implementation
Operational risk raises some specific cross-border issues.
The « Principles for the home/host recognition of AMA
operational risk capital» (January 2004) state that the
management of operational risk must be conducted at each level of
a banking group.
The board and senior management, at each level of a banking
organisation, have an obligation to :
understand the operational risk profile of the entity;
ensure that risks are managed appropriately; and
ensure that the capital held in the specific entity, to cover
operational risk is adequate.
As each banking subsidiary within the group must be adequately
capitalized on a stand-alone basis.
28
3.2 Cross-border AMA implementation
The challenge is to find the right balance between sensitivity the need for adequate and properly allocated capital- and
simplicity/practicality -the need for workable principles to govern
the relationships between the home and host jurisdictions-.
As a result, introduction of an « hybrid » approach for AMA banks:
subject to supervisory approval, banking groups would be permitted
to use stand-alone AMA calculations for significant internationally
active banking subsidiaries.
In calculating stand-alone requirements, significant internationally
active bank subsidiaries may incorporate estimate of diversification
benefits of their own operations (but may not take advantage of
group-wide diversification benefits).
29
Conclusion
Basel II will offer proper incentives for banks to manage their risks
more effectively.
Considered jointly, the three pillars will renew the emphasis on
excellence in risk management and corporate governance.
Promoting coordination and consistency between supervisors will
provide banks with better certainty about the new rules so that they
continue to improve their risk management systems.
The new accord will be of great benefit to banks with first-class risk
management systems.
30