Transcript No Slide Title

The critical challenge facing banks and
regulators under Basel II: improving
risk management through
implementation of Pillar 2
Simon Topping
Hong Kong Monetary Authority
28 September 2004
GARP Asia Pacific Convention
1
Implementation of Basel II in Hong Kong
• Hong Kong is one of the first jurisdictions to publish
detailed implementation plans for Basel II
• Re Pillar 1, we will allow institutions to choose between
standardised approach, foundation IRB and advanced IRB
for credit risk, and between basic indicator approach and
standardised approach (not AMA) for operational risk; we
will also allow smaller institutions to choose a “basic”
approach
• Institutions can now plan accordingly. The first big
question is whether - and when – to adopt IRB
• But focus is now shifting to a second key consideration
– what plans to make in relation to “Pillar 2” risks
2
Main objectives of Pillar 2
 Ensure that banks have adequate capital to support
all the material risks in their business
More comprehensive recognition of risk, including
risks not covered (e.g. interest rate risk in the
banking book) or not adequately covered (e.g. credit
concentration risk) under Pillar 1
 Encourage banks to develop and use better risk
management techniques
Focus on banks’ capital planning and risk
management capabilities (not just on setting of
capital)
3
Four Pillar 2 Principles
 Principle 1 : Banks should have a process for assessing their
overall capital adequacy in relation to their risk profile and a
strategy for maintaining their capital levels (i.e. CAAP)
 Principle 2 : Supervisors should review and evaluate banks’
internal capital adequacy assessments and strategies
 Principle 3 : Supervisors should expect banks to operate
above the minimum regulatory capital ratios and should have
the ability to require so
 Principle 4 : Supervisors should seek to intervene at early
stage to prevent capital from falling below the minimum
levels required to support the risk characteristics of a
particular bank
4
Principle 1
• Banks should have a process for assessing their overall
capital adequacy in relation to their risk profile and a
strategy for maintaining their capital levels
• Banks must be able to demonstrate that chosen internal capital
targets are well founded and that these targets are consistent
with their overall risk profile and current operating environment.
In assessing capital adequacy, bank management needs to be
mindful of the particular stage of the business cycle in which
the bank is operating. Rigorous, forward-looking stress testing
that identifies possible events or changes in market conditions
that could adversely impact the bank should be performed.
Bank management clearly bears primary responsibility for
ensuring that the bank has adequate capital to support its risks
5
The five main features of a rigorous process
for assessing capital adequacy
•
•
•
•
•
Board and senior management oversight
Sound capital assessment
Comprehensive assessment of risks
Monitoring and reporting
Internal control review
6
Fundamental elements of sound capital
assessment
• Policies and procedures designed to ensure that the bank
identifies, measures, and reports all material risks
• A process that relates capital to the level of risk
• A process that states capital adequacy goals with respect to
risk, taking account of the bank’s strategic focus and business
plan
• A process of internal controls, reviews and audit to ensure the
integrity of the overall management process
7
Existing supervisory framework
CAMEL rating system
Risk-based
supervision
Process for setting
minimum CAR
To assess AIs' overall
safety and soundness
To assess AIs' overall
risk profile
To determine minimum
CAR for local AIs
Management
Board and senior
management oversight
Risk management
system
Comprehensive internal
controls
No formal process
Assets
Inherent risks
Factors for consideration
- CAMEL rating
Liquidity
Direction of risk
- Risk profile
- Parental support
Capital
- Other relevant factors
specific to AI concerned
Earnings
COMPOSITE RATING
RISK PROFILE
MINIMUM CAR
8
Enhanced supervisory framework
CAMEL rating system
Risk-based supervision
To assess AIs' overall
safety and soundness
To assess AIs' overall
risk profile
Board and senior
management oversight
Risk management
system
Management
Comprehensive internal
controls
Process for setting
minimum CAR
To determine minimum
CAR for local AIs
Board and senior
management oversight
Risk management system
Internal control system and
environment
Infrastructure to meet
business needs
Other support systems
Pillar 1 risks
(standardised at 8%)
Assets
Inherent risks
Pillar 2 risks
(stress / scenario tests
and peer group comparison
to be incorporated)
Liquidity
Direction of risk
Capital adequacy and
capability to withstand
risks (stress and scenario
tests to be incorporated)
Capital
Earnings
9
COMPOSITE RATING
RISK PROFILE
MINIMUM CAR
Inherent Risks - Mapping between Pillars 1 & 2
Eight inhe re nt risks
unde r risk-ba se d
supe rvision
Pilla r 1 risks
- Counterparty default risk
Credit risk
- Transaction risk
(e.g. through recognition of
CRM)
Pilla r 2 risks
- Credit concentration risk
- Portfolio risk (aggressive
expansion / deterioration
in asset quality etc)
- Residual risk (from using
CRM / securitisation etc)
Market risk
Trading risk arising from
adverse movements in interest
rates, FX, security and
commodity prices
Residual risk (e.g.
vulnerability under stress and
scenario tests)
Interest rate risk
Interest rate risk in the trading
book
Interest rate risk in the
banking book
- Funding (cash) liquidity
risk
- Asset (market) liquidity
risk
Liquidity risk
Operational risk
(including legal risk)
Strategic risk
Reputation risk
Risk of loss resulting from
inadequate or failed internal
processes, people and
systems / from external events
Residual operational risk
(e.g. risk of loss resulting
from low-frequency, highimpact events)
Risk due to:
- bad / imprudent or
inproperly implemented
business decisions or
strategies
- lack of response to
external changes
(industry, economic or IT)
Risk due to contagion,
negative publicity or
susceptibility to market
rumours
10
Pillar 2 factors (1)
 Risks not directly captured under Pillar 1
–
–
–
–
Credit concentration risk
Interest rate risk in the banking book
Liquidity risk
Risks arising from portfolio analysis / aggregation (other
than credit concentration risk) – e.g. aggressive credit
expansion, rapid deterioration of asset quality etc.
– Strategic / reputation risks
– Business cycle risk
11
Pillar 2 factors (2)
 Risks not fully captured under Pillar 1
– Residual operational risk (including legal risk)
– Residual credit risk (e.g. ineffective credit risk
mitigation)
– Risks arising from securitisation / complex credit
derivatives (e.g. insufficient risk transfer, market
innovations, etc.)
 Systems and controls
– Risk management system
 Policies, procedures and limits for managing inherent
risks
 Risk measurement, monitoring and reporting systems
/ processes to ensure compliance with established
12
policies, procedures and limits
Pillar 2 factors (3)
 Systems and controls (cont’d)
– Internal control system and environment
 Segregation of duties and responsibilities
 Audit and compliance functions
– Infrastructure to meet business needs
 IT capability and reliability to support business
initiatives
 Competence, sufficiency and stability of key staff
 Outsourcing arrangements
– Other support systems
 Anti-money laundering system / accounting system
etc.
13
Pillar 2 factors (4)
 Capital adequacy and capability to withstand risks
– Adequacy and effectiveness of CAAP
– Capital adequacy to meet current and future business needs
and to withstand business cycles and adverse economic
conditions
– Quality of capital
– Access to additional capital, particularly under stressed
situations
– Strength and availability of parental support, where
applicable
– Capital contingency plan
14
Pillar 2 factors (5)
 Corporate governance
– General compliance with corporate governance guidelines
– Risk management knowledge and experience of the board
and senior management
– Awareness of the board and senior management in relation
to risk management and control issues
– Participation and involvement of the board and senior
management in :
 risk management processes
 risk management development and enhancement
– Responsiveness of the board and senior management to
supervisory concerns in respect of risk management and
control weaknesses
15
Conclusions
 Planning for Pillar 2 is possibly even more challenging than
for Pillar 1, as it is not simply a matter of choosing between a
limited number of options
 Rather, banks need to raise their awareness of risk and
determine a long-term strategy for improving the
identification, assessment and management of their risk
 While improved risk management should bring its own
rewards, it may also translate into lower regulatory capital
requirements as the regulator’s degree of comfort with the
bank’s risk management practices increases
 Ultimately, a little further down the line, it should be banks
themselves that decide how much capital they need, not
regulators. But the process will have to be highly developed,
16
systematic, and all-encompassing – quite a challenge