The critical challenge facing banks and regulators under Basel II

Four Pillar 2 Principles Principle 1 : Banks should have a process for assessing their overall capital adequacy in relation to their risk profile and a strategy for maintaining their c

The critical challenge facing banks and regulators under Basel II: improving

risk management through implementation of Pillar 2

Simon Topping Hong Kong Monetary Authority

28 September 2004

Implementation of Basel II in Hong Kong

• Hong Kong is one of the first jurisdictions to publish detailed implementation plans for Basel II

• Re Pillar 1, we will allow institutions to choose between standardised approach, foundation IRB and advanced IRB for credit risk, and between basic indicator approach and standardised approach (not AMA) for operational risk; we will also allow smaller institutions to choose a “basic” approach

• Institutions can now plan accordingly The first big question is whether - and when – to adopt IRB

• But focus is now shifting to a second key consideration

– what plans to make in relation to “Pillar 2” risks

Main objectives of Pillar 2

 Ensure that banks have adequate capital to support all

the material risks in their business

 More comprehensive recognition of risk, including risks

not covered (e.g interest rate risk in the banking book)

or not adequately covered (e.g credit concentration risk)

under Pillar 1

 Encourage banks to develop and use better risk

management techniques

 Focus on banks’ capital planning and risk management

capabilities (not just on setting of capital)

Four Pillar 2 Principles

 Principle 1 : Banks should have a process for assessing their

overall capital adequacy in relation to their risk profile and a strategy for maintaining their capital levels (i.e CAAP)

 Principle 2 : Supervisors should review and evaluate banks’

internal capital adequacy assessments and strategies

 Principle 3 : Supervisors should expect banks to operate

above the minimum regulatory capital ratios and should have the ability to require so

 Principle 4 : Supervisors should seek to intervene at early

stage to prevent capital from falling below the minimum levels required to support the risk characteristics of a particular bank

Principle 1

• Banks should have a process for assessing their overall capit

al adequacy in relation to their risk profile and a strategy fo

r maintaining their capital levels

• Banks must be able to demonstrate that chosen internal capital t argets are well founded and that these targets are consistent wit

h their overall risk profile and current operating environment I

n assessing capital adequacy, bank management needs to be mi ndful of the particular stage of the business cycle in which the b ank is operating Rigorous, forward-looking stress testing that i dentifies possible events or changes in market conditions that c ould adversely impact the bank should be performed Bank ma nagement clearly bears primary responsibility for ensuring that t

he bank has adequate capital to support its risks

The five main features of a rigorous process

for assessing capital adequacy

• Board and senior management oversight

• Sound capital assessment

• Comprehensive assessment of risks

• Monitoring and reporting

• Internal control review

Fundamental elements of sound capital

assessment

• Policies and procedures designed to ensure that the bank ident ifies, measures, and reports all material risks

• A process that relates capital to the level of risk

• A process that states capital adequacy goals with respect to ris

k, taking account of the bank’s strategic focus and business pl an

• A process of internal controls, reviews and audit to ensure the integrity of the overall management process

Existing supervisory framework

CAMEL rating system Risk-based

supervision

Process for setting minimum CAR

To assess AIs' overall

safety and soundness

To assess AIs' overall

risk profile

To determine minimum CAR for local AIs

Board and senior management oversight Risk management

system Comprehensive internal

controls

- CAMEL rating Liquidity Direction of risk - Risk profile

- Parental support

specific to AI concerned Earnings

Management

Inherent risks

No formal process

Enhanced supervisory framework

CAMEL rating system Risk-based supervision Process for setting

minimum CAR

To assess AIs' overall

safety and soundness

To assess AIs' overall

risk profile

To determine minimum CAR for local AIs Board and senior

management oversight

Board and senior management oversight Risk management

Internal control system and

environment Infrastructure to meet business needs Other support systems

Pillar 1 risks (standardised at 8%)

Pillar 2 risks (stress / scenario tests

and peer group comparison

to be incorporated)

capability to withstand risks (stress and scenario

Comprehensive internal

controls

Assets

Management

Inherent risks

Inherent Risks - Mapping between Pillars 1 & 2

Eight inhe rent risks

unde r risk-ba sed Pilla r 1 risks Pilla r 2 risks

supervision

- Credit concentration risk

expansion / deterioration

(e.g through recognition of - Res idual risk (from using

- Funding (c ash) liquidity risk

- Ass et (market) liquidity risk

inproperly implemented

strategies

- lack of response to external changes (industry, economic or IT)

Risk of loss resulting from inadequate or failed internal processes, people and systems / from external events

Risk due to:

- bad / imprudent or

Operational risk

(including legal risk )

Residual operational ris k (e.g risk of loss resulting from low-frequency,

high-impact events)

Credit risk

Trading risk arising from adverse movements in interest rates, FX, security and commodity prices Market risk

Residual risk (e.g

vulnerability under stress and

scenario tests)

Interest rate risk Interest rate risk in the trading

book

Interest rate risk in the banking book

Liquidity risk

Pillar 2 factors (1)

– Credit concentration risk

– Interest rate risk in the banking book

– Liquidity risk

– Risks arising from portfolio analysis / aggregation (other than credit concentration risk) – e.g aggressive credit expansion, rapid deterioration of asset quality etc

– Strategic / reputation risks

– Business cycle risk

Pillar 2 factors (2)

 Risks not fully captured under Pillar 1

– Residual operational risk (including legal risk)

– Residual credit risk (e.g ineffective credit risk mitigation)

– Risks arising from securitisation / complex credit derivatives (e.g insufficient risk transfer, market innovations, etc.)

 Systems and controls

– Risk management system

 Policies, procedures and limits for managing inherent risks

 Risk measurement, monitoring and reporting systems / processes to ensure compliance with established policies, procedures and limits

Pillar 2 factors (3)

 Systems and controls (cont’d)

– Internal control system and environment

 Segregation of duties and responsibilities

 Audit and compliance functions

– Infrastructure to meet business needs

 IT capability and reliability to support business initiatives

 Competence, sufficiency and stability of key staff

 Outsourcing arrangements

– Other support systems

 Anti-money laundering system / accounting system

Pillar 2 factors (4)

 Capital adequacy and capability to withstand risks

– Adequacy and effectiveness of CAAP

– Capital adequacy to meet current and future business needs and to withstand business cycles and adverse economic conditions

– Quality of capital

– Access to additional capital, particularly under stressed situations

– Strength and availability of parental support, where applicable

– Capital contingency plan

Pillar 2 factors (5)

 Corporate governance

– General compliance with corporate governance guidelines – Risk management knowledge and experience of the board and senior management

– Awareness of the board and senior management in relation

to risk management and control issues

– Participation and involvement of the board and senior management in :

 risk management processes

 risk management development and enhancement

– Responsiveness of the board and senior management to

 Planning for Pillar 2 is possibly even more challenging than for Pillar 1, as it is not simply a matter of choosing between a limited number of options

 Rather, banks need to raise their awareness of risk and determine

a long-term strategy for improving the identification, assessment and management of their risk

 While improved risk management should bring its own rewards,

it may also translate into lower regulatory capital requirements

as the regulator’s degree of comfort with the bank’s risk management practices increases

 Ultimately, a little further down the line, it should be banks themselves that decide how much capital they need, not regulators But the process will have to be highly developed,