What are the Basel II Operational Risk Requirements?
"Basel II" has been in the news an awful lot these past 18 month
or so. Unlike Basel I the new standard introduces a capital
charge based on operational risk. The words Operational risk
themselves immediately raise a whole bunch of questions; What is
"Basel II"? What is operational risk? How is the charge going to
be calculated? What are the operational risk standards that
banks will have to comply with?
Basel II or to use is full name "International Convergence of
Capital Measurement and Capital Standards" defines operational
risk as "the risk of loss resulting from inadequate or failed
internal processes, people and systems or from external events".
This definition explicitly includes legal risk but excludes
strategic and reputational risk.
In terms of the Basel II Accord there are three methods for
calculating the capital charges for operational risk. The
methods provide a range of increasing sophistication and risk
sensitivity. The three approaches are:
*Basic Indicator Approach (BIA) - which requires banks to hold
capital for operational risk equal to the average over the
previous three years of a fixed percentage of positive annual
gross income. *Standardized Approach - which uses gross income
across eight business lines as a stand-in for the level of
business operations and therefore the probable size of
operational risk exposure within each business line.
*Advanced Measurement Approaches (AMA) - this requires a bank to
calculate its regulatory capital requirement as the sum of
expected loss and unexpected loss. This is a highly complicated
process and still remains the subject of much controversy.
The Basel Committee has encouraged banks to move along the range
of available approaches as they develop more sophisticated
operational risk measurement systems and practices.
Internationally active banks, as well as banks who have
significant operational risk exposures (such as specialized
processing banks) are expected to use an approach that is more
sophisticated than the Basic Indicator Approach and which fits
the risk profile of the institution.
A bank will not be allowed to revert to a simpler approach once
it has been approved for a more advanced approach without
supervisory approval. However, if a national bank supervisor
determines that a bank using a more advanced approach no longer
meets the qualifying criteria for this approach, it may require
the bank to go back to a simpler approach for some or all of its
operations, until it meets the conditions specified by the
supervisor for returning to a more advanced approach.
A bank will be permitted to use the Basic Indicator or
Standardized Approach for some parts of its operations and an
AMA for others provided certain minimum criteria are met. The
conditions under which this is permitted are;
*All operational risks of the bank's global, consolidated
operations must be captured
*All of the bank's operations that are covered by the Advanced
Measurement Approaches must meet the qualitative criteria for
using an AMA, while those parts of its operations that are using
one of the simpler approaches meet the qualifying criteria for
that approach
*At implementation of an AMA, a major part of the bank's
operational risks must be captured by the AMA
*The bank must provide its supervisor with a plan specifying
its intended timetable for implementing the AMA across all its
operations
The Basel Committee expects that such approvals will only be
granted on an exceptional basis and limited to circumstances
where a bank is prevented from meeting these conditions because
of implementation decisions of supervisors of the bank's
subsidiary operations in other (foreign) jurisdictions.
Despite the relative brevity of the Operational Risk section the
Accord, the source material for risk mitigation is wide and deep
indeed. The following is a brief list of some of the current
Basel guidelines dealing with various aspects of operational
risk.
*"Sound Practices for the Management and Supervision of
Operational Risk"
*"A framework for Internal Control Systems in Banking
Organizations"
*"Internal Audits in Banks and the Supervisors Relationship with
Auditors"
*"The compliance function in banks"
*"Consolidated KYC Risk Management"
*"Risk management principles for electronic banking"
*"Management and Supervision of Cross-Border Electronic Banking
Activities".