What are the Basel II Operational Risk Requirements?

"Basel II" has been in the news an awful lot these past 18 month or so. Unlike Basel I the new standard introduces a capital charge based on operational risk. The words Operational risk themselves immediately raise a whole bunch of questions; What is "Basel II"? What is operational risk? How is the charge going to be calculated? What are the operational risk standards that banks will have to comply with? Basel II or to use is full name "International Convergence of Capital Measurement and Capital Standards" defines operational risk as "the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events". This definition explicitly includes legal risk but excludes strategic and reputational risk. In terms of the Basel II Accord there are three methods for calculating the capital charges for operational risk. The methods provide a range of increasing sophistication and risk sensitivity. The three approaches are: *Basic Indicator Approach (BIA) - which requires banks to hold capital for operational risk equal to the average over the previous three years of a fixed percentage of positive annual gross income. *Standardized Approach - which uses gross income across eight business lines as a stand-in for the level of business operations and therefore the probable size of operational risk exposure within each business line. *Advanced Measurement Approaches (AMA) - this requires a bank to calculate its regulatory capital requirement as the sum of expected loss and unexpected loss. This is a highly complicated process and still remains the subject of much controversy. The Basel Committee has encouraged banks to move along the range of available approaches as they develop more sophisticated operational risk measurement systems and practices. Internationally active banks, as well as banks who have significant operational risk exposures (such as specialized processing banks) are expected to use an approach that is more sophisticated than the Basic Indicator Approach and which fits the risk profile of the institution. A bank will not be allowed to revert to a simpler approach once it has been approved for a more advanced approach without supervisory approval. However, if a national bank supervisor determines that a bank using a more advanced approach no longer meets the qualifying criteria for this approach, it may require the bank to go back to a simpler approach for some or all of its operations, until it meets the conditions specified by the supervisor for returning to a more advanced approach. A bank will be permitted to use the Basic Indicator or Standardized Approach for some parts of its operations and an AMA for others provided certain minimum criteria are met. The conditions under which this is permitted are; *All operational risks of the bank's global, consolidated operations must be captured *All of the bank's operations that are covered by the Advanced Measurement Approaches must meet the qualitative criteria for using an AMA, while those parts of its operations that are using one of the simpler approaches meet the qualifying criteria for that approach *At implementation of an AMA, a major part of the bank's operational risks must be captured by the AMA *The bank must provide its supervisor with a plan specifying its intended timetable for implementing the AMA across all its operations The Basel Committee expects that such approvals will only be granted on an exceptional basis and limited to circumstances where a bank is prevented from meeting these conditions because of implementation decisions of supervisors of the bank's subsidiary operations in other (foreign) jurisdictions. Despite the relative brevity of the Operational Risk section the Accord, the source material for risk mitigation is wide and deep indeed. The following is a brief list of some of the current Basel guidelines dealing with various aspects of operational risk. *"Sound Practices for the Management and Supervision of Operational Risk" *"A framework for Internal Control Systems in Banking Organizations" *"Internal Audits in Banks and the Supervisors Relationship with Auditors" *"The compliance function in banks" *"Consolidated KYC Risk Management" *"Risk management principles for electronic banking" *"Management and Supervision of Cross-Border Electronic Banking Activities".