The aim of this blog is to provide a brief overview of Basel
accords which provides financial supervisory controls at broader level
in the global financial market and brief IT Implementation steps to accomplish for BCBS 239 regulatory requirements. I am relying on my financial & accounting academic background and
learnings & experience with the financial clients in my consulting world,
while I profess my career as an IT professional.
Basel
Basel Committee on Banking Supervision (BCBS) based in
Switzerland was created in 1974 to establish standards on regulation and
supervision for SIB banks. The first major accord Basel-1 in 1988 was published
to provide supervisory and regulatory controls for banks in G-10 countries
after several International Banks faced heavy losses on account of closure of
German Bank Herstatt and Franklin National Bank of New York whose foreign
exchange exposure was more than 3 times that of their capital and found this issue more as a symptomatic
pattern among other major international banks.
Over the period, there were major and minor accords created
by BCBS & Financial Stability Board (FSB) to provide for fair play, regulatory
requirements based on firms risk exposure, management and their appetite. Among
various accords Basel-III so far is a complex package that supersedes its
earlier versions including Basel –I and Basel-II. The growing economies of Asia
and its influence on the financial and economic activities has also prompted them
to expand the landscape from G-10 to G-20 countries and today more banks from
140 countries follow the regulatory requirements.
Basel accord is not just a recommendation but a package of regulatory
controls aimed at Systemically Important Financial Institutions (SIFI) of both
local and global organizations. In normal parlance, common banking activities
like lending, investments involves risk exposure, and the willingness or the
appetite for risk depends upon its infrastructure reach and capital strength, to
drive its core and secondary commercial activities.
These activities results in the creation of different types
of risk (Operational Risk, Credit Risk, Interest Risk, Liquidity Risk, Market
Risk and other risks). Strong and solid Governance
& Controls provide stability to their operations to
understand both inherent and residual risks.These risks can be originated internally and
externally by different pillars of the heterogeneous economies and organizations have to take appropriate risk
mediation steps to overcome these potential risks and its survivability while limiting its collateral damages.
Basel accord emphasizes in creating liquidity, capital
adequacy, operations leverage in the global economy with host of other measures aimed
at providing stability to avoid another financial meltdown.
Blame Game and Cause for Financial meltdown
Blame Game and Cause for Financial meltdown
There were many fingers that pointed out by eminent people
for the cause of this meltdown right from accusing few CEO’s greed to lack of
knowledge or even understand to the basic question in the bank wide
transactions as simple as “who is who”, “who owns whom” and “who owns what”
with clarity.
There were some who have indicated that lack of corporate governance structure and absence of precise and intuitive corporate management language which failed them to understand, monitor and control the fancy and complex products that were put in the market abetting the financial collapse. There are others who argue that letting down Lehman "a too big to fail" institute caused and exacerbated the collapse with severe collateral damages. Rating companies attesting better rankings to a "Junk" instruments based on the incorrect assessments of financial statements also played a role in the crisis.
There were some who have indicated that lack of corporate governance structure and absence of precise and intuitive corporate management language which failed them to understand, monitor and control the fancy and complex products that were put in the market abetting the financial collapse. There are others who argue that letting down Lehman "a too big to fail" institute caused and exacerbated the collapse with severe collateral damages. Rating companies attesting better rankings to a "Junk" instruments based on the incorrect assessments of financial statements also played a role in the crisis.
BASEL-I, 1988
This was the first major accord where BCBS provided
definitions on the classification of Bank’s Capital and set certain minimum
requirement standards. The Tier-1 and Tier-2 Capital for all International
Banks emphasized the banks to maintain a minimum of 8% of its Risk Weighted
Assets (RWA) to avoid financial failures on account of closures of German and
American bank due to their overexposure on foreign exchange in relation to
their capital adequacy.
BASEL-II 2004
Superseded BASEL-I in the risk and capital management
requirements by further emphasizing on the adequacy requirements to the
exposure of risk in their businesses of lending, investment and trading. Some
of the key takeaways from this accord are as follows:
- Regulatory compliance should not become a sore point among the international banks on their competitiveness to operate with big banks
- Capital adequacy was considered as a risk sensitive function with greater the risk, more capital needs to be held by the banks to maintain its solvency
- Emphasis was made on Credit Risk, but left to individual banks to manage other major risks like Operational Risk, Market Risk on their own
- Emphasis on greater disclosure requirements twice a year, so regulatory bodies can monitor the various adequacy requirements and also enable assessments by analysts, investors, international financial bodies and other banks to showcase the effective corporate governance of individual banks among other details on
- Details on Risk Exposure & Risk Assessment Process
- Capital Adequacy requirements and their validations
BASEL-III 2010
Accord was revisited after the financial meltdown in
2007-2008 that revealed additional financial regulations needed to be in place
towards Capital Adequacy Requirements (CAR), Stress Testing, Funding Stability
and Market Liquidity Risks, Liquidity Coverage Ratio (LCR) to effectively and
Banks Leverage ratios.
It also defined Common Equity requirements as a Well
Capitalized, Adequate Capitalized, Inadequate Capitalized under different Tiers
(CET-1, CET-2, and CET-3) and High Quality Liquid Assets (HQLA) at different
levels (Level 1, 2A, and 2B).
Another major component of this accord defined was to
maintain a net stable funding profile in relation to their on-and off- balance
sheet activities to reduce the funding disruptions and its impact to liquidity.
Finally, the focus is also able to identify KRI Key Risk Indicators (KRI) and
build Risk and Control Self-Assessment (RCSA) methods to identify inherent and
residual risk exposures.
Basel Summary
In Summary, Basel attempted to create a harmonized set of
quality, consistent policy accords that aids in the better management of financial
operations of SIFI’s complex products by increasing reserves based on key
ratios and slew of measures. It created new Counterparty Credit Risk (CCR)
ratios, Liquidity Risk Ratios like Liquidity Coverage Ratios (LCR), NSFR (Net
Stable Funding Ratio) and Collateral risk ratios for Quality coverage such as
Initial Margin (IM), Variation Margin (VM) among others.
It also created additional buffer requirements like Capital
conservation buffers to be infused in during normal period and to be utilized during
stress periods. Some other key components like Stressed VaR (SVaR), Trading
book positions and changes to general, and specific Market Risk Models with
respective to changes in parameter values were also highlighted during stress
and normal periods.
Basel regulatory compliance works hand in glove with other controlling
agencies like Federal Reserve Bank, Financial Stability Board (FSB), Security
Exchange Commission (SEC), International Organization of Securities Commissions
(IOSCO), Regulatory Oversight Committee (ROC), Federal Deposit Insurance
Corporation (FDIC) and many other International Regulatory bodies and Reserve
Banks of native countries to build a customized version of requirements, ratios
and timelines by which these accords needs can be implemented.
Business, IT and other professional folks are still working
towards assessing the changes warranted to implement this complex package of
rules and regulatory requirements. One may identify and group these requirements
into 4 buckets:
1.
New Capital definitions and its adequacy
requirements impacting Operational & Functional aspects of the Organization
2.
Creation of additional Buffers and its
operations during normal and stress time windows
3.
Building and maintaining Leverage &
Liquidity Ratios and its changes to the Operational and Functional system of
the Organization
4.
Implementing CCR changes across US, EU and Asia
for Global companies. This one I believe is bit more complex to implement as it
transcends many areas of the institutions business model and geographies.
Some of the reasons for the financial meltdown were
attributed to lack of comprehensive risk reporting and its aggregation
abilities that fell short on its accuracy, reliability and timeliness. To
address these and more, Basel also created a BCBS 239 document to be
implemented by the SIFI’s with eye on creating a stable all-encompassing Risk
Data Aggregation Reporting (RDAR) repository.
BCBS 239, Jan 2013 a
regulatory document on “Principles for effective Risk Data Aggregation and Risk
Reporting” was created by BASEL and FSB to provide guidance to enhance the
bank’s ability to identify and manage bank wide risks. It consists of 14
principles to guide the banks to develop and build process and methods for a
Risk MIS that provide Qualitative and Quantitative measures and reporting
mechanism. These broad principles can be summarized as follows:
1.
Overarching
Governance & Infrastructure: Build Strong Governance over bank's risk
data aggregation capabilities, risk reporting practices and IT capabilities. It
should cover design, build and maintenance of data and IT architecture to fully
support its data aggregation capabilities and risk reporting at all times.
2.
Risk Data
Aggregation Capabilities: Build adequate system controls in the generation
of risk data with capability to quickly adapt to changes in the key risk
identification and decision making arrangements and regulatory and compliance
requirements.
3.
Risk
Reporting Practices: System should be able to provide forward looking
accurate, reliable, timely & useful risk distribution reports and
assessments on risk with build in procedures to monitor and control.
Link to BCBS Principles Guidelines
Common IT Challenges among SIB’s.
1.
There are many silos of data in heterogeneous
platforms with different aging and reporting capabilities
2.
Lack or Limited Master & Reference Data
across different domains (Operational Risk, Market Risk, Liquidity Risk, and
Credit Risks) leaves big hole to validate it as single source of truth
3.
Minimum or lack of Governance bank wide to build
a cohesive audit controls and corrective measures
4.
Lack of Data Quality inhibits reporting accuracy
and many don’t see data as an asset and uncorrected data flows into other
systems thus cascading the imperfection
5.
Different grains levels of data processed and
stored for analysis and thus creates compatibility issues on its usage and
reporting
6.
Many risk modeling are done outside the
integrated systems with no loop back mechanism and often are out of synch and
difficult to consolidate
7.
Latency issues in gathering and reporting across
multiple channels thus missing on many windows of opportunity to address and
fix the issues
8.
Many of the measures & metrics are created
on assessments rather than being measured thus are not a good candidates for
aggregation
9.
Lack of coordination & understanding of
business needs between IT and Business and vice versa resulting in creation of
many inefficiencies on productivity of resources leading to time & cost overruns
10.
Lack of Matured Interactive Reporting Platform
with Dashboards, Scorecards, Slicing/Dicing capabilities across many constructs
or dimensions
The implementation of BCBS 239 should not be viewed just as a Data Management project but coordinated between Technology, Data Management &
Governance and Risk Management Business teams with clear ownership and
responsibilities among the stakeholders.
Implementation Steps
in Building a Robust BCBS 239 Compliant System
I have read several times the principles and each time, I
could make bit more meaningful sense on each reading. So here are some suggestions
for both IT, Business and other stake holders.
- Understand clearly each of the BCBS 239 principles in totality with one principle at a time
- Create a game plan by organizing the task of the requirements with a bottom-up approach
- Create an Information Governance Catalog of Labels and identify the stewards for each of those information
- Identify Risk Metrics and its related terms, Custom terms and its evolution with history to identify the changes and record them appropriately for compliance
- Create Business lineage of source, targets and reporting assets across different domains
- Create Data lineage of column level flow activity of source to targets across different data silos, transformation of expressions, flow activity trace, abstractions, derivations, STP, Data movement process like FTP and any touch points
- Profiling data both history and intermittent from time to time, updating the Information Governance Catalog for regulatory compliance
- Flatten the hierarchical risk metrics views with relationships across different constructs/dimensions as a Blue print for better understanding and grasp of its complexity
- Create Metadata tables for expressions and its terms along with showing calculations precedence and expected intermediary and expected results
- Document models usage and its various algorithms
Options in Building
RDAR (Data Virtualization)
As I have indicated earlier one of the reasons for the
financial meltdown was inability in providing a single bank wide view of risks in
timely fashions and providing consolidation of individual risk practices into
an enterprise wide one. This has also made it difficult to monitor and identify
systemic risk and provide for regulatory transparency.
Data Virtualization is one solution that is creating
traction with many company’s which has 100’s of silos of data stores and multitude
of heterogeneous database platforms with dynamic rules changes to be compliant.
Financial institutions can built single view of institution
wide risks to better manage Market, Credit, Liquidity and Operational risks
with data being pulled from multitude of sources like trading, portfolio
applications, account systems and others in real-time for timely assessment. In
addition many financial companies employ several financial analytical and
research applications and these can also be combined for identifying trading
opportunities and also address any regulatory compliance requirements.
On the horizon Financial
Transaction Barcodes (LEI, UPI, UTI)
Just as a 9 digit routing number of bank can participate in
a financial transaction like ACH and Wire transfer, global banks are working
towards building a Legal Entity Identifier (LEI) that can be used in their
financial transactions. The objective of BCBS regulators is to observe the
buildup of enterprise risk and understand the capital adequacy across silos of
business by aggregation within each financial institutions and identify
systemic risk across global financial system.
This initiative has been tasked by Financial Stability Board
(FSB) and is getting tested with complex derivative product like Swaps with billions of transactions both
in US and EU. However the coding scheme used is still not up to mark as per the
researchers and academicians to meet the BSBS regulators objective of aggregation.
The mapping services for LEI still has gaps in parent/control/ownership
hierarchies and its linkages to the issuer, obligor, counterparties and
guarantee relationships.
Regulators are hoping this initiative would be able to
create global identification system with Unique Product Identifier (UPI),
Unique Transaction Identifier (UTI) along with LEI to reduce risk, lower cost
and improve efficiencies in the middle office infrastructure by enabling the industry
as a whole into digital age.
Conclusion:
I am excited at the outlook and the opportunities that this
new Global Financial System brings to its stakeholders as they move cautiously and surely into
digital world after a major crisis.
"We cannot solve our problems with the same thinking we used when we created them.”
"We cannot solve our problems with the same thinking we used when we created them.”
Albert Einstein
