Basel III and IT Implementation Overview

The aim of this blog is to provide a brief overview of Basel accords which provides financial supervisory controls at broader level in the global financial market and brief IT Implementation steps to accomplish for BCBS 239 regulatory requirements. I am relying on my financial & accounting academic background and learnings & experience with the financial clients in my consulting world, while I profess my career as an IT professional.

Basel

Basel Committee on Banking Supervision (BCBS) based in Switzerland was created in 1974 to establish standards on regulation and supervision for SIB banks. The first major accord Basel-1 in 1988 was published to provide supervisory and regulatory controls for banks in G-10 countries after several International Banks faced heavy losses on account of closure of German Bank Herstatt and Franklin National Bank of New York whose foreign exchange exposure was more than 3 times that of their capital and found this issue more as a symptomatic pattern among other major international banks.

Over the period, there were major and minor accords created by BCBS & Financial Stability Board (FSB) to provide for fair play, regulatory requirements based on firms risk exposure, management and their appetite. Among various accords Basel-III so far is a complex package that supersedes its earlier versions including Basel –I and Basel-II. The growing economies of Asia and its influence on the financial and economic activities has also prompted them to expand the landscape from G-10 to G-20 countries and today more banks from 140 countries follow the regulatory requirements.

Basel accord is not just a recommendation but a package of regulatory controls aimed at Systemically Important Financial Institutions (SIFI) of both local and global organizations. In normal parlance, common banking activities like lending, investments involves risk exposure, and the willingness or the appetite for risk depends upon its infrastructure reach and capital strength, to drive its core and secondary commercial activities.

These activities results in the creation of different types of risk (Operational Risk, Credit Risk, Interest Risk, Liquidity Risk, Market Risk and other risks).  Strong and solid Governance & Controls provide stability to their operations to understand both inherent and residual risks.These risks can be originated internally and externally by different pillars of the heterogeneous economies and organizations have to take appropriate risk mediation steps to overcome these potential risks and its survivability while limiting its collateral damages.

Basel accord emphasizes in creating liquidity, capital adequacy, operations leverage in the global economy with host of other measures aimed at providing stability to avoid another financial meltdown.

Blame Game and Cause for Financial meltdown

There were many fingers that pointed out by eminent people for the cause of this meltdown right from accusing few CEO’s greed to lack of knowledge or even understand to the basic question in the bank wide transactions as simple as “who is who”, “who owns whom” and “who owns what” with clarity.

There were some who have indicated that lack of corporate governance structure and absence of precise and intuitive corporate management language which failed them to understand, monitor and control the fancy and complex products that were put in the market abetting the financial collapse. There are others who argue that letting down  Lehman "a too big to fail" institute caused and exacerbated the collapse with severe collateral damages. Rating companies attesting better rankings to a "Junk" instruments based on the incorrect assessments of financial statements also played a role in the crisis.

BASEL-I, 1988

This was the first major accord where BCBS provided definitions on the classification of Bank’s Capital and set certain minimum requirement standards. The Tier-1 and Tier-2 Capital for all International Banks emphasized the banks to maintain a minimum of 8% of its Risk Weighted Assets (RWA) to avoid financial failures on account of closures of German and American bank due to their overexposure on foreign exchange in relation to their capital adequacy.

BASEL-II 2004

Superseded BASEL-I in the risk and capital management requirements by further emphasizing on the adequacy requirements to the exposure of risk in their businesses of lending, investment and trading. Some of the key takeaways from this accord are as follows:

• Regulatory compliance should not become a sore point among the international banks on their competitiveness to operate with big banks
•  Capital adequacy was considered as a risk sensitive function with greater the risk, more capital needs to be held by the banks to maintain its solvency
• Emphasis was made on Credit Risk, but left to individual banks to manage other major risks like Operational Risk, Market Risk on their own
•  Emphasis on greater disclosure requirements twice a year, so regulatory bodies can monitor the various adequacy requirements and also enable assessments by analysts, investors, international financial bodies and other banks to showcase the effective corporate governance of individual banks among other details on
• Details on Risk Exposure & Risk Assessment Process
•  Capital Adequacy requirements and their validations

BASEL-III 2010

Accord was revisited after the financial meltdown in 2007-2008 that revealed additional financial regulations needed to be in place towards Capital Adequacy Requirements (CAR), Stress Testing, Funding Stability and Market Liquidity Risks, Liquidity Coverage Ratio (LCR) to effectively and Banks Leverage ratios.

It also defined Common Equity requirements as a Well Capitalized, Adequate Capitalized, Inadequate Capitalized under different Tiers (CET-1, CET-2, and CET-3) and High Quality Liquid Assets (HQLA) at different levels (Level 1, 2A, and 2B). 

Another major component of this accord defined was to maintain a net stable funding profile in relation to their on-and off- balance sheet activities to reduce the funding disruptions and its impact to liquidity. Finally, the focus is also able to identify KRI Key Risk Indicators (KRI) and build Risk and Control Self-Assessment (RCSA) methods to identify inherent and residual risk exposures.

Basel Summary

In Summary, Basel attempted to create a harmonized set of quality, consistent policy accords that aids in the better management of financial operations of SIFI’s complex products by increasing reserves based on key ratios and slew of measures. It created new Counterparty Credit Risk (CCR) ratios, Liquidity Risk Ratios like Liquidity Coverage Ratios (LCR), NSFR (Net Stable Funding Ratio) and Collateral risk ratios for Quality coverage such as Initial Margin (IM), Variation Margin (VM) among others.

It also created additional buffer requirements like Capital conservation buffers to be infused in during normal period and to be utilized during stress periods. Some other key components like Stressed VaR (SVaR), Trading book positions and changes to general, and specific Market Risk Models with respective to changes in parameter values were also highlighted during stress and normal periods.

Basel regulatory compliance works hand in glove with other controlling agencies like Federal Reserve Bank, Financial Stability Board (FSB), Security Exchange Commission (SEC), International Organization of Securities Commissions (IOSCO), Regulatory Oversight Committee (ROC), Federal Deposit Insurance Corporation (FDIC) and many other International Regulatory bodies and Reserve Banks of native countries to build a customized version of requirements, ratios and timelines by which these accords needs can be implemented.

Business, IT and other professional folks are still working towards assessing the changes warranted to implement this complex package of rules and regulatory requirements. One may identify and group these requirements into 4 buckets:

1.       New Capital definitions and its adequacy requirements impacting Operational & Functional aspects of the Organization

2.       Creation of additional Buffers and its operations during normal and stress time windows

3.       Building and maintaining Leverage & Liquidity Ratios and its changes to the Operational and Functional system of the Organization

4.       Implementing CCR changes across US, EU and Asia for Global companies. This one I believe is bit more complex to implement as it transcends many areas of the institutions business model and geographies.

Some of the reasons for the financial meltdown were attributed to lack of comprehensive risk reporting and its aggregation abilities that fell short on its accuracy, reliability and timeliness. To address these and more, Basel also created a BCBS 239 document to be implemented by the SIFI’s with eye on creating a stable all-encompassing Risk Data Aggregation Reporting (RDAR) repository.

BCBS 239, Jan 2013 a regulatory document on “Principles for effective Risk Data Aggregation and Risk Reporting” was created by BASEL and FSB to provide guidance to enhance the bank’s ability to identify and manage bank wide risks. It consists of 14 principles to guide the banks to develop and build process and methods for a Risk MIS that provide Qualitative and Quantitative measures and reporting mechanism. These broad principles can be summarized as follows:

1.       Overarching Governance & Infrastructure: Build Strong Governance over bank's risk data aggregation capabilities, risk reporting practices and IT capabilities. It should cover design, build and maintenance of data and IT architecture to fully support its data aggregation capabilities and risk reporting at all times.

2.       Risk Data Aggregation Capabilities: Build adequate system controls in the generation of risk data with capability to quickly adapt to changes in the key risk identification and decision making arrangements and regulatory and compliance requirements.

3.       Risk Reporting Practices: System should be able to provide forward looking accurate, reliable, timely & useful risk distribution reports and assessments on risk with build in procedures to monitor and control.

Link to BCBS Principles Guidelines

www.bis.org/publ/bcbs239.pdf

Common IT Challenges among SIB’s.

1.       There are many silos of data in heterogeneous platforms with different aging and reporting capabilities

2.       Lack or Limited Master & Reference Data across different domains (Operational Risk, Market Risk, Liquidity Risk, and Credit Risks) leaves big hole to validate it as single source of truth

3.       Minimum or lack of Governance bank wide to build a cohesive audit controls and corrective measures

4.       Lack of Data Quality inhibits reporting accuracy and many don’t see data as an asset and uncorrected data flows into other systems thus cascading the imperfection

5.       Different grains levels of data processed and stored for analysis and thus creates compatibility issues on its usage and reporting

6.       Many risk modeling are done outside the integrated systems with no loop back mechanism and often are out of synch and difficult to consolidate

7.       Latency issues in gathering and reporting across multiple channels thus missing on many windows of opportunity to address and fix the issues

8.       Many of the measures & metrics are created on assessments rather than being measured thus are not a good candidates for aggregation

9.       Lack of coordination & understanding of business needs between IT and Business and vice versa resulting in creation of many inefficiencies on productivity of resources leading to  time & cost overruns

10.   Lack of Matured Interactive Reporting Platform with Dashboards, Scorecards, Slicing/Dicing capabilities across many constructs or dimensions

The implementation of BCBS 239 should not be viewed just as a Data Management project but coordinated between Technology, Data Management & Governance and Risk Management Business teams with clear ownership and responsibilities among the stakeholders.

Implementation Steps in Building a Robust BCBS 239 Compliant System

I have read several times the principles and each time, I could make bit more meaningful sense on each reading. So here are some suggestions for both IT, Business and other stake holders.

• Understand clearly each of the BCBS 239 principles in totality with one principle at a time
• Create a game plan by organizing the task of the requirements with a bottom-up approach
•  Create an Information Governance Catalog of Labels and identify the stewards for each of those information
• Identify Risk Metrics and its related terms, Custom terms and its evolution with history to identify the changes and record them appropriately for compliance
• Create Business lineage of source, targets and reporting assets across different domains
• Create Data lineage of column level flow activity of source to targets across different data silos, transformation of expressions, flow activity trace, abstractions, derivations, STP, Data movement process like FTP and any touch points
• Profiling data both history and intermittent from time to time, updating the Information Governance Catalog for regulatory compliance
• Flatten the hierarchical risk metrics views with relationships across different constructs/dimensions as a Blue print for better understanding and grasp of its complexity
•  Create Metadata tables for expressions and its terms along with showing calculations precedence and expected intermediary and expected results
• Document models usage and its various algorithms

Options in Building RDAR (Data Virtualization)

As I have indicated earlier one of the reasons for the financial meltdown was inability in providing a single bank wide view of risks in timely fashions and providing consolidation of individual risk practices into an enterprise wide one. This has also made it difficult to monitor and identify systemic risk and provide for regulatory transparency.

Data Virtualization is one solution that is creating traction with many company’s which has 100’s of silos of data stores and multitude of heterogeneous database platforms with dynamic rules changes to be compliant.

Financial institutions can built single view of institution wide risks to better manage Market, Credit, Liquidity and Operational risks with data being pulled from multitude of sources like trading, portfolio applications, account systems and others in real-time for timely assessment. In addition many financial companies employ several financial analytical and research applications and these can also be combined for identifying trading opportunities and also address any regulatory compliance requirements.

On the horizon Financial Transaction Barcodes (LEI, UPI, UTI)

Just as a 9 digit routing number of bank can participate in a financial transaction like ACH and Wire transfer, global banks are working towards building a Legal Entity Identifier (LEI) that can be used in their financial transactions. The objective of BCBS regulators is to observe the buildup of enterprise risk and understand the capital adequacy across silos of business by aggregation within each financial institutions and identify systemic risk across global financial system.

This initiative has been tasked by Financial Stability Board (FSB) and is getting tested with complex derivative product like Swaps with billions of transactions both in US and EU. However the coding scheme used is still not up to mark as per the researchers and academicians to meet the BSBS regulators objective of aggregation. The mapping services for LEI still has gaps in parent/control/ownership hierarchies and its linkages to the issuer, obligor, counterparties and guarantee relationships.

Regulators are hoping this initiative would be able to create global identification system with Unique Product Identifier (UPI), Unique Transaction Identifier (UTI) along with LEI to reduce risk, lower cost and improve efficiencies in the middle office infrastructure by enabling the industry as a whole into digital age.

Conclusion:

I am excited at the outlook and the opportunities that this new Global Financial System brings to its stakeholders as they move cautiously and surely into digital world after a major crisis.

"We cannot solve our problems with the same thinking we used when we created them.”

Albert Einstein