The Basel II Approach to Managing Risk

Risk, an inherent part of business, has been brought to the attention of a wider public audience as a result of a series of events over the past years. These included incidents of fraud, major credit failures, exploits focused on information technology and many others. Media response and public interest have confirmed that risk management is seen as an important priority to maintain public confidence in the international financial system.[Basel II, ITGI Institute]

Within the banking and financial services community, risk, in general, requires categorization to create manageable GRC structures. Risk categories are usually defined along the core business areas found in a typical bank or financial services organization. These risk categories include:

• Credit risk
• Market risk
• Operational risk
• Liquidity risk
• Interest rate risk
• Legal risk
• Strategic risk
• Reputational risk

The Basel Committee on Banking Supervision published the second capital adequacy framework in 2004, which introduced an enhanced approach to risk in financial services organizations. The objective of Basel II was to introduce stronger risk management practices for credit and operational risk, and to strengthen the link between risk and capital charges. The new regulations provide an incentive for organizations to improve the quality of their risk management frameworks and systems to reduce the required capital. This improvement provides a competitive advantage to financial services organizations with a strong GRC framework. For an individual organization, the overall risk exposure will determine the capital charge. GRC initiatives may be instrumental in reducing this charge. Based on this new perspective on risk and capital requirements, many financial service organization structures and processes may have to be revisited and reevaluated.

The Basel II approach to risk is designed to encompass the complexity of information technology and information management. The enhanced framework, is built on three pillars:

• Minimum capital requirements—Refines the Basel I approach to credit risk and introduces a new capital requirement for operational risk
• Supervisory review process—Introduces supervisory reviews and selfassessment of the bank’s capital adequacy processes, including sound policies and procedures to manage and control capital
• Market discipline—Introduces new disclosure requirements to strengthen market discipline and impact market, rating agency and shareholder perceptions

It is critical that the minimum capital requirements of the first pillar be accompanied by a robust implementation of the second pillar. In addition, the disclosures provided under the third pillar are essential in ensuring that market discipline is an effective complement to the other two pillars. Financial services organizations may select from a number of approaches for measuring and managing their risks and capital requirements to allow flexibility in the different maturity levels in GRC. Capital charges may be lower for those organizations opting for a more advanced risk management approach. These approaches vary with the category of risk, and it is envisioned that there will be a gradual move toward the more advanced approaches. Organizations may opt for an increased capital charge based on cost-benefit considerations and strategic decisions by senior management, and consciously accept a higher level of overall risk. It should be noted that organizations will have to demonstrate the advanced approach for operational risk prior to implementing the internal ratings-based (IRB) approach for credit risk.

The supervisory review pillar introduces qualitative assurance over GRC in financial services organizations. National supervisory authorities in financial services are required to monitor compliance with minimum capital requirements and to take action in case of inadequacies. Appendix I, Basel II Summary, describes in detail the four principles of supervisory review. The principles and scope of the supervisory process envision an ongoing dialog between financial services organizations and the national supervisory authorities.

The market discipline pillar introduces the disclosure of information about risk and GRC. This disclosure is intended to inform all market participants about the overall risk situation and highlight areas of significant potential risk that may exist in individual financial services organizations. As a result, market discipline is enforced and disproportionate risks are reflected in the overall behavior of the market.

The disclosure requirement specifies that potential and actual losses for each type of risk (credit, market, operational, interest rate) must be calculated and disclosed. This specific requirement will allow other market participants to assess the details of an organization’s risk profile.