Could do better?

OR&C INTELLIGENCE

Some industry participants believe US supervisors' approach to Basel II implementation is flawed, according to a survey by OR&C . By Ellen Davis

Although regulators overall received positive marks for their efforts to implement the Basel II operational risk framework within their jurisdictions, respondents to a new survey by OpRisk & Compliance indicated that they believed the approach by US supervisors was flawed.

The survey, conducted during the month of February and sponsored by independent internal audit and risk consulting firm Protiviti, is part of the magazine's monthly OR&C Intelligence series. Some 72% of the respondents were from financial services firms around the globe, and 52% were in their firm's risk management department, while 11% were in the compliance department. About 23% of the respondents were from the UK, while 22% were from the US and 16% from Asia.

Of the financial services firms who responded, 34% are implementing the advanced measurement approach, 31% the standardised approach and 11% the basic indicator approach. Just 5% are doing the alternative standardised approach and some 20% are not required by their regulator to implement Basel II.

Among all respondents to the survey, 60% said they thought the US approach – which implements Basel II in less than 10 banks and is delayed by a year – would result in a two-tiered approach to operational risk in that country. Some 54% indicated that they believed it would "inhibit the speed of the development of the discipline in the US", and 52% said it would "inhibit the spread of the discipline to a wide range of institutions". The data for US respondents only was even stronger, with 69% saying it would both result in a two-tiered approach and that it would inhibit the spread to a wide range of firms.

Interestingly, financial services firms globally (including the US) were slightly less pessimistic about the US situation, but the data still throws up some concern. Some 38% of financial service firm respondents said the US approach would "make it more difficult and costly for firms to comply with Basel II", while 35% felt it would inhibit the speed of development, and 33% said it would "delay Basel II adoption in other countries".

"The unrest," says Angela Isaac, director for Basel II services at Protiviti, is a result of "continued uncertainty surrounding final guidance and timelines for Basel implementation. Clear communication around the status of the Basel Accord and issuance of proposed rulemaking by US regulators can best address these concerns".

US regulators also faired relatively poorly among financial services firm respondents in terms of how they are handling op risk as an issue. On a scale in which one is poor and five is excellent, 33% of financial services firms who responded selected either 'one' or 'two' for both the Office of the Comptroller of the Currency and the US Federal Reserve. Only Japan (46%) and Singapore (36%) had higher negative ratings. When looking at how the US regulators are handling implementation, both received the same percentage negative score – 33%. One US-based financial services respondent wrote: "They need to take the lead in providing better clarity on acceptable methodologies or set specific guidelines for Basel II implementation." Another financial services respondent said US regulators need to "provide tiers of certification for other less sophisticated companies to learn from risk reduction methods". The UK and Japan received similar negative scores on implementation.

Meanwhile, strong positive scores on implementation – a four or a five – were awarded to the Netherlands (67%), Germany (54%) and Singapore (46%) by financial services firms.

The OpRisk & Compliance survey asked executives what the key challenges facing regulators are, and 55% of financial services respondents indicated that the "education and training of examiners" was one of their top three priorities. "Understanding of the subject matter and the industry" came in a strong second, with 46% of financial services firms selecting this as a response, while "hiring and retaining qualified examiners" came in a robust third place, with 44% selecting it as one of their top three concerns.

Within the US, these concerns were slightly different, with the overall pool of respondents rating "integration with existing supervisory requirements", "resistance from the industry" and "hiring and retaining qualified examiners" as their top three concerns. Among overall UK respondents, top concerns included integration with existing requirements, resistance from the industry, and "adhering to the timetable". Indeed, one UK-based respondent wrote "get on with it", while another wrote, "get a move on".

Financial services firms indicated that they are working on a handful of regulatory issues intensively at the moment. Business environment/control analysis was by far the top choice among firms – 27% rated it as the first of their three primary concerns, and 60% chose it as one of their top three. Data integrity and validation came in second, with 46% of financial services respondents naming it as one of their top three regulatory issues, while key risk indicators were named by 40% of firms. Other hot topics included scenario analysis (24%), business line mapping (21%) and internal loss data (19%).

More than compliance

One Protiviti consultant says these results demonstrate that firms are looking at operational risk as something beyond a mere compliance exercise. "Banks are shifting from building the foundational elements of operational risk management to execution of the framework," says Cory Gunderson, managing director in financial services at Protiviti. "The data is starting to flow and op risk departments need to show value beyond regulatory compliance in order to receive ongoing investment dollars. One key to such value is transforming op risk from a data collection exercise into an analytical exercise that highlights areas of exposure and loss for the bank and is used to close those exposures and losses."

One area the survey examined more closely was how satisfied firms are with the way their regulators are handling home-host arrangements. Overall, financial institutions seemed neutral in their satisfaction levels, when rating how satisfied they were in six different areas on a scale of one to five. The highest level of dissatisfaction – those who selected 'one' or 'two' on the survey – was in the area of "pillar II for op risk and related areas", with 38%. The next two contentious topics – each at 28% dissatisfied – were the resolution of differences among regulators, and the co-ordination of information provision. The highest level of satisfaction was – at 18% of financial services respondents ticking 'four' or 'five' – also the co-ordination of information provision.

Indeed, 46% of financial services respondents said they were satisfied with the ability of their regulator to work with other regulators, while 35% indicated that they were satisfied with the way regulators communicated with industry bodies.

On the down side, more than a quarter of financial services respondents said their regulators needed to improve the quality of their staff, their communications about implementation requirements, the quality/helpfulness of discussions with regulators, the quality of their model approval process, and communication with firms about plans.

But Protiviti's Gunderson says regulators are doing as best as can be expected under the circumstances. "To be fair, regulators around the globe are under siege on a variety of fronts – banks and, yes, consulting firms are constantly trying to hire ex-regulators," he says. "There is a true war for talent, and the regulators have sometimes been handcuffed from speaking more openly on an individual bank basis in order not to be 'prescriptive' in the approach towards Basel II compliance. And the underlying 'rules of the game' the guidance itself, keeps shifting for many regulators, making it difficult to provide firm conclusions to their banks."

However, for some industry respondents, what the regulators are currently doing simply isn't good enough. OR&C

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here