Basel II challenges - managing credit risk exposures

Infosys Technologies Limited

Kalyan Chakravarthy Bondugula, Kanna Venkatasamy and Anita Stephen of Infosys explore the challenges that banks face in complying with Basel II regulations around credit risk management and offer some 'best practice' approaches

The Basel II Accord marks a significant step in improving the risk processes in banks worldwide and is expected to provide more stability to their operations. Banks see this as an opportunity to allocate risk capital optimally and to improve their profitability as they encounter an increase in interest rates and a squeeze in margins. As banks worldwide race to comply with Basel II regulations as stipulated by regulators in respective countries, they will encounter many hurdles on the way. The nature and scale of the challenges that banks face in complying with the regulations vary with their size, the number of business lines they have and the geographic spread of their operations.

The advanced notice of proposed rulemaking - the Basel II guidelines released by the Federal Reserve Board, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation - mandates US banking organisations to implement the advanced internal ratings based (AIRB) approach for credit risk. It will require banks to calculate regulatory capital based on their own internal risk estimates for probability of default (PD), loss given default (LGD), exposure at default (EAD) and maturity with separate formulas for corporate and retail credit exposures. At a high level, Basel II has increased risk sensitivity with differentiated effect on risk-weighted assets (RWA) by type of exposure, obligor, tenor and collateral.

A Basel II implementation in a medium to large bank is a complex amalgamation of many different projects and initiatives across the organisation. One of the largest components is the aggregation of finance and risk information from the various lines of business of the bank across regions to measure the three categories of risk - market, operational and credit. Data capture processes and integrity checks are required to ensure the availability, quality, standardisation and integrity of data.

Basel II implementation in a large bank - key challenges and best practices

The implementation of Basel II impacts a wide range of functions including finance, risk, corporate, management and regulatory reporting, legal/compliance and IT. A large number of projects in different areas that form part of the business process chain contribute to significant programme complexity. These initiatives are very interdependent and often have aggressive timelines. Banks need to address certain key challenges to effectively rollout a Basel II programme (Figure 1). While these challenges are described in the context of Credit risk, they could be equally applicable to other initiatives under Basel II. These challenges - along with the best practices - are described in detail below.

End-to-end integration

Given the component-wise implementation of a Basel II programme, banks need to ensure that the various components tie in from an end-to-end perspective and that the interactions between projects are seamless. Infosys has partnered with global banks in the design and implementation of end-to-end architecture and individual components of Basel II programmes.

- Identifying and plugging gaps between accord requirements and current state - banks would have to assess the functionality in the accord that can and cannot be delivered within the timelines stipulated by national regulators. The assessment should look at the availability of data, upgrade to existing processes to support new functionality and the time and cost implications of plugging the gaps. These should be prioritised on business criticality of the missing link and feasibility in terms of cost and timelines.

- End-to-end architecture - there are two aspects to architecture, business architecture and technical architecture. On the business architecture front, banks should define boundaries for the various business process interactions from start to finish. The business architecture team must also review requirements of individual projects to check the fit with the end-to-end flow. Technical architecture must address tool, platform, package selection and technology implementation of the business flow across platforms, and technical specifications and standards. This cuts across different business lines and legal entities of a bank and requires senior management commitment to bring them together.

- Defining enterprise-wide standards - given the numerous components, defining and implementing enterprise-wide standards in business processes and data is key. These standards are critical to bring in information from multiple organisations, systems, processes and regions, and would be defined around customer, product, collateral, risk and finance entities. Making the organisation conform to the standards is an even greater challenge.

- End-to-end testing - the importance of testing of the end-to-end flow cannot be overstated in such a large and complex project implementation. The preferred mode is to test a proof of concept towards the beginning of an implementation to capture issues upfront. Every component must undergo multiple rounds of testing on an independent and integrated mode as additional components keep getting developed. The end-to-end testing should involve users from product control groups and business units to test the seamless flow of data across different modules to deliver reliable results of RWA and reporting data points.

Data management

Managing data is regarded as one of the most pressing challenges in a Basel II implementation. An enterprise data initiative such as the Basel II implementation requires managing diverse data from multiple product systems and business lines either through a central warehouse or regional data marts. Data from source would undergo many enhancements at different stages to tie requirements to raw data. Erroneous or missing data from source system feeds has a multiplier effect and the calculation of key risk indicators can be way off the mark.

Basel II imposes extensive data requirements on banks in their credit risk computation. For example, in the AIRB approach for credit risk, data is required at the granular level of a transaction or a position for all credit sensitive exposures across the bank's business units, which would be a staggering volume for a globally active bank.

Though banks have historically captured ratings performance data, including default and so on, very few today have data on all three risk indicators: PD, LGD and EAD. Even if the data is collected, the bigger question needs to be answered: is it of high quality and in a ready-to-use format?

Data complexity is compounded by the multiplicity of product systems and business lines that capture and store data in local formats. Data gaps or data non-availability should be addressed upfront through enrichment or substitution of data. Another hot issue is the cost of inaccurate or unreliable data from an internal decision-making standpoint as well as regulatory penalties.

Infosys assists some of the world's top-20 banks in improving their data quality. Data profiling is initiated early in the life cycle of the project to facilitate data quality planning and set up data governance mechanisms to ensure the client focuses resources on addressing the quality issues at the outset, rather than at the very end. The overall objective of data management is to establish a continuous cycle of tracking, resolving data issues and incorporating learnings into the data governance structure (Figure 2).

Effective programme management

Since Basel II involves many parallel projects spread globally across the banking organisation, this could result in multiple releases and roll-outs across geographies. Typically, this translates into tens (sometimes hundreds) of independent teams of varying sizes, who work in their own silos. A programme of this scale with global teams, aggressive timelines and interdependencies creates significant management challenges.

Robust programme management is needed to ensure not only that the individual projects deliver, but also that the overall programme is progressing towards meeting the bank's goals. Focus should also be on optimising the return on investment for the millions of dollars that banks have committed. It requires increased and frequent monitoring and reporting to senior management and to regulators.

Adding to the complexity are the ever-changing and evolving regulatory guidelines. Details of various aspects of the Basel II framework are still being defined by the regulators in different countries. Managing the uncertainty requires strong communication channels, change-management mechanisms and processes to address and resolve issues and conflicts.

Given the significant commitment of financial and human capital, many banks seize this opportunity to achieve other strategic objectives in addition to Basel II compliance. This could include standardisation of processes, retirement of old systems and improvements in business intelligence.

For instance, Infosys is programme-managing a large initiative to develop strategic data infrastructure to meet financial, regulatory and management requirements for the corporate and investment banking division of one of the largest financial services conglomerates. Key to success here is achieving a balance between short-term tactical wins and long-term strategic goals. Additionally, assessing the impact of change in data, processes and enhanced functionality across the organisation provides insights into key focus areas for successful programme execution.

Home-host issues

Home-host issues for a globally diversified bank arise when Basel II calculation methodology stipulated by home-country regulators (banks' headquarters) differ from the rules in the host country (the local country). The Basel II framework allows for a limited degree of national discretion in the way the accord may be applied locally to adapt to conditions of national markets.

Many global banks adopt a hybrid end-to-end architecture model that establishes a balance between global initiatives and individual country initiatives. The centralised/decentralised decisions would be around components for sourcing data, RWA calculations and reporting. The right balance would ensure optimal utilisation of resources and IT infrastructure. The host countries typically prefer more decentralisation to meet local regulations under the following circumstances:

- The regional deadline is before the home-country deadline.

- Approaches (advanced or standardised) or calculation of certain parameters, such as defaults, are different between home and host countries.

- There is a regulatory requirement for higher frequency of report generation for local reporting (daily versus monthly).

While the hybrid model will be suitable for a majority of the situations faced by global banks, the implementation places significant demands on programme management skills, requires a flexible end-to-end architecture and sharing of best practices across the teams.

Conclusion

The challenges, uncertainty and complexity that banks face in their efforts to be compliant with the Basel II regulatory guidelines are many. Hand-in-hand with compliance objectives, Basel II offers banks the advantages of better risk management; superior risk-based pricing of products and potentially competitive advantages. To manage challenges effectively and to realise the most benefit from a Basel II implementation, banks need to focus on the broad theme of planning and programme-managing the various pieces from an end-to-end perspective (Figure 3).

Infosys' Basel II and risk management credentials

Infosys has assisted several major banks in their Basel II and enterprise risk management programmes, including four of the largest global banking institutions. Infosys combines in-depth technical knowledge with a wealth of the domain experience across various Basel II areas: credit risk, operational risk, risk analytics, data management and regulatory reporting. This is complemented by a suite of consulting services, proven best practices and ready-to-implement solutions.

- Kalyan Chakravarthy Bondugula is a senior associate in the banking & capital markets group at Infosys Technologies Limited. Kalyan has worked with leading banks in the areas of enterprise risk management and data management (kalyan_bondugula@infosys.com)

- Kanna Venkatasamy is a principal in the banking & capital markets group at Infosys Technologies Limited. He has worked with leading corporations and banks to define and execute business and IT strategies and manage large transformation programmes (kanna_venkatasamy@infosys.com)

- Anita Stephen is a senior associate in the banking & capital markets group at Infosys Technologies Limited. Anita has worked with leading financial services companies to implement risk and compliance initiatives and data management processes (anita_stephen@infosys.com)

CONTACT

For more details on how Infosys can help you with your risk initiatives, contact Ashwin Roongta, head of risk solutions (Ashwin_Roongta@infosys.com).

- Click to download pdf

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here