Judgement-led approach to conduct risk capital draws criticism

The UK's Prudential Regulation Authority (PRA) looks set for a scuffle with the country's biggest banks over its proposal to use mostly "supervisory judgement" to determine how much capital they must put aside for conduct risk.

The methodology, outlined in a PRA consultation paper last month, treats conduct risk separately from non-conduct risk and is aimed at calculating additional Pillar 2A capital for the former. The document defines conduct risk as a Basel category of ‘Clients, products and business practices', which includes fiduciary breaches, improper trading activities on the bank's account, money laundering and sale of unauthorised products.

Banks have until April 17 to respond to the proposal, but initial reactions from risk management professionals suggest there will be resistance to the idea.

Mike Finlay (pictured below), the head of consultancy RiskBusiness and a frequent lecturer on operational risk for banking supervisors at the Bank for International Settlements (BIS), says the judgement-driven, case-specific approach to conduct risk capital would make comparisons between banks very difficult.

Instead, he advocates using a consistent numerical measure, no matter how crude.

"Because of all the variables with operational risk and the fact that it is totally driven by conduct, behaviour and human capabilities, the only way you can have a reasonably representative capital figure is to use something like the standardised approach," he says, referring to one of the three Basel methods for calculating op risk capital. "Or, dare I say it, even the old-fashioned basic indicator approach. It's flawed, it's wrong – but it's a figure."

The basic indicator approach uses gross income as a proxy for exposure, and companies are required to hold a percentage of this – set by regulators at an industry-wide level – for operational hazards.

The standardised approach divides an institution into a number of standardised business lines, and assigns operational risk capital according to a predetermined proportion of each line-specific proxy, such as gross income or average assets. The exact proportion is determined by examining the industry's previous operational losses in that line.

The third method available to banks is the advanced measurement approach (AMA), which uses modelling to forecast likely operational risk losses and set the corresponding capital level. Firms construct their own internal models for operational risk, which are then signed off by the regulator. In theory the AMA provides a more accurate reflection of the specific operational risk profile of each institution.

The PRA paper says that separation of conduct risk from non-conduct risk does not apply to firms using the AMA "unless there are outstanding material remedial actions associated with their AMA approval". In that case, additional capital may still be required.

In contrast to Finlay, Mark Williams, a finance lecturer at Boston University and former Federal Reserve bank examiner, welcomes the potential introduction of supervisors' judgement into operational risk capital calculations. However, he notes that the implied subjectivity will not go down well with banks.

"I think it's a new frontier, and regulators have come to the conclusion that you can't simply quantify operational risk before it becomes loss," he says. "You have to interject human judgement at the supervisory level. But that's not to say it's not going to be contentious as a result. And it will be because it's ambiguous."

The consultation paper suggests special treatment for conduct risk because this type of risk includes unpredictable and costly events, such as the foreign exchange and Libor manipulation scandals, and is therefore seen as impossible to model.

Under the Pillar 2A approach the PRA will work out a bank's required conduct risk capital based on its recent history, whether it has paid any major fines in the last five years and whether there are any patterns pointing to underlying problems such as overly aggressive sales culture. The watchdog will also factor in any expected losses from conduct-related incidents aside from regulatory fines, such as compensation payments.

Lastly, the regulator will use its judgement on a firm-by-firm basis to work out the appropriate level of conduct risk capital.

The proposal applies to all banks classified Category 1 by the PRA, i.e. those that may "cause very significant disruption to the UK financial system by failing".

Although the paper suggests that most banks using the AMA do not need to adjust the way they calculate their operational risk capital, the PRA's new focus on judgement may further erode the validity of the modelling techniques for this type of risk.

For their part, Williams and Finlay are sceptical about the usefulness of modelling operational risk, whether conduct or otherwise.

"Operational risk cannot be modelled with any precision, full stop," Finlay says. "How do I model how many mistakes people are going to make next year? How do I model how many people are going to steal from me next year? There's no difference."

Currently no major UK banks use the AMA to calculate their operational risk capital. Barclays, Lloyds, RBS, HSBC and Standard Chartered all use either the standardised or the basic indicator approach.