Basel II and Good Risk Management Practices
- The evolution of banking risk:
- Why Basel I was deemed necessary
- G30 report
- Case study: Bankers Trust
- Why Basel II was deemed necessary to replace Basel I
The Evolution of Bank Risk Management
- From a cost centre to a strategic competitive weapon
The Basel Accord II A Brief Overview
It is assumed that all delegates will have at least heard of the new Basel Accord. This section will summarise its implications for financial institutions, with particular attention to Pillars II and III.
- Objectives of the new Accord
- Application of the Accord
- To whom does it apply?
- Legal standing of the Accord and national discretions
- Structure of the new Accord
- Pillar I: Minimum Capital Requirement
- What constitutes bank capital?
- Expected and unexpected losses and the role of capital.
- Pillar II: Supervisory Review Process its objectives
- Construction of an ICAAP - a brief outline
- Risk-Based supervision what is meant by this, and why are supervisors moving towards it?
- Pillar III: Market Discipline what are the requirements and some issues
- Interaction with other regulatory requirements such as IFRS
- Will Pillar III remain?
- What has resulted from the banking crisis in 2007-9
- Changes to the quantity and quality of capital
- Introduction of bail-in capital and PONV what happened in Cyprus
- A summary of other changes discussed in detail later in the programme
- Beyond Basel III do we see Basel IV emerging?
Delegates will be encouraged to discuss the current and planned progress of their institution towards the new Accord.
Good Risk Management Practices
Whilst each class of risk has developed its own methodologies, there are some overarching sound practices required to support the overall risk management framework
- Roles and responsibilities of each of three parties: the Board, the Executive, and the Risk Function
- Governance: examples of bad and good
- What is a risk management framework?
- Hard components and soft components
- The COSO framework how applicable to banks?
Developing an Appropriate Risk Management Environment
- Typical organisational structure
- Roles and responsibilities of each of the parties
- Defining the risk appetite of the institution
- Factors that may influence a risk appetite
- Quantitative and qualitative approaches
- Creation of risk management policies and procedures
- Risk identification framework
- Risk measurement methodologies
- Management and control of risks
- Reporting and monitoring of risks
Case study: the discussion will be with reference to a leading international bank. Delegates will be encouraged to discuss the progress of their institution towards good practices and highlight areas of priority.
Traditionally, banks and regulations make a distinction between market risk arising from trading and risk arising from non-trading (banking) activities. Different methodologies are frequently applied.
- Definition of trading and the trading/banking boundary
Traded Market Risk
Traded market risk has changed fundamentally since the late 1980s, with the introduction of Value-at-Risk. These sessions first discuss the main approaches used to control traders at the desk-top, and then the main approach banks use to calculate their regulatory VaR. Due to the recent banking crisis, there have been a number of substantive changes in regulation. These changes will be reviewed with example calculations and the implications discussed.
- What are the main sources of market risk?
- Interest rate, foreign exchange, equity and commodity risks
- What are the main methodologies?
Case study: NatWest Bank
Traditional Desk-top Risk Measurement
- Adopting a portfolio approach, interest rate risk will be discussed:
- Construction of classic gridpoint sensitivity reports for a significant portfolio
- Extension to incorporate curvature
Modern Risk Measures: Value-at-Risk
- Introduction through a simple 1- factor example
- Using historic simulation
- Extension to a 2-factor example
- Demonstration of more realistic examples
- What do banks do in practice?
- Practical difficulties of implementation: volatility and correlation, holding period
- An outline of other methodologies
The new Regulatory Requirements
- The proposed new Standardised Approach
- An outline of the underpinning methodology
- A detailed multi-currency multi-market worked example of the calculations
- New approach to issuer credit default risk (known as specific risk)
- Internal models using VaR
- Qualitative approval process
- Calculation of the regulatory capital for market and specific risk
- Introduction of Stressed VaR
- Back testing: what is it and how to apply it?
- Extensions to market-risk framework likely introduction of Expected Shortfall and differing time horizons
- Valuation of illiquid positions
- Brief discussion on the Incremental Default Risk Charge the advanced version for specific risk
- Likely further developments
Non-traded Market Risk and Liquidity Risk
- How does non-traded market risk arise
- IRR exposure: earnings and economic value approaches
- Gap analysis contractual and behavioural
- Static and dynamic simulation
- The new Standardised approach with a worked example
- Funding liquidity risk
- How does it arise, and how should it be managed
- The new regulatory constraints:
- The details of Liquidity Coverage Ratio and its business implications
- The likely details of the Net Stable Funding Ratio
- How this may change to align more closely with current practice
- Impact on banking, such as the long-term funding of infrastructure projects
- What do the Basel regulations require?
Delegates will be encouraged to discuss the organisation of the market risk function within their institution and the main management reports used.
Banks are traditional credit risk-taking institutions. Hence, through experience, presumably they have developed well-founded mechanisms for managing credit risk? If that is the case, why have the leading international banks fundamentally changed the way in which they view credit risk over the past twenty years? And does the Basel Accord support or hinder this new paradigm?
Overview the Traditional View of Credit Risk Management (CRM)
- Banks as traditional credit taking institutions
- The typical credit control process
- Traditional credit risk mitigation
- The effectiveness of the process: does it work?
- Level I CRM
- Case studies: Bankgesellschaft Berlin, Continental Illinois and Credit Lyonnais
Modern Credit Risk Management
- Portfolio Credit Risk Management
- Why is it the new paradigm?
- What are the fundamental concepts?
- Basic data requirements: Exposure At Default, Probabilities of Defaults, Loss Given Defaults and correlations
How to Estimate EADs
- Traditional loan exposures
- Provision of guarantees such as standby letters of credit or trade finance
- Settlement, pre-settlement and derivative risks
- Introducing Expected Positive Exposure how to calculate for a derivative
- The concept of credit conversion factors
How to Estimate PDs
- Cohort methodologies how they work in practice
- Use of historic data from external parties
- Shortcomings of these approaches and how to overcome them
- Various approaches: OCC, Fed Reserve, DB, FSA, etc.
- Introduction of Statistical factor models (also known as scoring models)
- Examples of statistical models
- Introducing subjective data
- Corporate and retail modelling what is the difference?
- Practical implementation of scoring models
- Using Logistic regression to estimate PDs
- Traditional credit analysis
- What are the main components of a traditional rating methodology
- Credit analysis vs. statistical model? What is the verdict?
- Market-based approaches:
- The credit market
- The debt market
- The equity market and Mertons model
- Hybrid models
- Each approach will be briefly but critically discussed
How to estimate LGDs:
- Is estimating LGDs hard?
- How to implement a Distressed Cashflow model
- Discussion of some estimation projects
Seven Levels of Credit Risk Management Where is your Institution?
- Active credit portfolio management
Delegates will be encouraged to discuss the organisation of the credit risk function within their institution and the main management reports used.
Estimation of Regulatory Capital for Credit Risk
The Standardised Approach
- The who and the what of the Accord
- The role of external rating agencies
- International or domestic thats the question?
- How has the US removed ECRAs from its regulations
- Credit conversion factors
- Permitted risk mitigation
Overview of the Internal Rating Based Approaches
- Foundation and advanced approaches
- What you supply, what the Accord supplies, and what the national supervisor supplies
- What is likely to change in the future?
- How to apply to different client sectors
- Example calculations
- What is the regulatory credit model?
- The underlying theoretical assumptions
- Minimum organisational and technical requirements to implement these approaches
- Permitted risk mitigation
Introduction of a Leverage Constraint
- What is a Leverage ratio, and how does it compare to the Basel II ratio?
- How does the US ratio work
- The new proposed Basel III ratio
- How it will work, and the timetable
- Likely business implications, especially on off-BS activities such as Letters of Credit
- Will it be changed the views of some banking supervisors
A brief outline of portfolio credit modelling
Note: this section will only be covered if there is sufficient interest in the technical details by the delegates. If not, it may be very briefly discussed and demonstrated.
- Analytically modelling portfolio default assuming independence
- Simulating portfolio default
- Introducing correlations
- Estimation of correlations
- Modelling a realistic portfolio
- Construction of a loss distribution
- Calculating credit VaR
- Implementing such a model in practice
- Extension of the default model to a migration model
The Basel Accord has introduced a capital requirement for operational Risk for the first time. But what is operational risk? Can it be realistically measured as the Accord requires? Or is the whole topic the triumph of optimism over reality? These are some of the basic questions to be debated in the section, along with a detailed coverage of the approaches banks are employing.
- What is operational risk: alternative definitions?
- What is the regulatory charge supposed to cover?
- The Basel categories and definitions
- The results of the latest loss data collection exercise
- Why has operational risk been included in the new Accord?
- The early view of operational risk, and the current view
Case study: Royal Bank of Canada
Developing an Operational Risk Methodology
- Developing suitable objectives and policies
- Typical operational risk organisational structures
- Relationship with other functions, especially internal audit
- Top down or bottom up a major decision?
- Creating a risk framework
- Risk identification
- Build or buy an operational risk database
- Aside: Process analysis which are the key processes?
- Process mapping what are the major risks in any given process?
- Key risk indicators what can be used as a risk metric?
- The KRI project
- Regulatory indicator approaches what is permitted?
- The old Basic and Standardised approaches
- The new Business Indicator approach
Bottom-up (Advanced) Risk Measurement Models
- Loss Distribution Analysis: statistical modelling using historic data
- Using external data good or bad?
- Fitting severity and frequency distributions
- Modelling a LD, and estimating the 99.9% VaR
Computer-Based Demonstration using Real Data
- Control self assessment: score-card or self-assessment approaches
- Example of assessment questionnaire
- Training of people to conduct self-assessment
- Examples of professional software used to support this methodology
- Results from an actual CSA
- Estimation of VaR using simulation
- Proposed scrapping of Advanced approaches for regulatory purposes
- Exceptional and unexceptional events
- Will the normal modelling capture exceptional events?
- If not, what can be done?
- Case studies: Barings and Allied Irish Bank
- Where is current best practice, and what are the leading institutions doing?
- Summary: will it work?
Various case studies, including BCCI, Daiwa and First National Bank of Keystone
Banks increasingly use models in a variety of ways. However, far too often the models are poorly documented and validated for appropriate conditions. Therefore, model risk should be an important category to consider.
- A model risk framework
- What are the different dimensions of model risk?
- How should models, especially ones from third-party vendors, be tested?
- External validation
- Control and governance of the overall process
This has been a regulatory requirement under Basel as a necessary complement to assessing risks in normal times. So, how come banks did not anticipate losing such large amounts during the recent crisis? The simple answer is that it was never taken very seriously by either the banks or the regulators until now.
- What was common practice pre-crisis?
- How have the supervisory expectations changed?
- Stress testing and shock (or sensitivity) testing
- Introduction of hypothetical and idiosyncratic scenarios
- Reverse stress testing
- Role of senior management
- The response to a stress test
- What is common practice post-crisis?
This session will use a number of the supervisory stress tests from US, UK and the EU as good and bad examples of real practice.
Should time permit and the delegates desire it, the following topics may also be discussed.
Reputational risk is regarded by many banks to be the most important risk of all, ranking above even credit risk. Yet, because it is soft and very difficult to measure, reputational risk management is often down-played. This session discusses how reputational risk may be assessed and managed in practice, using a number of banks as examplars.
Legal risk is deemed to be an integral part of operational risk and is yet often managed completely separately. This session debates the different forms of legal risks, and asks how the operational capital may be assessed.
Accounting and Tax Risk
Traditionally, these risks have remained the remit of the financial function, away from the prying eyes of risk management. Should that remain, or should accounting and tax risks simply form another component of operational risks.
It is a regulatory requirement that banks have to submit an Internal Capital Adequacy Assessment report to their supervisor each year. However, the Accord is very low on precise details as to what should go into this report. This session will go through the production of an ICAAP in detail, with some real examples.
- Objective of the ICAAP with the concept of proportionality
- Where to start?
- Linking the ICAAP to the long-term strategic plans of the bank
- Identifying all material risks
- Assessing all material risks
- How to handle soft risks such as reputational, liquidity or fraud risks
- Discussing risk mitigation
- Other components of an ICAAP
- Things to do, and things to avoid!!
Beyond the Accord: Risk and Return
The objective of this session is to explore how modern risk management may contribute to the overall strategic development of the institution. In particular, what is the acceptable trade-off between the return on a transaction and the risk it incurs for the bank? A number of different aspects will be reviewed, and current global best practice will be discussed.
RAROC: Risk-Adjusted Return on Risk-Adjusted Capital
- What is RAROC? How is it defined?
- Variants such as EVA
- Determining the cost of capital using the capital asset pricing model
- The use of RAROC:
- Ex ante: allocating economic capital to business units
- Ex post: performance measurement
- How correlations and marginal risk contribution can be integrated into RAROC
- Implementing RAROC: what are the practical problems?
- How can risk management add value to the organisation?
- Risk management of the future
Course Summary and Close