Basel 2 regulations are likely to have a knock-on effect
across the financial sector and its technology suppliers. IT
directors need to act now to stay ahead of the game
The potential Impact of Basel 2 on the financial sector has so
far only been viewed as a regulatory compliance issue. However,
when you dig deeper, it could have as much of an impact on IT
systems in the financial sector as the Y2K problem did.
The accord relates to the amount of capital a bank is required
to set aside to perform its role and introduces new standards and
methods for monitoring risk.
There are implications for suppliers as well as the financial
institutions, as banks try to lay more risk at the door of their IT
providers.
The Basel 1 Accord was agreed in 1998 as a global standard for
measuring a bank's capital adequacy. It stipulated that banks must
have enough funds to cover potential losses. This meant that the
total capital should always be more than about 8% of its
risk-weighted assets.
However, this approach was seen as limiting flexibility, as it
placed a single generic standard across banks, which vary in size
and have differing risk profiles.
It was clear that some managed their risks better than others,
so why should they be required to hold the same percentage of
reserves as a bank which adopted a less compliant risk regime?
Basel 2 replaces the existing standard with a framework that
seeks to take into account such factors, providing a more
risk-sensitive, flexible, but more heavily regulated, approach.
Basel 2 will be adopted in the EU through the Risk-Based Capital
Adequacy Directive, which must be implemented into national
legislation by 1 January 2007. So it is on its way and the
financial sector needs to wake up to that fact and begin its
preparations now.
Basel 2 provides a new way of calculating a bank's capital.
Institutions that can demonstrate that they can manage their risk
might be able to free up part of their idle capital, which has
hitherto been required to convince the regulators that they have
enough money to cover their financial obligations.
Under Basel 2, banks that alter their technology infrastructure
and processes (for example, by outsourcing some of their processes
to service providers) while controlling and decreasing their risk,
will benefit from having lower capital adequacy requirements. This
may have the effect of increasing their capital and ultimately
their profits.
Fundamental to the ability of a bank to control risk is its
technology, the way it manages it, and the third-party providers it
uses.
Banks that do not look ahead and ensure that adequate systems
are in place by 2007 may lose competitive advantage to those that
are able to reduce their capital requirements and control their
risk. In the long run, a gap is likely to emerge between banks with
greater and lesser capital.
This could lead banks that have not obtained the lower capital
advantage and therefore suffer decreased profitability to
consolidate with banks that have gained from using Basel 2.
If banks end up being taken over, the financial sector may look
very different, with smaller independent banks disappearing.
Failure to meet the risk and compliance requirements of Basel 2 may
also lead to enforcement by the regulatory authority, which in the
UK will be the Financial Services Authority.
Clearly the increased burden of regulatory compliance will
affect a financial institution's IT systems most. Banks will need
to increase the efficiency of their operations, which could be
handled internally, although it is more likely that systems will
have to be procured to undertake the compliance modelling.
If they are to be able to calculate capital adequacy
requirements in a meaningful way, most financial institutions will
need to enhance their IT systems. Given the complexity and volume
of information required, it is also clear that systems will need to
be highly integrated and have the capability to process vast
amounts of data.
Another means of dealing with Basel 2 requirements will be
through passing the operation - and risk - to third parties, by
outsourcing both IT and business systems, processes and
procedures.
Given the emphasis on operational efficiency and the calculation
of capital adequacy, banks that buy technology and outsourced
services will need to become more demanding of their IT providers
and more meticulous in regulating their contractual
arrangements.
Andrew Rigby is a lawyer in the technology and outsourcing
group at London law firm Addleshaw Goddard
Advantages of early compliance
Financial institutions that are ahead of the pack on Basel 2
could be in a strong position to:
- Benefit from lower capital adequacy requirements
- Avoid being taken over in a market that will inevitably result
in more mergers and acquisitions
- Transfer some of their risk to third party providers.
What Basel 2 will mean for banks
1 Minimum capital requirement
Will be quantified
by risk and directly related to the actual risks taken by the bank.
It will also be expanded to include operational risks.
2 Supervisory review
There will be more dialogue
between regulatory authorities and banks. Banks will be required to
have internal processes to assess their capital needs and request
regulators to assess their evaluations to ensure sufficient capital
is retained.
Regulators will have access to stronger sets of historical data
and transaction trails.
A cross-border EU "consolidating supervisor" will have enhanced
responsibility and powers for co-ordinating cross-border financial
services groups.
3 Market discipline
Greater public disclosure will
be required from banks, to increase the transparency and stability
of financial institutions.
Immediate action for IT directors
Systems for Basel 2 compliance must be operating before 1
January 2007 in order to be counted as part of the assessment for a
bank's minimum capital requirement. If they have not already done
so, banks should act now to:
- Review current IT systems
- Audit operational risk and assess whether systems are capable
of capturing the data in ways that meet the integrity and quality
requirements imposed by Basel 2
- Assess disaster recovery and continuity plans to ensure capital
adequacy can be maintained on a business-as-usual basis
- Review supplier contracts to see whether existing IT and
outsourced processes influence operational risk and whether
arrangements need to be renegotiated or upgraded to ensure
compliance with Basel 2