Basel 2 regulations are likely to have a knock-on effect across the financial sector and its technology suppliers. IT directors need to act now to stay ahead of the game
The potential Impact of Basel 2 on the financial sector has so far only been viewed as a regulatory compliance issue. However, when you dig deeper, it could have as much of an impact on IT systems in the financial sector as the Y2K problem did.
The accord relates to the amount of capital a bank is required to set aside to perform its role and introduces new standards and methods for monitoring risk.
There are implications for suppliers as well as the financial institutions, as banks try to lay more risk at the door of their IT providers.
The Basel 1 Accord was agreed in 1998 as a global standard for measuring a bank's capital adequacy. It stipulated that banks must have enough funds to cover potential losses. This meant that the total capital should always be more than about 8% of its risk-weighted assets.
However, this approach was seen as limiting flexibility, as it placed a single generic standard across banks, which vary in size and have differing risk profiles.
It was clear that some managed their risks better than others, so why should they be required to hold the same percentage of reserves as a bank which adopted a less compliant risk regime?
Basel 2 replaces the existing standard with a framework that seeks to take into account such factors, providing a more risk-sensitive, flexible, but more heavily regulated, approach.
Basel 2 will be adopted in the EU through the Risk-Based Capital Adequacy Directive, which must be implemented into national legislation by 1 January 2007. So it is on its way and the financial sector needs to wake up to that fact and begin its preparations now.
Basel 2 provides a new way of calculating a bank's capital. Institutions that can demonstrate that they can manage their risk might be able to free up part of their idle capital, which has hitherto been required to convince the regulators that they have enough money to cover their financial obligations.
Under Basel 2, banks that alter their technology infrastructure and processes (for example, by outsourcing some of their processes to service providers) while controlling and decreasing their risk, will benefit from having lower capital adequacy requirements. This may have the effect of increasing their capital and ultimately their profits.
Fundamental to the ability of a bank to control risk is its technology, the way it manages it, and the third-party providers it uses.
Banks that do not look ahead and ensure that adequate systems are in place by 2007 may lose competitive advantage to those that are able to reduce their capital requirements and control their risk. In the long run, a gap is likely to emerge between banks with greater and lesser capital.
This could lead banks that have not obtained the lower capital advantage and therefore suffer decreased profitability to consolidate with banks that have gained from using Basel 2.
If banks end up being taken over, the financial sector may look very different, with smaller independent banks disappearing. Failure to meet the risk and compliance requirements of Basel 2 may also lead to enforcement by the regulatory authority, which in the UK will be the Financial Services Authority.
Clearly the increased burden of regulatory compliance will affect a financial institution's IT systems most. Banks will need to increase the efficiency of their operations, which could be handled internally, although it is more likely that systems will have to be procured to undertake the compliance modelling.
If they are to be able to calculate capital adequacy requirements in a meaningful way, most financial institutions will need to enhance their IT systems. Given the complexity and volume of information required, it is also clear that systems will need to be highly integrated and have the capability to process vast amounts of data.
Another means of dealing with Basel 2 requirements will be through passing the operation - and risk - to third parties, by outsourcing both IT and business systems, processes and procedures.
Given the emphasis on operational efficiency and the calculation of capital adequacy, banks that buy technology and outsourced services will need to become more demanding of their IT providers and more meticulous in regulating their contractual arrangements.
Andrew Rigby is a lawyer in the technology and outsourcing group at London law firm Addleshaw Goddard
Advantages of early compliance
Financial institutions that are ahead of the pack on Basel 2 could be in a strong position to:
- Benefit from lower capital adequacy requirements
- Avoid being taken over in a market that will inevitably result in more mergers and acquisitions
- Transfer some of their risk to third party providers.
What Basel 2 will mean for banks
1 Minimum capital requirement
Will be quantified by risk and directly related to the actual risks taken by the bank. It will also be expanded to include operational risks.
2 Supervisory review
There will be more dialogue between regulatory authorities and banks. Banks will be required to have internal processes to assess their capital needs and request regulators to assess their evaluations to ensure sufficient capital is retained.
Regulators will have access to stronger sets of historical data and transaction trails.
A cross-border EU "consolidating supervisor" will have enhanced responsibility and powers for co-ordinating cross-border financial services groups.
3 Market discipline
Greater public disclosure will be required from banks, to increase the transparency and stability of financial institutions.
Immediate action for IT directors
Systems for Basel 2 compliance must be operating before 1 January 2007 in order to be counted as part of the assessment for a bank's minimum capital requirement. If they have not already done so, banks should act now to:
- Review current IT systems
- Audit operational risk and assess whether systems are capable of capturing the data in ways that meet the integrity and quality requirements imposed by Basel 2
- Assess disaster recovery and continuity plans to ensure capital adequacy can be maintained on a business-as-usual basis
- Review supplier contracts to see whether existing IT and outsourced processes influence operational risk and whether arrangements need to be renegotiated or upgraded to ensure compliance with Basel 2