Speech

Rutledge: Implementing the New Basel Accord

March 13, 2003
William L. Rutledge, Executive Vice President

Remarks by William L. Rutledge before the British Bankers Association Basel 2/CAD 3 Half-Day Conference, London, United Kingdom Introduction

Thank you and good morning. It is a great pleasure for me to be here today to offer some thoughts on Basel implementation issues -- thoughts that will reflect partly my role as the head of Bank Supervision at the Federal Reserve Bank of New York, and partly my role as a member of the Basel Committee.

In that latter capacity, I'd like to begin by offering my thanks for all of the extremely helpful and constructive comments that the BBA has provided throughout the Basel consultative process. In my experience, having a candid dialogue between the industry and the supervisory community is the best way to develop well informed regulatory policy. Given our desire for Basel II to be consistent with the best existing and emerging risk measurement and management practices, getting specific feedback from the industry is particularly critical. It is also critical that we understand calibration issues so that we set appropriate numerical standards; in that connection, I'd like to offer my further thanks to all of the banks represented here that participated in the latest Quantitative Impact Survey. I know that gathering all the necessary data and providing it in the prescribed format was a daunting task. Just know that our task - analyzing the results of the exercise with data from nearly 50 countries and over 250 institutions - is quite a challenge as well. I expect that Patricia Jackson of the Bank of England, who has led that effort, will comment on the QIS results later on today.

In his remarks, Sir Andrew shared some observations on the objectives of the New Basel Accord. My focus will be on how we expect to achieve some of those goals, through addressing various challenges that lie ahead to implementing the New Accord. First, I will offer some broad observations on implementation issues, including some thoughts on the challenges of applying it across jurisdictions. Then, I will get into more specific detail on the preparations banks and supervisors are making to implement the new framework. I will be drawing on the United States' experience to highlight the kinds of preparations that will be needed generally.

Implementation of the New Accord


Overview

As you know, the Basel Committee is quite close to finalizing the new capital framework after a number of years of work. Issuance of the next consultative paper will be a tremendously important step in getting a new approach in place. But as that step is taken, other critical actions must then occur --- in particular rulemaking processes, and preparations by the supervisors and the industry for the New Accord.

With respect to the former, in each country or set of countries, processes to establish specific rules must occur to ensure that more local issues are addressed in an appropriate manner. In the United States, as in the EU, that process will be a very formal one.

While the national rulemaking is going on, banks and supervisors around the world will also need to think through the practical implications surrounding implementation. To be sure, implementation of the New Accord will require a substantial resource commitment on the part of both banks and supervisors.

However, I think it is important to emphasize that the efforts banks will need to undertake to comply with Basel II build, to a very significant extent, on the good work that many large and well-managed banks already have in train to improve their own risk management and measurement approaches. For example, many banks have for some time been devoting increased attention to the tracking of loan performance, and to the more sophisticated assessment of their loan quality. Further, banks have been analyzing their managerial processes --- making sure they have the right system of checks and balances, with appropriate use of independent experts who would not gain from overly favorable assessments. Time and effort has also been invested in developing richer and more meaningful data on past, and likely future, credit performance --- data that are needed to fuel management information and control systems for senior management use. I expect that much of the cost to banks of adopting the advanced approaches of Basel II will come from pushing ahead on precisely these types of initiatives.

This is not to minimize the costs involved in coming into full Basel compliance, but rather to emphasize the extent to which bank risk management and supervisory capital requirements share common objectives in pursuit of the benefits that Sir Andrew described. Those benefits -- both to individual banks and to the financial services sector more generally -- are real and valuable. We know all too well the costs to society of bank weakness and failures. As the largest banks continue to grow, to prosper and to pursue new opportunities, they must simultaneously make the investments required to understand and manage their existing risks more fully, and to address any new risks appropriately.

Likewise, the new framework is providing supervisors with both opportunities and incentives to enhance their ability to identify and respond to risk in the banks they supervise. I will discuss the challenges for individual supervisors in a moment, but let me offer a few thoughts now on the challenges for supervisors to collaborate more effectively with one another. More effective collaboration was of course a key reason for the establishment of the Basel Committee. The Committee provides an excellent forum for open and constructive dialogue among banking supervisors. This spirit of communication will be more crucial than ever as the new framework is adopted across national jurisdictions.

It is clearly very important that the New Accord be implemented in a consistent manner across various jurisdictions. Market competition should be driven by each bank's strengths, rather than by differences in each country's rules. Accordingly, the Basel Committee established the Accord Implementation Group. As you know, this group is responsible for promoting the consistency and quality of implementation of the New Accord and facilitating the exchange of information among national supervisors about bank and supervisory practices. Through the implementation group senior line supervisors are beginning to share among themselves very practical insights on how to assess internal risk management processes. We think that this detailed sharing of information among people who are on the front lines of supervision will go a long way to ensuring that assessments can be done in a more consistent fashion across jurisdictions.

We appreciate the very strong endorsement that both the BBA and LIBA have offered in welcoming the formation of the Accord Implementation Group. Indeed, we know that both associations are keenly interested in how the group may well help ensure that a single banking organization active in many jurisdictions not face divergent sets of expectations from different banking supervisors under the New Accord. I am pleased to note that the Accord Implementation Group has taken up this concern among its first topics for discussion. An important goal of the coordination and information sharing is to help ensure that national supervisors, in assessing the eligibility of an internationally active bank's internal rating system, do not arrive at different conclusions.

Preparing for the New Accord

Let me get into more detail now on what both banks and supervisors will need to do to prepare for the Accord, by describing what we are doing in the United States. I am sure our experience will have parallels in the UK and elsewhere.

Challenges for banks

To begin with, we have looked to get our arms around where the major firms actually stand in preparing for Basel II, and to pinpoint the major challenges that lie ahead for them as they look towards implementing the advanced approaches to credit and operational risk.

Importantly, our dialogue with the banks has focused on where they stand in meeting the minimum standards for entry to, and on-going use of, the IRB approach. Our strong sense is that banks have both the desire and the commitment to continue to develop their internal ratings systems in a manner consistent with the requirements of the IRB framework. The discussions with the industry have, however, highlighted various areas where banks may need to expand their efforts in preparing for implementation. I will offer comments on four areas where more work is needed:
  1. the design and structure of rating systems;
  2. the necessary controls to ensure that ratings are accurate and up to date;
  3. the availability and quality of credit data; and, finally
  4. the overall corporate governance approach

a. Rating system design

The first area concerns the design of a risk rating system, which is, of course, central to ensuring the effectiveness of the IRB approach. The Basel Committee believes that banks' internal rating systems should accurately and consistently differentiate between degrees of risk. The minimum IRB standards in this area build on the strongest risk management practices observed in the industry.

To illustrate the point, many organizations either already have, or are in the process of developing a ratings system that captures both the risk of borrower default, as well as transaction-specific factors that shed light on the amount of loss that would arise if default occurs. In other words, these banks' systems are now oriented to capturing the several essential components in estimating credit risk under the IRB approach.

Credit risk rating systems are clearly improving in various dimensions, including how finely they seek to distinguish differing degrees of borrower risk. To do so, banks typically look to expand the number of ratings categories into which they slot their exposures. However, just establishing more rating categories is not enough. The challenge is for banks to define clearly and objectively the criteria for these ratings categories in order to provide more meaningful assessments of both individual credit exposures and, ultimately, their overall risk profile. The clarity and transparency of the ratings criteria will be critical to ensuring that ratings are assigned in a disciplined and reliable manner.

b. Controls over the rating system

Of course, a ratings system is useless without the necessary system of checks and balances, or control structure, which is the second area I will discuss as needing banks' attention. Banks must have the proper controls in place to ensure that the rating system is performing as intended, and that its ratings are accurate - that is, that a "5" rating really is a "5" and that a "7" really is a "7." There are at least three major structural elements that are necessary in any good ratings system control structure:
  • The first is independence in the process of assigning ratings; the people assigning ratings (and even approving loans) should be independent of the marketing department and revenue producers.
  • A second check is having a subsequent review of ratings by an independent review group. This group is charged with reviewing ratings after the fact -- that is, after origination --- for accuracy, timeliness and consistency. Moreover, both the ratings system and individual ratings should be subject to review by the internal audit department.
  • A third and final critical element is transparency in the ratings process. Here, what we would expect is that the ratings criteria are objective, and that the bank has in place policies and procedures that clearly document the rationale for each ratings category. The more transparent the process is, the easier it is for a third party to audit the ratings through some form of replication of the analysis.

These three elements -- independence of the ratings process, internal review of those ratings, and transparency -- all contribute toward stronger controls over the ratings process. Such controls over the risk ratings process must be complemented by the collection of good data on which to base those ratings, which is the third area of focus for banks.

c. Data requirements and validation

Clearly, a system is only as good as the inputs that go into it. Accordingly, banks using the IRB approach will need to be able to measure the key statistical drivers of credit risk. I would emphasize that the Basel Committee clearly recognizes that there is more than one way to accomplish this purpose. The minimum Basel standards provide banks with the flexibility to rely on data derived from experience, or from external sources, as long as the bank can demonstrate the relevance of the external data to its own exposures. Regardless of source, high quality data are critical for formulating meaningful internal risk assessments. From a broader risk management perspective, access to such data will enable a bank to evaluate the performance of its internal rating and risk estimation systems in a consistent and meaningful manner.

The Basel standards outline the data history banks will need in order to use the IRB approach. The Committee recognizes that banks may not currently have all of the required information on hand. For this reason we have continued to engage market participants in a dialogue on this issue. As implementation of the New Accord approaches, we encourage banks to consider their data needs very seriously and to comprehend fully the techniques they will need to use to derive appropriate estimates of loss based on those data. In practical terms, banks will be expected to have in place -- or be actively developing -- a data "warehouse". By data warehouse, I mean a process that enables a bank to collect, to store, and to draw upon loss statistics in an efficient manner over time.

d. Corporate governance

The design, controls, and data that figure into a risk rating system must all be developed within the framework of good overall corporate governance, which is the fourth area of focus for banks that I'll mention today. The involvement of senior management and directors will be critical to the successful implementation of the New Accord. This will be particularly true for those banks seeking to adopt the more advanced approaches to calculating regulatory capital.

As a bank's capital requirements draw increasingly on firm-specific performance and systems, there will be a need for its board of directors and senior management to gain a deeper understanding of the conceptual underpinnings, and even operational mechanics, of a bank's internal rating systems and the measures of risk derived from them.

Senior management, and, to a significant extent, the board of directors, will have to have a good understanding of various key elements of the organization's ratings process --- the design of the rating system, the methods of assigning and reviewing ratings, the process of developing and using the necessary data, the approach to developing reliable quantitative estimates, and ultimately the consistency of the system with Basel standards. Understanding these various elements will be important in assessing the appropriateness and reliability of the measures of credit risk that are developed --- measures that are in turn needed for senior management and the board to make more informed strategic decisions.

Operational risk is another area where the Basel Committee has developed a new regulatory capital approach. In this area, as with credit risk, the Committee not only attempts to build on banks' rapidly developing internal assessment techniques, but seeks to provide incentives for banks to improve those techniques, and more broadly, their management of risk, over time. This is particularly true of the Advanced Measurement Approaches to Operational Risk, or AMA.

Under the AMA, banks would be able to use their internal methodologies to assess their exposure to operational risk --- subject to a series of qualitative and quantitative supervisory parameters that are intended to ensure that the approach used is comprehensive and that it is implemented with integrity. Moreover, the AMA is intended to be sufficiently flexible so as to accommodate the rapid evolution in operational risk management practices we expect to see over the coming years.

The primary criteria of the AMA could be summarized as falling into three broad areas: first, the development of strong corporate operational risk governance and management structures --- structures that include business line integration into a firm-wide process; second, the incorporation of qualitative factors such as control self-assessments into the overall capital measurement process; and finally, loss data quantification, which includes scenario analysis.

Our review of those major U.S. banks that intend to adopt the AMA indicates they are clearly in various stages of preparation. However, most of these institutions already have in place, or are well along towards establishing, a corporate level operational risk management function, with firm-wide policies for managing and assessing this risk. Moreover, many firms already have in place good, and improving, firm-wide control self-assessment methodologies. Finally, an increasing number of banks are now turning their attention to collecting internal loss data in a consistent manner across the firm. Some have already been collecting such data for a year or two and some have been particularly effective at mining their existing historical loss experience for certain risk types.

A few leading institutions have made real progress in pulling all this together --- by piloting operational risk quantification methodologies that combine the quantitative and qualitative elements of the AMA into an overall economic capital assessment for operational risk.

While there is much work still to be done at many institutions, those banks that have obtained senior management buy-in to embark on this approach have been able to move ahead fairly rapidly. In addition, these institutions have found significant value in the process of rolling out such a framework. The benefits include greater risk transparency within the firm, greater cost efficiency, and ultimately, less exposure to large losses, both in terms of dollars and additional reputational knock-on effects.

Challenges for supervisors

I've focused on the challenges banks will confront in implementing the new Accord. Let me now spend a few moments discussing how our supervisory approach is also likely to evolve over time. Naturally, allowing banks to rely on internal models in determining their capital requirements has led, and will continue to lead, to changes in our supervisory process. Fortunately, we do have some experience on which to draw.

In 1996, under the "market risk amendment" to the original Basel Accord, qualifying banks with large market risk positions were first permitted to incorporate internal estimates of the associated risk in their regulatory capital requirements. When determining whether a bank may rely on its market risk model for capital purposes, our examiners have had to evaluate the technical underpinnings of the model, as well as the risk management and control processes surrounding its implementation and use. They review such issues as whether the model is based on reasonable assumptions, whether the firm is making appropriate use of backtesting, and how the model performs under normal and stressed market conditions. In addition, they are spending significant time on key controls related to the overall use of models, including the model validation process and the new product approval process.

Likewise, as banks rely increasingly on their own assessments of credit and operational risk when determining their capital needs, our examiners will have to become well-versed in the changing technical aspects of those models. Some of the conventional, static metrics that we now use -- for example, on the credit risk side, those to judge asset quality and to assess the adequacy of credit loss reserves -- are likely to be supplanted by more sophisticated quantitative measures.

As is the case with credit risk, we are in the process of developing a more integrated framework for assessing the adequacy of banks' operational risk management and measurement approaches. We are focusing heavily on how banks are managing operational risk from a corporate-wide perspective. We begin by developing a feeling for the "tone at the top" - that is, the board of directors' and senior management's commitment to effectively manage its operational risk. Then we assess whether that commitment translates into an effective operational risk management and control structure - including the quality of management reporting, and the degree of integration of operational risk into a bank's overall risk management approach.

Our analysis includes banks' assessments of their economic capital requirements for operational risk, and how this capital is allocated to business lines to reinforce efforts to improve internal controls. With respect to those specific business lines, we are increasingly looking to drill down to test key controls. The aim is to ensure that the internal processes in place are in fact working and are effective in mitigating relevant risks.

Without question, it will be important to devote the necessary supervisory resources -- in terms of skilled personnel, technical training, and a targeted strategy -- to these new supervisory efforts. In this regard, the Basel Committee anticipates providing much assistance, both formally and informally, to supervisory agencies around the world that are preparing for the added responsibilities we will all assume as the New Accord comes into force.

Moreover, I am pleased to note that the Financial Stability Institute (or FSI) will continue its collaboration with the Basel Committee, especially in assisting supervisors globally in understanding and implementing all aspects of the revised Accord. The FSI anticipates that more than half of its 50 seminars and programs this year will concentrate on components of Basel II. In fact, shortly after the release of the final consultative package later this spring, the FSI intends to offer three special seminars around the world to introduce other supervisors to the most important features of the new framework.

Next Steps in Finalizing the New Accord

Most of my remarks today have been centered on implementation of the new framework. I'd like to conclude by spending a few moments discussing where we are in the process to finalize the New Accord.

As I mentioned, the Committee has just finished gathering data from the industry through its third impact study. The aim of the study was to collect and to analyze information from banks worldwide regarding the capital impact of the new proposals on their existing portfolios. The results are under review and will help us to determine whether any adjustments will be needed prior to release of the final consultative package. That final consultative paper will be issued by early May. Our goal continues to be to have a final Accord agreed to by the fourth quarter of this year.

In closing, I want to emphasize that effective supervision of modern banking organizations will necessarily entail a closer and more cooperative partnership between industry participants and official supervisors. The industry's participation in the formulation of a more risk-sensitive capital adequacy framework is a good example of this kind of constructive interaction. Indeed, the three pillars of the proposed framework reflect the understanding that regulatory requirements alone are no longer sufficient to address the growing complexity of banks' activities and the associated risks. Consistent with this notion is the need for effective corporate governance, which plays an increasingly important role in a rapidly evolving banking environment.

It is clear to me that only if the industry and supervisors work together -- each meeting our responsibilities and reinforcing the other -- will we be able to successfully manage and supervise a modern financial system. While perspectives may differ from time to time, our objective is the same - to maintain a strong and vibrant financial system over the long term.

Thank you very much.