Ensuring Success in Basel II

by Mark Connelley

The Basel II Accord is not a once-only requirement but an evolutionary program of risk improvement. Requirements of regulators, business managers, risk managers and finance professionals will evolve. To meet this challenge, it is vital to maintain coordination between business and IT.

In the Spotlight The European Executive Forum on the new Basel Capital Accord View Video Windows Media Player Real Player (Requires Windows Media Player 6.4.7 or higher or RealPlayer 6 or higher)

The impact of the Basel II Accord is being felt at all internationally active banks. Since the Basel Committee published the first draft of the Basel II Accord more than two years ago, we have seen significant developments in the way banks are approaching their Basel II programs. It is generally accepted that Basel II will happen and that the implementation date of 2006 is unlikely to change again. The Quantitative Impact Study 3 (QIS3) appears to have been the major catalyst for this crystallization of sentiment. It is clear that the majority of banks, regardless of size, are aiming for Internal Ratings Based (IRB) accreditation. Yet most believe advanced IRB in its current guise will not release sufficient capital to make the additional infrastructure investment attractive.

However, in the rush to meet these deceptively close deadlines, many banks appear to have forgotten who will be building and maintaining this solution. Surprising as it may seem, we are currently observing a significant disconnect between business/finance and IT across the majority of Basel II programs. To enable IT to deliver this policy-driven technical solution, clear requirements are a must-have, as are robust communication and coordination plans.

If we consider the current status in the program lifecycle for credit risk as illustrated in Exhibit 1, most banks have completed the program analysis phase, and the data analysis phase is well under way. The emphasis is now moving to the implementation of a tactical solution and identifying the target operating model for achieving compliance.

Click on the thumbnail image above to see the larger graphic.

The lack of coordination that we have observed between functions suggests that the business requirements for this target operating model are not being translated into strategic criteria for selecting the appropriate component architecture.

A typical Basel II component technical architecture should consist of the elements illustrated in Exhibit 2.

Click on the thumbnail image above to see the larger graphic.

Many of the architectural components shown above may already be in situ within your firm. But they may need modification to meet Basel II requirements, since credit risk systems are typically siloed by product and business line. If new components are required, we believe that the necessary hardware and base software solutions already exist in the market. However, before selecting your approach, there are three main strategic considerations that you need to bear in mind:

• The accord will continue to evolve, most likely as smaller, iterative modifications rather than the wholesale accord changes witnessed so far. You will need to build enough flexibility into your technical architecture to incorporate these changes and the corresponding technical upgrades as they appear.
• You will need also to consider the integration of your Basel II solution with your existing technical infrastructure and any other major systems implementations that are already planned.
• Finally, as the Basel II program matures into the strategic implementation phase, you will want to ensure that your solution is able to deliver the enhanced benefits that should be derived from Basel II, such as reducing capital requirements and enhancing shareholder value.

Can you truly give a comprehensive answer to the following questions?

• Has your logical data model been validated back to the Basel II Accord and QIS3?
• Do your reporting tools give you insight into the capital calculation as well as performing the required regulatory reports?
• Do you have robust data capture, cleansing and management practices in place?

The Basel II Accord is not a once-only requirement but an evolutionary program of risk improvement. The relevance of your technical solution will be gauged against its ability to keep pace with these changes. Requirements of the regulators, business managers, risk managers and finance professionals will evolve. To meet this challenge, it is vital to maintain coordination between business and IT. The course you set today will determine your ability to meet the challenges yet to come.

So, what are you going to do about operational risk?