Webtrends Tracking Code
 
UK Home >  Legal Info About... >  Financial Services >  Basel II: An introduction to the Capital Adequacy Accord and the Capital Requirements Directive

Basel II: An introduction to the Capital Adequacy Accord and the Capital Requirements Directive

This guide is based on an international agreement. It was written in February 2006.

Background

Capital requirements rules state that credit institutions, like banks and building societies, must at all times maintain a minimum amount of financial capital, in order to cover the risks to which they are exposed. The aim is to ensure the financial soundness of such institutions, to maintain customer confidence in the solvency of the institutions, to ensure the stability of the financial system at large, and to protect depositors against losses.

The Basel Committee on Banking Supervision was established at the end of 1974 to provide a forum for banking supervisory matters. The Basel Committee is made up of senior officials responsible for banking supervision or financial stability issues in central banks and other authorities in charge of the prudential supervision of banking businesses. Members of the Basel Committee come from Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Spain, Sweden, Switzerland, the UK and the US.

Although the Basel Committee is not a formal regulatory authority in itself, it has great influence over the supervising authorities in many countries. The hope is that by agreeing basic goals, the Committee can achieve common approaches and common standards across many member countries, without attempting detailed harmonisation of each member country's supervisory techniques.

In 1988, recognising the emergence of larger more global financial services companies, the Committee introduced the Basel Capital Accord (Basel I). This sought to strengthen the soundness and stability of the international banking system by requiring higher capital ratios.

Since 1988, the framework contained in Basel I has been progressively introduced not only in member countries but also in virtually all other countries with active international banks. In June 1999, the Committee issued a proposal for a new Capital Adequacy Framework to replace Basel I. Following extensive communication with banks and industry groups, the revised framework was issued on 26th June 2004 and is known as Basel II.

Basel II basics

The objective of Basel II is to modernise the existing capital requirements framework to make it more comprehensive and risk-sensitive, taking account of many modern financial institutions' thorough risk management practices.

The Basel II framework is therefore more sensitive to the real risks that firms face. As well as looking at financial figures, such as how much money the firm controls, it also considers operational risks, such as the risk of systems breaking down or people doing the wrong things.

It reflects improvements in firms' risk management practices, for example by the introduction of the internal ratings based approach ( IRB ). The IRB approach allows firms to rely to a certain extent on their own estimates of credit risk. It also introduced the Advanced Measurement Approach ( AMA ) which allows firms to take account of their operational risks in assessing capital adequacy.

A key aspect of the new framework is its flexibility. It provides institutions with the opportunity to adopt the approaches most appropriate to their situation and to the sophistication of their risk management.

The Basel II framework consists of three 'pillars':

  • Pillar 1 sets out the minimum capital requirements firms will be required to meet to cover credit, market and operational risk.
  • The rules under Pillar 2 create a new supervisory review process. This requires financial institutions to have their own internal processes to assess their capital needs and appoint supervisors to evaluate an institutions’ overall risk profile, to ensure that they hold adequate capital.
  • The aim of Pillar 3 is to improve market discipline by requiring firms to publish certain details of their risks, capital and risk management.

Basel II and the Capital Requirements Directive

Basel II applies to internationally-active banks. In the European Union, the new capital requirements framework is being implemented through the Capital Requirements Directive ( CRD ). The CRD will directly affect certain types of investment firms and all deposit-takers (including banks and building societies), except credit unions.

The framework under the CRD reflects the flexible structure and the major components of Basel II. It has been based on the three 'pillars', but has been tailored to the specific features of the EU market. Member States must apply the Directive from the start of 2007, but the more sophisticated risk measurement approaches won't be available until 2008. The CRD is not a stand-alone directive, rather it implements the new framework by making significant changes to two existing directives: the Banking Consolidation Directive and the Capital Adequacy Directive, both of which were based on Basel I.

In the UK , the Financial Services Authority ( FSA ) is working with the Basel Committee, the EU and the banking industry to develop its policies for implementing the new capital adequacy framework via the Capital Requirements Directive.

Measuring operational risk

One of the key changes in Basel II is the addition of an operational risk measurement to the calculation of minimum capital requirements. This has been included in the CRD . Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, such as exposure to fines, penalties and private settlements. It does not, however, include strategic or reputational risk.

In February 2003, the Basel Committee published guidance on the Sound Practices for the Management and Supervision of Operational Risk (20-page / 101KB PDF). In this guidance, the Committee recognised that developing banking practices and the growing sophistication of financial technology meant that banks were facing new and more complex risks other than credit and market risk.

For example, the greater use of more highly automated technology and a greater reliance on globally integrated systems transforms risks from manual processing errors to system failure. The growth of e-commerce brings risks such as internal and external fraud and system security issues. The emergence of banks acting as large-volume service providers creates the need for continual maintenance of high-grade internal controls and back-up systems. The growing use of outsourcing arrangements and the participation in clearing and settlement systems can mitigate some risks but can also present significant other risks to banks. The Committee listed a number of operational risk events which were identified (with co-operation from the industry) as having the potential to result in substantial losses:

  • Internal fraud – for example, intentional misreporting of positions, employee theft, and insider trading on an employee’s own account.
  • External fraud – for example, robbery, forgery, cheque kiting, and damage from computer hacking.
  • Employment practices and workplace safety – for example, workers compensation claims, violation of employee health and safety rules, organised labour activities and discrimination claims.
  • Clients, products and business practices – for example, misuse of confidential customer information, improper trading activities on the bank’s account, money laundering, and sale of unauthorised products.
  • Damage to physical assets – for example, terrorism, vandalism, earthquakes, fires and floods.
  • Business disruption and system failures – for example, hardware and software failures, telecommunication problems, and power failures.
  • Execution, delivery and process management – for example, data entry errors, incomplete legal documentation and unapproved access given to client accounts.

Three approaches for calculating capital adequacy

In calculating operational risk capital charges, Basel II and the CRD set out three different methods which may be adopted:

  • The Basic Indicator Approach
  • The Standardised Approach
  • The Advanced Measurement Approach

The Basic Indicator Approach is the simplest of the three approaches, and will be the default option for most firms. It applies a relatively straightforward calculation based on the firms' income to determine its capital requirements.

The Standardised Approach again relies on calculations based on income, but with different percentages applying across different business lines. To be able to take advantage of the Standardised Approach firms will have to meet certain qualifying criteria.

The Advanced Measurement Approach is the most complicated of the three options. Under this approach, each firm calculates it own capital requirements, by developing and applying its own internal risk measurement system. As with the Standardised Approach the firm must meet certain qualifying criteria, and the risk measurement system must be validated by the FSA before it will be allowed to take advantage of the AMA.

The Advanced Measurement Approach

In its consultation paper Strengthening Capital Standards, the FSA stated that given the "potential reduction in capital for firms that qualify for the … AMA , we will be looking for evidence that carefully thought-through plans for improving systems in such firms will deliver high standards of risk management and monitoring".

In addition to the general risk management standards which firms employ, a firm must meet certain qualifying criteria to use the AMA :

  • The firm's internal operational risk measurement system must be closely integrated into its day-to-day risk management processes. The FSA will be looking, for example, at whether the purpose and the use of the risk management system is limited to determining regulatory capital and whether the use of the system provides tangible benefits to the organisation.
  • There must be regular reporting of operational risk exposures and loss experience, and the firm must have procedures for taking appropriate corrective action.
  • The firm's risk management system must be well documented. The firm should have routines in place for ensuring compliance and policies for the treatment of non-compliance.
  • The operational risk management processes and measurement systems shall be subject to regular reviews performed by internal and/or external auditors.
  • The FSA is required to validate the operational risk measurement system including verifying that the internal validation processes operate in a satisfactory manner and ensuring that data flows and processes associated with the risk measurement system are transparent and accessible.
  • The FSA requires each firm to show that it has a credible risk management system. It must show that the assumptions, techniques and practices used are appropriate and relevant to managing operational risk in the business. The firm should also be able to show how the individual parts (whether inputs or outputs) of the risk management system are used in the management of operational risk. A firm must be able to demonstrate that data inputs are accurate, reliable and credible and that the firm's validation techniques are robust.
  • The operational risk management system should include the following elements: internal loss data; external data; scenario analysis (to evaluate the firm's exposure to high severity risk events); and key business environment and internal control factors (that could change the firm's operational risk profile). The FSA has said that while firms must consider all four elements, they do not necessarily have to consider each in the same way or to give them equal weight, provided that the firm can justify its approach.

General Risk Management Standards

It is sometimes too easy to concentrate on the operational risk standards which apply if firms want to benefit from the AMA . However, the CRD requires firms to have robust governance arrangements for all risks including operational risks. These should include:

  • a clear organisational structure with well defined, transparent and consistent lines of responsibility;
  • effective processes to identify, manage, monitor and report the risks it is or might be exposed to; and
  • adequate internal control mechanisms, including sound administrative and accounting procedures.

The content of these arrangements, processes and mechanisms must be comprehensive and proportionate to the nature, scale and complexity of the firms' activities.

The CRD also requires that firms should have sound, effective and complete strategies and processes to assess and maintain on an ongoing basis the amounts, types and distribution of internal capital that they consider adequate to cover the nature and level of the risks to which they are or might be exposed. These strategies and process should be subject to regular internal review to ensure they remain comprehensive and proportionate to the nature, scale and complexity of the firms' activities.

See: Basel II documents (at BIS.org)

Contact: John Salmon (Glasgow, 0141 248 4858) or Struan Robertson (Glasgow, 0141 249 5422)

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.