|
|
|
|
|
|
Basel ii Accord
Sections 719 to 742 |
|
Part 3: The
Second Pillar — Supervisory Review Process
719. This section discusses the key principles
of supervisory review, risk management
guidance and supervisory transparency and
accountability produced by the Committee with
respect to banking risks, including guidance
relating to, among other things, the treatment
of interest rate risk in the banking book,
credit risk (stress testing, definition of
default, residual risk, and credit
concentration risk), operational risk,
enhanced cross-border communication and
cooperation, and securitisation.
I. Importance of supervisory review
720. The supervisory review process of the
Framework is intended not only to ensure
that banks have adequate capital to support
all the risks in their business, but also to
encourage banks to develop and use better risk
management techniques in monitoring and
managing their risks.
721. The supervisory review process recognises
the responsibility of bank management
in developing an internal capital assessment
process and setting capital targets that are
commensurate with the bank’s risk profile and
control environment. In the Framework, bank
management continues to bear responsibility
for ensuring that the bank has adequate
capital to support its risks beyond the core
minimum requirements.
722. Supervisors are expected to evaluate how
well banks are assessing their capital
needs relative to their risks and to
intervene, where appropriate. This interaction
is intended
to foster an active dialogue between banks and
supervisors such that when deficiencies are
identified, prompt and decisive action can be
taken to reduce risk or restore capital.
Accordingly, supervisors may wish to adopt an
approach to focus more intensely on those
banks with risk profiles or operational
experience that warrants such attention.
723. The Committee recognises the relationship
that exists between the amount of
capital held by the bank against its risks and
the strength and effectiveness of the bank’s
risk
management and internal control processes.
However, increased capital should not be
viewed as the only option for addressing
increased risks confronting the bank.
Other means for addressing risk, such as
strengthening risk management, applying
internal limits, strengthening the level of
provisions and reserves, and improving
internal controls, must also be considered.
Furthermore, capital should not be regarded as
a substitute for addressing fundamentally
inadequate control or risk management
processes.
724. There are three main areas that might be
particularly suited to treatment under
Pillar 2: risks considered under Pillar 1 that
are not fully captured by the Pillar 1 process
(e.g.
credit concentration risk); those factors not
taken into account by the Pillar 1 process
(e.g.
interest rate risk in the banking book,
business and strategic risk); and factors
external to the bank (e.g. business cycle
effects).
A further important aspect of Pillar 2 is the
assessment of compliance with the minimum
standards and disclosure requirements of the
more advanced methods in Pillar 1, in
particular the IRB framework for credit risk
and the Advanced Measurement Approaches for
operational risk. Supervisors must ensure that
these requirements are being met, both as
qualifying criteria and on a continuing basis.
II. Four key principles of supervisory review
725. The Committee has identified four key
principles of supervisory review, which
complement those outlined in the extensive
supervisory guidance that has been developed
by the Committee, the keystone of which is the
Core Principles for Effective Banking
Supervision and the Core Principles
Methodology. (116) A list of the
specific guidance relating to the management
of banking risks is provided at the end of
this Part of the Framework.
(116) Core Principles for Effective Banking
Supervision, Basel Committee on Banking
Supervision (September 1997), and Core
Principles Methodology, Basel Committee on
Banking Supervision (October 1999).
Principle 1: Banks should have a process for
assessing their overall capital adequacy
in relation to their risk profile and a
strategy for maintaining their capital levels.
726. Banks must be able to demonstrate that
chosen internal capital targets are well
founded and that these targets are consistent
with their overall risk profile and current
operating environment. In assessing capital
adequacy, bank management needs to be
mindful of the particular stage of the
business cycle in which the bank is operating.
Rigorous, forward-looking stress testing that
identifies possible events or changes in
market conditions that could adversely impact
the bank should be performed. Bank management
clearly bears primary responsibility for
ensuring that the bank has adequate capital to
support its risks.
727. The five main features of a rigorous
process are as follows:
•
Board and
senior management oversight;
•
Sound capital
assessment;
•
Comprehensive
assessment of risks;
•
Monitoring
and reporting; and
•
Internal
control review.
1. Board and senior management oversight (117)
(117) This section of
the paper refers to a management structure
composed of a board of directors and senior
management. The Committee is aware that there
are significant differences in legislative and
regulatory frameworks across countries as
regards the functions of the board of
directors and senior management.
In some countries, the
board has the main, if not exclusive, function
of supervising the executive body (senior
management, general management) so as to
ensure that the latter fulfils its tasks. For
this reason, in some cases, it is known as a
supervisory board. This means that the board
has no executive functions.
In other countries, by
contrast, the board has a broader competence
in that it lays down the general framework for
the management of the bank. Owing to these
differences, the notions of the board of
directors and senior management are used in
this section not to identify legal constructs
but rather to label two decision-making
functions within a bank.
728. A sound risk management process is the
foundation for an effective assessment of
the adequacy of a bank’s capital position.
Bank management is responsible for
understanding the nature and level of risk
being taken by the bank and how this risk
relates
to adequate capital levels. It is also
responsible for ensuring that the formality
and
sophistication of the risk management
processes are appropriate in light of the risk
profile
and business plan.
729. The analysis of a bank’s current and
future capital requirements in relation to its
strategic objectives is a vital element of the
strategic planning process. The strategic plan
should clearly outline the bank’s capital
needs, anticipated capital expenditures,
desirable
capital level, and external capital sources.
Senior management and the board should view
capital planning as a crucial element in being
able to achieve its desired strategic
objectives.
730. The bank’s board of directors has
responsibility for setting the bank’s
tolerance for
risks. It should also ensure that management
establishes a framework for assessing the
various risks, develops a system to relate
risk to the bank’s capital level, and
establishes a
method for monitoring compliance with internal
policies. It is likewise important that the
board of directors adopts and supports strong
internal controls and written policies and
procedures and ensures that management
effectively communicates these throughout the
organisation.
2. Sound capital assessment
731. Fundamental elements of sound capital
assessment include:
•
Policies and
procedures designed to ensure that the bank
identifies, measures, and
reports all material risks;
•
A process
that relates capital to the level of risk;
•
A process
that states capital adequacy goals with
respect to risk, taking account of
the bank’s strategic focus and business plan;
and
•
A process of
internal controls, reviews and audit to ensure
the integrity of the overall
management process.
3. Comprehensive assessment of risks
732. All material risks faced by the bank
should be addressed in the capital assessment
process. While the Committee recognises that
not all risks can be measured precisely, a
process should be developed to estimate risks.
Therefore, the following risk exposures,
which by no means constitute a comprehensive
list of all risks, should be considered.
733. Credit risk: Banks should have
methodologies that enable them to assess the
credit risk involved in exposures to
individual borrowers or counterparties as well
as at the
portfolio level. For more sophisticated banks,
the credit review assessment of capital
adequacy, at a minimum, should cover four
areas: risk rating systems, portfolio
analysis/aggregation, securitisation/complex
credit derivatives, and large exposures and
risk concentrations.
734. Internal risk ratings are an important
tool in monitoring credit risk. Internal risk
ratings should be adequate to support the
identification and measurement of risk from
all
credit exposures, and should be integrated
into an institution’s overall analysis of
credit risk
and capital adequacy. The ratings system
should provide detailed ratings for all
assets, not
only for criticised or problem assets. Loan
loss reserves should be included in the credit
risk
assessment for capital adequacy.
735. The analysis of credit risk should
adequately identify any weaknesses at the
portfolio level, including any concentrations
of risk. It should also adequately take into
consideration the risks involved in managing
credit concentrations and other portfolio
issues
through such mechanisms as securitisation
programmes and complex credit derivatives.
Further, the analysis of counterparty credit
risk should include consideration of public
evaluation of the supervisor’s compliance with
the Core Principles for Effective Banking
Supervision.
736. Operational risk:
The Committee believes that similar
rigour should be applied to
the management of operational risk, as is done
for the management of other significant
banking risks. The failure to properly manage
operational risk can result in a misstatement
of an institution’s risk/return profile and
expose the institution to significant losses.
737. A bank should develop a framework for
managing operational risk and evaluate the
adequacy of capital given this framework. The
framework should cover the bank’s appetite
and tolerance for operational risk, as
specified through the policies for managing
this risk,
including the extent and manner in which
operational risk is transferred outside the
bank. It
should also include policies outlining the
bank’s approach to identifying, assessing,
monitoring and controlling/mitigating the
risk.
738. Market risk:
Banks should have methodologies that enable
them to assess and
actively manage all material market risks,
wherever they arise, at position, desk,
business
line and firm-wide level. For more
sophisticated banks, their assessment of
internal capital
adequacy for market risk, at a minimum, should
be based on both VaR modelling and stress
testing, including an assessment of
concentration risk and the assessment of
illiquidity under stressful market scenarios,
although all firms’ assessments should include
stress testing appropriate to their trading
activity.
738 (i). VaR is an important tool in
monitoring aggregate market risk exposures and
provides a common metric for comparing the
risk being run by different desks and business
lines. A bank’s VaR model should be adequate
to identify and measure risks arising from all
its trading activities and should be
integrated into the bank’s overall internal
capital
assessment as well as subject to rigorous
on-going validation. A VaR model estimates
should be sensitive to changes in the trading
book risk profile.
738 (ii). Banks must supplement their VaR
model with stress tests (factor shocks or
integrated scenarios whether historic or
hypothetical) and other appropriate risk
management techniques.
In the bank’s internal capital assessment it
must demonstrate that it has enough
capital to not only meet the minimum capital
requirements but also to withstand a range of
severe but plausible market shocks. In
particular, it must factor in, where
appropriate:
•
Illiquidity/gapping of prices;
•
Concentrated
positions (in relation to market turnover);
•
One-way
markets;
•
Non-linear
products/deep out-of-the money positions;
•
Events and
jumps-to-defaults;
•
Significant
shifts in correlations;
•
Other risks
that may not be captured appropriately in VaR
(e.g. recovery
rate uncertainty, implied correlations, or
skew risk).
The stress tests applied by a bank and, in
particular, the calibration of those tests
(e.g. the
parameters of the shocks or types of events
considered) should be reconciled back to a
clear
statement setting out the premise upon which
the bank’s internal capital assessment is
based (e.g. ensuring there is adequate capital
to manage the traded portfolios within stated
limits through what may be a prolonged period
of market stress and illiquidity, or that
there is adequate capital to ensure that, over
a given time horizon to a specified confidence
level, all positions can be liquidated or the
risk hedged in an orderly fashion).
The market shocks applied in the tests must
reflect the nature of portfolios and the time
it could take to hedge out or manage risks
under severe market conditions.
738 (iii). Concentration risk should be
pro-actively managed and assessed by firms and
concentrated positions should be routinely
reported to senior management.
738 (iv). Banks should design their risk
management systems, including the VaR
methodology and stress tests, to properly
measure the material risks in instruments they
trade as well as the trading strategies they
pursue. As their instruments and trading
strategies change, the VaR methodologies and
stress tests should also evolve to
accommodate the changes.
738 (v). Banks must demonstrate how they
combine their risk measurement approaches to
arrive at the overall internal capital for
market risk.
739. Interest rate risk in the banking book:
The measurement process should include
all material interest rate positions of the
bank and consider all relevant repricing and
maturity data. Such information will generally
include current balance and contractual rate
of interest associated with the instruments
and portfolios, principal payments, interest
reset dates, maturities, the rate index used
for repricing, and contractual interest rate
ceilings or floors for adjustable-rate items.
The system should also have well-documented
assumptions and techniques.
740. Regardless of the type and level of
complexity of the measurement system used,
bank management should ensure the adequacy and
completeness of the system. Because
the quality and reliability of the measurement
system is largely dependent on the quality of
the data and various assumptions used in the
model, management should give particular
attention to these items.
741. Liquidity risk: Liquidity is crucial to
the ongoing viability of any banking
organisation. Banks’ capital positions can
have an effect on their ability to obtain
liquidity,
especially in a crisis. Each bank must have
adequate systems for measuring, monitoring and
controlling liquidity risk. Banks should
evaluate the adequacy of capital given their
own
liquidity profile and the liquidity of the
markets in which they operate.
742. Other risks: Although the Committee
recognises that ‘other’ risks, such as
reputational and strategic risk, are not
easily measurable, it expects industry to
further
develop techniques for managing all aspects of
these risks.
|
| | | |
|
Sarbanes Oxley
Training
Courses
designed to provide with the knowledge and skills needed to understand and
support Sarbanes-Oxley compliance.
www.sarbanes-oxley-training.com
Basel ii
Training
Courses
designed to provide with the knowledge and skills needed to understand and
support Basel ii compliance.
www.basel-ii-training.com
Sarbanes Oxley
Act
Sarbanes
Oxley Compliance: Books, Software, Certification, Training and
Resources.
www.sarbanes-oxley-act.biz
Basel ii Accord
Basel ii
Compliance: Books, Software, Certification, Training and
Resources
http://www.basel-ii-accord.com/
Compliance Training
Sarbanes
Oxley, Basel ii, Data Protection Directive, Information Security
Training
www.compliance-training.net
|
|