Basel 2 the application in internal control and the consideration of thinking outside the box.doc

university of southampton mang 6020 financial risk management msc international banking and financial studies msc financial risk managementbasel 2: the application in internal control and the consideration of thinking outside the boxword count: 299114/04/2008bymeijie dunan zhangxuejian jiaying wangintroduction with the development of economics, the supervision of banks and financial institutions are facing more problems. in order to hold the initiatives of the supervision, banks want to improve the system of internal controls which are considered as critical components of management and bases for the safety of operations. under a strong system, banks are easier to meet their goals and objectives, and achieve their long-term profitability targets, then maintain their reliable financial and managerial reporting (basle committee on banking supervision 1998). basel ii accord, as a tool of risk management, is commonly used by various banks and institutions. this essay explores the above issue from a number of perspectives. first, it describes and analyzes basel ii quantitatively and qualitatively. then, some benefits and costs of the basel ii are discussed. at last, some extreme events which are considered as outside the box are classified into two different categories: one is which can be measured by stress testing; another is beyond the extent of stress testing.1 the analysis of basel ii with quantitative and qualitative methodthe basel ii accord aims at levelling the playing-field of international banks and stabilising international banking system, so as to promote the soundness and efficiency of the global financial market. (ferguson, 2003) as what hull (2006, pp. 178-179) shows, the basel ii is established on a three pillar structure. 1.1 pillar 1pillar 1 is minimum capital requirement, which stipulates that banks should hold a certain amount of regulatory capital to provide liquidity and cushion against possible future losses. the equation of the cooke ratio is tier 1 capital + tier 2 capitalcredit risk rwa+market risk rwa+operational risk rwa 8% tier 1 capital credit risk rwa+market risk rwa+operational risk rwa 4%wheretier 1 capital = equity + reservestier 2 capital = revaluations + undisclosed profits + soft debt + general provisionsrwa is risk weighted assetssource: marrison (2007, pp. 342-343) by introducing minimum capital asset requirements (cars), basel accord provides incentives for banks to handle their risk prudently (chiuri et al. 2001). 1.1.1 quantifying credit riskas hull (2006, pp. 170-183) noted, there are two approaches in basel ii that can be used to calculate credit rwa. for small and less sophisticated banks, standardised approach is to be chosen, whereby on balance sheet assets and off-balance sheet (obs) activities are divided into several risk categories (please refer to appendix 1 for the risk weights). by assuming a credit equivalent amount which converts obs to on balance sheet items, the total amount of the two in each risk categories is multiplied by its corresponding risk weight to determine the rwa: rwa= i=1nwili+ j=1nwj*cj cj = max(vj,0)+ajlj wherewi = risk weight for on balance sheet asset number iwj = risk weight for obs number jli = principal of on balance sheet asset number ilj = principal of obs number jvj = value of obs number jaj = add-on factoralternatively, for banks that are sophisticated enough, irb approach can used to calculate credit risk asset charge (please refer to appendix 2 for its calculation).1.1.2 quantifying market riskthere are two ways for banks to calculate market risk asset: the standardised model which has a similar calculation mechanism as the standardised approach of quantifying credit risk, and the internal risk management model (irmm). lucas (2001) shows that banks can compute value at risk (var) using irmm to quantify market risk. the parameters of var are 10 days time horizon, 99% confidence level, and 1 year of historical data updated quarterly. the equation for the market risk charge (mrc) is mrct = k60maxi=160vart-i,vart-1+ srct (k 3)wheresrc = specific risk chargesource: allen et al (2004)in addition, as peura and jokivuolle (2003) reveal, banks under the basel regime are required to conduct a stress-testing to determine the sufficiency of regulatory capital against stress loss caused by low probability extreme events.1.1.3 operational riskoperational risk is defined as the probability of potential losses caused by a failure of internal business and control processes (banks and dunn 2003, pp. 16-22). as illustrated by myriad examples in history, failure to manage operational risk could result in severe aftermath, even lead to insolvency. for instance, krnert (2003) has adduced the collapse of barings bank in 1995 to show the catastrophic consequence that could be caused by negligence of operational risk. the case of baring bank (please refer to appendix 4 for its calculation) can be learnt is that banks must take meticulous care of operational risk and enhance the management of it. (allen, 2003, pp. 55-56)in the same way as it did in credit risk and market risk, by ways of quantitative analyses, the basel committee has set a capital charge for operational risk, juxtaposed with that of the other two risks. according to marrison (2007, p. 367), three approaches can be used in basel ii accord to calculate operational risk capital charge, namely the basic indicator approach, the standardised approach, and the internal measurement approach. (please refer to appendix 3 for the calculation of these approaches) the objective is to encourage banks to pay closer attention on their operational risk, which would inevitably promote better practice of practitioners. however, herring (2002) argues that the nature of operational risk diverges radically from that of the other two risks. for market risk and credit risk, there is a positive correlation between positions been taken and risks incurred. therefore risk sensitive capital requirements for these risks restrain banks from taking larger positions, which would expose them to greater risk and result in a larger amount of capital charge. whereas, as herring (2002) points out, taking more operational risk does not necessarily yield more gain, as it is merely a downside risk. there is no additional option value of deposit insurance for the increase of operational risk. this idiosyncrasy determines that a minimum capital requirement may not be the most appropriate and effective way to provide banks with an incentive to reduce and manage their operational risk.1.2 pillar 2according to basel committee, supervisory review (pillar 2) is based on four key principles (hull 2007, pp. 189-190). (please refer to appendix 5 for the four key principles of pillar 2) during their execution of pillar 2, supervisors are encouraged to focus on some key risks such as interest rate risk, credit risk and operational risk. at this stage, pillar 2 can be seen as a complement to pillar 1, because, as garside and bech (2003) claim, there will be further risk assessment under supervisory review, which is based on the extent to what a banks internal risk measurement tools are used, such as stress tests, default definitions, and so on. the supervisor has the ability to intervene if the risk measurements are considered to be dissatisfied. jorion (2007, p.58) states that pillar 2 gives additional function for bank regulators. supervisors must make sure that banks hold excesses of minimum capital calculated from pillar 1 to deal with risks that are not covered under pillar 1.however, hudson (2003) argues that pillar 2 makes the capital requirement uncertainty, as it entitles supervisors the ability to amend the quantified capital requirement in the pillar 1 with their sensible discretion. this argument is also consistent with gordon-harts view (2004) that although the basel ii is a more sophisticated instrument to deal with risks and the accurate calculation under pillar 1 may enable banks to decrease their capital reserve, supervisors under pillar 2 can use their power to reincrease the capital requirement.in a word, pillar 2 means a more adequate enforcement of prudential regulation, as it assesses the quality of the quantified calculation under pillar 1 (danielsson et al 2001, p. 14).1.3 pillar 3 pillar 3 of basel ii is market discipline, a disclosure requirement for banks (hull 2007, p. 190). its purpose is to allow market participants to evaluate the information of risk assessment procedures and capital adequacy. furthermore, the market discipline can be used to qualify a criterion of disclosure for allowing banks to apply particular methodologies to calculate capital under pillar 1. banks have to decide which information is relevant and material to the pillar 3 disclosure. according to basel committee (2003, p. 155), the information should be disclosed if its omission or misstatement could change or influence the assessment or decision of a user relying on that information. (please refer to appendix 6 for the information that banks should disclose) moreover, bonson-ponte et al (2006) point out that the key object of the market discipline is to increase the confidence of market participants and an empirical study of 54 entities provided by them shows that before the market discipline became obligatory, the degree of transparency was high, especially among the larger entities. this means that the market discipline is accepted and does have some benefits for entities. the issue of whether the benefits of market discipline are greater than the cost involved on entities has been discussed by many academics. the securities and exchange commission (sec, 1998) states that the disclosure of market risks can provide market participants with useful information, which, for example, could enable investors to avoid too risky investments. as for the cost, the report shows that the cost of disclosure found by different companies at that moment was from usd 10,000 to usd 50,000, which is not terribly costly. in conclusion, these three pillars in the basel ii cannot work independently. pillar 1 is a numerical measurement where the risk capital can be quantified, whereas pillar 2 and pillar 3 are the qualitative guarantee which can make sure that the capital requirement is precise. according to decamps et al (2004), pillar 2 and pillar 3 are interdependent. on the one hand, market discipline can limit the regulatory forbearance, because market information can be seen as objective signals that forces supervisors to intervene. on the other hand, they (2004) build a complicated model to show that pillar 3 can work only supervisors are protected from political power.2 the benefit and cost of internal controls with basel iieffective internal controls, for banks, are vital component of their management and bases for the safe and sound operation (basle committee on banking supervision, 1998). it is raised with some accuracy that the adequate internal controls will bring banking organizations high probability to achieve their full earnings potential (bank supervision department central bank of liberia, 2005). compliance with applicable laws and regulations is one of the main objectives of the internal control process (basle committee on banking supervision, 1998). however, there is still a dilemma existing in the compliance objectives, such as what the basel ii shows. first, it is obvious that the compliance with the basel ii can bring, at least, five benefits which would improve the performance of banking industry (garside and bech 2003). (please refer to appendix 7 for more information.) especially, the risk limits, which are defined unequivocally in the basel ii, are so important for banks to obey and monitor risks. as what hull (2007) mentioned, it is shortsighted that risk limits are exceeded just in order to make a profit. orange county is a classic example to illustrate the latent serious result of incompliance (see appendix 8). in contrast, the compliance with the basel ii also goes with many costs. at first, the economic pressures of banks are apparent, especially for the small banks and these who are in an immature market. as gordon-hart (2004) points out, the costs of basel ii are significantly high in terms of both implementation and continuing basis. for example, credit suisse group evaluated its cost for basel 2 at between usd 70 million and usd 100million (gordon-hart, 2004). moreover, banks would lose their flexibility. the higher the risk limits are chosen according to the regulations of the basel ii, the less freedom the front office has in the trades. it means some profit opportunities will be lost. furthermore, innovation and development will be interrupted. due to the fact that limited resources are available, many risk managers will spend a long period of time on interpreting the regulations, implementing the solutions and then justifying the output to supervisors. consequently, little time will be available for innovation and development. (hudson 2003) second, the compliance with laws and regulations is not able to help banks avoiding all risks. the basel ii employs various advanced approaches to monitor risks, such as the stress testing. though it is seemed as an effective supplement to var to measure market risks (hull, 2007), something outside the box still goes wrong. in fact, not all the exposure and risks can be covered by the basel ii, because this regulation, now, is limited by the financial circumstance and needs to be improved in the future.3 the function of stress testingstress-testing is a method to assess the possible impact on portfolio performance under the extreme financial movements (lopez, 2005) which should be considered outside the box. according to committee on the global financial system (cgfs) (2005), stress-testing is designed to be a complement to var, due to its recognition of the potential extreme events that may bring huge losses. as shown in table 1, despite of its low probability of happening, extreme events do exist and could incur stupendous losses. many risk managers and financial regulators frequently conduct stress-testing to avoid risks of such stress losses. (dempster, 2002). in may 2004, the cgfs (2005) announced that stress-testing is undertaken by the banks and other financial institutions as a risk management tool. table 1 stress tests capturing exceptional but plausible eventssource: committee on the global financial system (2005)stress testing, most of which are based on historical or hypothetical events, can be formulated into two categories, namely scenario tests and sensitivity tests. (cgfs, 2005). cgfs (2001) shows that scenario tests can be used to assess the influence of potential market events in the future and sensitivity stress tests are measures based on a specific market risk factor or a few factors related to it. for example, the past interest rate movements are scenario tests while the risk parameter rising 15% is a sensitivity stress test. many supervisors and risk managers choose different types of stress-testing when confronting diverse risk environments. historically, in spite of the tiny probability associated with it, extreme events did transpire occasionally. the financial disaster of the long term capital management (ltcm) served as a typical example happened in 1998, as the hedge fund run by a group of sophisticated, intelligent and informed experts almost went bankrupt. (allen, 2003, p. 63) ltcms main strategy was described by edwards (1999) as fixed income market-neutral arbitrage, whereby it bids on the narrowing of the spread between the emerging markets and markets of developed countries. as jorion (2000) reveals, ltcm analysed its risk using var method, while little recognition is given to the potential stress losses associated with its outstanding positions, thus substantially underestimated the true risks it had taken. allen (2003, pp. 64-70) notes that, as consequence of a serious of stress scenarios, including asian financial crisis and russian debt default, ltcm run out of cash and suffered a debacle as its equity declined dramatically, left the aggravated situation only to be mitigated after a government organised bailout.the case of ltcm sheds light on the fact that, in addition to the minimum capital requirement, certain risk limits should be set up to cope with the extreme events. the utility of stress-testing lies in its exclusive function of evaluating risks of extreme scenarios and possible consequent losses. however, berkowitz (1999) suggests that, the lack of probabilistic structure in stress-testing which entails subjectively chosen scenarios, in conjunction with the fact that the process is not backtested, determines that it is not a airtight risk management tool against any possible stress losses, and managements and regulators should never be heedless to possible extreme events even when stress-testing is conducted. in addition, there are some risks of exceptional events that definitely cannot be evaluated by stress-testing, such as the financial distress that financial institutions came across in september 11, 2001. the extent of the losses caused by this catastrophe became so enormous that it surpassed any of the stress scenarios that could ever be imagined beforehand. that is to say, potential losses would be incurred when implausible scenarios occurred. thus, stress-testing cannot rule out all the extreme risks. ev