Prior to the accord, there was no formally prescribed restriction on how much a bank could lend. In the event of an extreme downturn in the economy, there was significant risk that depositors could lose their investment. Furthermore, the fact that banks often lend to other banks meant that the collapse of one bank could trigger the collapse of others.

The 1988 accord took a relatively unsophisticated view of the risks involved in different types of lending. The Basel Committee is now developing a more risk-sensitive framework in the form of the New Basel Capital Accord (also known as Basel II). After extensive industry research, the Basel Committee issued a document called the Third Consultative Package (CP3) in April 2003. The final document is expected to be published at the end of the year.

The proposals encourage the industry to use more sophisticated risk management methodology and tools. This will strengthen lending, with the incentive of better assessing regulatory capital a bank is required to hold. In effect, the recommendations are promoting what are regarded as best practices in the industry.

The Basel Committee has deliberately left room for interpretation within the accord. This gives latitude to national regulators, to adapt the Basel II proposals to their local environment and for banks to adopt methodologies that best suit their specific business model.

Basel II covers the full spectrum of lending from retail to government loans.

When working to comply with Basel II, the following should be considered:

1. Ensure that all parties have a clear understanding of the requirements.
2. Meet with the national regulator to clarify local nuances.
3.Perform gap analysis to quantify:
• The quality and quantity of existing data;
• Local, external resources and the possible use of pooled data; and
• The appropriateness of the existing internal rating system.
4.Develop the required risk inputs (PD, LGD, and EAD) and define and develop the appropriate implementation mechanisms.
5. Seek approval of the definition from the national regulator.
6. Apply the solution for risk management best practices.
7. Ensure that there is adequate on going monitoring and reporting.

The same elements that are needed for Basel II compliance can be used to deliver more sophisticated strategies, providing real performance benefits over and above simple compliance. Some organizations have already exceeded the recommendations of Basel II, to adopt more sophisticated risk adjusted performance measures (RAPM). This has provided immediate return on investment in solutions needed to become compliant. The following sections of this document provide an overview of the current industry recommendations, issues, and proposed solutions.

Basel Capital Accord

A Brief History

Since 1974, when the Basel Committee on Banking Supervision was established, a series of international standards on banking operations and supervisions have been created. Among those are the International Convergence of Capital Measurement and Capital Standards, commonly referred to as the 1988 Basel Capital Accord, or Basel I.

The 1988 accord established minimum levels of capital in order to strengthen the stability of the banking system as a whole and to enhance competitive equality among internationally active banks. It requires banks to hold regulatory capital equal to at least 8 percent of risk-weighted assets, measured in different ways according to their risk.

The merits of the 1988 accord were widely recognized. During the 1990s, it became an accepted world standard, with well over 100 countries applying the Basel framework to their banking systems.

Since the 1988 accord took a relative unsophisticated view of the risks involved in different types of lending, in June 1999 the Basel Committee released the first revision with a more risk-sensitive framework. They described this proposal as “built on the modern techniques of risk management.” The Second Consultative Package on Basel II was published in January 2001, followed by a Third Consultative Package in April 2003.

Three-Pillar Structure

The proposal is based on three mutually reinforcing pillars that allow banks and supervisors to properly evaluate the various risks encountered:

• Pillar 1 — Minimum capital requirements seeks to ensure that financial institutions hold enough capital to cover their exposure to credit, market, and operational risk.
  
• Pillar 2 — Supervisory review of an institutions’ capital adequacy and internal assessment process, it intends to ensure that banks follow rigorous processes, measure their risk exposures correctly, and have enough capital to cover all risks (including the liquidity and interest rate risks not covered by Pillar 1).
  
• Pillar 3 — Market discipline describes a framework for public disclosure and tries to encourage sound banking practices. Effective disclosure is necessary to ensure that market participants can better understand banks’ risk profiles and the adequacy of their capital positions.

Collectively, the pillars are seen as indispensable to the workings of an effective regulatory capital framework.

Figure 1: Three Basic Pillars

Focus on Retail Credit Risk: The IRB Approach

The Basel Committee’s proposals offer banks three alternatives of increasing sophistication to determine their capital requirements for credit risk: the standardized approach, the foundation IRB approach, and the advanced IRB approach.

Within the retail environment, the foundation IRB approach is not an option and the advanced IRB approach requires significant data capture and retention procedures. Organizations are required to estimate internally all the risk inputs (PD, LGD, EAD) and to have at least five years’ worth of history to allow validation and calibration of resulting models.

Timetable

The enormity of the reform process itself has forced regulators to abandon their initial time frame. The committee now plans to finalize the accord in the fourth quarter of 2003, allowing for implementation of Basel II in each country at year-end 2006. During this three-year period, banks and supervisors are expected to adapt and develop necessary internal rating systems and processes according to the standards of Basel II.

After implementation there will be a transition period, during which any reduction in capital resulting from following the IRB approach will be capped. During this period, national supervisors have been granted greater freedom to interpret the framework in the context of domestic banking.

Achieving Compliance Summary

The proposed framework for Basel II compels supervisors to ensure that banks implement credit-rating techniques that represent their particular risk profile. An added benefit is that banks that strive to meet the final requirements of the Basel II IRB approach will be able to maximize their operational profitability. Specifically, the application of RAPMs to ensure that the banks’ capital is best used to meet their objectives.

The optimal path to compliance lies in the integration of software, analytics, and scoring, with guidance from industry experts. The following section will describe the role that each of these plays in compliance and their availability. For example, some institutions prefer complete independence and control, and for these banks, the solutions can be delivered in-house, where they are managed through the bank’s own technical infrastructure. Additionally, some banks are electing to focus more on their core competencies, and for these banks, solutions are available through a managed service (outsourced) scenario. For smaller portfolios, the Basel II proposal allows for portfolio pooling across organizations, thus enabling statistically robust models to be developed from a large sample and subsequently calibrated for each bank.

Key Solution Components and Success Factors

There are three major areas that are crucial for the development and implementation of a viable Basel II solution. Consulting, scoring, and analytics form key components for the development of the solution and are used in conjunction with software and consulting to implement and manage the solution.

Consulting’s Role in Compliance

While the benefits of compliance are substantial, striving to meet the requirements of Basel II guidelines can be daunting. Engaging external expertise will be necessary for many organizations and more efficient for others.

As activity in the market begins to increase around Basel II compliance, it is likely that a wide variety of vendors will begin to offer tools and solutions to help banks meet their Basel II objectives. Obviously, some vendors will be more experienced than others and will also have varied approaches and capabilities in this area. It is important to select a vendor/partner that has applicable experience, with knowledge and tools that can be tailored to a particular organization’s needs. The vendor will need to be flexible to continually evolve best practices to meet the needs of an ever-changing marketplace.

The consulting aspect of the solution will support long-term implementation of the tools that are needed to achieve compliance and may help to achieve significant operational benefits.

The same risk inputs that are used in Basel II can be used to calculate RAPMs such as risk-adjusted return on risk-adjusted capital on an account level. Furthermore, a direct link exists between Basel II and these measures, as the regulatory capital calculated within the IRB approach can be used for the calculation of RAPMs, due to its representation of a good proxy of the economic capital. Make sure that the consultants you choose have worked closely with organizations to calculate and assess the relevance of these risk-reward signals across portfolios.

Additionally, individual markets and clients will have different requirements. It is necessary that the organization you choose is able to address geographically diverse regulations. Ideally, the organization should have a broad network of local offices that understand global best practices and the interpretation of the Basel II framework by national supervisors. Given the international scope of the accord, it is advantageous to have a global view, with strong and focused local support in individual markets.

At key points in the consultancy process, gap analysis will be necessary to clearly comprehend an organization’s current status. Gap analysis is essentially a comprehensive business review that examines an organization’s position in comparison with risk management best practices and Basel II compliance. This process enables the identification of the exact steps that are needed to attain IRB compliance.

To accomplish this, a detailed understanding of the methods, data, processes, and systems that a financial institution employs is required. A review of the information will highlight the areas of greatest need for action, by giving an indication of the level of compliance with IRB advanced status and the extent of changes required. The deliverable will be a review of the data and processes within credit risk specifically, with the potential to broaden into selected areas of operational risk, such as fraud and money laundering.

Gap analysis should be used to give an idea of the level of compliance and contain a summation of the detail of the study. A list of specific actions needed for compliance should also be supplied. The results of the analysis should detail the “distance to travel” for each operating company reviewed, identifying the following:

• Solutions for each portfolio segment;
• All essential data required;
• All model components for key portfolios;
• How the models should be used to run the business;
• The management of information systems (MIS) resources needed to support the allocation of capital under the advanced IRB approach;
• Any changes to operating policies and procedures;
• A high-level cost-benefit analysis;
• Solutions for any gaps identified; and
• Derivation of regulatory capital under the new regime (if feasible).

As an extension of the Gap analysis, there is an opportunity to address best-practices risk management and gain recommended enhancements for an organization’s current operations.

Analytics and Scoring’s Role in Compliance

PD, LGD, and EAD/CCF Modeling

The actual definitions of default are subject to national regulators. Where existing or pooled models exist, it is possible to utilize bank-specific data to calibrate the models to the definitions required for calculation of minimum capital requirements.

Probability of Default (PD): Estimations of PD are dependent on integrating the most predictive information available, which should include a combination of customer and product details.

Exposure at Default (EAD): The solutions offered should calculate EAD directly or, for revolving accounts, calculate the credit conversion factor (CCF).

Loss Given Default (LGD): Often companies have difficulty getting the performance data required to build LGD models. If such problems occur, alternative sources of data may need to be considered. If this is not possible, steps should be taken to set up the appropriate data-capture mechanisms — an area in which knowledgeable consultants play a valuable role.

Initially, it will be acceptable to derive LGD at segment level; this is how most lenders currently measure LGD or its equivalent. When the appropriate data is available, it is possible to develop highly predictive LGD models.

Generic Scorecards: Also available are generic rating models that are either credit bureau-based (e.g. Experian National Risk Model) or based on pooled client data (e.g,. Fast Start models). In cases where access to necessary data and/or significant time constraints is an issue, determine if these types of models are available to support all three ratings — PD, LGD, and EAD.

Software’s Role in Compliance

Software is a critical element in the compliance process. Ideally, a software solution should be user-friendly, allowing the typical business user, rather than the IT department, to initiate edits. This is necessary to react quickly to new objectives and market or organizational changes.

Additionally, the software should provide a flexible platform for the deployment of scoring models, the segmentation of the portfolio, and the subsequent setting of appropriate strategies for each segment. Also important are comprehensive analysis tools that allow a user to simulate change on the desktop prior to live implementation. This, coupled with monitoring and reporting tools, supports the evaluation and evolution of the solution.

The software should be able to store the data needed to support Basel II implementation, provide the basis for ongoing monitoring and validation, and serve as the data source for future model development. A sophisticated reporting function within the software will be necessary to produce reports that exhibit compliance measures for regulatory and executive-level review. Stress testing should be performed at all levels within the portfolio. A system that allows the setting of performance measures is also desirable.

If an organization does not currently utilize risk-management solutions, the implementation of a system for Basel II compliance is highly recommended. There are considerable gains to be realized by developing a solution that not only achieves Basel II compliance, but also delivers strategic control in areas such as new business acquisition, customer management, limit management, and debt control.

Implementation Options Overview

As mentioned earlier, there are two options regarding the implementation of a solution. Selection of the options will be largely based on an institution’s goals, structure, resources, availability, and timing.

In-House Implementation

An organization may choose to host the solution within their infrastructure. This method of implementation will be the most resource-depleting and will require the organization to implement and provide ongoing maintenance. It is important that the solution provider delivers fluent and ongoing support for all three major aspects of the solution — scorecard maintenance/analytics, software, and consulting — as the business and market evolves.

Managed Service

Alternatively, a hosted solution is an option when a client prefers to outsource elements of the project. A hosted solution offers a number of attractive benefits:

• Faster initial implementation of the solution as well as a simpler method for introducing changes to solution components;
• A dedicated IT infrastructure with existing connectivity and support with credit bureau links.;
• Expert knowledge of the products being hosted and supported; and
• Easier issue identification and resolution for the products and the system environment.

As the deadline to meet the IRB approaches, a managed service will become an increasingly appealing alternative. This option could be a permanent solution or a short-term part of a phased delivery.

Industry Pooled Data Service

Major banks are generally well advanced in their process toward achieving IRB compliance. Many have indicated that they plan to develop custom scorecards and host solutions in-house, or as a specific managed service. The investment required could be large, both financially and in terms of in-house resources. For this reason, it will be difficult for smaller organizations to achieve the necessary requirements for the IRB approach. This two-speed approach will further imbalance the competitiveness of the smaller financial institutions with the larger institutions.

Therefore, for small institutions, an industry pooled data approach may be more appropriate. This approach provides bank specific solutions that are based on independent data marts that leverage a wider pool of data. The solution can be templated for each bank, allowing banks to have the ability to apply their own segmentation and scorecards and have access to an independent reporting suite.

The Basel II guidelines allow for the use of pooled data to support estimations of PD, LGD, and EAD. With this enhanced data set, ratings can be developed for portfolios for which there are insufficient counts for each bank individually. The credit-risk components can be calculated and scorecards calibrated for each bank’s own portfolio.

The concept of pooling data will be most relevant in one of following situations:

• A portfolio where each bank individually has a small number of accounts, e.g. small business loans;
• A portfolio that typically is associated with a low bad rate, e.g. mortgages; and
• Banks of a similar profile with a small number of accounts.

Banking associations may wish to facilitate the pooling of data with their members, or work with a partner/vendor that can coordinate across a number of banks faced with similar challenges.

International Case Studies

The following are case studies of the steps that some international organizations have taken to become compliant. These are studies in which Scorex has been engaged in the development and delivery of Basel II solutions.

Major German Banking Association

Within the context of a complete rating system across the associated bank portfolio, a German banking organization has commissioned Scorex to redevelop the entire suite of scorecards used in the retail credit-risk environment. This includes both the application and behavioral scorecards used by the associated banks. Furthermore, it includes the various combinations of separate scores (application, behavioral, and bureau scores).

U.K. Bank

This organization has been a leader among U.K. banks in its preparation for meeting the IRB requirements. The bank finalized its internal requirements in 2002 and outsourced its entire scorecard, software, and reporting solutions (including the Basel II software module). Specifications for the solution were completed in Spring 2003 with delivery scheduled for Autumn 2003.

French Bank

This bank has outsourced to implement the Basel II IRB approach for its retail credit risk exposures. The project was started in Spring 2003 and has difficult and strict deadlines set in order to have operational use of the system by the beginning of 2004.

Scorex is providing the bank with a customer-level strategy-management solution with scorecards implemented at both customer and account level. The reporting will be delivered through the strategy-management reporting modules with expert interpretation provided by the local Scorex consultancy team. This solution has a particular nuance, linked to the bank’s desire to have the application of regional strategies for operational customer management.

Italian Bank

This bank is one of a number of Italian banks that have outsourced support of their models. Software previously implemented has been adapted to host the suite of new models. These models have been developed to meet the advanced IRB requirements, encompassing the specific adaptation of the Basel II framework for the Italian banking environment.

New Zealand Bank

To support the initial internal Basel II review, this bank has utilized outside consulting. Focusing specifically on the small business portfolio of the bank, the vendor is working to identify the key gaps between the existing process and that required by the Basel II proposals.

Danish Bank

Strongly motivated by the opportunity to reduce capital requirements, this bank, focusing mostly on retail mortgages, has requested an in-depth consultancy study. This study has a number of key objectives to review the data storage, model development, validation, and reporting requirements. Specifying the reporting requirements at this early stage will enable this bank to be prepared to meet current and future requirements.

Canadian Financial Institution

As a preliminary stage of the process to meet the Basel II advanced IRB requirements, this financial institution has opted to use a managed service to provide consulting and facilitate internal workshops. This process will enable the institution to identify the modeling and software requirements for its retail and business loan portfolios.

Meeting Tomorrow’s Challenges

Efforts to meet the Basel II Accord will provide significant benefits for institutions both large and small. Efficiency and profitability will be the reward for organizations that pursue a path to compliance — even if they do not complete it. Additionally, implementing the appropriate solutions now will simplify the process of meeting future requirements. An informed, logical approach will make the process less intimidating and see the process through to timely fruition.

Figure 2: Delivering Compliance and Profitability