Banking prepares for a new era for risk management
Capital-constrained markets, volatile conditions and the continuing threat of a prolonged credit crisis require banks to raise the bar around their risk identification and management processes. A formidable risk management challenge facing many financial institutions today is how to effectively leverage and comply with the Internal Capital Adequacy Assessment Process (ICAAP), a core component of the Basel II Accord. US Treasury Secretary Timothy Geithner’s recent call for new stress tests for some of the nation’s largest banks has added new uncertainty while ratcheting up the focus on identifying and quantifying risk to a new level.
ICAAP requires banks to develop internal procedures and systems to ensure they possess adequate capital resources in the long term, taking into consideration all material risks. These procedures and systems are applicable to all banks required to comply with Pillar II of the Basel II Accord, regardless of their size and complexity.
ICAAP is moving front and centre in the banking sector as governments and institutions work to regain stability and avoid a repetition of the past year’s events. Banks, however, confront formidable challenges on two fronts with regard to ICAAP. The first hurdle is gaining an end-to-end understanding of total risk or exposure across the enterprise – a challenge complicated by the siloed nature of financial and risk information across various departments or divisions of financial institutions. This understanding, however, is core to leveraging ICAAP as an effective tool for managing risk and, ultimately, improving performance. The second challenge is ensuring compliance with ICAAP requirements in the absence of detailed guidance from regulatory bodies.
How can banks effectively ensure compliance while harnessing the power of ICAAP as a powerful management tool? A core set of best practices can guide them in their journey. First and foremost among these is a steadfast and system-wide commitment to risk management – starting in the boardroom and permeating throughout the institution. Transparency and visibility across the enterprise are also essential to ensuring that banks properly identify and quantify all risk and that they stress test the appropriate scenarios. The third best practice involves leveraging proven tools and models as a head start toward ensuring visibility and compliance – an approach that also reduces the expense, trial-and-error, and time requirements of building proprietary solutions.
Under ICAAP, banks must identify, rank, quantify and report on all types of risk they face. The challenge for many banks begins with identifying the complete range of material risks they face – an arduous task, considering the complexity of large banking institutions. Adding to the challenge, the Bank for International Settlements (BIS) has not provided a comprehensive list of risks to be addressed under ICAAP – leaving banks to use their best judgment. Risk identification requires thorough analysis of a bank’s activities, business units, regulatory and market environments, historical scenarios and more. End-to-end enterprise visibility, as well as the involvement of a team that spans the bank’s lines of business, product sets, geographies and processes, are essential to accurately identifying areas of risk, which might include economic capital, market, credit, interest rate, operational, reputational and even pension risk.
After identifying risk, banks must quantify and manage it. They must select processes and controls appropriate to their environment based on the materiality of identified risks. Industry-tested tools that leverage simulation-based value-at-risk (VaR) models can provide an accurate and robust approach for risk quantification. For example, external economic capital solutions provide best-in-industry methods for quantifying multiple risks and are tested for successful implementation and regulatory acceptance. Since credit, market and operational risk comprise the most material risks, economic capital solutions have the added benefit of recovering the cost of implementing the models from their business benefits at a relatively early stage.
ICAAP also mandates that financial institutions develop an appropriate stress-testing framework for the various risks they face. Stress testing, however, has often been relegated to afterthought status with the goal of providing the numbers regulators require instead of building thoughtful scenarios that yield valuable data and actionable insight. Banks should be prepared for this environment to change, particularly in light of the Treasury Secretary’s recent comments.
To ensure compliance with ICAAP and leverage it as an effective tool for managing risk, stress testing must move centre stage and undergo a complete transformation. Today, institutions may have a separate stress test for liquidity and credit risk, but the tests may be looking at different levels of granularity, limiting their value. Organisations require robust scenarios that they can apply organisation-wide across various risk types to enable a true snapshot of overall risk under multiple conditions, as well as a platform for consistently managing this process. The bottom line moving forward is that stress testing must be holistic and directly integrated with the bank’s capital planning and management functions.
Finally, banks face several challenges in implementing the reporting and monitoring processes, procedures and systems required under ICAAP. These challenges include identifying the granularity level for each risk type, appropriate monitoring procedures and systems for each risk, reporting templates, and reporting frequency. A fully-automated reporting framework with specified generation schedule and pre-defined reports covering risk identification, assessment, quantification, aggregation and allocation can facilitate compliance with reporting requirements.
Banks can use technologies based on industry standards, such as BPEL, for defining workflows that require multi-user processing. Banks can also establish efficient monitoring processes by configuring automated alerts for various levels in the organisation and when the risk assessments of various risks reach respective thresholds (lower bound, alert, critical, and upper bound).
Basel II’s ICAAP requirements, while complex in nature, offer banks an opportunity to gain new levels of visibility into, and control over, their material risk. Organisations that adhere to three core tenets – organisation-wide commitment to risk management, enterprise-wide visibility, and the use of industry-proven and flexible tools – will be well on their way to ICAAP success and will be better-positioned when market conditions inevitably turn around.