Learning objectives
After studying this chapter, you should be able to:
1 Understand and explain the evolution of the Basel II capital accords and the three Pillars that frame their approach to operational risk management
2 Discuss the HKMA’s approach to setting the capital charge for banks and other authorised institutions
3 Explain the basic indicator approach, standardised approach, and advanced measurement approach to setting the capital charge for a financial institution
We have already discussed, to some degree, the regulatory framework that guides operational risk management practices. In this chapter we discuss how regulators use this framework to calculate the capital charge that banks should set aside to protect themselves, and the industry, from loss events associated with operational risk factors.
The regulatory framework for operational risk is not only relatively recent but it is also evolving. In fact, while the BCBS of the BIS introduced the Basel II accords in 2004, which include extended discussion on how regulators can approach operational risk management at the banks in their jurisdictions, the standards have continued to evolve. In fact, a Basel III package is likely to be implemented in stages from January 2013. The HKMA adopted Basel II standards in 2007.
The Basel II accords are based on a three-pillar approach that we discussed earlier in this book. Here we explore each pillar in somewhat more depth, touching on the regulatory requirements for capital charge, regulatory principles for capital adequacy and, briefly, the role of market discipline and public disclosure.
We then move on to discuss the HKMA’s approach to regulation and exposure control and how the Hong Kong regulator uses a risk-based supervisory approach to make sure AIs are managing their risks properly.
The HKMA uses a detailed framework to set the capital charge for each bank and other AIs. Locally incorporated AIs in Hong Kong used one of two approaches. They either adopt the basic indicator approach (BIA) or the standardised approach (SA) to measure their capital charge for operational risk. A third approach that Basel II also considers, the advanced measurement approach (AMA), has not yet been introduced in Hong Kong at the beginning of 2013. The discussion of operational risk management in this chapter ends with a consideration of these three approaches.
The regulatory requirements for operational risk management have become increasingly detailed over the last few years and in particular since the BCBS started putting more emphasis on operational risk management (ORM). The BCBS introduced the second set of accords, Basel II, in June 2004. In July 2009, the BCBS introduced some enhancements to the Basel II framework and issued a Basel III package that is being implemented in stages since January 2013.
Basel II creates an international standard that regulators can use to set up a regulatory framework for different types of risk, including operational risk. The ultimate aim is to create consistency among national regulations globally to limit the risks to both banks and the national economies to which healthy banks are incredibly important. Hong Kong adopted the Basel II standards in January 2007.
As previously discussed, Basel uses a “three pillars” concept to tackle risk. The first pillar deals with minimum capital requirements to address risk. The second focuses on supervisory review. The third tackles the thorny issue of market discipline.
Pillar I of the Basel Capital Accord approach to operational risk addresses the issue of calculating the operational risk capital charge. Pillar II deals with the supervisory review of capital adequacy of banks, of which the operating risk capital charge is an important element. For its part, Pillar III deals with market discipline and public disclosure, which are also important aspects of operational risk management.
Pillar I considers the minimum risk-based capital requirements for banks and financial institutions. It requires every bank to compute the capital charge for operational risk independently. Under this approach, banks are required to set aside capital above the minimum required amount, which is known as the floor capital.
There are three tiers of regulatory capital. Tier I includes paid-up share capital and common stocks as well as disclosed capital reserves. Tier II considers undisclosed reserves, asset revaluation reserves, general provisions and general loan loss reserves, hybrid capital instruments, and subordinated debt. Tier III, which is not always applicable, includes subordinated capital debt. The amount of Tier II capital cannot be larger than Tier I capital while Tier III capital can only be used to deal with market risk capitalization, not for operational risk management, for which there are capital charges set by regulators. It is worth noting, however, that incoming Basel III rules, which will be implemented in various jurisdictions including Hong Kong over several years starting in 2013, eliminate Tier 3 capital instruments.1
In 2001, the BIS suggested that capital charges should be enough to cover unexpected losses that result from operational risk events. This is because most banks likely to incur expected losses typically deduct them from the income they report yearly. The BIS approach, embedded in Pillar I, proposes calibrating the capital charge for operational risk on both expected and unexpected losses but it also suggests that the amount set aside for provisioning and loss deduction be deducted from the minimum capital requirement.
This has changed somewhat since 2004 when using the AMA to calculate the capital charge although not when using the BIA or the SA. The changes have emerged partly as a result of accounting rules in different countries that do not provide a clear and effective mechanism to set provisions and may not, as a result, reflect the true magnitude of expected losses. Since 2004, the Basel accord proposes estimating the capital charge by adding provisions for expected and unexpected losses and then subtracting the portion for expected losses if a bank demonstrates that it can capture those losses through internal business practices.2
The purpose of Pillar II is to help guide national regulators to establish policies for overseeing the capital adequacy of banks and other institutions, including the accuracy and validity of their operational risk capital charges. Pillar II posits four core principles:
The purpose of Pillar III is to complement Pillar I (i.e., capital requirements) and Pillar II (i.e., supervisory review of capital adequacy) by encouraging market discipline through public disclosure mechanisms. These requirements would allow external players including market investors and the general public to take part in the assessment of banking performance: capital, risk exposures, capital adequacy, risk assessment and management practices.
Disclosure requirements for operational risk consist of qualitative and quantitative disclosures. Under the former, a bank is required to describe its risk-management strategies, structure and organisation of the relevant risk management function, scope and nature of risk reporting and/or measurement systems, policies for risk mitigation and hedging, and capital-charge assessment approach. For quantitative disclosures, the bank is required to disclose its capital charge for operational risk calculated in accordance with the approach it uses to calculate its operational risk.
Still in development through 2012, implementation of the third iteration of the Basel accords—Basel III—started in 2013. Several jurisdictions from Europe to Japan, Singapore, Australia, and Mainland China have published rules to implement Basel III. The adoption of the new standard is being done in phases and would take about half a decade. Hong Kong, where regulators have been deeply involved in the development of the new standard, is also adopting Basel III in the same time frame.
The aim of Basel III is to further strengthen global capital and liquidity rules “with the goal of promoting a more resilient banking sector.” The reform package included in Basel III takes into consideration the many lessons learned during the global financial crisis that started in 2007 and aims to improve risk management and governance while strengthening transparency and disclosure. The main thrust of Basel III is to set appropriate levels of liquidity for banks and create assurances of solvency though bank-level regulation, “which will help raise the resilience of individual banking institutions to periods of stress” and address system-wide risk.3
Earlier versions of the Basel accords had sought to address these risks but their efforts were not enough, as the economic and financial crisis that started in North America in 2007 and spread to the banking sectors of dozens of countries amply showed. The global banking systems were simply “not able to absorb the resulting systemic trading and credit losses nor could it cope with the reintermediation of large off-balance sheet exposures that had built up in the shadow banking system.” The result was a widespread loss of confidence in the ability of the banking sector to deal with the crisis. Had it not been for public sector intervention through capital injections, support, and guarantees, many more institutions would have faced bankruptcy.4
As was the case with the earlier Basel accords, the BCBS developed Basel III. This time around, however, the focus was narrower. While earlier Basel accords provided for a regulatory framework for the entire banking industry, Basel III builds on that foundation to strengthen regulation, supervision, and risk management. As the BCBS notes, the main goal of the reforms introduced through Basel III is to create a stronger banking sector that is better positioned to absorb shocks from financial or economic stress, improve risk management and governance, and strengthen transparency and disclosure. Although it is hard to argue with these goals, the challenge for banks lays not in the philosophy but in the details of the new standards. It is through the details that the BCBS targeted bank-level or microprudential regulation, to make individual institutions more resilient while also creating a macroprudential or systemic regulatory structure that can deal with the cyclical challenges that banks face. In other words, it is reactive to the economic cycles that can put the capital bases of banks at risk.5
These developments have a direct bearing on the operational risk management frameworks at individual banks. Most of the reforms focus on capital adequacy ratios for various banking operations. It will often be up to the operational risk management function to ensure compliance with the new, and higher, minimum liquidity standards that Basel III sets for different banking activities.
Basel III builds on the three pillars that support the Basel II framework but the reforms introduced in early 2013 and anticipated through 2018 raise the quality and quantity of the capital base expected of banks that seeks to limit leverage to supportable levels. At the same time, through Basel III, the BCBS aims to limit the potential for contagion of a crisis by ensuring that each bank is strong enough to weather any future financial storms. In an effort to enhance risk coverage, Basel III introduces five broad sets of reforms:
Basel III will strengthen regulations while making less capital available to institutions through stricter definitions and higher capital adequacy requirements. Banks and other financial institutions will be expected to set aside more capital to protect both themselves and the financial system in which they operate from any future crisis. The details of the new regulatory requirements put forth in Basel III raise capital and liquidity ratios. Basel III builds on Basel II, which was introduced in 2004 and implemented from the end of 2006 onwards and captured operational risk. Basel 2.5, agreed upon in July 2009, enhanced risk measurements related to securitisation and trading book exposures and was to be implemented by the end of 2011. Basel III sets higher capital requirements and introduces a new global liquidity framework to be implemented in stages from January 2013. Basel III raises minimum capital requirements for banks from those outlined in Basel I and Basel II. For example, Basel III requires banks to hold 4.5% in common equity, up from 2% under Basel II, and 6% of Tier 1 capital of risk-weighted assets, up from 4% in Basel II. Basel III also introduces new capital buffers such as a mandatory capital conservation buffer of 2.5% and a discretionary countercyclical buffer that allows regulators to call for another 2.5% of capital at times of high credit growth.
For risk managers the new requirements are significant. Banks are required to comply with the new requirements if (or when) they are adopted. As of the end of 2012, discussions were ongoing. European institutions, hard hit by a series of defaults by banks and sovereigns, were eager to implement the new standards as soon as possible. The U.S., a linchpin in matters of international regulation, was less eager.
With Basel III in the early stages of implementation, operational risk management is increasingly important, particularly as the amount of regulation impacting banks with international operations grows. A case in point was the lawsuit filed by the US Commodity Futures Trading Commission (CFTC) against Royal Bank of Canada (RBC). The commission accused RBC of making trades that violated rules on competitive pricing and arms-length transactions in the U.S. The bank claimed that the CFTC had earlier approved the trades but then changed its decision. Observers worried the lawsuit was indicative of the risk associated with more complex regulations. Although the rules aim to reduce systemic risk, as the Financial Times noted in April 2012, the details create challenges for banks that now have to “consider the risks and expense emanating from the ‘middle office’ where risk analysis and control takes place.”7
The operational impact of the new Basel III standards would likely affect four areas in particular, according to consultants and accountants PricewaterhouseCoopers. The first is process and procedures needed to meet the new functional requirements. The second is a need to create new reporting and disclosure systems that allow for the implementation of the new controls and processes under Basel III. Third is a potential opportunity to rationalize reports and disclosure procedures. Fourth is training, as staff and senior managers are required to be familiar with more complex regulations.
The HKMA is a member of the BCBS and the regulator in one of the most open and interconnected banking markets in the world. In October 2012, the HKMA announced it would start implementing Basel III, in stages, from January 2013, following the BCBS timetable.8 The implementation of the new rules, which started in January 2013, would take five years through to December 2018. Local Hong Kong banks had a total capital adequacy of 15.8% on average as of December 2011, almost twice the requirement under Basel III. They also had an average of 12.4% of Tier 1 capital, double the Basel III requirements.9
The timetable put forth by the BCBS would see steady implementation of requirements between 2013 and 2018, with most of the requirements included in the new standard to be in place by 1 January 2019. (Non-eligible capital instruments may be subject to a 10-year transitional arrangement.) For example, the minimum common equity capital ratio would be raised to 3.5% by 2013, 4% by 2014, and 4.5% by 2015. The minimum standard for liquidity coverage ratio would be introduced by 2015 and the net stable funding ratio by 2018. (See Exhibit 10.1).
Annex 4: Basel III: A global regulatory framework for more resilient banks and banking systems; Bank for International Settlements; Revised June 2011. Pg 77
The HKMA directs authorised institutions to strike an appropriate balance between the level of risk they are willing to take and the level of return they aim to get. The HKMA requires every AI to put in place an effective risk management system that matches the size and complexity of its operations and ensures that the risks to which it is exposed is managed well. It identifies eight inherent risks to be assessed during this process: credit risk, market risk, interest rate risk, liquidity risk, legal risk, reputational risk, strategic risk and, of course, operational risk.
The HKMA’s risk-based supervisory approach to making sure AI’s are properly managing risks, including operational risk, emphasises effective planning and examiner judgement. Examinations are customised to suit the size and activities of AIs and to focus examiner resources on areas that expose the AI being examined to the greatest degree of risk.10
Exhibit 10.2 shows the risk-based methodology the HKMA follows in undertaking the risk-based supervisory approach. It consists of six steps, each of which requires the preparation of specific documentation on the part of the bank examiner.
Source: HKMA
In evaluating an institution’s exposure to and management of operational risk, the HKMA considers many factors, including the following:
The current framework of the HKMA for locally incorporated authorised institutions lists three approaches to the calculation of the operational risk capital charge (which is then multiplied by a factor of 12.5 to estimate the risk weighted amount for operational risk). These are the basic indicator approach (BIA), which is designated the default approach, the standardised (operational risk) approach (STO), and the alternative standardised approach (ASA).11 All three approaches use gross income as a broad indicator for the scale of an institution’s operational risk exposure.12 Details of the approaches are outlined below:
The first two of the three approaches to calculate operational risk capital charges considered by the BCBS—BIA and SA—and often called top-down as the capital charge is allocated based on a fixed proportion of income. AMA, the third approach, is termed bottom-up because the capital charge is estimated from actual internal loss data.
A bank can choose which approach to use, depending on its operational risk exposure and management practices, and is subject to certain requirements. Internationally active banks with diverse business activities typically adopt the advanced measurement approach, while smaller domestic banks generally implement the basic indicator or standardised approaches. Once a bank adopts a more advanced approach, it is not generally permitted to revert to a simpler approach unless it can persuade the national regulator it has valid reasons to do so.
The basic indicator approach (BIA) is the simplest approach. Under it, gross income is viewed as proxy for the scale of operational risk exposure of the bank. (Gross income is defined by the Basel Committee as net interest income plus net non-interest income.) The operational risk capital charge is calculated as a fixed percentage of the average over the previous three years of positive annual gross income.
The total capital charge can be expressed as:
where
GI = gross income
n = the number of the previous three years for which GI is positive
α = the fixed percentage of positive GI
The fixed percentage of positive gross income, represented as α, is currently set by the Basel II at 15% and is supposed to reflect the industry-wide level of minimum required regulatory capital to the industry-wide level of the indicator.
The basic indicator is easy to implement and does not require expending time and effort to develop sophisticated models. It is useful at the primary stage of Basel II implementation, when loss data may still be insufficient. However, the basic indicator approach does not capture the specifics of the bank’s operational risk exposure and control, business activities structure, credit rating, and other indicators. It also tends to overestimate the amount needed to cover operational risk.
There are two sub-approaches to the standardised approach (SA): the general standardised approach and the alternative standardised approach.
In the general standardised approach, a bank’s activities are divided into eight business lines. Within each line, gross income (GI) is a broad indicator that serves as a proxy for the scale of business operations and operational risk exposure.
The capital charge for each business line is calculated by multiplying GI by a factor, denoted by β, assigned to that business line. β serves as a proxy for the industry-wide relationship between the operational risk loss experience and the aggregate level of GI for a given business line. The total capital charge is calculated as the three-year average of the maximum of the simple summation of the regulatory capital charges across each business line and of zero.
The total capital charge can be expressed as
where β is a fixed percentage set by the Basel Committee, relating the level of required capital to the level of the GI for each of the eight business lines. The values of β are presented in Exhibit 10.3.
Anna S. Chernobai, Svetlozar T. Rachev, Frank J. Fabozzi, Operational Risk: A Guide to Basel II Capital Requirements, Models, and Analysis (New Jersey: John Wiley & Sons, Inc., 2007), 43.
Business Line | β | |
1. | Corporate finance | 18% |
2. | Trading and sales | 18% |
3. | Retail banking | 12% |
4. | Commercial banking | 15% |
5. | Payment and settlement | 18% |
6. | Agency services | 15% |
7. | Asset management | 12% |
8. | Retail brokerage | 12% |
In the alternative standardised approach, the operational risk capital charge for the retail banking (RB) and commercial banking (CB) business lines is calculated by taking total loans and advances as the operational risk exposure indicator, instead of gross income. The β factor is further multiplied by a scaling factor denoted by m, which is set as equal to 0.035.
For these two business lines, the capital charge amounts are calculated as follows:
Like BIA, the standard approach is easy to implement. In addition, the estimates may be said to offer greater accuracy because differences in the degrees of operational risk exposure by business lines are taken into account. However, in taking a fixed fraction of a business line’s gross income, SA does not take into account specific characteristics of this business line for a particular bank. It also implies perfect correlation between different business lines, which is not always the case. As such, SA may result in an overestimate of the true amount of capital required to capitalise operational risk, like BIA.
To qualify for the standardised and alternative standardised approaches, a bank must be able to map its business activities to its business lines. It must be actively involved in monitoring and controlling the bank’s operational risk profile and its changes. This includes, for example, regular reporting of operational risk exposures, internal and/or external auditing, and valid operational risk self-assessment routines and supervision.
With the advanced measurement approaches (AMA), a bank may use its own method to assess its exposure to operational risk, as long as the national regulator agrees that it is sufficiently comprehensive and systematic. The bank must demonstrate that its operational risk measure is evaluated for a one-year holding period and has a high confidence level (such as 99.9%).
The resulting capital charge is directly derived from the bank’s internal loss data history and should capture, in theory, the quantitative and qualitative aspects of the bank’s risk measurement system. The bank may use external data (appropriately rescaled) to supplement its internal data, and utilise statistical techniques such as factor analysis and Bayesian methods, among others.
Three sub-approaches have been developed under AMA: internal measurement approach (IMA), scorecard approach (ScA), and loss distribution approach (LDA).13
In the internal measurement approach (IMA), the bank’s activities are classified into a matrix of business lines/event type combinations. The actual number of business lines and event types depends on the complexity of the bank’s structure. Assuming that a bank has eight business lines and seven event types, the pairing will result in a 56-cell matrix.
The operational risk capital charge is determined by the product of three parameters: the exposure indicator (EI) such as gross income; probability of event (PE); and loss given the event (LGE). The formula EI × PE × LGE is used to calculate the expected loss (EL) for each business line/loss type combination (i.e, each cell in the matrix). The EL is then rescaled to account for the unexpected losses using a parameter γ, which is different for each business line/loss type combination, but predetermined by the bank’s supervisor.
The total one-year regulatory capital charge is calculated as:
The main drawbacks of IMA are its assumptions that there is perfect correlation between the business line/loss type combinations and that there is a linear relationship between the expected and unexpected losses.
In the highly qualitative scorecard approach (ScA), a bank determines an initial level of operational risk capital (based on the BIA or SA methods, for example) at the business line level, and then modifies these amounts over time on the basis of scorecards. The ScA is forward-looking, as it aims to reflect improvements in the risk-control environment that would reduce both the frequency and severity of future operational risk losses.
The scorecards usually rely on such indicators as proxies for risk types within business units. Line personnel complete the scorecards at regular intervals, say annually, and these are reviewed by a central risk function.
The one-year capital charge (KScA) can be computed as:
where R is some risk score that rescales the initial capital charge K into the new one for a given business line.
The loss distribution approach (LDA) makes use of the exact operational loss frequency and severity distributions of the bank. It uses an actuarial type of model for the assessment of operational risk. Like IMA, LDA classifies a bank’s activities into a matrix of business lines/event type combinations. For each pair, the key task is to estimate the loss severity and loss frequency distributions. Based on these two estimated distributions, the bank then computes the probability distribution function of the cumulative operational loss.
The operational risk capital charge is computed as the simple sum of the one-year value-at-risk (VaR)14 measure (with confidence level such as 99.9%) for each business line/risk type pair. The 99.9th percentile means that the capital charge is sufficient to cover losses in all but the worst 0.1% of adverse operational risk events. That is, there is a 0.1% chance that the bank will be unable to cover adverse operational losses.
For the general case (eight business lines and seven loss-event types), the operational risk capital charge can be expressed as:
LDA differs from IMA in two important ways. First, LDA aims to assess unexpected losses directly, not via an assumption about the linear relationship between expected loss and unexpected loss as in IMA. Second, the bank supervisor does not need to determine a multiplication factor γ.
Unlike IMA and BIA, LDA can potentially provide an accurate operating risk capital charge, particularly if it adjusts for correlation effects and other factors. (The simple summing up of VaR measures implies perfect correlation among the business line/event type combinations, which is seldom the case.) However, loss distributions are complicated to estimate and can create model risk—that is, misspecification of the model can produce wrong estimates.
In LDA, extensive internal data sets (at least five years) are required, which not all banks have. This approach also lacks a forward-looking component because the risk assessment is based only on past loss history. If the national regulator does not specifically set the VaR confidence level (the Basel Committee says only that it should be “high”), banks may be tempted to use a slightly lower level (from 99.9%, for example), to lower their operating risk capital charge. Even a slight change in the VaR confidence level can lead to significantly different results.
While the main thrust of Basel III is to raise the quality and level of the capital base of banks around the world, the new capital framework also seeks to tackle material risks to the solvency of banking institutions. To do this, Basel III seeks to make banking institutions more reliant on their own risk control frameworks and less reliant on external data, such as credit ratings. It is already well established that risk control does not operate in a silo-like fashion but is rather an interactive proposition. Credit risk is not independent from liquidity risk and operational risk easily covers most other areas. It is therefore important for operational risk managers—and other risk management functions—to understand the new requirements under Basel III and work within their institutions to develop an operational risk management framework that takes these exposures into account.
The Basel III framework considers risk coverage in depth. A document revised in June 2011 titled “Basel III: A global regulatory framework for more resilient banks and banking systems” outlines this overall framework. Section II focuses on risk coverage and looks in depth at counterparty risk and the dangers of relying on external agencies such as rating agencies for risk management.
A major driver of the financial crisis of 2007 was a failure among banks and other financial institutions to “capture major on- and off-balance sheet risks, as well as derivative related exposures.”15 To better deal with these risks, Basel III introduced a series of reforms. The first is a series of reforms to existing regulation to ensure banks manage counterparty credit risk, valuation adjustments, and wrong-way risks. The reforms in this area include16:
Few of these requirements are completely new but they are significantly higher than in the past. More significantly, however, Basel III seeks to embed a whole series of operational risk management practices into the regular practices of banks and to shift the culture within banking institutions to a broader recognition of the importance of careful and stringent risk control and management.
The new Basel III requirements also pay considerable attention to the dangers that banking institutions face when dealing with external agencies and carefully consider which claims are rated and which are not. In particular, it is important for banks to not extend a high rating to one issue of a particular institution (which may also be rated highly) to another issue that is not rated. In other words, if a particular issue has not been rated it should be treated as such and not as an extension of other high ratings that the same group may hold. At the same time, banks should also have their own internal methodologies to assess credit risk, regardless of whether a borrower is rated by a third party. Among the more sophisticated banks, the credit review process should cover risk rating systems, portfolio analysis and aggregation, securitization and complex derivatives, and large exposures and risk concentrations.
Meanwhile, it is up to national supervisors to determine “on a continuous basis” whether external credit assessment institutions (ECAI) meet a set of eligibility criteria that includes objectivity, independence, international access and transparency, disclosure, resources, and credibility. External agencies such as sovereign entities, banks, and securities firms may also act as guarantors and Basel III deals with these activities as well. In broad strokes, guarantors should have a higher credit rating than the entity they are guaranteeing. At the same time, banks should be consistent in the use of external agencies and “will not be allowed to ‘cherry-pick’ the assessments provided by different ECAIs and to arbitrarily change the use of ECAIs.”18
Basel Committee on Banking Supervision; Basel III: A global regulatory framework for more resilient banks and banking systems; Bank for International Settlements; Revised June 2011. Pg 38.
Basel Committee on Banking Supervision; Basel III: A global regulatory framework for more resilient banks and banking systems; Bank for International Settlements; Revised June 2011. Pg 38.
Chernobai, Anna S.; Rachev, Svetlozar T.; Fabozzi, Frank J., Operational Risk: A Guide to Basel II Capital Requirements, Models, and Analysis. Singapore: John Wiley & Sons (Asia) Pte Ltd, 2007. Print.
Hong Kong Monetary Authority; Supervisory Policy Manual: Operational Risk Management; November 2005.
1 In Paragraph 9 of Basel III: A Global regulatory framework for more resilient banks and banking systems, the BCBS notes: “Tier 2 capital instruments will be harmonized and so-called Tier 3 capital instruments, which were only available to cover market risks, eliminated.”
2 Chernobai, Anna S.; Rachev, Svetlozar T.; Fabozzi, Frank J., Operational Risk: A Guide to Basel II Capital Requirements, Models, and Analysis. Singapore: John Wiley & Sons (Asia) Pte Ltd, 2007. Print.
3 Basel III: A global regulatory framework for more resilient banks and banking systems; Bank for International Settlements; Revised June 2011.
4 Ibid, pg 1.
5 International regulatory framework for banks (Basel III); accessed online at www.bis.org/bcbs/basel3.htm.
6 Basel III: A global regulatory framework for more resilient banks and banking systems; Bank for International Settlements; Revised June 2011.
7 Tellis Demos; “Financial reforms: Regulators aim to make ‘middle office’ a safer place”; Financial Times; 13 April 2012.
8 Implementation of Basel III in Hong Kong, HKMA, accessed at http://www.hkma.gov.hk/eng/key-functions/banking-stability/basel-3.shtml.
9 These levels of capital adequacy do not take into account countercyclical capital buffers and systematically important financial institution (SIFI) surcharges suggested in Basel III: A global regulatory framework for more resilient banks and banking systems revised in June 2011 and Global systemically important banks, assessment methodology and the additional loss absorbency requirement issued in November 2011.
10 Risk-based supervision provides useful input for HKMA’s banking supervision teams that carry out Pillar II reviews on AIs. The HKMA uses ongoing risk-based supervision to form a view of an AI’s overall risk profile. The risk profile is a key component of the Supervisory Review Process done by the HKMA on each individual AI. This review process is part of the HKMA’s implementation of Pillar 2 of Basel II.
11 See Section 7.6 of “CA-G-1: Overview of Capital Adequacy Regime for Locally Incorporated Authorized Institutions” in the HKMA’s Supervisory Policy Manual.
12 Except for retail banking and commercial banking under ASA, which use the total outstanding loans and advances as the exposure indicator.
13 Under the Basel Committee’s latest regulatory capital guidelines, banks are allowed to work out their own alternative AMA model, sufficiently supported by back-testing, that they judge best reflect their required operational risk capital. We discuss these three sub-approaches in this book in the interest of comprehensiveness and under the assumption that the alternative AMA model a bank develops will use the basic principles of these sub-approaches.
14 Value-at-risk determines the worst possible loss that may occur at a given confidence level and for a given time frame. Used for a number of years in the measurement of market risk and credit risk in internal risk models, VaR has now been extended to the calculation of operational risk capital charge in the loss distribution approach.
15 Basel III: A global regulatory framework for more resilient banks and banking systems; Bank for International Settlements; Revised June 2011.
16 For greater detail see “Section II: Risk Coverage” of Basel III: A global regulatory framework for more resilient banks and banking systems; Bank for International Settlements; Revised June 2011.
17 Basel III: A global regulatory framework for more resilient banks and banking systems; Bank for International Settlements; Revised June 2011. Pg 38.
18 Basel III: A global regulatory framework for more resilient banks and banking systems; Bank for International Settlements; Revised June 2011. pg 53.
18.217.0.127