Why be standardised?

It seems such a short time ago that we were building a new capital Accord which would incentivise banks to improve their risk management and encourage them to move along the spectrum of the new Accord’s three stages. How rapidly things can change.

It was always accepted that the Standardised Approach in operational risk was not especially – or at all (?) – risk sensitive. It was, though, a refinement of the Basic Approach and an aspiration and step on the way to the Advanced Approach, if that was what a bank wanted. Equally, it could be a good resting place.

In the QIS3 document, the qualifying criteria were set at a reasonable level. Indeed “reasonableness” was a word which shone through the text. As did the word “assess”, which again suggested an appropriate level of management sophistication and recognised the state of development of operational risk management and methodologies. Boards would have a “fair understanding” of the impact of high impact, low frequency events on the bank’s risk profile; banks would “begin to systematically track operational risk data”, including internal loss data.

Even at that level there were voices in the industry who suggested that the criteria were too formal and prescriptive and detected little material difference between the Standardised and Advanced Approach criteria. They also pointed to the strange incentive which was provided by the alphas and betas. Do nothing, apart from adhering in a general way to sound practices, and stay on the Basic Approach, and you would be charged 15% of Gross Income. Work and spend and educate to meet the enhanced criteria of the Standardised Approach, and you would be charged anything from 12% to 18% of Gross Income. Given that the 18% kicked in for corporate finance, trading and sales and payment and settlement, you could see who was staring down the barrel of the gun. Why they would wish to go anywhere near the Standardised Approach was a mystery. Why any of the betas was higher than the Basic alpha was a greater one.

But we lived in hope, because in November 2002 the EU published its draft Directive. The qualifying criteria were positively minimalist by comparison with the Basel Committee. 10 short and sweet lines and 4 sub-heads (and one of those was about the impact on solvency, which is another mystery). It appeared that at least European Services recognised the evolutionary state of operational risk and the need, within a constituency of some 10,000 banks, for criteria which would distinguish one set of banks from those small institutions which would remain on the Basic standard. And the EU put in a proposal to alleviate the burden of the capital charge for investment firms. But no change on the betas and alphas.

Then two things happened and it’s difficult in some ways to say which was the greater bombshell. First, at the end of February, the US regulators absented themselves from the Standardised Approach, or indeed any Approach other than the Advanced. Quite where this leaves the debate, or indeed the Accord, present and future, is anybody’s guess.

Despite, though, having retreated to their tents, they must nevertheless have been party to the extraordinary ramping up of the criteria for the Standardised Approach, which emerged in Basel’s CP3 at the end of April. If the BBA, LIBA and others thought the previous attempt was “too formal and prescriptive” it will be fascinating to see what thy think of the current version. Quite simply, the qualifying criteria are word for word the same as for the Advanced Approach. Of course, regulators being regulators, it’s not always that obvious. In one or two cases, just when you think they’ve not copied word for word, you find that they have – but have cunningly changed the order of the sentences!

Thankfully “assess” has survived in the STA, whilst it’s “measure” in the AMA and that, as regards internal loss data, STA banks must “systematically track . . . material losses” rather than all losses over an agreed threshold. Mind you, the threshold’s subject to a materiality test, so perhaps there’s not so much difference there after all.

Of course, the beta factors remain as before – but with one major change – the Alternative Standardised Approach. It has been recognised that in some areas, such as credit cards or other retail portfolios, the income earned specifically covers budgeted operational risks, such as fraud. In many banks, also, it can be difficult to disaggregate personal from commercial business. So an alternative is proposed. If you want to, you can aggregate your retail (beta 12%) and commercial (beta 15%) banking income figures and apply a composite beta – of 15%. Then again, if you can’t do otherwise, you can aggregate the income of the other six business lines (betas ranging from 12 – 18%) and apply a composite – of 18%.

So the bottom line is that you are now expected to incur all the costs of putting in management processes, which are exactly the same as the AMA, and you will then have the privilege of being hammered for the highest beta on the market.

Is that really an encouragement – as the regulators continue to parrot in CP3 –to “move along the spectrum of available approaches”? Does it incentivise banks to improve their risk management? Of course not. It simply opens such a gap between Basic and Advanced that the STA might as well not be there. Which is, of course, remarkably similar to where the US appears to have got to. And where we should not be.

The Basel Accord should be about improving risk management. It should recognise the needs and aspirations of the thousands of banks who will be affected by the new regime, such as those in the EU. If nothing changes, there will be little point in their incurring the significant costs of reaching a standard close to the AMA, to receive no benefit – possibly an increase - in capital, as compared with staying on the Basic level. And if that happens, the Accord will have failed and we may wonder why we ever started.