The Basel II Capital Adequacy requirements have been introduced to encourage banks to improve their management of Credit, Market and Operational Risks. Under the new accord comes a risk based capital requirement specifically for Operational Risk. While capital is important it is only one defense against risk. It is also unlikely that it will be the preferred solution.
An increase in capital will not in itself reduce risk, only management action can achieve this. The control of Operational Risk fundamentally lies with good management. This involves a persistent process of vigilance and continued improvement. Operational Risk Management is a value adding activity that impacts, either directly or indirectly on a bank’s bottom line performance. It therefore should be a key consideration for any bank.
However despite this, the advertising material put out by many technology suppliers on the question of Basel II Operational Risk compliance carries a single message – that Operational Risk Compliance is all about the bean counting, or to put it into their jargon, “DATA MINING”. Not a word is said about the real message flowing from Basle II; – MANAGE the risk and not, repeat NOT only measure it. Undeniably Basel II is more than an exercise in capital allocation and loss data gathering.
Consider the following assortment of claims being made for some of the Basel II software now on offer. It will: (1) Identify the data for Basel II reporting and analysis; (2) Locate that data in operational systems spread out across the whole bank and, in some cases, incorporating it with third-party data; (3) Extract and transform data from operational systems to provide a consistent structure for the data warehouse environment; (4) Clean the data to achieve a consistent and complete view needed for risk calculations, reporting, and analysis;
These folk have missed the point completely. There is also an operational risk management process waiting to be implemented and no one is saying anything about it.
And don’t only take my word for it! The international Rating Agencies have made it abundantly clear where they stand on Operational Risk and how this aspect is going to affect future bank ratings. The following quotations illustrate the point.
“A quantitative approach to operational risk management is not the ultimate solution. … critically important is the implementation of an effective qualitative process of identifying, measuring, managing and controlling operational risk.”
“Since operational risk will affect credit ratings, share prices and organizational reputation, analysts will increasingly include it in their assessment of the management, their strategy and the expected long-term performance of the business.”
Trying to summarize all the risks into a single number or a range of numbers and then trying to manage this down is the first impulse of many banks and they see technology as being the ideal solution. They are creating a false sense of security by turning a blind eye to the real issue – Managing Risk.