Basel II Compliance: Another Burden for European CSOs?

The Basel II capital adequacy framework is a regulatory tool that is designed to help mitigate the risk that haunts financial institutions. Its designers had a clear purpose in mind: to create safer and sounder financial institutions by mandating that the amount of capital that they hold offsets the risks inherent in the banking system.

Risks to financial institutions are traditionally classified as three-fold: credit risk, market risk, and operational risk. In development since 1999 and building on the Basel I directive on capital adequacy as well as bank supervision legislation, the rules for the Basel II directive were finally agreed in July 2004. Back in 1998, when Basel I was ratified, banks were wrestling with bloated loan portfolios and credit risk loomed as banking’s big bugbear. But the world of finance has become increasingly complex, exposing banks to greater risks than ever before. To overcome this, the Basel II framework aims to enhance the transparency of financial institutions’ operations and to support a level playing field in an increasingly integrated global financial system.

At the Top of the Agenda for Europeans

Regulatory compliance is a term that haunts many business conversations today. Most of these regulations are designed to improve standards of governance and risk management within organizations. In the US, the Sarbanes-Oxley Act of 2002 is the regulation keeping executives awake at night; many international companies in Europe must also comply with Sarbanes-Oxley. But the foremost concerns for European executives today are data protection, privacy, and – increasingly of late -Basel II compliance.

The EU has tabled its Capital Requirements Directive (CRD), which is the EU’s transposition of Basel II into European law. It will become effective in each country once every EU member state has ratified CRD into its own national legislation.

The nature of today’s financial world is complex. In Europe, financial conglomerates now account for more than one third of total EU banking assets and more than 20% of life assurance premium income. In order to ensure a high level of stability in such a complex market, the CRD has been given wider applicability than envisaged in the Basel II framework: the CRD will extend to cover all banks and investment firms in the EU.

However, few financial institutions have supranational reach in the EU. There are many sizeable enough to be dominant in their own national markets, but existing rules make cross-border merger and acquisitions rare. One of the aims of the CRD is to remove barriers to such activities so that financial institutions can more easily operate across national borders.

The situation in the US is somewhat different. There, the banking sector is characterized by a few very large financial institutions, plus hundreds of local and regional banks. Because the provisions of Basel II are onerous for companies to implement, and especially because questions regarding its applicability to smaller businesses are only just now being resolved, the US authorities have decided to mandate Basel II compliance for only the 20 largest banks at present.

What Compliance with the CRD Requires

Ratification of the EU’s interpretation of the Basel II framework in the CRD directive means that financial institutions must comply with its rules by 2007, or by 2008 for the most advanced set of internal risk ratings provided. Although many financial institutions put their plans for complying with Basel II on the back burner while the accord’s effective date was in question, the impending ratification of CRD means that compliance strategies have been brought back to the budgeting table – for European companies at least.

But financial institutions will initially pay a high cost for compliance. A recent survey commissioned by the EU indicates that one third of large banks in the EU expect to spend more than 100 million euros (20 million) to achieve compliance. And IT budgets will form around two thirds of that spending. Coming on the heels of other regulations, including data protection, privacy directives, and Sarbanes-Oxley, CRD compliance will initially be a bitter pill to swallow.

It’s Not Just about IT

From an IT perspective, financial institutions must take a more advanced risk management stance that focuses on business data and works to increase the quality, consistency, auditability, and transparency of data. In particular, the Basel II framework aims at grounding risk measurement and management into actual data and formal quantitative techniques. But, whilst IT forms an important part of all regulatory compliance projects, CRD compliance should not merely be seen as an IT project.

Many of the data management exercises undertaken as part of CRD compliance projects will also be applicable for compliance with other regulations with which businesses are struggling to comply, such as Sarbanes-Oxley. For this reason, financial institutions should see CRD or Basel II compliance efforts as part of their overall enterprise-wide risk management efforts. Compliance efforts will influence every aspect of a financial institution – all of its departments, data stores, and applications in use. Additionally, all disclosure processes must be included and aligned with the senior management audit and overview process.

Therefore, the board must control CRD or Basel II compliance projects to ensure that the company’s risk management is underpinned by a system of well-integrated, risk-focused core business processes. Only in this way can all compliance efforts be kept in synch. Basel II or CRD compliance projects may be expensive, but the overall costs can be lessened considerably by making them part of other regulatory compliance efforts.

Initial Burdens Will Be Eased by Long-Term Benefits

Compliance with the framework of Basel II will increase the transparency of financial institutions’ operations, enabling shareholders, investors, and analysts to see clearly if a bank is strong enough to absorb possible losses. If a bank is not transparent enough, its share price could be negatively affected and banks with unfavorable risk profiles will likely have to pay higher rates on funding than those with the standards of information disclosure required by Basel II or CRD in Europe.

Other benefits likely to be seen by financial institutions include greater operational efficiencies, better capital allocation and greater shareholder value through use of improved risk models and reporting capabilities. This will lead to more consistent profits and reduced volatility of credit losses by consistent risk spreading, more effective deployment of capital, and the ability to make better business decisions. According to data from the EU, 41% of European banks are expecting to see major benefits from a reduction in operational losses through their CRD implementations.

Overall, the Basel II framework, whilst onerous to comply with, will provide a process for improving the financial institution’s ability to quantify, manage, control and report risk positions at multiple levels throughout the organization. Its benefits are many and institutions not complying with the framework risk falling behind their competitors. Financial institutions should begin planning how to achieve compliance at the earliest possible date in order to secure this competitive advantage. They should not wait until their national governments mandate compliance, but rather should start evaluating their readiness now.