1. Introduction

In 2004, the Basel Committee on Banking Supervision published the Basel II Accord, which proposed major changes to the way that regulated banks calculate, manage and report not only their Credit and Market Risks but, in addition, a new category of Operational Risk.

Although the concept of Operational Risk regulation has been discussed in the banking industry since the mid-1990s and have been amplified by banking disasters, such as Barings, it has proven difficult to develop workable definitions of Operational Risk and even more difficult to develop tools and techniques to measure it so that regulatory capital can be set aside to cover Operational Risk.

Although progress towards measuring Operational Risk has been less than satisfactory, Basel II was, nevertheless, officially implemented in many banking jurisdictions on 1st January 2008. This decision to proceed with resolution of measurement issues is not completely unsatisfactory, as Basel II had already been delayed a number of times and considerable progress has already been made in (arguably) more important aspects of Operational Risk Management, i.e. risk management policies, processes, organisation and governance. In short, the measurement of Operational Risk is still a ‘work in progress’.

One other significant part of the Operational Risk puzzle remains to be developed - Disclosure/Reporting. In part, this is because disclosure (or Market Discipline in Basel terminology) was always perceived to be an issue that would be delegated to national regulators, because accounting standards vary in different jurisdictions. The most basic requirements for market disclosure of Operational Risks have been put in place but obviously will have to be enhanced as Operational Risk is reported and analysed on a year-to-year basis.

Reporting of Operational Risk information is an area of interest to accounting and hence there is, at minimum, a need to understand the requirements of Basel II and if, accountants are to perform their fiduciary duties to their Boards and shareholders, to ensure that published information is validated to the highest standards possible.

This paper first summarises Basel II and describes new regulations on Operational Risk. It then describes some of the practical issues that have made Operational Risk difficult to measure, pointing out where accounting can play a constructive role. Finally the paper suggests areas where accounting research could be valuable.

The Bank for International Settlements (BIS), the world’s senior banking regulator, operates through the "Basel Committee on Banking Supervision" which formulates supervisory standards and best practice for action by local banking regulators.1 The first Basel Capital Accord (Basel I) was established in 1988, setting minimum standards of "capital adequacy" for both Credit and Market Risks. In 2001, the Basel Committee proposed, for the first time, to set capital charges for all banks to cover Operational Risk (Basel 2001). Over the next few years, the Committee conducted research and proposed methods for calculating Operational Risk Regulatory Capital (ORRC) culminating, in 2004, in the publication of the ‘Revised Framework for the International Convergence of Capital Measurement and Capital Standards’, the so-called Basel II Accord (Basel 2004).2

The stated objective of Basel II is to "develop a framework that would further strengthen the soundness and stability of the international banking system while maintaining sufficient consistency that capital adequacy regulation will not be a significant source of competitive inequality among internationally active banks" (Basel 2004 §4).3 The Basel Committee stated that it believed that "the revised framework will promote the adoption of stronger risk management practices [author’s emphasis] by the banking industry, and views this as one of its major benefits … as it sought to arrive at significantly more risk-sensitive capital requirements that are conceptually sound and at the same time pay due regard to particular features of the present supervisory and accounting systems in individual member countries" (Basel 2004 §4).

Since the release of the final proposals in 2004, local banking regulators, such as the Australian Prudential Regulation Authority (APRA), have been expanding on these proposals for financial institutions under their supervision. Originally scheduled to be implemented in 2006, the Basel II regulations finally came into force in several jurisdictions on 1st January 2008.4 Much, but not all, of the delay in implementing Basel II is related to the difficulties of measuring capital requirements for Credit Risk, which is outside of the scope of this paper, but many of the issues related to measuring Operational Risk Capital have proved difficult to resolve, resulting in, as described later, a less than satisfactory situation for complying institutions.

Under Pillar 1 of Basel II, a regulated institution must calculate the ‘minimum capital’ required to cover losses for each of its Credit, Market and Operational risks and then add them together to arrive at an overall Minimum Capital Requirement.5 The definition of what exactly constitutes so-called Tier 1, Tier 2 and Tier 3 ‘capital’ for regulatory purposes remains, in essence, unchanged from Basel I and, although of interest to accountants within banking regulated institutions, will not be covered here, but is detailed in local regulations such as Prudential Standard APS 111, published by APRA (2008 - 111).

It should be noted at this point that the Basel II proposals on Operational Risk were not universally endorsed, in particular as to the use of ‘capital’ as a mechanism for regulatory. Academics, such as Sheedy (1999) and Currie (2005), have argued that the capital proposals could encourage unwelcome distortions in the behaviour of individuals and firms in the financial industry. Future research is needed to identify if these worries are indeed well founded.

Pillar 2 of Basel II describes the "supervisory review process" that clearly links capital to the quality of a firm’s risk management and is:

Pillar 3 of Basel II is labelled ‘Market Discipline’ but more properly should be termed ‘Market Disclosure’ as it relates to how risks are reported (Basel 2004 §808):

As consolidation, reconciliation and reporting of information to regulators, shareholders and the public is normally the responsibility of a firm’s internal accounting function, it is Pillar 3 of Basel II that will impact accountants most. However, without an understanding of Basel II (and here Operational Risk within Basel II) the accounting function will have difficulty fulfilling their statutory, fiduciary and professional responsibilities.

It is interesting to note that Basel Committee does not itself address accounting issues, arguing that it is the role of national regulators to clarify accounting details with national accounting standards setters (Basel 2004 §12):

In practice, this means that accounting issues will be addressed by local regulators, such as APRA and the UK Financial Services Authority (FSA).

This paper aims to assist in this dialogue by identifying some of the difficult, practical issues raised by the Operational Risk Capital regulations of Basel II, highlighting some areas where input and research from accounting could be valuable. It should be noted, however, that this paper considers only Operational Risk issues, and there is a need for research into other impacts of Basel II, in particular for Credit Risk.

One of the trickier issues in considering regulation in this area is the definition of Operational Risk, which the Committee eventually agreed as:

Despite the (not insignificant) exclusions, this definition is extremely broad and covers losses that can occur not only across an organisation and also as result of external events, such as a terrorist attack.

While Operational Risk had been recognised as a real risk that needed to be managed before Basel II, its inclusion as a specific risk that requires regulatory capital was, in part, driven by a number of well-publicised events that caused spectacular financial losses, in particular the failure of Barings bank in 1995. The loss of over US$1.4 Billion at Barings can be tracked back to the ‘inadequate or failed process, people and systems’ within the Basel definition of Operational Risk (McConnell 1998). Subsequently, other significant losses at banks, such as Allied Irish Bank (AIB) and National Australia Bank (NAB), have strengthened arguments for improving the regulation of Operational Risk (McConnell 2003, 2005). The recent ‘rogue trading’ scandal at Société Générale with losses of over € 4.9 Billion has demonstrated that the problem has not gone away (SOCGEN 2008).

These approaches increase in complexity and the Committee encourages banks to:

Of the approved methods, the Basic Indicator and Standardised approaches are ‘formulaic’ where capital is calculated according to (relatively simple) formulae and the AMA where firms are permitted, subject to stringent ‘qualitative standards’ to develop their ‘own model’. Regulators assume that so-called ‘internationally active banks’ will use the AMA for the bulk of its operations.

During the development of Basel II, practitioners and academics have concentrated their efforts on identifying theories and practical tools for developing compliant AMA models. As noted below however, as Basel II is being rolled-out, there is little consensus on AMA models.

As its name would imply, the BIA is indeed a ‘basic’ approach to calculating ORRC, based on the average over the previous three years of a fixed percentage of "positive annual gross income". Equation 1 shows the calculation of the capital charge KBIA under the BIA approach (Basel 2004 §649):

KBIA = [Σ (GI 1.. n * α)]/n (1)

Where

α = 15%.

This very simple formula, of course, uses information normally calculated and published by the accounting function, such as ‘Gross Income’ and hence would naturally fall within the responsibilities of that function.

The Standardised Approach (TSA) is only marginally more complex than the BIA, based on the average over the previous three years of a simple sum of regulatory capital charges across each ‘business line’ in the firm, where each ‘business line’ is allocated a different Beta factor. Equation 2 shows the calculation of the capital charge KTSA under the TSA approach (Basel 2004 §654):

KTSA = {Σ years 1-3 max[ (GI 1.. 8 * β1.. 8),0]}/3 (2)

Where

Again this relatively simple formula uses information normally calculated and published by an accounting function.

At this point it is worth asking the question - ‘What does Basel II define as a business line for Operational Risk purposes’?

Without delving into the rather tortured history of Basel II, it is sufficient to note that the concept of ‘business line’ arose as a result of a number of so-called Quantitative Impact Surveys (QIS) conducted by the Basel Committee (through national regulators) which collected information about what banks were actually doing about Operational Risk. From those surveys, eight generic Business Lines and seven generic Loss Event Types were identified. Table 1 below shows the official classifications, plus the related Beta factors for Business Lines (Basel 2004 §654 & Annex 7).

From Table 1 we can see that, for example, the Basel Committee considers that the Corporate Finance (18%) is more ‘risky’ than Asset Management (12%) and hence would incur higher capital charges for Operational Risk according to Equation 2. Needless to say that this assumption is somewhat contentious and remains to be tested by detailed research (see sidebar ‘Operational Risk Measurement’ below).

Problems will obviously arise if income has to be split between business lines, giving rise to reports for different purposes that are difficult to reconcile and to explain, for example in allocating capital.

However, national regulators have not only taken the opportunity to identify what constitutes ‘assets’ but also to change slightly the formula recommended by the Basel Committee, and jurisdictions have diverged on the precise definition of an ASA. Equation 3 shows the calculation of the capital charge KSA under the ASA mandated by APRA (2008 - 114):

It should be noted also that APRA applies this formula to all its regulated banks6 not using an AMA - i.e. APRA does not sanction a BIA approach for local banks.

The rather convoluted Equation 3 states no more or less than a factor of .035 is applied to total Loans and Advances for the retail and commercial business lines, adjusted by the relevant Beta factor, and for all other lines a factor of 18% is applied to positive ‘Adjusted Gross Income’ for those business lines. All balances are averaged over six half-yearly periods to arrive at a total capital calculation.7

The calculation of operational risk capital using the BIA, TSA or ASA methods, therefore, would/should naturally fall within the responsibilities of the accounting function in a Basel regulated institution.

Before considering ‘quantitative standards’ in detail, it is worth noting the major ‘qualitative standards’ mandated in Basel II (Basel 2004 §666):

1 The BIS is not itself a regulatory body but its rules are applied by G10 countries to regulate major banks and used by most of the rest of the world as a regulatory standard.

2 It should be noted that in 2006 the Basel Committee published a ‘comprehensive’ version of its 2004 document, which included some additions for Credit Risk only, and hence is not relative to this paper.

3 When the 2004 Basel regulations are referenced in this paper, the clause number is prefaced by the section symbol, e.g. (Basel 2004 §666).

4 While Europe, Australia and Japan have adopted Basel II in 2008, implementation in the US and many Asian jurisdictions have been delayed for a number of years. However, all major regulators have affirmed their intention to adhere to the Basel II Accord.

5 In should be noted at this point that the ‘comprehensive’ version of Basel II, is over 330 pages long with over 800 jargon-laden clauses, and hence is difficult to summarise in a paper such as this.

6 APRA uses the term Authorised Deposit-taking Institution (ADI) for a bank and excludes some branches of foreign banks from having to use the ASA.

7 In a quirk of Basel II, capital charges calculated under all ORRC methods are multiplied by a factor of 12.5 to arrive at a so-called ‘risk weighted asset’ (RWA) for no other reason than, under both Basel I & II, aggregated RWA are multiplied by a fixed factor of 8% (1/12.5) to arrive at a minimum capital number.

8 The issue of which confidence interval to use for economic capital (often 99.95%) is problematic because of the technical problems of calculating capital at the much lower regulatory level of 99.9%

9 In the Basel II treatment of Credit Risk, Expected Losses are well understood as they relate to historical Credit Loss experience, less so in the new area of Operational Risk.

10 It should be noted that in the initial Basel II working paper (Basel 2001), the use of an LDA was supported and described in some detail. However, in the final Basel II regulations (Basel 2004), all references to an LDA approach were removed.