Saturday, July 9, 2016

Regulatory developments in financial risk realms: And what they mean for risk management practices in ASEAN banks

I. Introduction

Previous waves of Basel reforms, particularly with regard to minimum capital requirements (Pillar 1), have arguably had limited impact on banks’ business models in ASEAN. However, this time it’s different. Several of the recently introduced global standards, guidance and consultative papers give a clear indication of their more significant and lasting impact.

One of the key reasons for this impact will be that the recent regulatory standards address areas that are closely linked to real challenges faced by banks in ASEAN, for example with respect to credit risk management and loss provisioning practices. There is also an apparent trend that the Basel Committee is striving to enhance risk sensitivity of so-called standardized capital frameworks which are widely used by ASEAN banks. What’s more, increasing expectations for a rigorous implementation of the Basel requirements by local regulators and banks alike, as well as more demanding disclosures, will have additional ramifications for risk management departments.

We will shed light on four key regulatory pressures in financial risk realms (highlighted in the below figure), namely, LCR (effective generally by end-2015); The Revised Standardized Approach for Credit Risk (Consultative paper, published in December 2015); IFRS 9 (effective as early as January 2018); And IRRBB (effective in 2018, based on end-December 2017 financials).

II. Liquidity risk: Basel Liquidity Coverage Ratio (LCR) 

Given the commercial banking business model largely prevalent in the region, the introduction of the LCR requirement is not expected to result in significant shifts of funding and asset mix. According to our observations, a large majority of banks in the region are also relatively comfortable with meeting the 100% LCR target. However, these banks face the challenge of some local regulators expecting daily LCR reporting by 2017. 

Furthermore, one should bear in mind that the Basel LCR is a standardized approach based on a predefined weighting scheme, which might not represent an accurate liquidity risk profile of banks operating in different national jurisdictions. For example, the Basel LCR assigns a run-off factor of 5% for ‘stable’ retail deposits assuming the existence of an effective deposit insurance scheme that backs such deposits. In reality, the effectiveness of deposit insurance might vary by country, due to different features and strength of national deposit insurance corporations.

Many aspects of sound liquidity risk management is furthermore, by nature, non-quantifiable, for instance in relation to intra-group funding arrangements. After all, a bank must establish an appropriate policy framework to link its risk appetite, stress tests and contingency funding plan. As a good practice, it needs to work with a wider range of stress scenarios to gauge its buffer adequacy and to align its liquidity pricing accordingly. The latter has increasingly drawn the interest of bank executives in this region since liquidity buffer has become rather costly - due to lower interest rate levels - and needs to be charged to units or products that generate such buffer requirement. 
The following diagram depicts linkages of the liquidity risk management themes beyond compliance with the Basel LCR rule, with a central role assigned to internal stress tests.

Similar to internal assessments that banks must perform under the Pillar 2 and ICAAP (Internal Capital Adequacy Assessment Process) frameworks, internal liquidity adequacy assessment process (ILAAP) has been performed by leading banks over the last several years, especially in the UK and other key European Union member states.

The ILAAP could become an upcoming supervisory target in ASEAN to comply with the Principles for sound liquidity risk management and supervision (BCBS, September 2008) . In Malaysia, for example, banks have been asked by BNM to improve their liquidity & fund transfer pricing mechanism. In Indonesia, bank supervisors have paid extra attention to the quality of liquidity risk stress testing performed by larger institutions in particular. 

At present, concerns of compliance in relation the Basel LCR largely revolve around operational and reporting issues. These are not to be underestimated given the requirement for daily LCR reporting (in some countries) and the expectations of global and national regulators for high quality and consistent implementation of the LCR standards.

However, the global best practices in risk management and supervision also indicate the importance of ‘Pillar 2’ implementation in the realms of liquidity risk. This means more attention for principle-based liquidity risk management and supervisory review of all relevant component of liquidity risks including banks’ intra-day liquidity & collateral management, liquidity & funds transfer pricing, and stress testing.

Banks must adapt their risk infrastructure to meet both daily LCR reporting requirement as well higher supervisory expectations for sound liquidity risk management.

III. Credit risk: Revised Standardized Approach (Second consultative document, December 2015)

The Basel Committee on Banking Supervision (BCBS) is currently proposing revised standard approaches (SA) for credit, market, and operational risks.

As is well known, the SA is a methodology for calculating minimum risk-based capital requirements and should not be seen as a substitute for prudent risk management by banks. In credit risk areas, when a bank solely opts for the standardized approach, linkage between the bank’s required capital allocation and day-to-day credit risk taking will be minimal.

This revised SA proposal seeks to mitigate this concern by seeking a balance between simplicity and risk sensitivity, and by ensuring that the revised SA constitutes a suitable alternative and complement to the Internal Ratings-Based (IRB) approach. The Basel Committee therefore sees the revised SA for credit risk as a means to reassert its goal to reduce banks’ mechanistic reliance on ratings. 

In order to achieve these objectives, a SA bank should undertake its own due diligence and internal risk management. If the due diligence assessment reflects higher risk characteristics than that implied by the external rating of the exposure, the bank would apply a higher risk weight for the exposure.

The due diligence requirements mean that “banks should be able to conduct their own assessment of the creditworthiness of, and other risks relating to, the financial instruments to which they are exposed, and satisfy their supervisors of that capability” (BCBS 347, p. 3). 
Consequently, banks should have in place effective internal rating systems, processes and controls to meet good practices, which are normally benchmarked against Basel II rating requirements for banks adopting the IRB approach. Stated differently, an SA bank would need to review and upgrade its rating models and governance even if it does not have a plan to switch to the IRB approach. 

IV. Market risk: Interest rate risk in the banking book

In April 2016, the BCBS issued standards for Interest Rate Risk in the Banking Book (IRRBB) which reflect changes in market and supervisory practices over the last twenty years since the Committee publish Principles for the management and supervision of interest rate risk in 2004. Since the document represents a Basel standard, like the existing capital and liquidity standards, national regulators are expected to adopt it in time. Compared to the 2004 Principles, the IRBBB Standard has the following key enhancements:

a) Greater guidance on IRRBB management processes
The standards explicitly mention the requirement to perform a wide range of stress tests including reverse stress tests. 

Scenarios should be sufficiently wide-ranging to identify gap, basis and option risks. Banks are required to pay attention to concentrations due to possible liquidation problems in stressed markets. 
The behavioural and modelling assumptions made in the context of IRRBB should be conceptually sound, well documented, rigorously tested and aligned with the bank’s business strategy. As part of good practices in this area, banks also need to estimate how administered rates might change in the interest rate scenarios and assess the potential interaction with other risk types, including as to how interest rate shocks affect cash flow profile.

b) Introduction of standardised IRRBB Framework
The BCBS also introduces a standardised IRRBB framework to be applied by banks either if mandated by the supervisor, or if desired by the bank itself. The standardised framework sets out the required steps to measure a bank’s IRRBB exposure. 

The standardised framework aims to better capture IRRBB compared to the 2004 Principles, and therefore implementing it can enhance IRRBB management capability of banks, especially in entities that have not established more sophisticated internal measurement systems (IMS).

c) Tight outlier test
A bank is identified as an ‘outlier bank’ if it would experience a loss of economic value in excess of 15% of its Tier 1 capital under a set of prescribed interest rate shock scenarios. Such a bank would be subject to further supervisory review and/or should be expected to hold additional regulatory capital. The outlier criteria has thus been tightened compared to the 20% threshold included in the 2004 Principles. 

d) Enhanced disclosure requirements
Another notable feature of the IRRBB standards is that banks must disclose the level of ΔEVE (ie. economic value sensitivity) and ΔNII (ie. interest earning sensitivity) under a set of prescribed interest rate scenarios. Banks should also disclose the average and longest repricing maturity assigned to non-maturity deposits (NMDs).

ΔEVE should be computed with the assumption of a run-off balance sheet, where existing banking book positions amortize and are not replaced by any new business. ΔNII should be calculated assuming a constant balance sheet, where maturing or repricing asset cash flows are replaced by new cash flows with identical features with regard to the amount, repricing period and spread components.
For internal management purposes, banks are encouraged to model earnings under dynamic balance sheet approaches by incorporating future business expectations, adjusted for the relevant scenario in a consistent manner.

The disclosure requirements for NMD imply that banks must be able determine the duration, in particular, of their current account and saving accounts (CASA) using a best practice methodology. Bank Supevisor will expect that formal policies are in place in order to assess the model risk that corresponds to the (validation of) IRRBB measurement, including in the areas of behavioural modelling of various products with optionality risks.

In contrast to the 2004 Principles, banks are now expected to articulate the IRRBB Risk Appetite in terms of risk to both economic value and earnings, including the implementation of policy limits that aim at maintaining IRRBB exposures consistent with their risk appetite. This requirement has operational implications especially for banks that currently deploy (static) earnings measures as the only tool to measure the IRRBB.
The following chart visualizes key elements and processes included in the Basel IRRBB standards:

The enhanced Pillar 2 framework included in the new IRRBB standards is an important driver for banks in the region to invest in the upgrade of its balance sheet management and automate its data inputs as much as possible in order to reduce administrative errors. 
Compared to the 2004 Principles, the standardized IRRBB framework has been updated to enhance risk capture, and can be used as a benchmark for internal models. By the same token, for those banks that are still to establish an IRRBB internal measurement system (IMS), the standard provides a clear direction as to how banks can improve their methodologies, governance and disclosures.

V. Expected credit loss: IFRS 9 and BCBS guidance

Major financial institutions in ASEAN are currently busy implementing the new requirements resulting from the introduction of International Financial Reporting Standard 9 (IFRS 9).
IFRS 9 is expected to materially influence banks’ financial statements, with impairment calculations the most affected. The expected credit loss (ECL) calculations rely on a forward-looking assessment, rather than an incurred loss calculation. IFRS 9 requires banks to plan for possible credit losses far earlier rather than after a customer has defaulted. As a result, the ECL is linked to a broader risk management and regulatory context as it will have an impact on overall balance sheet management and capital adequacy assessment.  It also goes beyond a pure accountancy calculation with an impact for numerous stakeholders in the bank, including risk, treasury, and business units.
The BCBS recently published “Guidance on credit risk and accounting for expected credit losses” (BCBS 350, December 2015) to set out supervisory expectations on sound credit risk practices associated with the implementation and ongoing application of ECL accounting frameworks. 
It highlights a number of areas of judgements that give rise to greater need for improved governance, where that judgement is applied. As an example, banks need to address the definition used to determine significant increase of credit risk since origination. Depending on where the line is drawn, expected credit loss will be measured as 12 month or lifetime, leading to a different provision.
Therefore, the guidance has emphasised the importance of high-quality, robust and consistent implementation of applicable ECL accounting frameworks, both within and across all jurisdictions (eg. BCBS 350/p.3). For instance, the Basel Committee considers that practical expedients are intended mainly for entities outside the banking industry.
Other big challenges in implementing the ECL framework are to define and prepare the right input data and to implement a feasible technical solution capable of dealing with the new complexity. Good practices we observe in the industry is that banks are planning to develop the ECL models by leveraging available accounting and risk management data while ensuring a consistent implementation with regards to reconcilability with regulatory reporting. 
Banks with advanced approach for credit risk can build ECL models upon their existing internal credit risk models, which are already used to perform capital allocation and stress testing. In order to determine point-in-time risk parameters (probability of default [PD], loss given default [LGD], exposure at default [EAD], etc.) required to calculate the ECL, the banks should incorporate forward-looking information and macroeconomic factors. 

As a consequence, strong simulation functionalities are imperative for a more sophisticated financial institution to keep expected credit losses at an appropriate level.

IFRS 9 will result in significant revision of existing models for impairment calculations and require banks to manage additional data requirements to meet regulatory expectations for a robust implementation.
For a bank that has not developed internal credit rating systems according to Basel II requirements, the introduction of the ECL accounting framework is a catalyst to dedicate resources to develop its rating data, models and systems while strengthening the link between accounting, treasury and risk management functions.

VI. Concluding remarks

Banks can strike a better balance among liquidity, solvency and profitability by understanding how one risk affects another. As illustrated in the following diagram, the themes offered above are closely related, with implications that different management functions face a higher degree of interdependency. 
To comply with the proposed SA for credit risk, banks must improve their due diligence capabilities, which are fundamentally represented by a sound risk rating system.  As accounting is moving from an incurred loss model to an expected loss model, banks must find a way to incorporate macroeconomic predictions into their ECL calculations. In this new world of risk management, each risk model and stress test that a bank develops should hence factor in the same assumptions about the future and be applied bank- wide during the internal capital and liquidity adequacy assessment processes.

“This time is different” 
Most of the first series of regulatory accords were borne out of the lessons from the 2008/2009 financial crisis in the US and Eurozone, and often deemed irrelevant for the banking environment in this part of the world. 
However, the above noted regulatory developments would likely have more meaningful impacts this time around, and they potentially have more linkages with actual challenges of commercial banking in ASEAN. The additional risk sensitivity infused into the (proposed) standardized approaches will close the gap with how managers measure and manage risk in their business. Finally, the regulatory push for better disclosures will lead to increasing needs for automated risk management systems and high-quality data.
Banks should take inspiration from the new regulatory developments and use them to drive positive change.