"Our biggest challenge was getting data from legacy systems into a warehouse for the various aspects of risk management," confirms CIBC's Talwar. For any bank going through a Basel II implementation, Talwar recommends that the project team members who are selected have a true understanding of the data -- how it's being used and the business rules around it. If you bring in novices who don't understand processes, you could have problems with data transformation rules that could necessitate data rework, or worse, errors in your calculations, he says.
Business-Line Buy-In to Data Initiatives
But getting the individual business units on board with the enterprisewide data process often is a problem. "The biggest hurdle was the fact that you had to deal with 47 different source systems creating data on credit exposures and working with individual units on understanding their systems," Bank of New York's Nedzi relates. "It required their involvement and dedicated technology resources but had very little benefit to their day-to-day business," he explains.
To facilitate the data development process, Bank of New York established a formal Basel II compliance office in 2003. The project office was led by the head of portfolio management and staffed with several senior project managers from the technology office as well as staff from McClean, Va.-based technology and management consultant BearingPoint. "Without that office, it would have been impossible," Nedzi says. The bank turned to BearingPoint to establish its credit risk data warehouse, which will enter the final phase of parallel testing in September, he adds.
Another hurdle that banks run into is the lack of support during and after Basel II implementations, according to Gartner's McKibben. Banks need to make sure they understand with whom they will be dealing and who is ultimately accountable for the implementation. You need the vendor to stand behind the whole project, not just the software, he says.
"Some vendors don't have the same level of expertise in all parts of the world," McKibben says. Therefore, ensuring that a bank understands its own business and compliance requirements -- and selecting a vendor that also understands these parameters -- should be part of the bank's due diligence process. Once the financial institution understands that big picture, it must communicate it to its chosen vendor and make sure that the vendor's contract includes stipulations for support before, during and especially after the implementation, McKibben stresses.
CIBC's Talwar also says banks should have in-house expertise and know the extent of the problem and the related issues before they seek outside help. "I understand the compliance requirements way better than [a vendor] could ever," he contends.
Leveraging Basel II Tech Investments
Of course, when searching for a Basel II solution, it also helps to understand how the bank can leverage it for more than just compliance. According to Gartner's McKibben, the direction in which Basel II is pushing financial institutions should benefit banks in the long run. Consistency with risk management processes, data practices and reporting, he says, will only help banks in other areas.
"The big message is understanding that there is a lot to gain in using the holistic approach to calculating economic capital," says Guillermo Kopp, executive director and global research fellow at TowerGroup (Needham, Mass.). Financial institutions that are able to use their Basel II investments to efficiently manage their overall risk will benefit from lower capital requirements and competitive differentiation, he contends.
"The banks that are making good progress are doing it because of [the requirements'] own value," Kopp says, adding that those banks that are implementing solutions just for compliance purposes are missing the boat. "This is a fantastic way to bring the bank together."
According to the Boston Consulting Group, banks need to do two things to be able to leverage their investments in risk-based compliance. One is to incorporate efforts into their everyday business decisions and overall business strategy. The second is to stop treating risk topics in isolation.
Banks should use Basel II as an opportunity to integrate areas that have been stand-alone in the past, SAS' Rogers says. The resulting benefits, he says, can include enhanced credit scoring, credit origination and credit lifecycle management. Banks also can leverage Basel II investments for other compliance mandates, such as anti-money laundering rules, Rogers adds.
CIBC is hoping to leverage its Basel II compliance efforts to improve risk management capabilities across all of its products and lines of business, the bank's Talwar says. "One offshoot of some of the things we've done is find business processes that also need improving," he relates.
Bank of New York's Nedzi says the bank will be able to leverage its "significant" investments in Basel II over time. Already, the bank's rating system captures data items that it wasn't able to before, which has added consistency to its ratings throughout the organization, he notes. But, Nedzi concedes, "Relative to the expenditure, we would never have gone forward with this implementation for our own benefit [alone]." He explains that Basel II requires risk management to be consistent across all areas of the bank, even those that are low-risk environments. Nedzi says he would have preferred to concentrate risk management expenditures and rigorous systems in areas with the greatest risk, saving time, money and effort on those areas considered low risk.
Part of the ERM Puzzle
Basel II solutions should be viewed as just one part of a bank's overall plan to support enterprise risk management (ERM), adds Gartner's McKibben. "If you do things just to comply with Basel II, you are not going to be successful," he contends. The principles outlined in Basel II can be broadly applied throughout the enterprise to create, a "single version of the truth," or a holistic view of the bank's risk profile, McKibben says.
Still, Basel II focuses attention on each risk silo and accelerates risk management across those silos, Bank of New York's Nedzi continues. But Bank of New York already has very good processes in place for risk management within individual silos of risk, he emphasizes. As such, Nedzi says, most of the work it's doing right now toward ERM has to do with looking at the overall portfolio of risk and the various correlations and concentrations to determine what that means for risk across the organization.
"It's suboptimal to just look at Basel II," Gartner's McKibben repeats. "If [banks] are only looking at Basel II, it's probably going to cost them more in the long run. Basel II is a very narrow, specialized element."
A Happy Marriage: Finding the Right Technology Mate for Compliance Programs
GRC SOFTWARE platforms help banks maximize their return on investment in compliance technology.
Basel II Drives ERM
BASEL II is the driving force behind enterprise risk management.
WELLS FARGO leverages Basel II solution from Reveleus to create business value.