L. Rutledge, Executive Vice President in charge of the Bank
William L. Rutledge before the Capital Allocation USA 2003
Let me begin by thanking the organizers for inviting me to
speak, and more broadly, for arranging this conference on
the implementation of Basel II. My participation here
as well as that of my colleagues reflects what has
clearly been a longstanding policy of the Basel Committee
to engage the industry in open dialogue on Basel II. Such
discussions will I think continue to play an important role
as we work towards implementation domestically they
allow us to lay out our objectives and approaches, they enable
us to understand more clearly legitimate industry concerns,
and they help us to make adjustments to best meet our objectives
given those concerns.
In similar fashion, at the NY Fed, we have long recognized
the value of having a dialogue with the industry on the major
changes we have made to our supervisory approaches
changes that have moved us from reliance on essentially fixed
examination routines for all institutions to customized reviews
directed at the integrity of banks’ business processes.
We’ve been able to improve our processes by asking you
whether we are focusing on where the risks really are at your
organizations; whether we are leveraging effectively off of
the risk management and control systems that well-managed
firms have in place; and whether our new approaches are adding
value towards improving your risk management and controls
over time. Questions that have obvious parallels to those
before us in the Basel context.
That should not be surprising. As I see it, the conceptual
basis and expectations for Basel II are quite consistent with
the way in which our supervisory processes and expectations
are evolving here in the U.S. They each have been heavily
built on the recognized advances in risk management within
the industry, and they each look to encourage and to incentivize
further advances. How the prospective new regulatory capital
regime of Basel II and our evolving supervisory processes
are intertwined will be a major theme of my remarks this morning.
This reflects a perspective flowing from the two hats that
I wear one as the head of supervision at the New York
Fed and a second as a member of the Basel Committee.
This morning I will be focusing first on some of the broad
issues involved in Basel implementation in the U.S.
issues that are laid out in several of the documents that
the U.S. agencies formally issued for public comment a month
or two ago.
That release included an advance notice of proposed rule making
(also known as the ANPR) and draft supervisory guidance. I’ll
focus my remarks today on that draft guidance one set
for the IRB treatment of corporate exposures, and another
set on the AMA for operational risk. This should help set
the stage for some more detailed discussion to follow in several
of the segments later in this conference.
Then, I will get into how the evolving Basel expectations
will fit into our ongoing supervisory process, highlighting
some of the challenges that the industry and the supervisors
will need to address. Throughout my remarks, my focus will
be on what I believe our perspective should be as supervisors,
rather than on the detail of what will be included as specific
regulatory requirements for Basel II.
2. Objective of Supervisory Guidance
Backing up a step, I view the principal goal of regulating
and supervising banking organizations as to promote and to
enforce sound practices while allowing, and encouraging, banks
to innovate and compete. In other words, to create an environment
that promotes healthy, disciplined risk-taking by banks.
The terms “regulation” and “supervision”
are often used interchangeably. However, I think it is important
to view them as providing distinct, though highly complementary,
functions. Regulations establish the rules that banks must
satisfy for example, the level of minimum risk-based
capital to be maintained. Supervision is the process by which
we strive to ensure that individual banks understand the risks
they face and have appropriate processes in place to manage
and control them. Together they are meant to ensure that banks
operate in a safe and sound manner and comply with all applicable
The complementary roles of regulation and supervision are
well illustrated by the issuance of a package that includes
both an ANPR and documents providing supervisory guidance
the first, to provide a framework of rules, and the
second to flesh them out with detailed explanations of what
our expectations are for meeting them. Implicit in this approach
is a clear recognition that the subject is far too complex
to address fully with a set of hard and fast rules. You do
need a well-defined regulatory framework you do need
enough structure to enable bankers and supervisors to operate
with a similar perspective. But it is critical to imbed within
that structure sufficient flexibility to allow responsible
judgment to be exercised. We do not want to constrain the
development of the next generation of risk management systems
with an overly rigid set of requirements that “hardwires”
current reality into the future.
To provide more context on how we are looking to create a
common framework without establishing a set of overly prescriptive
rules, let me illustrate with some comments on the structure
and use of the minimum standards for the Basel II advanced
Since their introduction in CP2, the structure of the minimum
IRB standards has changed they are now considerably
more “principles-based.” The objective of the
revised standards is to promote an appropriate degree of consistency
in banks’ own estimates, while also recognizing differences
in banks’ risk profiles, risk management approaches,
and day-to-day operations. Based on the CP3 proposals, U.S.
supervisors believe that an appropriate balance has been struck
such that the standards in their current form will help to
strengthen the integrity of banks’ risk inputs while
providing flexibility where appropriate.
A key point to make is that satisfying the standards should
not be viewed as a compliance exercise that is, satisfying
the standards should not mean simply ticking off items in
a regulatory checklist. Rather, we envision a process that
begins with banks conducting self-assessments of the state
of their risk management systems relative to the standards
embodied in the new framework, determining where weaknesses
may lie, and putting into place appropriate modifications
to address those shortcomings. The supervisor’s role
is to review critically how each of these steps is carried
To enable banks to determine their state of readiness for
implementing the New Accord, it became clear that we needed
to outline our expectations for meeting the Basel II standards.
This was the impetus for the draft supervisory guidance. Many
observers have tended to focus on the potential capital benefit
stemming from adoption of the advanced approaches. In my mind,
as a supervisor, that leap to the bottom line could well provide
insufficient focus on the integrity and rigor of the processes
that produce that statistical result. That is, how well the
risk management principles underlying Basel II correspond
to the banks’ own risk management practices.
I would like to emphasize that the supervisory guidance is
in draft form. Feedback from the industry will be critical
to shaping its final form and informing the examination procedures
that are being developed separately. In this regard, we are
seeking comment on specific elements of the guidance, as well
as on the broader question of whether an appropriate balance
has been struck between flexibility and specificity. Naturally,
the U.S. supervisory agencies are interested in all views
on the draft supervisory guidance, including any instances
where current sound risk management practices might not fit
neatly into -- or be considered appropriate under -- the proposed
supervisory guidance. As you may know, written comments are
invited through November 3rd.
Let me get into a little more detail on what the supervisory
guidance says first, about expectations for credit
risk management, and then, second, those for operational risk
3. Draft Guidance on IRB Systems for Corporate Credit
The guidance describes four interdependent areas:
When you look at our draft supervisory guidance for credit
risk, I think it is important to note that it is heavily influenced
by our review and synthesis of the better practices observed
at well-managed firms. Our aim has been to leverage-off of
knowledge gained from the joint agency reviews of banks’
internal credit rating systems, so as not to set rules in
an arbitrary way. Those reviews allowed us to learn more about
the range of practices in internal ratings across institutions
that seemed likely potential candidates for the IRB approach.
The minimum standards outlined in the Basel Committee’s
third consultative paper served as a starting point for developing
the supervisory guidance. As I have suggested, the guidance
should not be viewed as a “how to” manual. It
is not intended to dictate the exact path that institutions
must follow to meet supervisory expectations for use of the
IRB approach. Rather, the guidance lays out an acceptable
framework for a qualifying IRB system, which ought to vary,
bank by bank.
- the design and structure of rating systems;
- the quantification of IRB systems;
- the maintenance of credit data; and, finally
- the bank’s control and oversight mechanisms.
Let me comment on each:
Rating System Design
It almost goes without saying that the design of a risk rating
system is key to the integrity of the bank’s internal
assessments, and, in turn, its measurement of risk-based capital.
The draft guidance in this area is built on the strongest
risk management practices observed in the industry. We have
found that many organizations already have, or are in the
process of developing, a rating system that captures both
the risk of borrower default, and transaction-specific factors
that affect the extent of loss in the event of default.
An important challenge for banks going forward will be to
define clearly and objectively the criteria for each rating
category. We view clearly defined and commonly understood
criteria as critical to providing more meaningful assessments
of individual credit exposures and, ultimately, the bank’s
overall risk profile.
Banks also will be expected to have a robust validation system.
By validation, I am referring to the application of various
tools to assess the performance of a bank’s IRB system.
Validation should be viewed as a multi-faceted and continuous
process rather than a single and discrete litmus test.
Statistical tests of ratings outcomes (like back testing of
PD estimates against actual default experience) have an important
role to play in the validation process. However, they should
not be relied on exclusively. Banks will be expected to supplement
their use of statistical tests with other assessment tools.
We are not looking to move to a world where judgment’s
best features are replaced by statistical models. Rather,
we are looking for banks to incorporate sophisticated statistical
analysis in a structure that builds in at every stage a reliance
on informed and experienced business judgment. Reliance on
a range of tools is particularly critical in situations where
there are insufficient data to achieve statistical comfort
in a backtest, such as for higher quality credits that have
experienced very few defaults.
The second area, quantification, refers to banks’ processes
of estimating numerical values for the key inputs to the IRB
risk weight function. These inputs include the probability
of borrower default, the loss severity rate should the borrower
default, and the likely credit line usage at the time of default.
Here also, the guidance does not dictate how banks must estimate
each parameter. Rather emphasis is placed on developing well-documented
processes, regularly revisiting the values produced, and incorporating
independent review and appropriate conservatism in those processes.
This latter point speaks to providing additional comfort in
situations where banks may have less confidence in their estimates.
It is not meant to introduce a conservative bias to those
estimates that are finely-tuned.
Availability of Data
A risk measurement system is only as good as the inputs that
go into it. Therefore, we see it as critical that banks obtain
and maintain appropriate loss data the third area I
want to discuss
The Basel II standards allow banks the flexibility to rely
on data derived from their own experience, or from external
sources, as long as the bank can demonstrate the relevance
of the external data to its own exposures. The standards also
outline the data history banks will need to use the IRB approach
a data history covering the life of a facility from
cradle to grave.
At this stage, we recognize that banks looking to use the
IRB approach are in the process of developing or obtaining
the needed data. We encourage banks that plan to adopt IRB
to consider their data needs very seriously and to further
develop the techniques needed to derive appropriate default
and loss estimates.
Control and Oversight
Finally, to promote greater comfort in the integrity and reliability
of the ratings process, a sound corporate governance framework
must be in place. There are three major structural elements
that are necessary in any good rating system control structure.
- The first is independence in the process of assigning
ratings the people assigning ratings (and even approving
extensions of credit) should be independent of the deal
makers and relationship managers.
- A second check is having a subsequent review of ratings
by an independent review group. This group is charged with
reviewing ratings after the fact that is, after origination
for accuracy, timeliness and consistency. Moreover,
both the ratings system and individual ratings should be
subject to review by the internal audit department.
- The third critical element is transparency in the ratings
process. Here, what we would expect is that the ratings
criteria are objective, and that the bank has in place policies
and procedures that clearly document the rationale for each
ratings category. The more transparent the process, the
easier it is for a third party to audit the ratings through
some form of replication of the analysis.
These three elements independence of the ratings
process, internal review of those ratings, and transparency
all contribute toward stronger controls over the
ratings process. And it goes without saying that the involvement
of senior management and the board of directors is critical
to good oversight and control of the bank’s overall
4. Draft Guidance on Operational Risk AMA
Let us now turn to operational risk. Neither the concept of
operational risk nor the notion of capital to backstop it
is new. Supervisors have had increasingly exacting expectations
for bank management of operational risk for some time, and,
at the same time, banks have clearly been holding economic
capital against operational risk. In this area, the Committee
has definitely sought to build on banks’ rapidly developing
internal assessment techniques, but also, to an extent even
greater than with credit risk, to provide incentives for banks
to improve those techniques and more broadly
their management of operational risk over time.
We have been very encouraged by the feedback we have been
receiving on developments in this sphere. For those interested
in getting a perspective on the nature of developments, I
would direct you to look at a set of bank presentations available
on the New York Fed’s website. Those presentations,
I think, show quite convincingly that numerous internationally
active banks are making real progress in operational risk
quantification in advance of Basel II. Indeed, many have acknowledged
that the Basel process already has encouraged them to explore
new methods for measuring and managing this risk.
The AMA draft guidance establishes a very close link between
risk management and measurement. Here too the message is clear
that it is not enough for banks to look exclusively to quantitative
outputs in managing their risk exposure. First and foremost,
determinations of capital for operational risk must be embedded
in sound risk management and control environments.
A strong corporate governance and management structure for
operational risk also starts with the bank’s board of
directors and senior management. Those individuals must oversee
and be accountable for the bank’s overall operational
risk framework. At major organizations, there should also
be an independent firm-wide risk management function responsible
for the development and application of policies and procedures
governing all facets of operational risk.
Where sound risk management and control environments have
been achieved, the Basel II proposals provide banks with considerable
flexibility to estimate the key drivers of operational risk.
In this respect, the AMA guidance outlines the expectations
for obtaining loss data and validating the results, but does
not prescribe a particular measurement approach.
To reiterate a major theme of my remarks this morning, our
goal is not only to establish rigorous supervisory standards,
but also to allow for enough bank-level flexibility to encourage
innovation over time. We are interested in your feedback on
whether the AMA guidance achieves this, including answers
to such key questions as: Does it allow for differences in
the way you manage risk? And does it outline our supervisory
expectations sufficiently clearly?
5. Impact of Basel II on U.S. Supervisory Process
After having given you an overview of the draft guidance,
let me provide some perspectives on the impact of Basel II
on how we conduct supervision here in the U.S. In some ways,
I see the development of Basel II as presenting the supervisory
community with an opportunity to step back and reflect on
our approaches to monitoring banks. Yet at the same time I
see it as one more step albeit an important additional
step in the natural evolution of the U.S. supervisory
As I indicated at the outset, I view the New Accord’s
emphasis on risk management as strongly supporting our current
focus, particularly for the largest and most complex banking
For example, over the past few years, we have paid increasing
attention to evaluating banks’ internal capital management
processes to judge whether the bank meaningfully ties the
identification, monitoring and evaluation of risk to the determination
of its capital needs. The Federal Reserve’s emphasis
in this area is shown both in the policy guidance that it
issued in 1999 on bank assessments of internal capital, and
in the targeted examinations we have conducted of banks’
economic capital methodologies over the past four years.
But focusing on Basel issues should lead to further shifts
in our supervisory approach over time. As banks generate more
and better metrics to assess risk, it is only reasonable that
supervisors also develop more sophisticated tools and approaches
for evaluating the soundness of their operations. In many
cases, the approaches that I personally think we should consider
represent a significant departure from how we have traditionally
gone about supervising banks. Let me take a moment to offer
a few examples in the credit risk arena.
Some of the conventional, static metrics that we now use
such as those to judge asset quality and to assess the adequacy
of credit loss reserves could well be supplanted by
more quantitative and more sophisticated measures. I am quite
confident that the measure of weighted classified assets long
used by bank supervisors is not the best barometer of the
extent of probable loss in a bank's portfolio, or the best
yardstick for judging the appropriate level of reserving.
In a world where the focus is on rigorous internal rating
systems, and where data on historical loss and recovery experience
are increasingly available, it is hard to believe that the
old approaches will still be the best ones for assessing credit
risk, at least at the larger banking organizations.
More broadly, the effective assessment of credit risk at larger
banks today and even more at banks that will adopt
the advanced Basel II approaches is moving us increasingly
away from the historical approach, where we focused primarily
on the evaluation of individual loan claims to identify those
loans that are already troubled. Instead, through targeted
transaction testing and other techniques, we are increasingly
focusing on assessing the quality of a bank’s overall
credit risk management process. Part of this is to turn our
attention to banks’ abilities to consistently apply
their own criteria in rating all exposures across the spectrum
of their internal rating grades not just their classified
or problem assets.
But in addition to ensuring the integrity of banks' internal
rating assignments, supervisors will also need to understand
how these ratings feed into the models and tools used to manage
credit risk, and what the implications of the use of such
tools will be.
To illustrate the latter point, the use by larger banking
organizations of single-borrower exposure limits that are
tied to estimated capital-at-risk, may well make a lot of
sense, given that more of a bank’s capital may properly
be exposed to a stronger borrower than to a weaker one. However,
a borrower’s apparent creditworthiness can change quickly,
leaving creditor banks with facilities that are fully drawn,
and with far more capital-at-risk than was ever intended.
This underscores the need for reliable up-to-date borrower
ratings, for an appropriately calibrated economic capital
model, and for a well-designed process to address low frequency,
high-impact events when they occur. Areas that the supervisors
will have to review as well.
Our supervisory process also must find ways to be more effective
in evaluating credit risk at a portfolio level. That the extent
of a portfolio’s diversification or putting it
the other way around, the extent of concentrations within
the portfolio should be factored into the assessment
of credit risk is intuitively very obvious. But the ability
of banks and supervisors to quantify the implications of such
diversification or concentration is currently very limited.
Work is taking place to see what could be usefully added to
our supervisory approaches in this area.
Our work in Basel and banks’ risk management
practices that make Basel II possible has been an important
catalyst for shaping the supervisory process to ensure its
relevance today and its flexibility to remain relevant going
forward. Of course, continuing to make our supervisory approaches
more sophisticated is only possible if we have a trained cadre
of examiners and other supervisors that is able to understand
and critically assess the complex business and risk management
practices of major banking organizations.
6. Training and Development Needs
Our ability to do this at the NY Fed is helped by the shift
we have made in our supervisory approach to increasingly emphasize
specialization such as by creating specialized teams
focusing on particular risk areas. In a lot of ways this structure
facilitates training and developing people. For example, through
their day-to-day assignments staff will get the exposure they
need to maintain state-of-the-art knowledge in their respective
disciplines, whether we are talking about credit risk, market
risk, or operational risk. As we move, through implementation
of Basel II, to having regulatory capital requirements be
driven off of internal estimates of these risks, there will
be an increased need for expert supervisors able to critically
evaluate complex systems. Accordingly, there will be a need
to accelerate the process of specialized skill development
and to recruit or develop a cadre of true quantitative experts.
We recognize that supervisory staff responsible for the overall
oversight of large banking organizations will not require
the same level of expertise in technical areas as will the
quantitative experts. For the former, training will likely
focus on developing a solid understanding of the key concepts,
methodologies and risks associated with the advanced approaches
of Basel II. Our quantitative risk analysis experts, on the
other hand, will be called upon to understand the technical
underpinnings of the new methodologies. Our training efforts
for these staff will involve the refinement of skills in areas
such as statistics, modeling techniques, models evaluation,
simulation and stress testing.
More broadly we must ensure that the specialized knowledge
of staff remains up-to-date as is required for a dynamic industry
with constantly changing risk management practices. To meet
this goal, the U.S. supervisory agencies are collaborating
on a training and development strategy geared to keeping the
skill set of our examination force up to speed.
7. Closing Remarks
Clearly there are great challenges for both the supervisors
and the banks in getting ready for Basel II - much as
there have been substantial challenges for all of us flowing
from the adoption of our current risk focused approach to
supervision. In both instances we have decided not to do things
the easy way. We are not looking for supervision to be based
on a nice simple but rigid set of examination routines, and
we are not looking for capital policy to reflect a simplistic
numerical ratio calculation.
Rather, we are looking to establish a framework where risk
management, supervision, capital policy, and disclosure work
in an integrated fashion drawing on one another and
creating incentives for improvements in each over time. In
this way we can do a tremendous amount to help ensure safe
and sound operations and the competitive strength of our banking
organizations, both in the immediate term and over the longer
run. Thank you very much.
THE VIEWS EXPRESSED IN THESE REMARKS
REPRESENT SOLELY THOSE OF THE PRESENTER, AND DO NOT NECESSARILY
REFLECT THOSE OF THE FEDERAL RESERVE BANK OF NEW YORK OR THE
BASEL COMMITTEE ON BANKING SUPERVISION