The Basel Committee

The Basel Committee on Banking Supervision was created by the central bank governors of a group of ten countries, which later expanded to include representatives from a broader set of countries.

The committee operates under the auspices of the Bank for International Settlements (BIS), and its primary objective is to strengthen the regulation, supervision, and practices of banks worldwide to enhance financial stability. The committee provides a forum for cooperation on banking supervisory matters and works to develop and promote international standards for banking regulation.

Basel I, the first set of international banking regulations developed by the Basel Committee on Banking Supervision, was introduced in 1988. The full name of this accord is the Basel Capital Accord. It aimed to establish minimum capital requirements for banks, with a focus on credit risk.

The framework introduced a standardized approach for assessing the credit risk of assets held by banks and set a minimum capital requirement based on these risk weights. Basel I laid the foundation for subsequent developments in international banking regulation, leading to the later introduction of Basel II and Basel III.

Basel II refers to the second set of international banking regulations developed by the Basel Committee on Banking Supervision. Introduced in 2004, Basel II builds on the original Basel Accord (Basel I) and provides more sophisticated guidelines for assessing and managing risks in the banking sector. It emphasizes the importance of risk management practices, particularly in areas such as credit, market, and operational risk. The goal is to promote stability and soundness in the global banking system.

Basel III was established to strengthen regulation, supervision, and risk management within the banking sector. It introduces measures to enhance bank capital requirements, risk coverage, and liquidity standards to promote financial stability and mitigate the impact of financial crises.

To summarize:

  • Basel I (1988): Established minimum capital requirements for banks based on credit risk. Banks were required to maintain a capital adequacy ratio, with capital being a fixed percentage of their risk-weighted assets.
  • Basel II (2004): Introduced more sophisticated risk management techniques, considering credit, operational, and market risks. It aimed to align capital requirements more closely with the risk profile of banks, providing a more nuanced approach compared to Basel I.
  • Basel III (2010): Implemented in response to the 2008 financial crisis, Basel III strengthened regulations by increasing capital requirements. It introduced new regulatory requirements on bank liquidity and leverage, and promoting more conservative risk management practices. The focus was on enhancing the stability and resilience of the global banking system.

Each iteration represents an evolution in regulatory standards, addressing shortcomings identified in the preceding version and adapting to the changing financial landscape.

 

Basel II and Operational Risk Management

Following the Basel II methodology, 7 types of operational risks must be considered:

  1. Internal Fraud
  2. External Fraud
  3. Employment Practices and Workplace Safety
  4. Clients, Products, and Business Practice
  5. Damage to Physical Assets
  6. Business Disruption and Systems Failures
  7. Execution, Delivery, and Process Management

Going into detail and being more granular, those risks can be detailed as follows.

 

Internal Fraud

Dishonest actions such as fraud or theft that violate rules or laws can result in losses. These actions involve at least one person within the company. Discrimination incidents are not included in this category. Deliberate abuse of procedures, systems, assets, products and/or services of a company by internal parties who intend to benefit themselves or others deceitfully or unlawfully.

Examples:

  • Company or client’s assets misappropriation

Losses resulting from assets misappropriation schemes involving the company or company client’s assets caused by internal fraudsters. These schemes include fraudulent disbursement and cash schemes, as well as fraud schemes where securities and investments are misused.

Fraud can take many forms. Some examples include overcharging customers, faking expenses, and paying fake employees. Other examples are making up sales, giving loans to fake people, and lying about insurance claims. Selling investments without permission, making unnecessary trades, and not reporting losses are also considered fraudulent activities.

  • Collusion and corruption

Losses resulting from internal corruptive and procurement fraud caused by any scheme where external fraudsters act in collusion with perpetrators from within the organization or any act in which employees use their position to gain some personal advantage at the expense of others (e.g. illegal gratuities, economic extortion of a vendor, favoured broker commission / kickbacks).

  • Financial reporting

Losses resulting from fraudulent financial reporting including any deliberate misstatements or omissions of amounts or disclosures of financial statements (e.g. concealed liabilities, fictitious revenues, improper disclosures).

 

External Fraud

Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party. Deliberate abuse of procedures, systems, assets, products and/or services of a company by external parties who intend to benefit themselves or others deceitfully or unlawfully.

Examples:

  • Company or client’s assets misappropriation

Losses resulting from company and/or customer assets/products/services misappropriation schemes caused by external fraudsters and referring to customer account fraud, lending fraud, insurance fraud and procurement fraud.

  • Agent, broker or intermediaries

Losses resulting from agent, broker or intermediary fraud caused by any scheme where an agent/broker/intermediary or their employees commits fraud against insures or policy holders while representing or impacting the company (e.g. submitting applications on fictitious persons, document alteration, failure to remit policyholder premiums or clean sheeting).

  • Involuntary complicity

Losses resulting from unwitting accomplice fraud caused by any scheme where the Company is not the target, but rather is a necessary unwitting accomplice to the fraudster (e.g. a reputable financial institution is involved to build credibility with the target).

 

Employment Practices and Workplace Safety

Losses arising from acts inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims, or from diversity / discrimination events. Employment practice risk is the risk of loss due to acts inconsistent with employment, health laws, safety, or agreements.

This includes operational risk events such as discrimination, workers compensation, and employee health and safety. Workplace safety risk as well as Personal & Physical security is the risk of criminal and environmental threats that might endanger the security of the personnel of the Company (within and outside Company’s locations even while travelling or being detached).

Examples:

  • Relations with employees

Losses resulting from disputes with employees caused by unfounded allegations, discrimination and diversity acts, defamation, invasion of privacy, or wrongful termination of contract, or strikes.

  • Employment safety risk

Losses resulting from injury to employees caused by bad/insecure workplace conditions.

  • Malicious damages

Losses resulting from terrorist attacks, vandalism, explosions, violent demonstrations/protests, robbery, blackmail, towards the employees, or the clients.

  • Natural disasters

Losses resulting from natural disasters (earthquake, explosion, fire, flood, landslide, lightning, storm, tornado, volcano, etc…).

  • Physical access

Losses resulting from unauthorised access to Company’s locations caused by bypassing or sabotage access devices, insufficient access control and authorisations.

 

Clients, Products, and Business Practice

Losses arising from an unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature or design of a product.

Examples:

  • Client conduct

Losses resulting from Money laundering, Terrorist financing, Political or reputational exposed person, Client engagements or transactions with sanctioned countries.

  • Personal conduct

Losses resulting from Market abuse and personal trading, Conflicts of interests, Gifts or entertainment given or received, bribery.

  • Organisational Conduct

Losses resulting from Organisational Conflicts of interest, market abuse and insider trading, non-respect of Anti-trust/Competition Law, governance changes, Regulatory registration and reporting requirements, Third party intermediaries as representatives of the Company.

  • Financial services

Losses resulting from inadequate marketing practices, sales and trading conduct, Conduct of advisory business, Transparency of product offerings (e.g. costs, disclosures), Complaint handling.

 

Damage to Physical Assets

Losses arising from loss or damage to physical assets from natural disaster or other events.

Examples:

  • Natural disasters

Losses resulting from natural disasters (earthquake, explosion, fire, flood, landslide, lightning, storm, tornado, volcano, etc…).

  • Malicious damages

Losses resulting from terrorist attacks, vandalism, explosions, violent demonstrations/protests.

 

Business Disruption and Systems Failures

Losses arising from disruption of business or system failures.

Examples:

  • IT Risk

Losses resulting from uncontrolled introduction of changes in the production environment, disruption affecting the hardware, software or data centre by lack of maintenance or controls on resilience, vulnerabilities in underlying systems, lack of control on outsourced IT tools or programs.

  • Continuity Risk

Losses resulting from a business interruption due to inadequate setup of continuity plans in case of crisis or disaster.

 

Execution, Delivery, and Process Management

Losses from failed transaction processing or process management, from relations with trade counterparties and vendors.

Examples:

  • Processing risk

Losses resulting from inadequate/incorrect input of data, storage of documents, failing/missing validation process, improper or insufficient reconciliation process, errors in process execution or failing process management.

  • Contractual liabilities

Losses resulting from defaulted contractual obligations or obligations that cannot be enforced as intended or enforced in a wrong way.

 

An Article by Olivier Devuyst – Consultant at DynaFin.