Operational risk emerging as linchpin of Basel capital debate

James Gorman
James Gorman, chairman and chief executive of Morgan Stanley, said during a Senate Banking Committee hearing this week that the proposed operational risk provision in the Basel III endgame capital rules "makes no sense," echoing critiques from Federal Reserve Gov. Christopher Waller and banking trade groups.
Bloomberg News

What had for months been a broad debate around the wisdom and process of the Basel III capital proposal has narrowed in recent weeks to center on a particular aspect of that proposal: capital retention for banks' operational risks. 

The so-called Basel III endgame package put forth by the Federal Reserve, Federal Deposit Insurance Corp. and Office of the Comptroller of the Currency would also adjust capital requirements banks would face for risk exposures related to credit, trading and derivative contracts — also referred to as credit valuation adjustment risk. But the operational component has drawn the most ire from banks.

"It makes no sense. I mean, that's the bottom line," said James Gorman, chairman and CEO of Morgan Stanley, while testifying in front of the Senate Banking Committee on Wednesday. "I've been at this a long time, I was on the New York Fed board for years, I've seen a lot of rules, some that make sense and it's a question of how far you turn the dial. This doesn't make sense."

Gorman went on to say the proposal would "punish" banks for creating "fee-based businesses," echoing criticisms put forth by banks, their lobbying groups and even regulatory officials in recent weeks. 

Last week, Fed Gov. Christopher Waller questioned the need for a standalone operational risk charge, arguing that the capital set aside to deal with market and credit risks could be tapped for idiosyncratic events — such as litigation, cyber attacks or fraud. 

"Those are things that don't typically occur at the same time as a financial meltdown due to a macroeconomic shock. So, they're not correlated with market risk, trading risk, all the other things that might bring a bank down," Waller said during an event hosted by the American Enterprise Institute. "I just argue that because it's not really a threat to this, we don't need a separate bucket for this. You can use operational risk, paid for out of your standard capital bucket."

Currently, most banks are not subject to a set standard for maintaining capital to address operational risks. Only banks with at least $700 billion of total assets or $75 billion of cross-border activity face operational capital requirements under the Fed's advanced approaches protocol, which calls for banks to use internal models to assess their operational risks and corresponding capital needs.

During a speech in October, Fed Vice Chair for Supervision Michael Barr said that operational risk is "inherent in all banking products, activities, processes and systems." He also argued that the current system for addressing these risks leaves too much room for variance between banks and suffers from a lack of transparency.

"These models can present substantial uncertainty and volatility," Barr said. "In the agencies' proposal, the operational risk capital requirements would be standardized rather than modeled and would be a function of a banking organization's business volume and historical operational losses."

The switch to a standardized regime was called for by the Basel Committee for Bank Supervision's latest international standards, which were finalized in 2017. But the accord, known as the Basel III endgame or Basel IV, provided national discretion over certain components of the operational risk regime. This included a provision about whether to factor past operational losses into future capital requirements. The U.S. opted to include this component, while other regulatory jurisdictions — including the European Union and the United Kingdom — have indicated that they will not. 

The proposal establishes operational requirements through a multi-step process. First, bank measure their business volume over the past three years in three categories: Net interest income from financial assets and liabilities, trading activities, and fee-income. Those indicators are then subjected to steadily higher multipliers based on the size of each business, such that the larger the business, the greater the requirements. Those figures are then multiplied by an average of the bank's average net operating losses over the previous 10 years, a factor known as the internal loss multiplier. 

The net effect of the framework is that all parts of a bank's business activities are subject to a risk capital weight that results in higher standards for larger banks, and made still higher for banks with track records of incurring losses. 

"Research suggests that banking organizations with higher overall business volume are likely to have exposure to higher operational risk," Barr said in his October speech. "Further, higher operational losses are associated with higher future operational risk exposure."

The proposal asserts that this approach will result in greater risk sensitivity in the operational capital framework while eliminating "subjectivity" and "unwarranted variability." But some say the proposal is emphasizing the wrong risks and could have unintended consequences.

Karen Petrou, managing partner at Federal Financial Analytics, said capital is a "poor palliative" for operational risks, because it is different from other types of risks. While strong capital buffers can ensure banks can continue lending when facing market volatility or economic headwinds, it does little to address the range of idiosyncrasies that come with operational risk, not all of which can be solved with capital. 

"Operational risk is very different from credit and market risk. It's equivalent to what you do when the lights go out, and the approach that somehow, if you have a pot of money, you will see better is nonsensical," Petrou said. "What you actually need is a generator, and that costs money."

Proponents of the new operational requirements say they are necessary both for consistency and to ensure the growth of emerging risks — such as cybercrime and climate change — are adequately accounted for.

"Operational risk is significant and growing, which is why it has long been on the Basel and capital agenda," said Dennis Kelleher, head of the consumer advocacy group Better Markets. "Measuring operational risk and other types of risk in a standardized way as the rule calls for is critically important for financial stability.  Moreover, less reliance on banks' internal models also reduces operational risk, which their very models can create."

But Petrou notes that the rule retains the seven categories of operational risk — internal fraud, external fraud, employee practices and workplace safety, products and business practices, damage to physical assets, systems failures and process management — remain unchanged by the proposal. She also noted that the best way to address future risks is not to look at past outcomes, but for bank supervisors to diligently manage existing risks.

"These rules reflect the fact that regulators don't trust themselves," Petrou said. "They're using capital as a stand-in for effective supervision, which would be far more effective when it comes to operational risk."

Industry groups have argued that full force of the Basel rules were not designed with U.S. banks in mind, many of which have adopted fee-based business models to a greater degree than their international counterparts. 

But while the operational risk provisions have drawn the most fire from the rule's opponents, it may also indicate that there is a path forward for the broader proposal if a compromise on operational risk can be struck.

Waller, who cast one of two dissenting votes on Board of Governors against the capital proposal in July, said his concerns could be assuaged if operational elements of the frame were changed for the final rule. Fed Chair Jerome Powell and Barr have both said they would pursue "consensus" among their fellow board members, with Powell saying the final rule will need "broad support." Barr has made it clear that unanimity will not be the standard, but said he is open to making changes where appropriate.

But revising the operational risk provisions may not be the only obstacle in the way of a Basel capital rule that everyone can live with — there are also legal and logistical challenges posed by the Administrative Procedure Act. For changes to be dramatic enough to satisfy the objections of Waller and banks, some experts suggest the agencies might have to re-propose the entire rule, setting back the timeline for completion and implementation significantly. 

Petrou said the issues presented by the proposed treatment of operational risks could not be addressed by small tweaks. Instead, she said, it requires "redesigning" to a degree that the agency would have to put forth a new rule to satisfy the Administrative Procedure Act. 

During a notice-and-comment rulemaking process, agencies can make changes within a final rule so long as they are a "logical outgrowth" of the initial proposal. If a change is more substantial than that, the APA dictates that the agency must issue a new proposal. Determining whether a change meets the "logical outgrowth" standard is somewhat subjective, as there is no set framework for doing so.

"A final rule that only modestly changes the proposal is possible, but only modest changes to the proposal will have a lot of perverse consequences," Petrou said.

For reprint and licensing requests for this article, click here.
Politics and policy Regulation and compliance
MORE FROM AMERICAN BANKER