Keeping tabs on banks’ risk-weighted assets

Risk is more than just a four-letter word, especially for India’s largest lender,State Bank of India (SBI). With an asset base of $352 billion (Rs16 trillion), accounting for a quarter of the assets in the Indian banking system, SBI has more than 13,000 branches. The IT infrastructure required to support such a bank is significant. Data on its 225 million customers resides in a 20-terabyte data warehouse. All of this data has to be routinely crunched to keep a tab on risk.

The Basel accords have only raised the stakes. Under Basel II, a set of risk-management best practices created by central bank governors of the Group of Ten nations, Indian banks need to maintain a tier I requirement of 6% of total capital and 9% of risk-weighted assets. Basel II was implemented in India in 2009 and defines three different types of risk—credit, operational and market.

Calculating the risk-weighted assets of a bank is not easy.

“Risks are different for every client a bank lends to, whether it is a large corporate, a consumer goods firm, a microfinance firm, small and medium enterprises, infrastructure firms, or public private partnerships,” said R. Raghuttama Rao, managing director of Icra Management Consulting Services Ltd (IMaCS), a firm that advices banks in building risk models. “As the client base changes, risk measurement gets very specialized.”

Another change imposed by Basel II is the need to rate risk internally, rather than use an external agency.

“The basic approach of rating risk is when an external agency like Icra, Crisil, CARE or Fitch will rate a bank’s portfolio and it can accordingly allocate capital. This was made mandatory about two-three years back. Now banks want to move to an advanced approach where they use internal rating methods,” said Rao.

These internal ratings methods include, for example, the advanced measurement approach for operational risk, and the advanced internal rating-based approach (AIRB) for credit risk. They are recommended under Basel II, and stipulate that banks use data going as far back as seven years. Not just that, this data has to be culled from several disparate databases that are typically not linked—collections, treasury, collateral management systems, etc. Only then can a bank arrive at a risk score which allows it to decide on the minimum capital needed under the new regulations.

“In order to include seven-year data, our warehouse will expand in size to about 45 terabytes,” said Rajesh Vaish, IT facilitator at SBI.

There are three participant in this compliance exercise— banks themselves, rating agencies that advice them to develop the models, and IT service providers such as Infosys Technologies Ltd, Wipro Infotech and Tata Consultancy Services Ltd (TCS), who translate all this into end-to-end IT solutions. Each of them has their task cut out.

“There are multiple problems in bringing together the data,” said Puneet Talwar, banking practice head at Wipro Infotech. “Data is not clean and often it is not linkable across systems. This meant that there is no standard key linking the same customer in two different databases.” Hotels in Manali

N.G. Subramaniam, president of TCS Financial Solutions, a division of TCS, concurs. “Our experience clearly pointed towards one fundamental challenge across most banks, and this was in the area of data management,” he said. “Data availability, integrity and accessibility varies across banks and geographies.”

To illustrate the amount of computation involved, Talwar shares an example. Consider a bank that has seven different products, and has to map its credit, market and operational risks. For credit risk alone, if it chooses to use the AIRB approach, it would have to use extensive data on its customers to calculate three different parameters—probability of default (PD), loss given default, and exposure at default.

This data, of course, would have to go back seven years. “This translates to about 21 calculations on multiple databases. The calculation for PD alone would need data on product origination, product management and default data,” he added.

Basel II has also necessitated that ratings be used for making future policy decisions. So banks are having to re-engineer and create new processes for risk prudence.

“Another problem that came up, therefore, was a number of data discrepancies,” Subramaniam said. “Let’s say, today, I define a loan default a certain way. This definition could change as a bank evolves its business rules. When this happens, another set of accounts would become defaulters.” As a result, there would be lack of consistency in data across time.

Any such IT implementation has to percolate to people who eventually do the appraisal, said Rao of IMaCS. “These systems have to tie pricing decisions with risk. You need information flow and you need debate that gets reflected in the core banking system, capturing the bank’s competitors and borrowers,” he added.

Given that Indian banks are less leveraged than those in the US and Europe, most of them don’t believe they will need to make any significant changes to comply with Basel III. Elsewhere, though, banks are in the early stages of analysing Basel III and its impact across the risk ecosystem.

“In terms of IT upgrades, banks will have to invest in sourcing granular data, improving infrastructure for reporting, stress testing, etc.,” Subramaniam said. “The existing solutions need to be upgraded for changes in guidelines around capital ratios, risk weights and also calculation of new measures like liquidity coverage ratio and net stable funding ratio.”