Basel IT cost higher than projected

But the extra money may not yield any additional benefits

News Story by Lucas Mearian

AUGUST 29, 2005 (COMPUTERWORLD) - For the largest U.S. banks, an international regulation requiring tighter operational risk controls is proving to be far more costly than expected for IT, according to users and analysts interviewed last week.

The new Basel Capital Accord, or Basel II framework, will require that about 20 of the nation's largest banks use IT systems to measure credit and operational risk in order to ensure that they have enough capital on hand to cover their risks.

An Accenture Ltd. survey of large U.S. banks released last month found that dozens are spending significant sums to comply with Basel II. Most of the respondents said they also fear that the strict Basel II conditions will only slightly or not at all improve the capital positions of banks.

The measure requires that by 2007 all European banks and the largest banks in the U.S. tighten integration of back-office systems and use more-sophisticated risk management tools to lower the amount of capital that must be set aside to cover operational and credit risks. Other U.S. banks are opting into the accord voluntarily.

Adam Stone, a security management analyst who asked that his financial services company not be named, said banking leaders are painting a rosy picture about the cost of Basel II in the belief that implementation will reduce risk.

"Organizations are just now figuring out how expensive this thing is and are starting to cry about it," he said.

Stone said he believes that over the next decade, regulators will force Basel II to trickle down to all large U.S. banks and then to insurance companies.

"I believe that it will be a natural evolution," Stone said. "First large banks, then medium and small banks, and then credit unions. Insurance regulators are already taking notice of Basel."

The Bank for International Settlements, a Basel, Switzerland-based organization intended to foster international monetary and financial cooperation, is overseeing development and implementation of the Basel II standards.

From an IT standpoint, the proposal calls for banks to take steps such as developing rules-based risk management engines and knitting together customer databases across entire enterprises. But compliance work has been more difficult than expected and progress is slower than anticipated, according to users and research firms.

"The thing that makes it difficult is where actual Basel requirements are not finalized. You have to make assumptions, for example with the risk calculator," said Annelie Schnaar-Campbell, director of group risk management at Standard Bank Group Ltd. in Johannesburg, South Africa.

The bank is three years into its Basel II implementation and is in the process of making enhancements to its credit-writing systems, collateral management systems, exposure and debt-limit management systems, and loss data systems. It is also implementing a new capital calculation tool, Schnaar-Campbell said.

According to the Accenture survey, executives at nearly half of 66 banks interviewed said they each expect to spend in excess of $61 million through 2007 on Basel II compliance, up from 23% of executives in Accenture's 2004 Basel II survey.

Instituting risk management proceedures across all U.S. banking institutions will cost about $12 billion through 2008, according to Towergroup in Needham, Mass. Basel II will make up about $4.2 billion of that amount, according to Towergroup.

"We figured between 50% and 70% of the costs are IT-related. I think people also underestimated the business process and organizational impact," said Andrew Wilson, a partner for risk and regulatory management at Accenture.

Wilson said IT organizations will be affected by the amount of data that has to be collected to create accurate data models to compute the operational risk. They will also need to set aside capital to cover that risk.

IT managers can expect their environments to be affected on several levels. For example, they will have to store and maintain more data for longer periods of time, standardize data-collection systems, and roll out more-advanced analytical and reporting tools and predictive analysis tools, said Wilson.