One of Australia's Big Five banks has rejected an analyst's suggestions local financial institutions will fail to meet an international banking regulator's new global framework that will hit information system requirements.
Computer failures, poor documentation and [electronic] fraud are included for the first time in the Basel Capital Accord II which the Bank for International Settlements (BIS) in Switzerland expects to finalise by the end of 2003. The changes will probably mean banks will have to set aside a minimum of 12 per cent of their overall capital requirements for those risks. The accord aims to ensure that the banking system holds the appropriate level of regulator's capital to cover the risk in systems. BIS' board makes recommendations on industry rules, which regulators worldwide may then adopt.
IT researcher Meridien Research said some organisations may be faced with building out databases, reporting systems and integration technologies like extraction, transformation and loading technologies to meet proposed risk management standards.
While many major financial institutions worldwide have enterprise risk systems in place, "few of those systems are capable of automatically generating regulatory reporting", the report said.
However, Commonwealth Bank of Australia executive general manager, group risk management, Mick Leonard said the bank was "reviewing" its systems and had the experience to deal with a regulatory proposal of Basel's magnitude. "CBA is starting from a position of having a well-developed systems platform," he said.
"CBA uses an integrated risk management approach to its business; assessing operational, credit and market risk."
"This approach encompasses methodologies and measurement processes to capture data needed to determine and report on risk levels in its portfolio of financial services," Leonard said.
The bank's various systems across its risk management platform are generally automated, but there is a need to ensure data is sufficiently granular to meet Accord II's requirements, he said.
Nonetheless, his main concern is to ensure the bank has the "requisite resources" for implementation, and in 2003 to establish "greater finality" of overall requirements to obtain accreditation of CBA's approach by Australia's banking regulator, the Australia Prudential Regulation Authority.
Leonard declined to estimate the increase in CBA's IT spend over the next few years to address Accord II's requirements, including those for operational risk.
"The BIS proposals for operational risk are intended to include IT-related risks such as the impacts of prolonged system down-time and information security which are notoriously difficult to quantify," he said.
From an implementation standpoint, he stressed CBA was confident it would meet the new Accord IT requirements. "The CBA successfully managed other major systems projects including the IT outsourcing arrangement with EDS, Y2K, GST and the Colonial Group integration.
"There will be IT systems and other spending requirements to consider before the proposed accord is implemented globally, but we know what the Basel Accord II looks and smells like."
Meanwhile, ANZ Bank would only reveal it had "established a program to manage the implementation of Accord II throughout the organisation".
"We're at the scoping stage," a company spokesperson said.
Westpac Banking Corporation declined to comment on its IT plans to comply with the new Accord.
St George Bank and the National Australia Bank were not available for comment before press time.