Risk management
in the wake of Basel 3:

The future of banking

Much has been done to define new regulations for the banking sector since the financial crisis. The prudential rules of Basel 3 with the so-called 'final reform' of December 2017 (commonly referred to as Basel 3.5 or Basel 4), for example, are as good as ready. So what can banks expect during the coming years?

Banks are still having problems navigating out of troubled waters. The postponement of several decisions by the Basel Committee on Banking Supervision (BCBS) has left a few holes in the Basel 3 rules. These include the P&L attribution test in the Fundamental Review of the Trading Book (FRTB) and the way that sovereign risk is approached. What’s more, the EU still needs to amend the Capital Requirements Regulation (CRR) and the Capital Requirements Directives (CRD), so that all Basel rules can actually become legislation. Then, of course, it all has to be implemented, tested and validated. The BCBS and the Group of Governors and Heads of Supervision (GHOS) agree that banks must comply with all Basel 3 rules by January 1, 2021. Even assuming that the latest regulations don’t throw a proverbial monkey wrench in the works, banks will really have their work cut out if they are to be completely sure that they meet all new requirements. It looks like their risk departments, as well as model validation, are going to be really busy for the next few years. .

The breadth of fintech

Given the increasing pressure for supervision – including the continuing flow of on-sight inspections – the risk management department will indeed have more than enough to do during the next few years. But in addition to regulation, the banking sector – and risk management in particular – can expect a lot more in the way of change, such as fintech, machine learning, APIs, cloud computing, big data and robotic process automation. Many of these developments can help banks reduce costs and improve profitability, both of which would be very welcome in the current climate of higher capital requirements. But to effectively gage the added value of these developments, not to mention deploying them efficiently, it’s important that we can clearly differentiate them.

Take fintech, for example: a broad concept with a variety of applications. It’s a technology that can be used to reach customers, with apps and other technological vehicles that allow new entrants to quickly claim a place in the market – often in the area of payments traffic, or savings or closing loans. After appearing to watch from the sidelines for several years, banks themselves now seem to be developing and procuring such initiatives. In addition to offering cost reductions, they can also lead to new opportunities and even new products.

Fintech and risk management

Seen across the market as a whole, fintech developments for risk management will not lead to any major upheavals. People will still be exposed to credit risk; interest-rate risk will still have to be measured and managed, and the same is true when it comes to currency risk, operational risks, liquidity risks, and so on. The party that’s exposed to the risk might change, but banks have such a big advantage in dealing with risks that they’ll be able to continue coping with and managing many of these risks for a long time to come.

Big data will exert significant influence on risk management. The huge amount of data from both known and unknown sources, together with the speed with which it now all becomes available, will radically change the discipline of risk management. There is information whose existence and location are unknown to us, but which we can access and add value to, to achieve good risk management. The collation of this data and its conversion into relevant information and risk parameters is set to change significantly during the next few years – particularly when compared to a time when we are used to working with Excel files and a limited data set.

The role of machine learning

Machine learning (ML) is a form of artificial intelligence for risk managers in which statistical techniques are used to identify patterns, select the best models and then learn from the experience. Given that many ML applications have a high black-box content, It might sound scary to put self-learning processes at the door of the risk manager. However, if applied in the right way, they will certainly enrich the risk-management function. In the context of risk management, ML can be seen as applying existing, static techniques in a different way. Fueled by greatly increased computing power and calculation speeds, ML can facilitate the extraction of many more connections, patterns, relationships and other statistical information from the data. The knowledge that’s derived can then be used during the model development.

Based on the selections made by the ML model, you could, for example, develop a basic model – in other words, without ML – for everyday use. We could then let the ML version operate 'in the background', alongside the basic model. As soon as the results obtained from the ML version deviate materially from the basic model, we’d know that it’s time for further analysis. This is because it contains information that will lead to conclusions other than those obtained on the basis of more historical data – at least, according to the ML model. This can justify a recalibration of the parameters of the basic model, or an adjustment of the model itself. The bottom line is that risk management will then be much better placed to guarantee that the models are up-to-date, even if they are not ML models. Rather than having to rigidly recalibrate the existing model every year, the necessary research can be immediately started up when it’s triggered by the ML version. This also reduces the model risk, because model validation could be carried out in a similar manner.

The human aspect

So will it be possible to eliminate the entire human aspect in risk management? No. Common sense and expert judgment will prevail and remain indispensable elements of risk management models and their everyday implementation. A degree of restraint and a sensible approach are therefore called for in the direct application of self-learning models. That said, there are already applications in the field of risk management in which ML models can be immediately implemented. Early warning processes used in the areas of credit risk or credit card fraud are obvious examples that spring to mind. In addition to being well designed, a model will also have to continue to improve if it is to detect all future incidents in a timely manner.

The role of regulation

Major changes can also be expected in the area of supervision. Before long, central banks will have access to all banks’ portfolio information, and Anacredit will play a role in this. If they want to, central banks will soon be able to do all the necessary calculations and modeling that are now required from the banks, and this will change the regulations. Perhaps it will make legislation more to-the-point. Or maybe the focus of prudential supervision will be more on scenarios and stress tests, to demonstrate that a bank is solvent. We’ll certainly know more when the next Basel guidelines are established.

More information

If you’d like to know more about the impact

of regulations and technology on risk management,

send an email to Martijn de Groot or call him at +31 35 692 89 89.