Basel II: The precursor of an integrated risk management framework for Vietnamese banks

• Vietnamese banks are almost Basel II-compliant with the State Bank of Vietnam (SBV) instructing 10 banks to complete pilot practice by 2018
• Banks will need time to develop and train experienced staff to familiarise themselves with Basel II
• Most banks are focused on drafting out and implementing capital and risk management plans while waiting for further directives from the central bank to align with their internal policies 

Overview of the regulatory requirements and leading challenges for CFOs/CROs in Vietnam

• System-wide update
• In 2012, State Bank of Vietnam (SBV) announced that it will introduce a Basel II type risk-based supervisory approach over the next five years. A consultant was selected to oversee initial stages of the project, but only few comments or status updates were given on this initiative.
• In August 2014, SBV asked 10 banks to complete the pilot practice for Basel II by 2018. The pilot process includes the implementation of capital and risk management methods according to Basel II standards. This pilot practice should be completed before SBV expands the application of Basel II to other banks.
• It is currently unclear how the new Basel II requirements will affect risk-weighted assets (RWAs), and in turn, the bank’s capital ratios. If RWAs are increased, banks will hold more capital or will reduce their on-and-off-balance sheet activities. This will create significant impact on cost and availability of bank finances to fund lending growth.
• In August 2016, Vietnamese bankers met and discussed the internal capital assessment for Basel II. The workshop was aimed to enhance bankers’ understanding of the internal capital adequacy assessment process (ICAAP). The workshop was supported by the government of Switzerland’s State Secretariat for Economic Affairs (SECO) and was organised by the IFC, a member of the World Bank Group, the Swiss Finance Institute (SFI) and VNBA. According to reports, SBV will soon release ICAAP guidelines and regulations for commercial banks.
• Challenges faced by banks
• With the exception of those who have worked in foreign banks, Vietnam’s banking sector face a shortage of people who have experience in working with Basel II. Banks need to invest time to build and develop adequate human resources to operate risk management under Basel II. Banks are also looking into hiring consultants to implement the Basel II project as well as provide training to their own staff.
• o As SBV has yet to complete the legal framework, it is difficult for banks to implement policies and risk management framework around Basel II. SBV has only issued a draft version of the directives. Thus, any revisions in the central bank’s policies will also result in changes for banks in their implementation of Basel II roadmap. Active collaboration with the central bank is necessary in order for the banks to be informed of the central bank’s latest policies, and to allow them to review their own policies.
• o There are problems in gathering sufficient data to measure and run analysis as banks need exact and copious amounts of historical data. It can take up to three years to collect enough data to build a model with low error rate.

Vietnam is almost Basel II compliant, what is next?

• Most Vietnam banks are focusing on drafting and implementing capital and risk management plans.
• There is a need to wait for further directives from the regulators so that banks can align their internal policies with that of the central bank.
• Other than the two points mentioned above, banks also have to ensure that they:
• Continuously review risk policies, procedures, and management
• Standardise its internal operational model and functions
• Restructure the organisation in terms of centralisation of credit processes and internal audit
• Develop a holistic database and data management framework
• Determine the significance and importance of the internal control system by the enhancement of the operational capacity of the internal inspection system and internal auditImprove operational capacity of the internal inspection system and internal audit , which will help in determining the position and role of the internal control system
• Implement data governance strategies to improve both risk management and business processes
• Improve internal training and development curriculum to enhance staff’s understanding, practice and compliance

Data integration for an enterprise view of risk metrics and exposures

• The first principle issued by the Bank for International Settlements (BIS) states that a bank’s risk data aggregation capabilities and risk reporting practices should be subject to strong governance arrangements in line with principles set by the Basel Committee. 
• The second principle issued by BIS addresses the need to have adequate data architecture and IT infrastructure, whereby a bank should be able to design, build and maintain data architecture and IT infrastructure that allows for fully functional risk data aggregation capabilities and risk reporting practices at all times.
• Banks can develop and maintain strong risk data aggregation capabilities to reflect the risks in a reliable manner, and thus there is a need for a comprehensive database for banks to build a reasonably accurate analysis model, as mentioned in the challenges faced by banks in the implementation of Basel II.
• Risk data aggregation capabilities and risk reporting practices can also be factored into a bank’s business continuity planning process and be subjected to a business impact analysis.

Regulatory requirements around data integration and risk reporting, and impact on risk management infrastructure and practice

• Specific requirements to data and risk reporting
• Principle 1: Governance – the bank’s risk data aggregation capabilities and risk reporting practices should be subject to strong governance arrangements consistent with other principles and guidance established by the Basel Committee. 
• Principle 2 : Data architecture and IT infrastructure – the bank should be able to design, build and maintain the above that can fully support risk data aggregation and risk reporting practices at all times.
• Principle 3: Accuracy and integrity – the bank must be able to generate accurate and reliable risk data to meet all kinds of reporting accuracy requirements, whereby the data should be aggregated on a large source of data to reduce errors.
• Principle 4: Completeness – the bank should be able to capture and aggregate all material risk data across the banking group and the data should be made available based on the categories of business line, legal entity, asset type, industry, region, and other groups and the examined risk.
• Impact on risk management infrastructure and practice
• Banks have to evaluate their current processes and determine if their current risk data and aggregation processes have any known lapses.
• In terms of data and IT infrastructure, banks need to enable its internal data infrastructure to allow maximum flexibility in risk aggregation reporting because extensive reviews and multiple coordination points may be required.

Principle of effective data aggregation and risk reporting

• There are 14 principles laid out by the Basel Committee, which cover four closely related topics that include the overarching of governance and infrastructure, capabilities of risk data aggregation, risk reporting practices and supervisory review, tools and cooperation.
• The 14 principles include: governance, data architecture and IT infrastructure, accuracy and integrity, completeness, timeliness, adaptability, accuracy, comprehensiveness, clarity and usefulness, frequency, distribution, review, remedial actions and supervisory measures, and home/host cooperation.
• The principles are aimed at supporting banks’ efforts to enhance infrastructure for reporting key information, particularly those used by the board and senior management, to:
• Identify, monitor and manage risks
• Improve the decision-making process throughout the banking organisation
• Improve information management across legal entities, while providing a complete assessment of risk exposures at the global consolidated level
• Reduce the probability and extent of losses due to risk management weaknesses
• Improve speed at which information is made available, thus speeding up the decision-making process
• Improve the organisations’ strategic planning and risk management of new products and services.
• The effects on banks which have been identified include required evaluation of current processes, coordination of guidelines and requirements, good governance, independent validations, comprehensive documentation and transparency of information, approximations, improved data and IT infrastructure, cataloguing models, and improvements on SATA (Serial Advanced Technology Attachment) taxonomies and architecture.

Developing a forward looking view of risk trajectory

• Effective risk management should be reviewed on an ongoing basis together with quantification, risk appetite, and governance. When reviewing an existing risk management framework, it is important to take a wholesome approach that takes into account that risks are interdependent and mutualised.
• The following are the six fundamental components to establish a firm-wide risk management framework:
• Ensuring complete adherence to policies by satisfying regulatory requirements and implementing best practices
• Establish an organisational governance through well-defined C-Suite roles and responsibilities, which also includes accountability of key risks and the set-up of governance structures
• Mitigate potential risks through constant monitoring and assessment of risks and maintenance from an economic and accounting perspective
• Nurture a ‘risk aware’ culture that includes the promotion of general awareness, attitude, and behaviour among all staff members
• Review existing underwriting policies and procedures to ensure that undertaken risks and actions have been extensively reviewed and that they comply with banks’ risk appetite.
• Spearhead the development of a framework that considers extreme conditions, to make banks well-prepared for an adverse operating environment.