During 2023 a significant change has taken place in banking that has been, at least in my circles, little discussed: the move to Basel “IV”, or the next iteration of Basel III.
Akin to most regulators, the Basel Committee on Banking Supervision (BCBS) reviews and updates its rules every five to 10 years or so, and gradually introduces increasingly strict structures for all of us to adhere to.
So, what’s in Basel IV and why is it of interest? Mainly it is do with greater restrictions around capital allocation and risk-weighted assets (RWA).
According to the text of the BCBS, the main aim of updating Basel III is to “restore credibility in the calculation of RWA and improve the comparability of banks’ capital ratios”. In order to achieve this, there are specific obligations around capital and risk, including:
- harmonising the earlier Basel accords with a standardised approach to credit and operational risk;
- tightening the way in which banks use their internal models for capital requirements; and
- further limiting the ability of a systemically important bank to leverage by forcing banks to keep additional capital in reserve.
The new rules would require banks to hold capital equal to at least 72.5% of the amount indicated by the standardised model, regardless of what their internal model suggests, by the start of 2027.
Down the line
So, what’s that got to do with technology?
In my view, it means that by the time we reach Basel V or VI, the BCBS will start to mandate real-time regulatory reporting of risk and capital assets. There have already been some developments in this direction, but it’s potentially a game-changer if a regulator could assess a bank’s position in real time.
This concept came to the fore after the failures of several banks in 2023, of which Credit Suisse has been the largest to date. Many have asked why these things come as a surprise. A little like a bank knows when a customer is in credit or not, a regulator should know if a bank is stable or not. Isn’t that the ultimate dream?
In fact, it is my expectation that systems for systemically important institutions will be connected to those that monitor and regulate such institutions through open banking. This will enable real-time monitoring and oversight, and banks will be called to account far earlier than we have seen this year in the cases of Signature Bank, Silicon Valley Bank and others.
The upside could be that the forecasting of risk would be far better; the downside could be that a bank can’t make decisions without regulatory oversight and perhaps approval. Is that a good thing or a bad thing?
Obviously, it is positive if we can avoid a sudden bank collapse; equally, it is a bad thing if banks can’t take risk, invest in progress and get a greater return on investments by leveraging the markets.
To see or not to see?
The core question is around the right level of transparency. How transparent should banks’ systems and operations be?
This question has been asked many times over the past 15 years. I remember the Austrian authorities requiring banks to offer open access to their systems. At that time, it was quite difficult to link regulatory systems with bank systems, but it is becoming simpler and easier, particularly because of open banking.
Open banking allows regtech to link with banktech and fintech to create a completely connected network, with data shared in real time across the network. However, what does a connected, transparent, open network mean for risk, regulation and compliance?
In some ways, it presents a challenge to regulators and their understanding of system integration; in other ways, it challenges those who are regulated to understand that their historical sovereign territories are no longer private. In fact, the more that regulators require bank transparency, the harder it will be for banks to operate, leverage, take risks and get an acceptable return on investment.
And in the middle of all of this is the role of technology and, specifically, the use of customer data. After all, banks are custodians of customer data. If the regulators demand access, does this mean customer data is compromised? How would regulatory access to customer data comply with the EU’s General Data Protection Regulation, for example?
The regulators will say that it is all part and parcel of the same thing. The banks want to track and trace the risk of customers, whether retail or corporate, using their digital footprint; while regulators and governments want to track and trace the risk of banks, using their digital footprint and the digital footprint of their customers.
Undoubtedly, to reach the ultimate dream of knowing if a bank is stable or not, and avoid nasty surprises, we can expect a lot more regulatory control and systematic oversight for any organisation that is systemically important.
