 "BASEL II Implementation: Strategy First, Technology Second")
What are some of the key issues to planning a BASEL II implementation?
The key issues around planning a BASEL II implementation start with ensuring that the organisation has decided on a strategy. The organisation needs to define for itself what its target-operating model is going to be. For example, if under the RBI guidelines it opts for the Basic Indicator Approach for operational risk and the Standardised Approach for credit risk, then defining the target-operating model is the starting point. Following which the internal policy needs to be laid out and top management support needs to be garnered.
Thus, internal buy-in and clarity on what the objectives of the programme are, I think are very important. They are the starting points of putting a programme in place. It is important to have a clear set of objectives and know what the mission statement is before you start an implementation.
What are some of the challenges faced by CIOs during a BASEL II implementation?
The challenges faced during an implementation start with ensuring top management buy-in followed by the creation of a culture within the organisation. Risk awareness needs to be created, which will enable you to implement the solution. Otherwise, it is the equivalent of taking a system and putting it in place and no one ends up using it or understanding it.
Thus, operational risk particularly, is very important. An important ingredient is to ensure that you first create that awareness and then you create the right culture.
Some of the other challenges are for an organisation to ensure that there is adequate buy-in, planning a whole road map and outlining the primary objectives.
In addition to these, there are a number of issues that require a CIO’s attention; the most important being selection of the right technology to meet an organisation’s requirements. Pricing, ease of implementation, ease of use, ability of employees to leverage the technology and meeting an organisation’s reporting requirements are the other issues.
In respect to the actual implementation there are a number of challenges. Under BASEL II, among the most important things that a regulator looks at is the extent to which the solution has been ingrained within the day-to-day processes of the bank.
What role does technology play in BASEL II compliance?
Technology plays a very significant role in BASEL II compliance. Like any solution that you deploy, you need a mechanism by which you can deliver it. In the case of BASEL II, technology provides that mechanism. However, I strongly believe that technology cannot be the driving force, as you cannot have the tail wagging the dog.
Some organisations make the mistake of selecting the technology first and then modifying their strategy to fit the solution. Personally I think that this is completely wrong. What organisations need to do is design their strategy first, determine what their requirements are and then select the right piece of technology that delivers what they are looking for.
The most important criteria is to ensure that the technology that an enterprise adopts meets their strategy requirements.
As BASEL II compliance is a long drawn process, and solutions can’t be picked off the shelf, how does a CIO evaluate technology?
CIOs evaluate technology based on their planning requirements. When KPMG provides consultancy services to an organisation, we help them articulate their requirements. We then analyse the different vendor solutions available in the market based on those criteria. After this we can enable the client to select technology on the basis of their own requirements, which include pricing, functionality, availability, the ability to back-up and reporting features.
What are some of the steps that CIOs need to take to ensure compliance guidelines are met post-implementation?
Once the system is implemented, the organisation needs to ensure that employees are utilising it. For example, if you have put in a policy for processes, then the internal audit department is very useful in order to report on compliance. Additionally, the operational risk department itself should be able to ensure that the work is being done the way it is required.
Moreover, the reports and the data that the CIO would expect the system to introduce into the risk department will also give them a good idea as to what aspects of the system are actually being implemented.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
