Basel II in the United States: Progress Toward a Workable Framework

Basel II in the United States: Progress Toward a
Workable Framework
May 14, 2008
Walter W. Eubanks
Specialist in Financial Economics
Government and Finance Division

Basel II in the United States: Progress Toward a
Workable Framework
Federal banking regulators (Office of the Comptroller of the Currency, Treasury,
Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation,
the Office of Thrift Supervision, and the National Credit Union Administration) issued a
final rule for the implementation of the Basel II capital accord on December 7, 2007.
The final rule became effective on April 1, 2008. It is expected that 11 of the largest
U.S. banks will be mandated to be the “core” Basel II banks. Other banks may opt
in, if their implementation plans are approved by their primary federal supervisors.
The rest of the U.S. banking industry will be able to choose between a modified
version of the existing Basel I (Basel 1-A, the United States version of the Basel II
standardized approach) or continue to operate under the Basel I framework. These
three methods are expected to be available to financial institutions in the United
States to determine the minimum amount of regulatory capital that must be held
under the first pillar of the Basel II framework. Congress’s oversight might be most
productive in enforcing the other two pillars of Basel II — supervisory review and
public disclosures of bank financial information.
This report will be updated as developments warrant.

The Basel Accords.............................................1
Without All Three Pillars, Basel II Will Not Stand....................1
How Basel II Addresses Some Basel I Shortcomings..................2
Basel II in the United States......................................3
Basel II for the Core Banks..................................4
General Banking Institutions and the Standardized Approach.......5
Implications for Congress.......................................6

Basel II in the United States: Progress
Toward a Workable Framework
The Basel Accords1
The Basel capital accords2 are international safety and soundness agreements that
provide a framework for determining capital adequacy standards for banking institutions.
The accords provide a framework for determining the minimum capital financial
institutions must hold as cushion against insolvency or taxpayer-funded rescues. Without
financial institutions holding this minimum amount of capital, banking regulators would
not permit these banking organizations to conduct normal financial business. The first
accord was adopted in 1988 and is credited with providing stability to the international
banking system, both through defining consistent safety and soundness standards3 and by
promoting better coordination among regulators and financial supervisors in participating
countries. But, for almost a decade now, banking regulators in the United States and other
countries have argued that Basel I is not sufficiently sensitive in measuring the risks and
determining the regulatory capital needs of an increasingly complex and dynamic banking
system. Banking institutions are able to game the system to minimize capital-consuming
assets and by moving assets off their balance sheets, often leading to capital levels not
adequate for the associated risk. Basel II, a three-pillared framework announced in 2004
and updated in 2005 by the Bank for International Settlements Basel Committee on
Banking Supervision, promises to be more sensitive to risk, and more accurate in
determining and maintaining capital levels not adequate for the associated risk.
Consequently, studies suggest Basel II may be more efficient in using regulatory capital.
Without All Three Pillars, Basel II Will Not Stand
The Basel II capital framework has three equally important pillars, but pillar one gets
the most attention. Pillar one determines how banks calculate per-exposure minimum
capital, taking into account each exposure’s unique credit risk. The second pillar is the

1 The name, Basel Accord, comes from Basel, Switzerland, the home of the Bank for
International Settlements (BIS). In 1974, BIS established the Basel Committee on Banking
Supervision, made up of representatives from the monetary authorities of 13 countries —
Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Spain,
Sweden, Switzerland, the United Kingdom, and the United States — to consider capital
adequacy issues and find practical ways to determine and mitigate bank risk, given different
national systems of supervision and deposit insurance.
2 For additional historical information and analysis, see CRS Report RL33278, The Basel
Accords: The Implementation of II and the Modification of I, by Walter W. Eubanks.
3 For a definition of safety and soundness, see CRS Report RL33036, Federal Financial
Services Regulatory Consolidation: An Overview, by Walter W. Eubanks.

supervisory review process, which is less concrete than pillar one, but critical to the
framework. Pillar two requires banks to internally assess their risk exposures and maintain
sufficient capital relative to those risks. The supervisory agencies must validate the
methodology and processes used in these self-assessments. “The supervisory review
process of the framework is intended not only to ensure that banks have adequate capital
to support all the risks in their business but also to encourage banks to develop and use
better risk management techniques in monitoring and managing risk.”4 Validation of risk
management mechanisms and accountability of determinations concerning stress testing,
definition of default, and residual risk take place under pillar two.
The third pillar of the Basel II framework is public disclosure. Pillar three is a set
of public information disclosures that a bank must make about itself. These disclosures
are to make it easier for creditors and investors in financial markets to assess a bank’s risk
posture more accurately and adjust borrowing and capital costs accordingly. The idea
behind this requirement is to bring market discipline to bear to give bank management a
cost incentive to adopt strong safety and soundness practices. The disclosure
requirements will also make it easier for depositors, investors, and regulators to make
comparisons across banking institutions. This knowledge, in turn, is expected to affect
the willingness of investors to invest in banks and their related businesses. Without pillar
three, financial institutions could become more opaque and more difficult to understand
as the institutions develop new products and complex risk-hedging strategies that are
difficult to evaluate. It could also make it more difficult to understand the risk profile of
the firm creating and selling these products as well as the firms buying and using them.
How Basel II Addresses Some Basel I Shortcomings
Even though Basel I has been modified at least twelve times since its implementation
in 1988, banking regulators in the United States and in other countries argue that it is
inadequate, particularly for large and complex organizations. In the United States, Basel
I divides bank assets into five categories, or buckets, and applies the following capital
weights to each bucket — 0, 20%, 50%, 100% and 200%. A 100% weight requires 8%
of the value of the asset as capital.5 For example, less risky assets such as cash or debt due
to or guaranteed by national governments are placed in the bucket carrying a weight of
zero capital. Three major problems have been pointed out with this approach: (1)
regulatory arbitrage between buckets, (2) little or no recognition for risk mitigation
provisions, and (3) not accounting for operational risk. These weaknesses may result in
institutions holding inadequate levels of capital.
Regulatory capital arbitrage, a shift in holding a particular risk exposure with a
higher and binding regulatory capital requirement to an exposure with a lower capital
requirement, is more easily done and more highly rewarded under Basel I than under Basel

4 Bank for International Settlements, Basel Committee on Bank Supervision, International
Convergence of Capital Measurement and Capital Standard, A Revised Framework, June

2004, p. 158.

5 See CRS Report RL33278, The Basel Accords: The Implementation of II and the
Modification of I, by Walter W. Eubanks.

II. The limited number of buckets and the broad definition of what risk exposures are to
be placed in them makes it possible for an institution to place high- risk exposures into
less capital-consuming buckets, resulting in the institution being undercapitalized. To
illustrate, investors usually distinguish among commercial loans by demanding higher
yields for higher risks. Basel I’s bucket approach does not. It places a capital charge of
8% on all commercial loan exposures, even though a triple A-rated commercial loan
carries a lower yield than a B-rated one. Since both loans carry the same capital charge,
Basel I gives the bank an economic incentive to carry more B-rated than triple A-rated
commercial loans on their books. B-rated commercial loans have higher yields with the
same capital charge. For greater profits, some banks would sell triple A-rated loans to
acquire higher-yielding B-rated loans, raising the institution’s credit risk exposure.
Risk mitigation is an internal step financial institutions can take to control their risks.
Many prudently managed banks take credit (and interest rate and other) risk mitigating
measures by investing in offsetting assets such as loan insurance, derivative hedges,
collateral liens, and other protections from losses. Under Basel I, acquiring an asset
whose risk of default decreases as another asset’s default risk increases often would
increase a bank’s capital requirement instead of reducing it, even though the bank is
sounder as a result of the transaction. These kinds of offsetting risk exposures are tied
mostly to short-term financial instruments whose net exposures are best captured with
econometric models. Since Basel I’s implementation in 1988, a smaller portion of large
banks’ portfolio is traditional loans, and a growing portion is tradable short-term
instruments related to interest rates, equities, commodities, currencies, and debt securities.
Basel I is not sensitive enough to capture the risk mitigating effects of traditional loans
not to mention the effects of these more sophisticated short-term instruments.
Basel I does not address operational risk. Operational risks can produce losses
resulting from inadequate or failed internal processes and systems, or from external events
including legal and compliance-related risks. Operational risks include poor accounting,
lapses of governance controls, settlement failures, poor or fraudulent managers and
traders, and security failures. Despite the fact that some of these risks are captured under
credit risk, operational risks have historically played major roles in depleting capital from
failed banks which have met the minimum credit-risk-based requirements.6 Several
studies have shown that most bank failures could be attributable to operational risk. Basel
II assesses a capital charge for operational risk to induce sufficient risk-reducing action
so that failing internal processes have a better chance of detection. This is an explicit
capital charge that is added onto all other capital charges.
Basel II in the United States
The Agencies have taken a bifurcated approach to implementing the Basel II capital
accord in the United States. In other countries including the European Union, the Basel
II framework is applied to all banking institutions, using different approaches to calculate
the risk-based capital requirements for different asset-size banks. In the United States,
banking institutions are not under one Basel II framework, but under a Basel II framework

6 Operational Risk Consultative Document, Basel Committee on Banking Supervision,
January 2001, [].

for large banks and Basel I framework for the remaining banks. There are the Basel II
“core” banks, and Basil I “non-core,” “general” banking institutions.
Besides the complication of the bifurcation of the banks covered, the Basel II
implementation is at different stages for the core banks as well as the general banking
institutions. Core banks are banking organizations with at least $250 billion of
consolidated total assets or at least $10 billion of on-balance-sheet foreign exposures.7
General banking institutions are the remaining banking organizations operating in the
United States. Initially, in 2009, 11 banks are going to be required to use the Basel II
framework to determine and maintain their required risk-based capital for credit and
operational risk. Core banks are also required to use the most advanced or sophisticated
approaches of the Basel II framework to determine their credit and operational risks for
pillar one. The general banking institutions (non-core banks) may continue to use Basel
I or use the Basel II standardized approach (not yet approved) to determine their minimum
regulatory risk-based capital under pillar one.
On December 7, 2007, the Agencies issued a call for comment on their final rule for
the implementation of Basel II for the core banks.8 The final rule became effective on
April 1, 2008. Other large banks may opt in on their primary federal supervisor’s
approval of their Basel II implementation plan. Otherwise these larger banks would
remain in the existing Basel I framework. The Basel II standardized approach is in an
earlier stage of implementation. On December 26, 2006, the Agencies issued a Notice of
Proposed Rulemaking (NPR) that would modify Basel I framework.9 In order to give
banks an opportunity to compare the risk-based capital requirements in the Basel II NPR
and the Basel 1-A NPR, the Agencies extended the comment period for the Basel II NPR
from January 23, 2007 to March 26, 2007. A summary of the proposed rulemaking
appears below. Since the Agencies have not made any further announcements on the
Basel I-A NPR, it is expected that the Agencies will follow the usual process and
announce a final rule soon. It is possible that these three methods will be available to
banking organizations in the United States.
Basel II for the Core Banks. As outlined in the final rule, the Agencies have
selected the advanced internal rating-based approach for core banks to calculate their
minimum risk-based capital for credit risk, and the advanced measurement approach
(AMA) to calculate their minimum regulatory capital for operational risk. The Agencies
will allow core banks to use their internal assessment models and management technology
to calculate these two regulatory capital requirements. To qualify to use this approach,
core banks have to meet stringent qualifying criteria including rating design, risk rating
systems, corporate governance, and (most critically) validation of internal estimates. The

7 U.S. Department of the Treasury, “Risk-based Capital Standards: Advanced Capital
Adequacy Framework,” Federal Register, Vol. 71, No. 185, September 25, 2006, p. 55841,
[ ht t p: / / www.set onr esour cecent e r .com/ r e gi st er / 2006/ Sep/ 25/ 55830A.pdf ] .
8 U.S. Department of the Treasury, “Risk-based Capital Standards: Advanced Capital
Adequacy Framework,” Federal Register, Vol. 72, No. 235, December 7, 2007, p. 69288,
[ ht t p: / / www.set onr esour cecent e r .com/ r e gi st er / 2007/ Dec/ 07/ 69288A.pdf ] .
9 U.S. Department of the Treasury, “Risk-based Capital Standards: Advanced Capital
Adequacy Framework,” Federal Register, Vol. 71, No. 247, December 26, 2006, p. 77519,

banks will determine their regulatory capital by their own assessments of the risk of
default on each of their asset’s exposures based on their own models. The first measure
is the probability of default (PD) of each exposure. Next the bank must estimate the loss
severity. This estimate is also called the “loss given default” (LGD). The third measure
has two elements: first is the amount at risk in the event of default (exposure at default,
or EAD). This is the nominal value of the assets at the time of default. The second
element is the maturity (M), which is considered an explicit risk component. For each
exposure, the risk weights would be a function of PD, LGD, EAD, and M.
To calculate its required risk-based capital charge, a bank’s portfolio of on- and off-
balance sheet exposures would be broken down into four categories: wholesale, retail,
securitization, and equities. Supervisory approval is needed before a bank can use its own
internal ratings-based approach for wholesale and retail exposures. Capital charges for
equity exposures may be modeled with supervisory approval, but securitization exposures
are subject to a hierarchy of approaches based on specific factors. After the bank
determines the probabilities of default (PDs), and the losses given default (LGDs) for all
exposures, these are mapped into regulatory risk weights for the portfolio. These risk
weights are adjusted to include expected and unexpected (a deviation measure) losses.
The minimum capital charge is determined by multiplying the risk weights by the amount
expected to be outstanding at the time of default (EAD) and 8%.
For operational risk, the primary federal supervisor must approve a bank’s use of the
advanced measurement approach (AMA) to calculate its minimum regulatory capital. To
qualify for AMA the bank’s board of directors and senior management must demonstrate
that they are actively involved in the oversight of the operational risk management of the
bank. The bank’s operational risk management system must be conceptually sound and
has been implemented with integrity with sufficient resources, control and audits in the
major line of business. In addition, the bank must meet a long list of qualitative and
quantitative standards set by the framework and have the approval of the bank’s primary
supervisor. At the same time, the AMA does not specify the approach or the assumption
the bank uses. The bank needs to have a credible, transparent, well-documented and
verifiable approach for weighting these fundamental elements in its overall operational
risk measurement system. For example, there may be cases where the internal and
external estimates of event data would be unreliable for business lines because of a small
number of observed losses. In such cases, scenario analysis and business environment and
control factors may play a more dominant role in the risk measurement system.
General Banking Institutions and the Standardized Approach. According
to the Basel I-A Notice of Proposed Rulemaking (NPR), the Agencies intend to offer a
version of the standardized approach of the Basel II framework as an option for non-core
banks for credit risk. The standardized approach could reduce some of the perceived
shortcomings of Basel I significantly. Compared to Basel I, some of the major differences
are that the standardized approach increases the number of risk weight categories, permits
the use of external credit ratings, expands the eligibility of financial collateral and
guarantors, and uses loan-to-value ratios to risk weight first and second liens on one-to-
four family residential mortgages. Besides the risk weight of 0, 20%, 50%, 100%, or
200% depending on the asset’s external credit rating, the NPR suggests adding four more
risk weights: 35%, 75%, 150% and 350%. It is important to note that even though the
NPR did not offer capital provisions for operational risk, the Basel II accord calls for
operational risk provisions in using the standardized approach.

The Basel I-A proposed rule would expand the use of external credit ratings to the
risk weight for some categories of exposures. For example, when a Nationally
Recognized Statistical Rating Organization (NRSRO) gives the highest investment grade
rating (AAA) to a set of corporate securities those securities would get a 20% risk weight
under the standardized approach instead of the 100% which those securities might have
received under Basel I. Similar corporate securities receiving the lowest investment grade
rating of BBB would receive a risk weight of 75%. The NPR rule would expand the range
of recognized collateral to include a broader set of externally rated liquid, and readily
marketable financial instruments such as long-and short-term debt. The standardized
approach recognizes eligible guarantors such as NRSRO-rated governments.
In determining the risk weights for residential mortgages, the proposed rule for the
standardized approach would allow risk weights to be assigned to residential mortgages
based on the loan-to-value ratios and whether a particular mortgage is a first-or second-
lien. Furthermore, the banking institutions would be allowed to take into consideration
certain loan level private mortgage insurance. For mortgage loans with negative
amortization provisions, banks would be required to carry minimum capital for the
increase risk associated with such provisions. To illustrate, a first lien on a single family
mortgage with a LTV of 60% or less would be given a risk weight of 20%. The same
mortgage with a LTV greater than 95% would be given a risk weight of 150%. If the loan
is a second lien or a junior lien and the LTV is 60% or less, the risk weight would be 75%.
If it is a second lien with a LTV of 90% it would be 150%. Mortgage loan insurance
would have the effect of reducing the risk weights somewhat, but not significantly. The
standardized approach rules also assign risk weights to short-term commitments, early
amortization, removes risk weights on certain derivatives transactions, the use borrowers’
creditworthiness to assign risk weights for certain claims, and a 75% risk weight for small
loans to businesses. While these issues were addressed in Basel I-A, for the sake of
brevity, they are not addressed in this report.
As mentioned earlier, the Basel committee’s version of the standardized approach
for operational risk was included but the Agencies excluded any such provision from their
Basel I-A proposal. Given that the standardized approach will be applied to small banking
organizations which have a higher rate of failure than larger banking organizations,
operational risk capital provisions may be more relevant for these organizations.
Although requiring capital for operational risk would reduce the banks’ capacity to issue
loans, it helps to cushion against insolvencies and the potential for taxpayer bailouts. In
the Basel committee’s operational risk for the standardized approach, the bank’s activities
are divided into eight lines of business: corporate finance, trading and sales, retail
banking, commercial banking, payment and settlement, agency services, asset
management, and retail brokerage. Gross income within each line of business serves as
a proxy for the scale of business operation and therefore is used as the weight of risk
exposure within the lines of business. The minimum capital for each line of business is
calculated by multiplying the gross income from that line by a fixed percentage ($), which
could be given by the bank’s primary supervisor.
Implications for Congress
Basel II is of interest to Congress for several reasons: Basel II could change the
safety and soundness standards as well as the competitiveness of U.S. banks, and could
potentially be of direct legislative concern as well as requiring new regulatory oversight.

Since Basel II uses capital more efficiently and many U.S. partners have already
implemented Basel II, it has been argued that the United States might already be at a
competitive disadvantage in trade in financial services.10 The emphasis of congressional
oversight concerns about Basel II is likely to be on the two less popular pillars of Basel
II — pillars two and three. How well the agencies enforce these two pillars could have
serious implications for the world financial system in ways that would affect the U.S.
economy. Pillar two requires the supervisory agencies to validate the methodology and
processes used in the banks’ self-assessments. The second pillar is the supervisory review
process, over which Congress has had a long history of carrying out its responsibility
through hearings and legislation. The third pillar of the Basel II framework is public
disclosure. Pillar three is a set of public information disclosure requirements that a bank
must make about itself. These disclosures are to enable creditors and investors in
financial markets to assess a bank’s risk posture accurately and adjust borrowing and
capital costs accordingly. Here too, Congress has a rich history of enforcing similar
business discloses information through oversight hearings of regulatory agencies and
legislation. Congress may also eventually be called upon to make Basel II a part of U.S.
banking laws, as risk-based capital requirement was mandated in Federal Deposit
Insurance Corporation Improvement Act (FDICIA) of 1991.11

10 R. Christian Bruce, “Regulators Reach Agreement on Basel II, Clearing Path for 2008
U.S. Implementation,” BNA Banking Report, July 23, 2007, p. 127,
[ ND/ IP/BNA/ bar.n s f / S e a r c h Al l V i e w/ 2 5 BB1 8 6198CE527

18525731F00092409?Open&highlight=BASEL,II] .

11 Section 131 of P.L. 102-242 (the Federal Deposit Insurance Corporation Improvement Act
of 1991) adds a new 38(c) (105 Stat. 2254-2255), pertaining to “Capital Standards,”
implicitly endorsed Basel I by mandating that federal banking agency shall provide a risk-
based capital requirement.