Thanks to the Banking Law Prof Blog for pointing to this press release from the FDIC about a sub-prime lender in the US getting a “cease and desist” consent order from the FDIC. In Australia these would be termed an “EU” – an enforceable undertaking.

If I can use this example to illustrate how the three Basel II pillar would actually work in practice I think it would be a useful exercise.

The FDIC found that

…the bank was operating without effective risk management policies and procedures in place in relation to its subprime mortgage and commercial real estate lending operations. The FDIC determined, among other things, that the bank had been operating without adequate subprime mortgage loan underwriting criteria, and that it was marketing and extending subprime mortgage loans in a way that substantially increased the likelihood of borrower default or other loss to the bank.

Under Basel II, assuming an Advanced approach had been taken, action should have been occurring long before this and under all three pillars. The difference with a Standardized approach would be that in pillar one both the credit and operational risk would lack the capital penalty, but the operational risk area should still act in much the same way and the stress testing under pillar two would be simplified.

In order then:

Pillar One

The extension of loans backed by residential real estate under Basel I (the old accord) and under the Standardized Approach to Basel II attracts a uniform amount of capital, regardless of the risk – prime, or sub-prime it makes no difference.

Under the IRB credit risk section of pillar one of Basel II, however, each loan will be categorised into risk grades and appropriate amounts of capital held against each category based on the bank’s internal risk assessment. So, a bank with large amounts of sub-prime lending will need more capital than one without that portfolio structure.

Importantly, this does not mean that banks will not be able to lend sub-prime – just that they will need to hold appropriate amounts of capital to reflect the risk – and, hopefully, price them appropriately.

In the operational risk area, though, things get even more interesting. A strong operational risk management structure would have looked at the risks being run within the lending operations of the bank and started to increase the capital required by that side of the business. The difference between this and internal audit is that internal audit would report to the board on the risks and probably not hit many or any KPIs. The operational risk area would pick up on the work of internal audit and then require more capital from the lending area – increasing their costs and acting as a powerful incentive to fix the problems.

Pillar Two

This is where stress testing and, in extremis, the regulator, comes in. Under pillar one, only a one year PD is required*. Without stress testing the capital figure would only relate to the amount expected to be lost in the next 12 months – meaning that Fremont, given the current relatively benign conditions, probably would not be needing much extra capital due to their sub-prime portfolio.

Under pillar two, though, using stress tests they need to show that the capital they have is appropriate for the longer term – something they may have struggled to do. Again, this means that, for an institution like Fremont, more capital would be needed – providing strong incentives to moderate behaviour, or at least make it pay appropriately.

If all of the internal mechanisms within the bank have failed (and those under pillar three, below) the regulator can then step in and, under pillar two, take action – and the scope for action is virtually unlimited. It can be as simple as requiring modified stress tests, a model review to confirm internal modelling or through to a measure as harsh (and blunt) as the sorts of action the FDIC just took.

Pillar Three

This is the oft neglected pillar of Basel II – but it is important. It is designed to try to ensure that the providers of funds to the institution (this includes the shareholders, depositors, other banks and the wholesalers) can do a proper assessment of the risks of their supplying funds. Clear and open reports on the way the bank is lending, and the performance of those assets, should ensure that funding follows profitable activity, imposing price sanctions on poor lending much faster than a regulator even will.

* – I know that there are mechanisms regarding the LGDs and EADs. This whole area of TTC vs. PIT LGDs and EADs is, in itself, a very long discussion that I will not go into in this post. I will

simplify here.