Chairperson: Suzy Frith (SF), Citigate Technology

James Dalby (JD) Anvil Software

Euan Ramsay(ER) City Consultants

Geoff Booth (GB) CMG

Steve Barnett (SB) Deloitte Consulting

Yana O'Sullivan (YS) Lepus

David Millar (DMi) OpRisk Consulting

David Melvin (DMe) Pacemetrics

Rob Miller (RM) Patsystems

Jeremy Kaye (JK) RAFT International

Nick Stewart (NS) Tamesis

Garfield Hayes (GH) Wall St Systems

SF We would like to cover five key areas during today's debate: firstly, gauge opinion on how the market is responding to the legislation; look at how banks are defining their Basel strategies; review the issue from a systems perspective; assess readiness for compliance in light of the 2006 deadlines, and, lastly, to share our thoughts on best practice steps going forward. I would like to start by asking how you see banks reacting to the legislation today. What concerns are you hearing from within your client base?

DMeThere's still a knowledge deficit in the market regarding Basel 2. Banks have been focusing more on their internal straight-through-processing (STP), rather than Basel 2 and other industry directives. There is a sense within institutions that they need to get their own houses in order, both in terms of processes and infrastructure, before they can start to think about 2006 regulations.

GH The primary concern for our clients is fortifying the business to ensure survival through 2003, after which banks can start to think seriously about longer term compliancy issues. Total cost of ownership and ROI are the issues of the day, and anything else is on the back burner.

SB I disagree. I think we are now seeing a move towards Basel strategies at top level, with focus groups and management debate indicating the issue is certainly now at the forefront of people's minds.

GH Yes - I would say there are currently two distinct attitudes - management level focus groups imply plans are being made.  However, at the systems level, Basel compliance is not a focus - there are many other issues that need to be resolved first. IT spending is increasingly limited and CTOs have other priorities.

SB The proximity to EMU poses a conflict for systems managers, who see the two issues overlapping as posing a potential headache in terms of IT development resource. Uncertainty over whether the UK will join the euro is confusing the issue.

GB Basel is a bigger issue than simply a matter of risk management and compliance for the individual bank or insurance provider. It has the potential to wreak major changes on financial markets and is, therefore, a big challenge for the entire global economic community - particularly for the G10 banks.

SB The need to instigate wide impact process change to ensure compliance means Basel will encourage management to reconsider how they want to run the whole operation. It will be a catalyst for running a tighter ship and smartening up internal and external processes. Once the deadlines for compliance pass, we'll see more polarisation of the market.

GB It's imperative that banks focus on the gaps and weaknesses in their business processes and underlying infrastructures. I anticipate that some banks will be so keen to impress that they will disclose their position ahead of time. If they are exposed as not being fully compliant, it could wreak havoc on their reputation - and this is all about reputation management.

GH Agreed - from both a technology and a marketing stand-point this has the same stature as the EMU and Y2K compliance issues. Banks are under scrutiny and their inability or ability to comply with the deadlines will impact on their profile in the market.

JK What the legislators want to ensure is that banks realise the impact of failure to comply on their credit rating. The possibility of having one's credit downgraded is a very real driver - more than simply aiming to have the requisite capital in place.

SB It's important that institutions recognise that better reporting and the ability to supply information to the market quickly can actually yield competitive advantage. Conversely, inability to provide data will have an adverse impact on ratings.

SF So, the positive consequences as well as the administrative implications of compliance are becoming more evident. What do institutions need to do in terms of preparing their IT systems?

JK It's primarily about reducing siloed capital requirements data and understanding the knock-on effect on credit systems of reducing operational risk, rather than addressing operational and credit risk as separate entities.

DMe I agree - I see some incredible cases which indicate that often, even at top tier institutions, the right hand doesn't know what the left is doing. Exception data can be left unprocessed in the front office, meaning some major trades are left unreconciled. I would stress again that until these kind of internal process issues are smoothed out, external issues such as regulatory compliance are going to be largely a matter of theoretical discussion.

ER I have seen many instances of traders attempting to exempt themselves from blame in the fear it will affect their bonuses. Yet, to date, there has been little connection between a trader's ability to follow agreed processes and his pay cheque, which should be based on the latter - not just on performance.

JD Absolutely. Individuals across the business need to be made more accountable if the legislation is to work in practice. The trader who forgets to follow procedure needs to feel the impact on his bonus. The Basel Accord should be perceived by management as a catalyst for smartening up the whole operation, from front to back. Only recently has the technology been available to make real time processing a reality - but now banks need to take it seriously.

DMe I'd take that one stage further and say that attitudes have to change internally towards the business heads, who are still often perceived in terms of revenue contribution rather than profit contribution. As a consequence, moving towards an STP infrastructure and environment is compounded by the whole issue of the lack of cost transparency. Internal politics are compounding the whole compliance issue.

SB I actually see operations and IT management coming closer together, which means the ivory tower culture is eroding. We are certainly seeing a change in this respect. However banks need to sit up and start thinking about the practical matters, in terms of making fundamental changes to their underlying systems and associated business practices to make the whole thing work.

GH I think the multiplicity of systems used on trading floors makes risk management and reporting complicated. Banks should consider bringing isolated systems together into one system that enables real time P&L and risk management and allows traders and everyone involved from front to back to conform to one process.

NS This question is critical. Feedback from our customers suggests that the single intelligent database route is actually not practical in terms of the requisite time/cost investment. Also, we have found that the database-centric approach does not offer the kind of flexibility and performance needed when intra-day or real-time queries become significant - critical under the new Accord.

SF So, what's the alternative? SF

NS The open architecture approach is one option, where disparate source data is preserved in its original format and new or existing methodologies or analytics can be harnessed with minimal effort. This brings business benefits such as reduced database and project roll-out costs, and is also more flexible in terms of enabling the organisation to grow the functionality according to internal or external requirements.

DMi It's important to remember that systems requirements vary hugely depending on the tier of the institution and the complexity of the instruments they are trading. Some banks can realistically still get by using Excel. Advice needs to be tailored to the size and scope of each institution.

JD Also, before devising an approach for an institution, the level of risk exposure - operational, market and credit - needs to be  quantified. One way to do this effectively is to look at the systems and devise an appropriate metric.

DMe Yes - banks should introduce a standardised set of quan-tifiable measures to prevent operational risk issues. The problem is that, as with Y2K and EMU, there is no move towards standardisation, which makes it difficult to be sure how to proceed as a collective group.

SF What are the regulators doing to push the regulation through?

GB The local regulators need to be taking a much more active stance on Basel, in terms of providing guidance and ensuring some kind of standardisation of approach. There is a real knowledge gap at the UK's FSA, for example, which gathers information on banks' readiness for compliance on informal intelligence rather than through formal processes.

ER It's all about just in time (JIT) regulation. At the moment, the market is moving faster than the regulators, meaning that institutions can operate more autonomously and circumvent burdensome legislation issues.

GH That's particularly the case with the derivatives market, which is growing exponentially. Derivatives traders are well ahead of the regulators, something the FSA needs to address. In terms of legislation generally, I'd say that there is a gap between practicality and feasibility. There needs to be a change in terms of the regulators' ability to keep pace with the market and enforce new legislation on the banks.

SB It was the same with credit risk in Cad2 - the legislationwas rudimentary. Now I'd say there is more sophistication, especially around credit, but standardisation of operational risk needs to be achieved ahead of more sophisticated regulation.

DMi It would help if there was a staggered approach to the Basel auditing procedure, and if a clearly defined structure was put in place for the procedure itself and for associated timescales. At the moment the penalty structure for non-compliance has not been articulated, which needs to be rectified.

SF How does everyone foresee Basel 2 affecting the competitive landscape? What will be the consequences of the legislation?

GF I think it will create a level playing field. There will be opportunities for niche players to build up their businesses, while smaller players in emerging markets will have to look at pricing - Basel will create greater transparency in the market. It will certainly continue the trend towards M&A activity - people will look for merger opportunities.

JK It's not the aim of Basel to impact on the landscape or to bring about competitive equality. I think the only thing that will affect the market is if Basel affects credit ratings through exposing compliant and non-compliant institutions, which will impact on investor confidence. Risk exposure levels do need to be reflected in institutions' credit ratings and, likewise, a ship in good order should be favourably affected. In this sense Basel is hugely important from a competitive advantage perspective.

SF So, to give a top level overview of the discussion, we've surmised that banks need to move Basel 2 to the top of the board agenda. Management and systems managers must put their heads together to define a clear business process and technology plan. Any change to systems must take into account the nature of data requirements and the future needs of the business.

Accountability must be felt at all levels of the organisation and local regulators need to work more closely with banks to encourage adherence to timescales and instill standardisation. We perceive that Basel will impact on the competitive landscape, particularly with regards to credit ratings. Institutions need to realise the bigger picture in terms of why they need to ensure compliance. In an era characterised by corporate scandal, Basel compliance is more than a piece of legislation - it has the potential to change your reputation.

• Remember reputation is all and ratings matter
• Basel 2 is about good old-fashioned business manage-ment - don't see compliance as a one-off exercise
• 2006 seems a long way off but it pays to start taking action today, not in two years time
• Identify core competencies and  build a strong risk management strategy around them
• Ensure that systems are integrated and not siloed - 60% of a Basel 2 programme will be about getting data and systems into better shape
• Draw everyone involved in compliance (strategists, IT, risk managers) together into a holistic programme team and drive success from the board down
• Don't tie up best internal resources long term - work with partners who can help you get results fast
• Keep local regulators informed and on side and, finally,
• See Basel 2 as an opportunity to build best practiceand gain competitive edge. and is also more flexible in