What Is Basel II?

Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by
the Basel Committee on Banking Supervision. Basel II is an international standard that requires financial institutions
to maintain enough cash reserves to cover their operational risks.
Why Luminet?
Cross-platform monitoring and correlation
Investigation Center and case management system designed for fraud analysts
Robust analytics and reporting tools
Visual replay of application screens (for host and web apps)
Custom heuristics and rules
100% visibility into all user activity
Basel II Compliance Requirements
Credit risks are separated from operational risks, and both are quantified.
Capital allocations by institutional managers are more risk sensitive.
Economic and regulatory capital are more closely aligned to reduce the possibility of regulatory arbitrage.
Further clarifying its position, the Accord lists the following areas of operational risk:
Internal and external fraud.
Damage to products, business practices, or physical assets.
System failures and business disruptions.
Interruptions in business execution, service delivery, or process management.
Basel II Compliance and Fraud Prevention Challenges
Under Basel II, organizations are required to monitor, assess, and constrain risk. Compliant banks must be able to
ascertain risk within their internal systems, establish controls, and monitor systems on a day-to-day basis. These
activities, which must be transparent and repeatable, are subject to scrutiny by auditors.
The Basel II compliance challenge lies in obtaining an appropriate level of visibility across financial activity occurring
at the application layer, and then tying that back to risk.

There are three critical elements that all institutions must possess to most effectively combat fraud:
Strong corporate governance, up to date systems and processes, and effective internal controls and risk
management.

Basel II, as it is more commonly known, establishes expectations for financial institutions risk
management processes. In addition to requiring an explicit calculation of capital requirements
for credit and operational risk, Basel II requires institutions to have robust consolidated risk
management processes. Institutions are expected to ensure that they have adequate capital for
all other risks as well. Through the supervisory process, regulators may also require additional
capital for institutions whose risk management processes are not fully compliant. Institutions can
best address the expectations of Basel II by maintaining or establishing sound risk management
processes.
In Thailand, the implementation of Basel II will start at the end of this year, and the preparation for its
implementation is progressing on schedule. As our institutions complete the implementation of Basel II,
I firmly believe that we will see a commensurate improvement in the quality of risk management among
our banks, particularly in the operational risk area.

Basel II Compliance Requirements
Credit risks are separated from operational risks, and both are quantified.
Capital allocations by institutional managers are more risk sensitive.
Economic and regulatory capital are more closely aligned to reduce the possibility of regulatory arbitrage.
Further clarifying its position, the Accord lists the following areas of operational risk:
Internal and external fraud.
Damage to products, business practices, or physical assets.
System failures and business disruptions.
Interruptions in business execution, service delivery, or process management
Basel II Compliance and Fraud Prevention Challenges
Under Basel II, organizations are required to monitor, assess, and constrain risk. Compliant banks must be able to
ascertain risk within their internal systems, establish controls, and monitor systems on a day-to-day basis. These
activities, which must be transparent and repeatable, are subject to scrutiny by auditors.
The Basel II compliance challenge lies in obtaining an appropriate level of visibility across financial activity occurring
at the application layer, and then tying that back to risk. All too often, the required data is overwhelmingly difficult to
correlate or simply isnt captured by traditional logging systems. Beyond that, traditional logs have no way to link
disparate actions to establish a risk profile for user behavior. Suspicious activity may occur over a period of time and
across multiple systems, further obscuring linkages between fraudulent activities.
Operational risk covers all non-credit and market
risks. This leaves a large palette, which includes the following:
Internal fraud. This can be defined as intentional
misreporting of accounts, employee theft, and insider trading
on an employees own account.
External fraud. This category includes robbery, forgery,
and damage from computer hacking.
Employment practices and workplace safety. For example,
workers compensation claims, violation of employee
health and safety rules, organised labour activities,
discrimination claims and general liability.
Clients, products and business practices. For example,
fiduciary breaks, misuse of confidential customer information,
improper trading activities on the banks account,
money laundering and sale of unauthorized products.
Damage to physical assets. For example, terrorism,
vandalism, earthquakes, fires and floods.
Business disruptions and system failures. This includes
hardware and software failures, telecommunication problems,
and utility outages.
Execution, delivery and process management. For example,
data entry errors, collateral management failures,
incomplete legal documentation, unapproved access to
given client accounts, non-client counterparty
underperformance, and vendor disputes.
Management risk. This includes poor management,
and risk of corporate governance exposure. According to
Chorafas, management risk is the No. 1 operational risk.
It represents one out of six or seven op risk cases. Next in
importance is event risk, including internal and external

http://www.computerweekly.com/news/2240083842/Banks-look-to-integrated-security-systems-for-Basel-
2-compliance

http://www.metricstream.com/solution_briefs/ORM.htm#

Alan Greenspan, Chairman of the Federal Reserve American Bankers Association, during Annual Convention on
October 5, 2004 held, It would be a mistake to conclude that the only way to succeed in banking is through ever-
greater size and diversity. Indeed, better risk management may be the only truly necessary element of success in
banking.

Basel II event type categories[edit]
The following lists the official Basel II defined event types with some examples for each
category:
1. Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions,
bribery
2. External Fraud- theft of information, hacking damage, third-party theft and forgery
3. Employment Practices and Workplace Safety - discrimination, workers compensation, employee
health and safety
4. Clients, Products, & Business Practice- market manipulation, antitrust, improper trade, product
defects, fiduciary breaches, account churning
5. Damage to Physical Assets - natural disasters, terrorism, vandalism
6. Business Disruption & Systems Failures - utility disruptions, software failures, hardware failures
7. Execution, Delivery, & Process Management - data entry errors, accounting errors, failed
mandatory reporting, negligent loss of client assets