A member of the CISACA-L list (run out of Purdue) posed a question today about why Basel II failed. Great question. I mean, aren't the Basel II capital risk reporting criteria scientifically designed to prevent the type of tomfoolery that caused our current credit crisis?

Generically speaking, yes. But Basel II is a case of best-laid plans ganging agley. Here's a few reasons why (and why it matters)...

1. Under Basel, banks basically define their own risk metrics and derivative investments, limiting the effectiveness of Basel as a practical assurance tool. There’s no independent standard against which to assess banks’ metrics and judgments and the Fed lacks expertise to double check banks’ risk assumptions or assertions. The upshot is that banks could say pretty much anything that seemed superficially reasonable, and no one would check them on it.
2. During the housing boom, banks were strongly motivated by markets and law to look at the upside of the picture, and no regulatory body was tasked with looking at or ensuring banks also looked at the potential downside. This is pretty much the same point as #1, with a dollop of “why.”
3. Even if the previous points weren’t strong factors, Basel II is largely a math exercise that depends on good underlying data; i.e., subject to GIGO. Unfortunately, when it came to mortgage-related risk calculations, the underlying assumptions were wrong. In assessing capital risk related to mortgage debt, banks used somewhat incomparable historical mortgage data. A specific aspect of this was discretionary determination of capital allocation tiers based on faulty ratings for mortgage-backed securities. Thus, the calculations came out rosier (or blacker, perhaps) than they should have.
4. Most of the institutional cogs in the credit crisis aren’t covered by Basel II. This includes securities banks and brokerages. Big covered banks like Lehman and Wachovia, while certainly emblematic, are warts, not the virus.

Another way to look at this is that Basel was intended to allow regulators to ensure companies were following principles-based risk management---via the mechanism of metrics-based regulatory insight, but provided through the lens of managerial judgment. Basel and the credit crisis demonstrate how any given component of that mechanism can easily fail: regulators can’t accurately assess, metrics are incomplete or irrelevant, managerial judgment is mistaken or corrupt.

As you might expect, Basel has largely been discredited (heh) by this whole fiasco. The question now is really whether backing out of Basel would be throwing out the baby with the bath water, or whether there’s a baby in there at all.

Basel’s not unlike SOX in that regard. Critics are probably right to see Basel’s failures as damning SOX, too; although, IMHO SOX has some unique characteristics that might redeem it somewhat. One of these is the external audit layer. Granted, it has its own problems, and the PCAOB’s most recent proposal regarding auditor response to risk is interesting in that regard. SOX also takes a more populist, perhaps pedantic, approach that (potentially) puts more eyes on both managerial judgments and more hands on assurance mechanisms. (Although, as another list member pointed out, groupthink is not necessarily equivalent to rightthink.)

In any case, it seems pretty obvious that both Basel and SOX are fairly ham-fisted attempts at assurance regulation: hard to comply with, easy to confungle. Although I do believe that investors and the public should have regulatory protections against corporate fraud, managerial laziness, and executive myopia can and should, the reality seems to be that such protection largely lies in the hands of the good people on this list (and your ilk) and the mostly ethical corps of corporate leadership.

Anyway, back to the question... Here are a couple of additional resources that shed some light on what went wrong:

• http://www.nakedcapitalism.com/2008/02/turmoil-reveals-inadequacy-of-basel-ii.html
• http://www.prefblog.com/?p=2377

What do you think?